The Origins of the “Dark Net” “Dark Web”
The onion Router
DRM - Copyright Infringement
False Evidence Appearing Real (F.E.A.R)
• Darknet - IS & IS NOT
• An Overlay network (2 common types; Friend 2 Friend, and Anonymous)
• Darknet is a private network where IP addresses are not routable (can’t
PING or send other network requests) without special software,
• Virtual Private Networks can be considered “Darknet”
• P2P and other file sharing is potentially Darknet
• DRM and Copyright infringements (2002 paper by Peter Biddle, Paul
England, Marcus Peinado, and Bryan Willman,)
• On the internet
• Able to be monitored at point nodes
• Uses non-standard ports and protocols
• IS NOT
• a secret
• DeepWeb Searching (often confused)
• Social media racists - hate crimes
• Camgirls - Fee per minute “bounty” - pay sites
• Self Harm communities - Personality disorders
• Darknet drug markets - “SilkRoad (10/2013),” “The Hive (2004; 2015),”
“Cyber-Arms Bazaar,” “The Farmer’s Market (2012),” “Atlantis (9/2013),”
“Black Market Reloaded (,” “Sheep Marketplace (,” “TheRealDeal.” Card
• Cryptoanarchists - Crypto-anarchists employ cryptographic software to
evade prosecution and harassment while sending and receiving information
over computer networks, in an effort to protect their privacy and political
• Transhumanists - (H+ or h+), thinkers study the potential benefits and
dangers of emerging technologies that could overcome fundamental human
limitations, as well as the ethics of using such technologies.
Uses of Darknet
• To better protect the privacy
rights of citizens from targeted
and mass surveillance
• Protecting dissidents from
political reprisal; e.g., Arab
• Whistleblowing and news leaks
• Computer crime (hacking, file
• Sale of restricted goods on
• File sharing (pornography,
confidential files, illegal or
counterfeit software etc.)
• Tied with crypto-currency
• Tor (The onion router) is an anonymity network.
It is the most popular instance of a darknet.
• I2P (Invisible Internet Project) is another overlay
network whose sites are called "Eepsites".
• Freenet is a popular (friend-to-friend) run as a
"opennet" (peer nodes are discovered
• RetroShare can be run as a darknet (friend-to-
friend) by default to perform anonymous file
transfers if Distributed Hash Tables and
Discovery features are disabled.
• GNUnet is a darknet if the "F2F (network)
topology" option is enabled.
• Zeronet is open source software aimed to build
an internet-like computer network of peer-to-peer
users of Tor.
• Syndie is software used to publish distributed
forums over the anonymous networks of I2P, Tor
• OneSwarm can be run as a darknet for friend-to-
• Tribler can be run as a darknet for file-sharing.
Are you at risk?
• Secure Web Gateways can be
• False sense of security
• Steps easily found on
• Is your site serving as a node
or darknet service?
• Final answer YES you are at
How do they do it?
a ToR example
• ToR Bridges - unregistered
• ToR without Bridges
• Pluggable Transports
• Direct SOCKS tunneling
• Do you have a good idea of what sites/IPs have
• Do you have packet inspections looking for
obfuscated fingerprints? [IP Address] [Port #]
[Unique fingerprint ID] would look like
obfs3 220.127.116.11:420 4352e58420e68f5e40bf7c74faddccd9d1349413
• Are you scanning your network looking for open ports? Like 7657, 4444
4445, 9150, 9050, 6668
• Looking for “Google” Searches on ToR nodes or Bridges?
What can you do or what should you be asking?