INTRODUCTION Internet is a hardware asset consists of multiple nodes where each node is a server, client systems such as laptops, computers, etc. In earlier days, the data are transferred or shared using the Internet. In 1989, Tim-Berners Lee ( ) introduced web in which the data are accessed through hyperlink text or web pages. Web is a software which runs over the internet to provide the service to users. Only 4-6% of the whole web or the web pages (surface web) are indexed in search engines such as Google, yahoo, etc. However, web which is not indexed in search engines is 400 times larger than surface web also known as deep web. The deep web ( ) can only be accessed through a special link or with special permission to access the data in the cloud or specialized servers which cannot be found on any of search engines. Government sectors, private bank data, cloud data, etc are examples of the deep web. The data in the deep web are so sensitive and private, to be kept in secret. These data are allowed to access by specific people. There is a subset of deep web termed as dark web. Figure 1 shows the difference of Surface web, Deep web and Dark web ( ). LeBlanc Email Password Protection Service Dark web allows a user to host a website on a specific network termed as darknet which remains anonymous always. The network used by the user to maintain anonymity is dark net. Darknet is a network build over the internet which is completely encrypted. Traditionally, when a user visits any sites, they are tracked via their Internet Protocol (IP) address. However, the darknet maintains privacy through specialized anonymity software and configurations to access. One such darknet is Tor (“The Onion Routing” project). TOR & DARK WEB The TOR architecture provides two basic services – anonymous browsing and hosting of anonymous information exchanges. These services are provided by one piece of special software – ‘Tor Browser’. There is no special technical requirement for these services to be bundled. Indeed, browsing is more popular than hosting. No Tor users have visited any hidden website at a *.onion address. Most probably, all the users merely use Tor browser to browse the internet’s conventional address space more securely. For example, Mary, who lives in a small town, wants to buy a pregnancy test but doesn’t want to be seen doing so by the shop owner. Peter, a friend of Mary’s father, wears a mask, walks detours and pay in cash. Peter will not be able to identify or trace. Also, Mary’s privacy and anonymity are assured. Anonymous browsing is not actually a part of ‘dark web’, but it is a legitimate and impressive service provided by Tor. The underlying purpose was to create a distributed, anonymous easily deployable and encrypted network to be used by those who needed it. Specifically, it was offered as a free service to promote unfettered access to the internet in locations where online censorship was heavily enforced. Chaum et al 1981, provided a way for this access through onion routing. In order for a user to access the website securely, the person has to be routed through a series of intermediary servers. The resulting pathways between servers were labeled ‘circuits’. Each packet of information to be relayed over the network would be encased in multiple layers of encryption, each to be sequentially peeled away only by the subsequent node in the circuit. Consequently, intermediary nodes could only decrypt one layer of the encryption, preventing access to the underlying data and its originator. The final such hop – or exit node – would reveal the original packet and proceed to deliver it to the desired destination, thus protecting the sender’s identity. As a result, intercepting and decoding the information along its path would be significantly harder – albeit not impossible – to accomplish. The dark web attracted the people who do illegal stuff such as trade, forums, media exchange for terrorists, etc. without getting caught. “Silk Road” is a dark web site which is used to sell drugs and was taken down already by FBI. Friend-Friend and Free net is also a dark web provided by darknet used to transfer file anonymously. THE SIZE OF THE DARK WEB ECONOMY The dark web, an ocean of illicit activity often carried out by persons to trade stolen data, dollars, etc. In 2016, the Economist reported that the drug side of the dark web grew from approx $15 in 2012 to $150 million in 2015. As far as estimating the entire economy, the dark web has frustrated every attempt of information and other money transactions. Juniper Research ( ) predicted that there will be a 175% increase in Dark web cybercrime in the year of 2023. That’s on top of the 12 billion records expected to be used in 2018; this may be around a cumulative total of 146 billion transactions records to be accessed in the year 2023. There is also a growing service economy inside the dark web like hackers for hire, hitmen and other service providers that can’t advertise over traditional channels. It’s no secret that 2017 is shaping up to be the most notorious year on record for selling ransomware for Dark web. Even a casual news consumer can feel the ransomware attacks which cost an estimated worldwide business of $1 billion this year. Carbon Black’s Threat Analysis Unit (TAU) leveraged its own intelligence network to investigate the deepest, darkest portions on the web, where ransomware is currently being created, bought and sold in rapidly increasing underground economies. The research found that, in the financial year 2016-2017, there has been a 25.2% increase in the sale of ransomware on the dark web. This large scale increase is due to supply and demand of the world’s economy. Cybercriminals are progressively looking for more opportunities to enter the market and to make quick money via any one of the many ransomware offerings available via illicit economies. In addition, a basic plan of ransomware is its turnkey. Unlike other forms of cyberattacks, ransomware can be quickly deployed with a high probability of profit. The interesting information is, the dark web economies are also empowering even the most novice criminals to launch ransomware attacks via do-it-yourself kits and providing successful ransomware researchers with annual incomes into six figures. KEY FINDINGS OF DARKWEB RANSOWARE Currently more than 63,000 dark web marketplaces are selling ransomware with 45,000 product listings. The prices for the do-it-yourself (DIY) kits range from $0.50 to $3K. Comparing to the year 2016 target, the ransomware marketplace of 2017 on the dark web has grown to a rate of 2,502%. According to the FBI, ransom payments totaled about $1B in 2016, which was $24M in 2015. According to figures from Payscale.com, ransomware sellers are making more than $100,000 per year simply retailing ransomware, however, the legitimate developers earn only to a maximum of $69000. The most notable innovations contributing to the success of dark web ransomware economy has been the emergence of Bitcoin for payment, Tor for anonymity network. Ransomware sellers are increasingly specializing in a specific area of the supply chain, further contributing to ransomware’s boom and economy development. REGULATING THE DARK WEB To regulate the dark web, the regulators have struggled a lot with enforcement. In 2013, FBI has taken down Silk Road (Van Hout et al, 2013), a popular drug market of the dark web in 2013. Silk Road 2 popped up in 2014 before FBI has taken up Silk Road. Silk Road 3 followed of course. In addition to difficulty in stamping out new marketplaces, OpenBazaar has provided opensource code which allows for decentralized marketplaces similar to how torrents allow for decentralized file sharing. So, the dark web economy continues to grow despite the best efforts of law enforcement. A recent study from researchers at King's College London gives the following breakdown of content by an alternative category set, highlighting the illicit use of .onion services for the access of Dark webs. The objective of this proposed chapter is to exploit the illegal access of Dark nets (Greenberg, 2014) through webs and the benefited user through the webs. Also, this chapter explains about the actions taken by the National agencies like cybercrime and cyber security office (Manikandakumar et al, 2018) towards the Dark web. Dark web and its services BOTNETS Cyber threat actors use dark net forums to locate and take part in “botnet opportunities”. The dark net forums are used for all process of hacking and for investments in crypto currency silent mining, which also grown to be an active stage for botnet commerce and botnet-based cyber attacks. Once a cyber threat actor takes the control of a computer using any malicious program, he gains full access to the computer and the actor is free to use the system for DDoS attacks such as sending spam emails, for phishing attacks, for spreading malware and other kinds of attacks. In essences, hackers can use botnets just like weapons to spread malicious activities. Dark nets provide the hacker with a platform through which an army of botnets can be recruited. Some cyber-attacks consume a massive number of botnets and require a longer preparation period with more intensive efforts on the part of hacking. For an example, in order to generate a successful DDoS attack against a large corporation of DNS server, the hacker would have to recruit more number of botnets that would repeatedly send queries until the server crashes. The hacker may reduce some of the preparation burden by purchasing some of the botnets on a Dark Web forum. With an increasing awareness of the vulnerability of devices, cyber threat actors likely to use more and more attractive botnets. The advantages of botnets based on the Tor network are High availability and low down times of authenticated hidden Tor services. Reasonable availability of Private Tor networks. Exit node flooding capabilities. Traffic analysis is usually monitored by Law Enforcement Agencies (LEAs) to detect various activities related to botnets and pinpoint their C&C servers. This is actually done via utilizing network analyzers and Intrusion Detection Systems. Once monitored and detected, LEAs have various options to eradicate a botnet. Blocking the IP addresses of the C&C server. Cleaning the server used to host the botnet and other compromised hosts. Revoking domain name(s). De-peering of the hosting provider. The botnet traffic is redirected to the C&C server via the Tor network which encrypts it, rendering the analysis harder to accomplish. There are 2 botnet models based on the Tor network. Tor2Web Proxy Based Botnet Model: The routing procedure redirects .onion internet traffic via Tor2Web proxy. The bot connects to the Tor hidden service via the Tor2Web proxy which points to an onion domain that hosts the C&C server. Proxy-aware Malware via the Tor Network: This model utilizes the proxy-aware malware. As the Tor2Web service is not used, the bot has to execute the Tor clients on the victim hosts. Bots have to have SOCK55 support in order to be able to reach onion addresses on the Tor network via running Tor on infected machines. BITCOIN SERVICES Two words ineradicably fixed on the minds of many people following bitcoin is Silk Road, original dark web market. The Silk Road became notorious for enabling to sell drugs and other illegal items online. They are simply digital marketplaces created using technologies that typically strengthen bitcoin. At the very least, they will accept bitcoin as a method of payment because of its quasi-anonymous characteristics. That’s what happened with Silk Road, which was one of the first dark markets on the web, created by Ross Ulbricht. At first, Silk Road was a digital marketplace that connects vendors of illegal drugs with potential buyers. Vendors advertise their products on lists maintained by Silk Road, which was similar to the kind of listings you might find on any legitimate e-commerce marketplace. When an end user decided to buy drugs via the website, they generally wouldn’t want to send money directly to the person. Drug peddling isn’t a trustworthy business where advertised and purchased customer using Silk Road was anonymous. This made very easy for crooks to make off with the customers’ money without sending any goods in return. Aside from the fact that they are breaking the law, one of the biggest concerns around dark markets is trustworthiness. In several cases, dark markets have suddenly vanished with millions of dollars in escrow funds, leaving customers robbed of their funds. Law enforcement is also getting better at targeting these dark markets and taking them down. In November 2014, Operation Onymous (Cubrilovic, 2014) an international law enforcement operation, seized over 400 dark web domains. Dark markets including CannabisRoad, Blue Sky, and Hydra have been taken down. Law enforcement says that it has found a way to target sites using Tor, although has refused to reveal how. Dark markets continue to operate, and law enforcement continues to take them down in a continuous game of cat and mouse. Anyone considering engaging in illegal activities through these marketplaces should be aware of the risks. To rectify, Silk Road provided an escrow service. Customers buying drugs from vendors who listed on Silk Road would send their funds to Silk Road, instead to vendor. The website would then hold these funds until the customer confirmed that they had received what they had ordered. Further, Silk Road would release the funds to the vendor. These funds were always sent in bitcoin, rather than hard currency, because when used correctly, the network can provide a greater degree of anonymity. The drugs were normally sent by the Postal Service, either to PO boxes or, in the case of less suspicious customers, directly to their address. One of the major things that altered law enforcement to the operation of Silk Road was a spear in the level of drugs being intercepted in the mail. Actually, the Silk Road wasn’t a decentralized marketplace rather ran on a computer controlled by Ulbricht. It was protected though, because it ran on Tor, which is a communication protocol designed to offer anonymity to those who use it. Tor, originally developed by the U.S. Navy, has become popular among those wanting to protect their identities online. DARKNET MARKETS A darknet or cryptomarket is a commercial website on the web that operates via darknets such as Tor or I2P. Darknet markets function primarily as whole sale black markets such as selling, brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products. A study by Gareth Owen [ ] from the University of Portsmouth suggested the second most popular sites on Tor were darknet markets. Following the model developed by Silk Road, contemporary markets are characterized by their use of darknet anonymised access, bitcoin payment with escrow services and e-Bay vendor feedback systems. S.No 1 2 3 4 5 Table 2. Vendor product breakdown as on 3 June 2015. Product Breakdown (%) Cannabis 31.6 Pharmaceuticals 21.05 3,4-Methylene Dioxy Methamphet Amine 10.530 (MDMA) Lysergic acid diethylamide 5.26 (LSD) Methamphetamine 5.26 6 7 8 9 10 Mushrooms Heroin Seeds Video Games Accounts 5.26 5.26 5.26 5.26 5.26 HACKING GROUPS AND SERVICES The dark web is one of the most charming remnants of humanity, aggregated marsh of all the darkest aspects of internet activity such as child abuse images, drug markets, gun shops, gore smut, stolen merchandise, anarchist guides, terrorist chats, identity theft, hacking services and even more. The following describes about the potent of using these services for hacking. The user what actually think is “Browsing porn in incognito mode isn’t nearly as private as you think”. One of the largest hacking forums on the internet which uses the concept of Dark web is FreeHacks. It’s a Russian community which aims to collectively gather its resources in order to maximize efficiency and knowledge dispersement. It works similar to any typical forum, as like opening the Tor browser, copy and paste the URL, and land on a home page with various sub-forums. The sub forums are of varied and well divide into different categories as like Hacker world news Humor Hacking and security Carding (stealing credit cards and trying to cash them out on the internet) Botnet (a network of bots used to steal data and send spam, or perform DDOS attacks) Electronics and phreaking (phreaking is trying to break someone’s security network) Brutus (software used to crack passwords) DDOS (overwhelming a server with requests to shut it down) SEO-optimization Programming Web development Malware and exploits Private software Clothing market (people who use stolen credit cards to buy clothes and resell them) Financial operations Documentation (passports, driving licenses, citizenships) Blacklist (a community judicial system). The above mentioned illegal activity covers a dizzying amount of information, from a Russian forum and has more than about 5,000 active members. This is just the overview; even every sub-forum is further splitted into dozens of other sub-forums. When a user attempts to register on any hacking site, you’re met with a mission statement of sorts – a weird justification method for their own illegal activities. Once you go through the rigorous registration process where you have to declare why you want to join the forum, and what software development skills you have and want to learn, you are granted access to this treasure trove of illicit information. It seems more pathological and ironic; these hackers who essentially get paid to make life more difficult for people try to justify it with a fascinating proclamation. The word ‘hacker’ is incorrectly used in the meaning of ‘computer burglar’ by some journalists. However, hackers, refuse to accept such an interpretation of it and continue to imply the meaning of ‘someone who likes to program and enjoy it’ FRAUD SERVICES In recent days, more number of fraudulent services has emerged such as falsification of documents, forgery or counterfeit are types of fraud. The theft of one’s personal information, like social security number or identity is type of fraud. Fraud can be communicated through many media includes mail, wire, phone and the internet may be computer fraud and internet fraud. However, in dark web, fraudulent refund services are now becoming another fierce of attack for malicious actors. The malicious actors’ targets online retailers, banking sectors on their generous refund policies to fraudulently claim money or replacements for products they hadn’t purchased. These services are particularly persistent form of a cybercrime since merchants are stuck between trying to ensure customer satisfaction and mitigating the loss of an estimated 50,000 Euros every month through cybercrime. For en example, a typical fraud case occurs when the false buyer claims that the product they allegedly purchased has never arrived. Due to the severe competition going on between online retailers, many of them promptly respond to such claims with the refunds or replacements purely to control damage to their reputation and to keep the customer happy. Refund fraudulent services have grown significantly since 2017, coasting on the increasing number of online sales. Refund services are openly discussed on the dark web forums where fraudulent vendors are quick to offer their “specialized services” to the interested third parties. In return for effective service, these illegal vendors gain enormous followings and create a reputation that is conductive to the continuity of their business. Happy customers have been known to go as far as leaving screenshots alongside messages of gratitude and praise following a successful refund scam. Vendors who pull off scam after scam successfully will often receive repeat business from many of their customers, who are sometimes satisfied enough to leave positive reviews about their experience. Even as online retailers struggle to figure out a way around this scam, more and more illicit vendors pop up on these dark web forums offering their services. This kind of increase in criminal activity has led to an invasion in the advertisement of fraudulent receipts on the dark web. These fake receipts often look as authentic as the next and can be engineered to target a wide variety of online retailers. Fake receipt vendors rely on social engineering as their main approach since there are no parameters to be bypassed in this scenario. The customizable nature of these fake receipts only makes it more difficult for companies to preempt these actors next move. These receipts also present a huge problem for many online stores as Flashpoint analysts cautiously predict. In addition to saturating the market with an indeterminate number of fake receipts, these illicit vendors have made it easier for malicious actors to claim reimbursement even without making the initial purchase. Similarly, they have made it increasingly difficult for companies to spot instances of fraud even if they’re perpetrated by the same person. The availability of physical fake receipts will make it harder for stores to suspend people from using them to wrongfully claim reimbursement. As an added risk, the physical receipts will make it impossible for the retails to avoid reimbursing customers for stolen products. Several illicit vendors offer digital and virtual receipts alongside product serial numbers just to increase the legitimacy of the claim. Aside from the very pertinent concern of having a market that is flooded with fake serial numbers, the availability of fake product serial numbers leads Flashpoint analysts to speculate that these vendors are in possession of the serial number-generating software. Already, several of these types of software have been spotted on various forums both on the dark web and on the surface web. Increase in the competition between the online retails and a need for transparency will continue to force retailers to extend munificent policies, usually at their own expense. This gap is one that may only widen a business’s compete to differentiate themselves and to build loyal customer bases. As miserable as the situation appears to be, online businesses can avoid falling for some of these fraudulent claims by carefully analyzing all refund claims before fulfilling them. A dedicated intelligence service can facilitate this and help businesses to avoid massive losses from cybercrime. HOAXES AND UNVERIFIED CONTENT An assassination market is a prediction market where any party can place a bet (using anonymous electronic money and pseudonymous remailers) on the date of death of a given individual, and collect a payoff if they "guess" the date accurately. This would incentivise assassination of individuals because the assassin, knowing when the action would take place, could profit by making an accurate bet on the time of the subject's death. Because the payoff is for accurately picking the date rather than performing the action of the assassin, it is substantially more difficult to assign criminal liability for the assassination. There are reports of crowdfunded assassinations and hitmen for hire, however, these are believed to be exclusively scams. The creator of Silk Road, Ross Ulbricht, was arrested by Homeland Security investigations (HSI) for his site and allegedly hiring a hitman to kill six people, although the charges were later dropped. There is an urban legend that one can find live murder on the dark web. The term "Red Room"[ ] has been coined based on the Japanese animation and urban legend of the same name. However, the evidence points toward all reported instances being hoaxes. On June 25, 2015, the indie game Sad Satan was reviewed by Youtubers Obscure Horror Corner which they claimed to have found via the dark web. Various inconsistencies in the channel's reporting cast doubt on the reported version of events. There are several websites which analyze and monitor the deep web and dark web for threat intelligence, for example Sixgill. PHISHING AND SCAMS A phishing website (sometimes called a "spoofed" site) tries to steal your account password or other confidential information by tricking you into believing you're on a legitimate website. You could even land on a phishing site by mistyping a URL (web address). Phishing via cloned websites (Elangovan et al, 2019) and other scam sites are numerous, with darknet markets often advertised with fraudulent URLs. PUZZLES Puzzles such as Cicada 3301 and successors will sometimes use hidden services in order to more anonymously provide clues, often increasing speculation as to the identity of their creators. ILLEGAL AND EHTICALLY DISPUTED PORNOGRAPHY There is regular law enforcement action against sites distributing child pornography – often via compromising the site by distributing malware to the users (Mark, 2014). Sites use complex systems of guides, forums and community regulation. Other content includes sexualised torture and killing of animals and revenge porn. TERRORISM There are at least some real and fraudulent websites claiming to be used by Islamic State of Iraq and the Levant (ISIL) previously ISIS, including a fake one seized in Operation Onymous. In the wake of the November 2015 Paris attacks an actual such site was hacked by an Anonymous affiliated hacker group GhostSec and replaced with an advert for Prozac. The Rawti Shax Islamist group was found to be operating on the dark web at one time. SOCIAL MEDIA Within the dark web, there exist emerging social media platforms similar to those on the World Wide Web. Facebook and other traditional social media platforms have begun to make dark-web versions of their websites to address problems associated with the traditional platforms and to continue their service in all areas of the World Wide Web. CONCLUSION The deep web will continue to perplex and fascinate everyone who uses the internet. It contains an enthralling amount of knowledge that could help us evolve technologically and as a species when connected to other bits of information. And of course, it’s darker side will always be lurking too, just as it always does in human nature. The deep web speaks to the fathomless, scattered potential of not only the internet, but the human race, too. Regardless of if the Dark Web exists or not, the aforementioned activities still occur. The Dark Web just provides an easy way to connect with people of similar interests, and to facilitate further interaction. REFERENCES Abbasi, A., & Chen, H. (2007). “Affect intensity analysis of dark web forums”. In 2007 IEEE Intelligence and Security Informatics (pp. 282-288). IEEE. Cubrilovic, N. (2014). “Large number of tor hidden sites seized by the fbi in operation onymous were clone or scam sites”. URL : https://www. nikcub. com/posts/onymous-part1 Egan, M. (2015). "What is the dark web? How to access the dark website – How to turn out the lights and access the dark web (and why you might want to)". Elangovan, R., & Prianga, M. (2019). “Side Channel Attacks in Cloud Computing”. In Cognitive Social Mining Applications in Data Analytics and Forensics (pp. 77-98). IGI Global. Greenberg, A. (2014). "Hacker Lexicon: What Is the dark web?". Manikandakumar, M., & Ramanujam, E. (2018). “Security and Privacy Challenges in Big Data Environment”. In Handbook of Research on Network Forensics and Analysis Techniques (pp. 315-325). IGI Global. Mark, W. (2014). "Tor's most visited hidden sites host child abuse images". BBC News Nakamoto, S. (2008). “Bitcoin: A peer-to-peer electronic cash system”. Qin, J., Zhou, Y., Lai, G., Reid, E., Sageman, M., & Chen, H. (2005). “The dark web portal project: collecting and analyzing the presence of terrorist groups on the web”. In Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics (pp. 623-624). Springer-Verlag. Solomon (2015). "The Deep Web vs. The dark web". Syverson, P., Dingledine, R., & Mathewson, N. (2004). “Tor: The second generation onion router”. In Usenix Security. Van Hout, M. C., & Bingham, T. (2013). “‘Silk Road’, the virtual drug marketplace: A single case study of user experiences”. International Journal of Drug Policy, 24(5), 385-391. David L. Chaum, ‘Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms’, Communications of the ACM, vol. 24, no. 2, Februay 1981, p. 85.