INTRODUCTION
Internet is a hardware asset consists of multiple nodes where each node is a server, client systems such as laptops,
computers, etc. In earlier days, the data are transferred or shared using the Internet. In 1989, Tim-Berners Lee ( )
introduced web in which the data are accessed through hyperlink text or web pages. Web is a software which runs
over the internet to provide the service to users. Only 4-6% of the whole web or the web pages (surface web) are
indexed in search engines such as Google, yahoo, etc. However, web which is not indexed in search engines is 400
times larger than surface web also known as deep web. The deep web ( ) can only be accessed through a special link
or with special permission to access the data in the cloud or specialized servers which cannot be found on any of
search engines. Government sectors, private bank data, cloud data, etc are examples of the deep web. The data in the
deep web are so sensitive and private, to be kept in secret. These data are allowed to access by specific people.
There is a subset of deep web termed as dark web. Figure 1 shows the difference of Surface web, Deep web and
Dark web ( ).
LeBlanc Email Password Protection Service
Dark web allows a user to host a website on a specific network termed as darknet which remains anonymous always.
The network used by the user to maintain anonymity is dark net. Darknet is a network build over the internet which
is completely encrypted. Traditionally, when a user visits any sites, they are tracked via their Internet Protocol (IP)
address. However, the darknet maintains privacy through specialized anonymity software and configurations to
access. One such darknet is Tor (“The Onion Routing” project).
TOR & DARK WEB
The TOR architecture provides two basic services – anonymous browsing and hosting of anonymous information
exchanges. These services are provided by one piece of special software – ‘Tor Browser’. There is no special
technical requirement for these services to be bundled. Indeed, browsing is more popular than hosting. No Tor users
have visited any hidden website at a *.onion address. Most probably, all the users merely use Tor browser to browse
the internet’s conventional address space more securely. For example, Mary, who lives in a small town, wants to
buy a pregnancy test but doesn’t want to be seen doing so by the shop owner. Peter, a friend of Mary’s father, wears
a mask, walks detours and pay in cash. Peter will not be able to identify or trace. Also, Mary’s privacy and
anonymity are assured. Anonymous browsing is not actually a part of ‘dark web’, but it is a legitimate and
impressive service provided by Tor. The underlying purpose was to create a distributed, anonymous easily
deployable and encrypted network to be used by those who needed it. Specifically, it was offered as a free service to
promote unfettered access to the internet in locations where online censorship was heavily enforced. Chaum et al
1981, provided a way for this access through onion routing. In order for a user to access the website securely, the
person has to be routed through a series of intermediary servers. The resulting pathways between servers were
labeled ‘circuits’. Each packet of information to be relayed over the network would be encased in multiple layers of
encryption, each to be sequentially peeled away only by the subsequent node in the circuit. Consequently,
intermediary nodes could only decrypt one layer of the encryption, preventing access to the underlying data and its
originator. The final such hop – or exit node – would reveal the original packet and proceed to deliver it to the
desired destination, thus protecting the sender’s identity. As a result, intercepting and decoding the information
along its path would be significantly harder – albeit not impossible – to accomplish. The dark web attracted the
people who do illegal stuff such as trade, forums, media exchange for terrorists, etc. without getting caught. “Silk
Road” is a dark web site which is used to sell drugs and was taken down already by FBI. Friend-Friend and Free net
is also a dark web provided by darknet used to transfer file anonymously.
THE SIZE OF THE DARK WEB ECONOMY
The dark web, an ocean of illicit activity often carried out by persons to trade stolen data, dollars, etc. In 2016, the
Economist reported that the drug side of the dark web grew from approx $15 in 2012 to $150 million in 2015. As far
as estimating the entire economy, the dark web has frustrated every attempt of information and other money
transactions. Juniper Research ( ) predicted that there will be a 175% increase in Dark web cybercrime in the year of
2023. That’s on top of the 12 billion records expected to be used in 2018; this may be around a cumulative total of
146 billion transactions records to be accessed in the year 2023.
There is also a growing service economy inside the dark web like hackers for hire, hitmen and other service
providers that can’t advertise over traditional channels. It’s no secret that 2017 is shaping up to be the most
notorious year on record for selling ransomware for Dark web. Even a casual news consumer can feel the
ransomware attacks which cost an estimated worldwide business of $1 billion this year. Carbon Black’s Threat
Analysis Unit (TAU) leveraged its own intelligence network to investigate the deepest, darkest portions on the web,
where ransomware is currently being created, bought and sold in rapidly increasing underground economies. The
research found that, in the financial year 2016-2017, there has been a 25.2% increase in the sale of ransomware on
the dark web. This large scale increase is due to supply and demand of the world’s economy. Cybercriminals are
progressively looking for more opportunities to enter the market and to make quick money via any one of the many
ransomware offerings available via illicit economies. In addition, a basic plan of ransomware is its turnkey. Unlike
other forms of cyberattacks, ransomware can be quickly deployed with a high probability of profit. The interesting
information is, the dark web economies are also empowering even the most novice criminals to launch ransomware
attacks via do-it-yourself kits and providing successful ransomware researchers with annual incomes into six figures.
KEY FINDINGS OF DARKWEB RANSOWARE
 Currently more than 63,000 dark web marketplaces are selling ransomware with 45,000 product listings. The
prices for the do-it-yourself (DIY) kits range from $0.50 to $3K.
 Comparing to the year 2016 target, the ransomware marketplace of 2017 on the dark web has grown to a rate of
2,502%. According to the FBI, ransom payments totaled about $1B in 2016, which was $24M in 2015.
 According to figures from Payscale.com, ransomware sellers are making more than $100,000 per year simply
retailing ransomware, however, the legitimate developers earn only to a maximum of $69000.
 The most notable innovations contributing to the success of dark web ransomware economy has been the
emergence of Bitcoin for payment, Tor for anonymity network.
 Ransomware sellers are increasingly specializing in a specific area of the supply chain, further contributing to
ransomware’s boom and economy development.
REGULATING THE DARK WEB
To regulate the dark web, the regulators have struggled a lot with enforcement. In 2013, FBI has taken down Silk
Road (Van Hout et al, 2013), a popular drug market of the dark web in 2013. Silk Road 2 popped up in 2014 before
FBI has taken up Silk Road. Silk Road 3 followed of course. In addition to difficulty in stamping out new
marketplaces, OpenBazaar has provided opensource code which allows for decentralized marketplaces similar to
how torrents allow for decentralized file sharing. So, the dark web economy continues to grow despite the best
efforts of law enforcement. A recent study from researchers at King's College London gives the following
breakdown of content by an alternative category set, highlighting the illicit use of .onion services for the access of
Dark webs.
The objective of this proposed chapter is to exploit the illegal access of Dark nets (Greenberg, 2014) through webs
and the benefited user through the webs. Also, this chapter explains about the actions taken by the National agencies
like cybercrime and cyber security office (Manikandakumar et al, 2018) towards the Dark web.
Dark web and its services
BOTNETS
Cyber threat actors use dark net forums to locate and take part in “botnet opportunities”. The dark net forums are
used for all process of hacking and for investments in crypto currency silent mining, which also grown to be an
active stage for botnet commerce and botnet-based cyber attacks. Once a cyber threat actor takes the control of a
computer using any malicious program, he gains full access to the computer and the actor is free to use the system
for DDoS attacks such as sending spam emails, for phishing attacks, for spreading malware and other kinds of
attacks. In essences, hackers can use botnets just like weapons to spread malicious activities.
Dark nets provide the hacker with a platform through which an army of botnets can be recruited. Some cyber-attacks
consume a massive number of botnets and require a longer preparation period with more intensive efforts on the part
of hacking. For an example, in order to generate a successful DDoS attack against a large corporation of DNS
server, the hacker would have to recruit more number of botnets that would repeatedly send queries until the server
crashes. The hacker may reduce some of the preparation burden by purchasing some of the botnets on a Dark Web
forum. With an increasing awareness of the vulnerability of devices, cyber threat actors likely to use more and more
attractive botnets. The advantages of botnets based on the Tor network are



High availability and low down times of authenticated hidden Tor services.
Reasonable availability of Private Tor networks.
Exit node flooding capabilities.
Traffic analysis is usually monitored by Law Enforcement Agencies (LEAs) to detect various activities related to
botnets and pinpoint their C&C servers. This is actually done via utilizing network analyzers and Intrusion Detection
Systems. Once monitored and detected, LEAs have various options to eradicate a botnet.




Blocking the IP addresses of the C&C server.
Cleaning the server used to host the botnet and other compromised hosts.
Revoking domain name(s).
De-peering of the hosting provider.
The botnet traffic is redirected to the C&C server via the Tor network which encrypts it, rendering the analysis
harder to accomplish. There are 2 botnet models based on the Tor network.
Tor2Web Proxy Based Botnet Model:
The routing procedure redirects .onion internet traffic via Tor2Web proxy. The bot connects to the Tor hidden
service via the Tor2Web proxy which points to an onion domain that hosts the C&C server.
Proxy-aware Malware via the Tor Network:
This model utilizes the proxy-aware malware. As the Tor2Web service is not used, the bot has to execute the Tor
clients on the victim hosts. Bots have to have SOCK55 support in order to be able to reach onion addresses on the
Tor network via running Tor on infected machines.
BITCOIN SERVICES
Two words ineradicably fixed on the minds of many people following bitcoin is Silk Road, original dark web
market. The Silk Road became notorious for enabling to sell drugs and other illegal items online. They are simply
digital marketplaces created using technologies that typically strengthen bitcoin. At the very least, they will accept
bitcoin as a method of payment because of its quasi-anonymous characteristics. That’s what happened with Silk
Road, which was one of the first dark markets on the web, created by Ross Ulbricht. At first, Silk Road was a digital
marketplace that connects vendors of illegal drugs with potential buyers. Vendors advertise their products on lists
maintained by Silk Road, which was similar to the kind of listings you might find on any legitimate e-commerce
marketplace. When an end user decided to buy drugs via the website, they generally wouldn’t want to send money
directly to the person. Drug peddling isn’t a trustworthy business where advertised and purchased customer using
Silk Road was anonymous. This made very easy for crooks to make off with the customers’ money without sending
any goods in return.
Aside from the fact that they are breaking the law, one of the biggest concerns around dark markets is
trustworthiness. In several cases, dark markets have suddenly vanished with millions of dollars in escrow funds,
leaving customers robbed of their funds. Law enforcement is also getting better at targeting these dark markets and
taking them down. In November 2014, Operation Onymous (Cubrilovic, 2014) an international law enforcement
operation, seized over 400 dark web domains. Dark markets including CannabisRoad, Blue Sky, and Hydra have
been taken down. Law enforcement says that it has found a way to target sites using Tor, although has refused to
reveal how. Dark markets continue to operate, and law enforcement continues to take them down in a continuous
game of cat and mouse. Anyone considering engaging in illegal activities through these marketplaces should be
aware of the risks. To rectify, Silk Road provided an escrow service.
Customers buying drugs from vendors who listed on Silk Road would send their funds to Silk Road, instead to
vendor. The website would then hold these funds until the customer confirmed that they had received what they had
ordered. Further, Silk Road would release the funds to the vendor. These funds were always sent in bitcoin, rather
than hard currency, because when used correctly, the network can provide a greater degree of anonymity. The drugs
were normally sent by the Postal Service, either to PO boxes or, in the case of less suspicious customers, directly to
their address. One of the major things that altered law enforcement to the operation of Silk Road was a spear in the
level of drugs being intercepted in the mail.
Actually, the Silk Road wasn’t a decentralized marketplace rather ran on a computer controlled by Ulbricht. It was
protected though, because it ran on Tor, which is a communication protocol designed to offer anonymity to those
who use it. Tor, originally developed by the U.S. Navy, has become popular among those wanting to protect their
identities online.
DARKNET MARKETS
A darknet or cryptomarket is a commercial website on the web that operates via darknets such as Tor or I2P.
Darknet markets function primarily as whole sale black markets such as selling, brokering transactions involving
drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed
pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products. A study by Gareth Owen [ ]
from the University of Portsmouth suggested the second most popular sites on Tor were darknet markets. Following
the model developed by Silk Road, contemporary markets are characterized by their use of darknet anonymised
access, bitcoin payment with escrow services and e-Bay vendor feedback systems.
S.No
1
2
3
4
5
Table 2. Vendor product breakdown as on 3 June 2015.
Product
Breakdown (%)
Cannabis
31.6
Pharmaceuticals
21.05
3,4-Methylene Dioxy Methamphet Amine
10.530
(MDMA)
Lysergic acid diethylamide
5.26
(LSD)
Methamphetamine
5.26
6
7
8
9
10
Mushrooms
Heroin
Seeds
Video Games
Accounts
5.26
5.26
5.26
5.26
5.26
HACKING GROUPS AND SERVICES
The dark web is one of the most charming remnants of humanity, aggregated marsh of all the darkest aspects of
internet activity such as child abuse images, drug markets, gun shops, gore smut, stolen merchandise, anarchist
guides, terrorist chats, identity theft, hacking services and even more. The following describes about the potent of
using these services for hacking. The user what actually think is “Browsing porn in incognito mode isn’t nearly as
private as you think”. One of the largest hacking forums on the internet which uses the concept of Dark web is
FreeHacks. It’s a Russian community which aims to collectively gather its resources in order to maximize efficiency
and knowledge dispersement. It works similar to any typical forum, as like opening the Tor browser, copy and paste
the URL, and land on a home page with various sub-forums. The sub forums are of varied and well divide into
different categories as like

















Hacker world news
Humor
Hacking and security
Carding (stealing credit cards and trying to cash them out on the internet)
Botnet (a network of bots used to steal data and send spam, or perform DDOS attacks)
Electronics and phreaking (phreaking is trying to break someone’s security network)
Brutus (software used to crack passwords)
DDOS (overwhelming a server with requests to shut it down)
SEO-optimization
Programming
Web development
Malware and exploits
Private software
Clothing market (people who use stolen credit cards to buy clothes and resell them)
Financial operations
Documentation (passports, driving licenses, citizenships)
Blacklist (a community judicial system).
The above mentioned illegal activity covers a dizzying amount of information, from a Russian forum and has more
than about 5,000 active members. This is just the overview; even every sub-forum is further splitted into dozens of
other sub-forums. When a user attempts to register on any hacking site, you’re met with a mission statement of sorts
– a weird justification method for their own illegal activities. Once you go through the rigorous registration process
where you have to declare why you want to join the forum, and what software development skills you have and want
to learn, you are granted access to this treasure trove of illicit information. It seems more pathological and ironic;
these hackers who essentially get paid to make life more difficult for people try to justify it with a fascinating
proclamation.
The word ‘hacker’ is incorrectly used in the meaning of ‘computer burglar’ by some journalists. However, hackers,
refuse to accept such an interpretation of it and continue to imply the meaning of ‘someone who likes to program
and enjoy it’
FRAUD SERVICES
In recent days, more number of fraudulent services has emerged such as falsification of documents, forgery or
counterfeit are types of fraud. The theft of one’s personal information, like social security number or identity is type
of fraud. Fraud can be communicated through many media includes mail, wire, phone and the internet may be
computer fraud and internet fraud. However, in dark web, fraudulent refund services are now becoming another
fierce of attack for malicious actors. The malicious actors’ targets online retailers, banking sectors on their generous
refund policies to fraudulently claim money or replacements for products they hadn’t purchased. These services are
particularly persistent form of a cybercrime since merchants are stuck between trying to ensure customer satisfaction
and mitigating the loss of an estimated 50,000 Euros every month through cybercrime. For en example, a typical
fraud case occurs when the false buyer claims that the product they allegedly purchased has never arrived. Due to
the severe competition going on between online retailers, many of them promptly respond to such claims with the
refunds or replacements purely to control damage to their reputation and to keep the customer happy.
Refund fraudulent services have grown significantly since 2017, coasting on the increasing number of online sales.
Refund services are openly discussed on the dark web forums where fraudulent vendors are quick to offer their
“specialized services” to the interested third parties.
In return for effective service, these illegal vendors gain enormous followings and create a reputation that is
conductive to the continuity of their business. Happy customers have been known to go as far as leaving screenshots
alongside messages of gratitude and praise following a successful refund scam. Vendors who pull off scam after
scam successfully will often receive repeat business from many of their customers, who are sometimes satisfied
enough to leave positive reviews about their experience. Even as online retailers struggle to figure out a way around
this scam, more and more illicit vendors pop up on these dark web forums offering their services.
This kind of increase in criminal activity has led to an invasion in the advertisement of fraudulent receipts on the
dark web. These fake receipts often look as authentic as the next and can be engineered to target a wide variety of
online retailers. Fake receipt vendors rely on social engineering as their main approach since there are no parameters
to be bypassed in this scenario. The customizable nature of these fake receipts only makes it more difficult for
companies to preempt these actors next move. These receipts also present a huge problem for many online stores as
Flashpoint analysts cautiously predict. In addition to saturating the market with an indeterminate number of fake
receipts, these illicit vendors have made it easier for malicious actors to claim reimbursement even without making
the initial purchase. Similarly, they have made it increasingly difficult for companies to spot instances of fraud even
if they’re perpetrated by the same person.
The availability of physical fake receipts will make it harder for stores to suspend people from using them to
wrongfully claim reimbursement. As an added risk, the physical receipts will make it impossible for the retails to
avoid reimbursing customers for stolen products. Several illicit vendors offer digital and virtual receipts alongside
product serial numbers just to increase the legitimacy of the claim. Aside from the very pertinent concern of having
a market that is flooded with fake serial numbers, the availability of fake product serial numbers leads Flashpoint
analysts to speculate that these vendors are in possession of the serial number-generating software. Already, several
of these types of software have been spotted on various forums both on the dark web and on the surface web.
Increase in the competition between the online retails and a need for transparency will continue to force retailers to
extend munificent policies, usually at their own expense. This gap is one that may only widen a business’s compete
to differentiate themselves and to build loyal customer bases. As miserable as the situation appears to be, online
businesses can avoid falling for some of these fraudulent claims by carefully analyzing all refund claims before
fulfilling them. A dedicated intelligence service can facilitate this and help businesses to avoid massive losses from
cybercrime.
HOAXES AND UNVERIFIED CONTENT
An assassination market is a prediction market where any party can place a bet (using anonymous electronic money
and pseudonymous remailers) on the date of death of a given individual, and collect a payoff if they "guess" the date
accurately. This would incentivise assassination of individuals because the assassin, knowing when the action would
take place, could profit by making an accurate bet on the time of the subject's death. Because the payoff is for
accurately picking the date rather than performing the action of the assassin, it is substantially more difficult to
assign criminal liability for the assassination. There are reports of crowdfunded assassinations and hitmen for hire,
however, these are believed to be exclusively scams. The creator of Silk Road, Ross Ulbricht, was arrested by
Homeland Security investigations (HSI) for his site and allegedly hiring a hitman to kill six people, although the
charges were later dropped.
There is an urban legend that one can find live murder on the dark web. The term "Red Room"[ ] has been coined
based on the Japanese animation and urban legend of the same name. However, the evidence points toward all
reported instances being hoaxes. On June 25, 2015, the indie game Sad Satan was reviewed by Youtubers Obscure
Horror Corner which they claimed to have found via the dark web. Various inconsistencies in the channel's
reporting cast doubt on the reported version of events. There are several websites which analyze and monitor the
deep web and dark web for threat intelligence, for example Sixgill.
PHISHING AND SCAMS
A phishing website (sometimes called a "spoofed" site) tries to steal your account password or other confidential
information by tricking you into believing you're on a legitimate website. You could even land on a phishing site by
mistyping a URL (web address). Phishing via cloned websites (Elangovan et al, 2019) and other scam sites are
numerous, with darknet markets often advertised with fraudulent URLs.
PUZZLES
Puzzles such as Cicada 3301 and successors will sometimes use hidden services in order to more anonymously
provide clues, often increasing speculation as to the identity of their creators.
ILLEGAL AND EHTICALLY DISPUTED PORNOGRAPHY
There is regular law enforcement action against sites distributing child pornography – often via compromising the
site by distributing malware to the users (Mark, 2014). Sites use complex systems of guides, forums and community
regulation. Other content includes sexualised torture and killing of animals and revenge porn.
TERRORISM
There are at least some real and fraudulent websites claiming to be used by Islamic State of Iraq and the Levant
(ISIL) previously ISIS, including a fake one seized in Operation Onymous. In the wake of the November 2015 Paris
attacks an actual such site was hacked by an Anonymous affiliated hacker group GhostSec and replaced with an
advert for Prozac. The Rawti Shax Islamist group was found to be operating on the dark web at one time.
SOCIAL MEDIA
Within the dark web, there exist emerging social media platforms similar to those on the World Wide Web.
Facebook and other traditional social media platforms have begun to make dark-web versions of their websites to
address problems associated with the traditional platforms and to continue their service in all areas of the World
Wide Web.
CONCLUSION
The deep web will continue to perplex and fascinate everyone who uses the internet. It contains an enthralling
amount of knowledge that could help us evolve technologically and as a species when connected to other bits of
information. And of course, it’s darker side will always be lurking too, just as it always does in human nature. The
deep web speaks to the fathomless, scattered potential of not only the internet, but the human race, too. Regardless
of if the Dark Web exists or not, the aforementioned activities still occur. The Dark Web just provides an easy way
to connect with people of similar interests, and to facilitate further interaction.
REFERENCES
Abbasi, A., & Chen, H. (2007). “Affect intensity analysis of dark web forums”. In 2007 IEEE Intelligence and
Security Informatics (pp. 282-288). IEEE.
Cubrilovic, N. (2014). “Large number of tor hidden sites seized by the fbi in operation onymous were clone or scam
sites”. URL : https://www. nikcub. com/posts/onymous-part1
Egan, M. (2015). "What is the dark web? How to access the dark website – How to turn out the lights and access the
dark web (and why you might want to)".
Elangovan, R., & Prianga, M. (2019). “Side Channel Attacks in Cloud Computing”. In Cognitive Social Mining
Applications in Data Analytics and Forensics (pp. 77-98). IGI Global.
Greenberg, A. (2014). "Hacker Lexicon: What Is the dark web?".
Manikandakumar, M., & Ramanujam, E. (2018). “Security and Privacy Challenges in Big Data Environment”. In
Handbook of Research on Network Forensics and Analysis Techniques (pp. 315-325). IGI Global.
Mark, W. (2014). "Tor's most visited hidden sites host child abuse images". BBC News
Nakamoto, S. (2008). “Bitcoin: A peer-to-peer electronic cash system”.
Qin, J., Zhou, Y., Lai, G., Reid, E., Sageman, M., & Chen, H. (2005). “The dark web portal project: collecting and
analyzing the presence of terrorist groups on the web”. In Proceedings of the 2005 IEEE international conference on
Intelligence and Security Informatics (pp. 623-624). Springer-Verlag.
Solomon (2015). "The Deep Web vs. The dark web".
Syverson, P., Dingledine, R., & Mathewson, N. (2004). “Tor: The second generation onion router”. In Usenix
Security.
Van Hout, M. C., & Bingham, T. (2013). “‘Silk Road’, the virtual drug marketplace: A single case study of user
experiences”. International Journal of Drug Policy, 24(5), 385-391.
David L. Chaum, ‘Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms’, Communications of
the ACM, vol. 24, no. 2, Februay 1981, p. 85.