FBI notice
An FBI notice is displayed on one of the websites shut down by Operation OnymousFBI

There is a part of the web that is still hidden from the majority of the internet users, a so-called dark web that cannot be found by conventional search engines or accessed by standard browsers.

Parts of the dark web reside on the Tor network, which, thanks to its nigh untraceable user anonymity, is a fertile breeding ground for cyber-criminals and illicit dealings. It is the ideal environment for an online illegal goods black market that sells everything from drugs and weapons to hitmen and hacking attacks for hire.

Dark web explained

The dark web is a section of the internet that is not indexed by search engines such as Google and not easily navigated to using a standard web browser.

Accessing the dark web requires specialised knowledge and software tools. An example of this is content only accessible by using the Tor software and anonymity network, which while protecting privacy, can be associated with illicit activities.

These specialised black markets are flourishing in this nefarious corner of the internet; criminals are developing points of aggregation where buyers and sellers can operate in anonymity and benefit from escrow services offered by the operators.

Names such as Silk Road (and its successor, Silk Road 2.0), BlueSky Marketplace, Pandora Marketplace, Tor Bazaar Alpha and Cannabis Road have become hugely popular in the criminal ecosystem.

Law enforcement and judicial agencies worldwide have coordinated their efforts against illicit dark web markets on the Tor network. An impressive FBI bust on 5 and 6 November, dubbed Operation Onymous, saw the closure of hundreds of websites operating on the Tor network. Its key achievement was the seizure of the black market Silk Road 2.0 and the arrest of its alleged manager, Blake Benthall.

But how much work still needs to be done and how significant is the threat posed by the criminals?

Dark web redefined

Operation Onymous certainly had a significant impact, with well-known sites shut and levels of online illicit deals decreasing. However, security experts observed a rapid response from the criminal underground to the pressure exerted by law enforcement.

Data provided by the non-profit Digital Citizens Alliance Security suggests Onymous shifted the balance in favour of new and surviving black markets, which have now gained market share.

The criminal underground is also demonstrating significant capability to restore illegal activities by building new services. Through its monitoring, Digital Citizens claims it was tracking 18 dark networks at the time of the Onymous crackdown. That number was reduced to seven after Onymous but since then, five new sites have popped up to fill the void.

Digital Citizens Alliance: dark websites dealing in illegal items
Digital Citizens Alliance: dark websites dealing in illegal items on 17 December, 2014digitalcitizensalliance.org

Beyond guns and drugs, child pornography and fraud lurks on the dark web

There are more threats to contend with than just the black markets. The dark web is an ideal environment for the spread of child porn and harbours botnets designed to steal credit card data.

Anonymising networks, and in particular the Tor network, are a powerful instrument in the arsenal of cyber-criminals to conduct illegal activities, such as the takeover of bank accounts. A US Treasury Department report states that the majority of bank account takeovers by cyber-criminals affecting organisations over the past decade exploited the anonymising Tor network.

Bad actors will explore even more the dark web to hide their identity and increase their business opportunities. This requires a significant effort from enforcers and private security firms: hacking techniques used to de-anonymise users have to be integrated with meticulous intelligence activities to infiltrate the principal criminal crews and identify their main operators on the dark web.