Dark Web Crimes: Addressing the Cyber Threats and Crimes Associated With the “Dark Web”

The “dark web” is a hidden internet world where good and evil coexist. On the bright side, the dark web enables anonymous, highly secure communication routes to protect reform agents such as human rights activists and journalists who are targeted by oppressive foreign regimes.


On the negative side, the dark web has become a major center of criminal activity, a fully working marketplace where anonymous buyers may buy from anonymous sellers with reasonable confidence, often with customer ratings available, just as they can on the public web.


The Federal Bureau of Investigation (FBI) arrested Ross Ulbricht in 2013 for running Silk Road, an online marketplace for illegal substances. The site was uncovered on the so-called Dark Web, where Ulbricht (under the alias “Dread Pirate Roberts”) remained anonymous and so protected from law enforcement, albeit for a short time. Silk Road couldn’t be accessed with just any desktop browser, and customers were unable to use credit cards to buy heroin, methamphetamine, or other drugs.


However, as soon as “Silk Road” was shut down, others stepped into play. The Dark Web works in the shadows of the internet, veiled in encryption and accessible only through particular encrypted browsers, as its name suggests. 


The obscurity of unlawful conduct on the dark web conceals an industry that authorities are increasingly concerned about. The criminal side of the dark web hides its trade in a variety of contraband, including opioids and other drugs, bomb parts, small and large weapons, child pornography, social security numbers, body parts, and even criminal acts for hire, using anonymizing technology and bitcoin.


The anonymity of the dark web not only fosters illicit actions, but it also keeps many law enforcement agencies in the dark about its presence, even when online transactional crimes affect their regions.


An NIJ-supported gathering of experts identified law enforcement’s primary dark web challenges and opportunities, as well as high-priority needs for addressing them, in order to improve the awareness of the dark web among law enforcement agencies and identify tools that can assist them police it. The workshop experts identified a fundamental concern for law enforcement as: a lack of understanding of how the dark web works and how criminals have begun to exploit it.


In recent years, various technologies for monitoring content on the visible Web have been developed, but there are essentially no corresponding tools for the dark Web. It is critical to provide evidence that the dark Web has become a key platform for global terrorism and criminal activity in order to develop the required technologies for monitoring all parts of the Internet.


Via this post, we’ll go over what the Dark Web is and how it works, how it varies from the Deep Web, what kinds of crimes it houses, and what actions need to be taken against these Dark Web crimes.


Understanding The Internet, The World Wide Web and The Deep Web

Although many individuals confuse the phrases Internet and World Wide Web, they are not interchangeable. The Web and the Internet are two distinct but connected concepts.


The Internet is a huge collection of networks that serves as a networking infrastructure. It joins millions of computers around the world to build a network in which any computer can communicate with any other computer as long as they are both linked to the Internet.


The World Wide Web, or simply the Web, on the other hand, is a way of gaining access to information over the Internet. It’s an Internet-based information-sharing system. To send data, the Web uses the Hypertext Transfer Protocol (HTTP), which is merely one of the Internet’s languages. The web is the publicly visible part of the internet that most of us use every day, and it is accessible via search engines such as Google or Bing.


Email, which uses Simple Mail Transfer Protocol, Usenet newsgroups, instant messaging, and File Transfer Protocol, is also done through the Internet, not on the Web. As a result, the Web is only a small part of the larger Internet.


Finally, the deep Web can be defined as a part of the internet that is normally hidden from public view. It refers to World Wide Web content that does not appear on the surface of the Web. Normal search engines cannot access it. It can’t be found using standard search engines but via other, less well-known ways.


The majority of the ‘Deep Web’ consists of databases that may be accessed safely via the ‘Open Web.’ Databases related with hotel reservations, online purchases, medical records, banking, and other activities, for example. These content are password-protected and can only be accessed by authorized individuals.


The Dark Web

The dark Web is a subset of the deep Web that has been purposefully concealed and is unreachable via standard Web browsers. Dark Web sites serve as a platform for Internet users that value anonymity, as they not only protect against unauthorized users, but also typically contain encryption to avoid monitoring.


Most individuals access the internet using a computer or device with an IP (Internet Protocol) address – a unique online identity.


An IP address allows networks to transmit the right information to the appropriate location, such as ensuring that an email is sent to its intended recipient. Using an IP address, an individual’s online activities can be tracked and monitored.


The ‘Dark Web’ employs sophisticated technologies that hide a user’s genuine IP address, making it extremely difficult to determine which websites a device has visited.


The Tor network is a relatively well-known source for content on the dark Web. Tor is an anonymous network that can only be accessed with a specific Web browser known as the Tor browser.


Tor as a means for communicating online anonymously was first introduced in 2002 by the US Naval Research Laboratory as The Onion Routing (Tor) project. I2P, another network, has many of the same capabilities as Tor. I2P, on the other hand, was designed to be a network within the Internet, with traffic staying within its limits. Tor enables more anonymous access to the open Internet, whereas I2P provides a more powerful and reliable “network within a network.”


How the “Dark Web” Came Into Play – The TOR Network’s Evolution

The Internet was not developed with elements like privacy and anonymity in mind by default. As a result, everything can be tracked or traced. However, some people are particularly concerned about their privacy, and the US Federal Government was one such group in the mid-1990s.


A team of computer scientists and mathematicians working for the Naval Research Laboratory (NRL), a branch of the US Navy, began developing a novel technique known as Onion Routing. It enables anonymous bidirectional communication in which the source and destination are not known to a third party. Overlay Network is used to do this. An overlay network is  a network that is built on top of another network  (i.e the internet).


A darknet is a network that uses the onion routing technique. The dark web was created by combining all of these different darknets. People at NRL quickly understood that in order for the network to be genuinely anonymous, it needed to be accessible to everyone, not only the US government. As a result, the NRL was forced to expose their Onion routing system under an Open Source License to the public, and it became The Onion Router (TOR).


How the “Dark Web” Works

Every day, our online activities create digital footprints in the form of personal data. Our digital identity and representation — is made up of this whole information.


When IP addresses can’t be traced, anonymity on the internet is assured. Tor client software hides user identification and eliminates monitoring by routing Internet traffic through a global volunteer network of computers. As a result, the dark Web is ideal for cybercriminals who are always attempting to hide their identities.


Governments use the dark Web to exchange documents in secret, journalists use it to escape censorship in numerous countries, and dissidents use it to avoid authoritarian regimes’ control. In contemporary political and social discussions, anonymous communications play a significant role. Because of concerns of political or economic retaliation, many people want to keep their identities hidden.


Anonymous communication across a computer network is achieved using onion routing. Messages are encrypted multiple times before being routed through onion routers, which are multiple network nodes. Each onion router scrapes away a layer of encryption to reveal routing instructions, then delivers the message to the next router to repeat the process. This method keeps intermediate nodes in the dark about the message’s origin, destination, and content.


Crimes Associated With the “Dark Web”

The Dark Web is the center of criminal attacks because it provides anonymity and serves as a doorway into the criminal world. The following are some of the most well-known crimes committed on the Dark Web:


  • Drug Trafficking

The dark web is an unlawful marketplace for the sale of illegal and dangerous substances in exchange for crypto currency. Bitcoin, Ethereum, and Ripple are just a few examples.


Silk Road was also a well-known marketplace for unlicensed medications and illegal drugs. The FBI took down this website in 2013. Agora is a website that was shut down as well. There are a number of such websites that operate on the Dark Web for the sale and distribution of illegal drugs. Visually pleasing, these sites resemble any other shopping website, with a brief description of the items and a photograph to accompany them.


  • Human Trafficking

Human trafficking takes place at Black Death, a dark web site. The British model Chloe Ayling is one of the victims of human trafficking on the Dark Web. According to a 2017 survey, the majority of human trafficking survivors were recruited for sex and labor trafficking.


Other reports have demonstrated that the Dark Web has aided in the concealment of this crime. Black Death is a dark web organization that operates by often changing URLs.


  • Information Leaks and Theft

Many anonymity-supporting platforms, such as TOR, are helpful resources for whistleblowers, activists, and law enforcement. So, it is reasonable to believe that specialized sites make it easier for individuals to exchange physical and private information, such as passwords and access to passwords for the surface Web, paid pornography sites, and PayPal credentials. 


Hackers use the Dark Web to spread sensitive information. On the dark web, a hacker gang once exposed the credit card accounts and login information for around 32 million Ashley Madison customers as a 9.7GB data dump. Employees are even paid by dark web hubs to expose corporate information.


  • Murder and Contract Killers

The Assassination Market website is a prediction market where a party can gamble on a person’s death date and receive a payout if the date is “guessed” correctly. This encourages assassination since the assassin, knowing when the event will take place, can benefit by placing a precise bet on the time the subject will die. It is much more difficult to assign criminal guilt for the assassination because the payment is for knowing the date rather than doing the assassination itself.


 On the dark web, there are even websites where you may hire professional assassins. Once, a hacker known as ‘bRpsd’ gained access to BesaMafia’s website and leaked its information online. User accounts, personal conversations, eight hit-orders, and a folder containing nearly 200 victim photos were all exposed. 


  • Child Pornography

According to a report, child pornography drives the most traffic to TOR’s hidden sites. It is difficult for the common user to locate such sites. It is a form of child exploitation that involves the sexual stimulation of children as well as the abuse of children during sexual acts. It also includes kid pornographic sexual photos.


Lolita City, a site that had over 15,000 members and stored over 100GB of child pornography photographs and videos, has officially been taken down.

The FBI shut down PLAYPEN in 2015, which had over 200,000 members and might have been the largest child pornography site on the dark web.


  • Terrorism

Terrorists and the dark Web appear to be made for one other; the latter requires an anonymous network that is both accessible and inaccessible. Terrorists would struggle to maintain a presence on the surface Web because their sites might be easily shut down and, more crucially, traced back to the original poster.


While the dark Web may not have the same broad appeal as the surface Web, the hidden ecology is ideal for propaganda, recruitment, finance, and planning, which is in line with our first perception of the dark Web as an unregulated cyberspace.


  • Exploit Markets

Exploits are malware that takes advantage of software defects before they are fixed. Zero-day exploits target zero-day vulnerabilities, which are those for which the vendor has yet to release an official patch. The term “zero-day” refers to the fact that the programmer had no time to fix the vulnerability.


Exploit markets are marketplaces for buying and selling zero-day exploits, and the price of an exploit is determined by the popularity of the target software as well as the difficulty of cracking it.


  • Proxying and Onion-Cloning

Users of Tor-like platforms are vulnerable to attack because of their anonymity. The normal ‘HTTPS’ in the URL of such a site which indicates that it is secure does not appear. They must bookmark the TOR page to ensure they are on the legitimate site.


When a fraudster uses website proxying, the user is tricked into believing he is on the original page, and the scammer then re-edits the link to send the user to his scam URL. When a user pays in crypto-currency, the money is transferred to the scammer instead.


Onion Cloning is comparable to proxying. In order to steal money from the user, the scammer builds a replica of the original site or page and modifies the links so that the user is referred to their scammed site.


  • Illegal Financial Transactions

Theft and sale of a user’s credit card credentials and personal information are referred to as carding frauds. On the Dark Web, it is the most popular sort of criminal activity. 


Credit and debit cards are sold on darknet markets. Multiple URLs redirect the user to the same page on these sites. Vendors from other forums submit advertisements describing what they have.   Vendors sell cards at a lesser cost. 


Carding frauds are also possible on some money transfer services. This service is available through a website called Atlantic Carding, and the more you spend, the more you get. Business credit card accounts and even infinite credit card accounts linked to ultra-high-net-worth individuals are up for grabs. The user’s personal information, such as name, address, and so on, are available at a price.


  • Arms Trafficking

It serves as a conduit for illegal arms trafficking. According to a RAND Corporation study, the dark web is expanding the availability of firearms at similar prices to those seen on black market streets. Europe is also discovered to be the main supply of firearms. The Dark Web has become a forum for criminal groups and terrorists, with Germany coming in third with 5.31 percent.


Euroarms is a website that sells a variety of firearms that may be delivered to your door in any European country. The ammunition for these weapons is sold separately, and that website should be discovered on the dark Web. 


The Dark Web and Malware

The dark web market is a place where illegal materials can be bought and sold. It  is a home for a variety of malicious software and services and  malware is a critical component of many cyber-attacks occurring through the Dark web. 


Cryptominers deploy a variety of malwares to carry out their unlawful cyber activities and these are some of the most common malwares:


  •  Data Stealing Trojans

They can also collect passwords from the clipboard, intercept keystrokes, bypass or disable antivirus software, and transfer files to the attacker’s email address. 


  • Ransomware

Ransomware encrypts your computer or files and demands a ransom payment before they may be decrypted.  Ransomware is a type of malicious assault that takes control of a user’s system and prevents that user from accessing it. There are various methods through which ransomware criminals select the organizations they attack. Some businesses are attractive targets because they appear to be more willing to pay a ransom quickly. 


Medical facilities and government entities, for example, frequently require fast access to their files. Law firms and other sensitive data organizations may be ready to pay to keep news of a hack hidden, and these organizations may be particularly vulnerable to leakware attacks.


  • Remote Access Trojans (RATs)

Remote Access Trojans allow an attacker to monitor user activity, take screenshots, run files and commands, activate the webcam and microphone, and download files from the internet. DarkComet, CyberGate, ProRAT, Turkojan, Back Orifice, Cerberus Rat, and Spy-Net are examples of popular RATs. 


  • Botnet Malware

  It’s a multipurpose malware that demonstrates how fraudsters are broadening their attack methods. The ransomware, keylogger, and botnet capabilities are all included in the virus. Botnet Ransomware is an example of Virobot. When Virobot infects a computer, it joins a spam botnet that spreads the malware to new people. The ransomware uses RSA encryption to encrypt the data on the targeted system. Meanwhile, the botnet’s keylogger captures logged data from victims and sends it to the C2 server. Virobot’s botnet function leverages Microsoft Outlook on an infected machine to send spam emails to everyone on the user’s contact list. 


  • ATM Malware

These Trojans are used to steal money from ATM machines. ATM hacking is profitable due to the fact that a single ATM might contain up to $100,000 in cash. ATM malware is the most expensive of all malwares and a single piece of malware can be used to attack multiple ATMs. Exploits look for flaws in a system or software and take advantage of them. The exploits available on the dark web are designed to work on a variety of platforms. Due to the large market size, Windows-based exploits are the most popular. 


Efforts Towards Addressing the Challenges Posed By the Dark Web

To address the challenges posed by the dark web, the RAND Corporation and the Police Executive Research Forum (PERF) convened a workshop on behalf of the National Institute of Justice (NIJ) to bring together a diverse group of practitioners and researchers who would identify the highest-priority problems and potential solutions related to dark web evidence.


The workshop experts identified a core issue for the law enforcement which is: a lack of understanding of how the dark web works and how criminals have begun to exploit it. As a result, the emphasis was on building a practical research and development plan to improve law enforcement’s ability to understand and investigate unlawful activities on the dark web.


It was found that law enforcement authorities recognized the following as priority needs for detecting illegal behavior on the dark web:

  • Raising public awareness of the dark web among state and municipal governments.
  • Creating cross-jurisdictional collaborations among agencies.
  • Implementing more and advanced training to better equip officers to discover dark web evidence and activities.
  • Providing extensive knowledge of dark web methods and operations to special investigation units. Because of the dark web’s anonymity, many state and local law enforcement agencies are generally ignorant of its presence and capacity to instigate crime in their jurisdictions.


Monitoring the Dark Web 

The dark Web in general, and the Tor network in particular, provide a secure platform for cybercriminals to support a wide range of illegal activities, from anonymous marketplaces to secure means of communication to an untraceable and difficult-to-shutdown infrastructure for deploying malware and botnets.


As a result, it has become increasingly vital for security agencies to track and monitor activities on the dark Web, which is currently focused on Tor networks but may expand to other technologies in the near future.


Customers’ Web data could be analyzed by security agencies to detect  connections to non-standard sites. Depending on the customer’s level of Web activity, this may not aid in tracking down links to the dark Web, but it may reveal insights about activities hosted with rogue top-level domains. This can be accomplished without invading the user’s privacy because only the destinations of Web requests need to be monitored, not who is connecting to them.


Pastebin and other similar sites are frequently used to distribute contact information and addresses for new hidden services. These sites would have to be constantly monitored in order to detect message exchanges containing new dark Web domains.


Most hidden services are highly volatile and frequently go offline, only to reappear later under a new domain name. It is critical to capture a picture of each new site as soon as it is discovered, for further study or monitoring its online activities. 


Once the data for a hidden service (any of the websites on the dark Web) has been collected, creating a semantic database including crucial information about the hidden site can assist in tracking future illegal activity on the site and associating them with malicious actors.


Finally, it would be beneficial to concentrate on profiling transactions on dark Web marketplaces in order to collect information on vendors, users, and the types of commodities transacted.


In Conclusion

The dark web is a part of the Internet where people go to accomplish things in secret and leave no trace. It has become a center for illegal activities such as child pornography, arms trafficking, drug trafficking, and onion cloning, among others. The anonymity provided by this platform is the driving force behind these activities.


Other trends are beginning to emerge as a result of recent discoveries regarding widespread Internet surveillance by nation-states and recent arrests of cybercriminals operating dark Web sites. It wouldn’t be shocking if the criminal underworld became more divided into various dark nets or private networks, making investigators’ jobs even more difficult.


The dark Web has the capability to host an escalating number of malicious services and activities, and new major marketplaces will inevitably arise. To cope with future occurrences as promptly as possible, security professionals and law enforcement agencies must remain watchful to develop new approaches for detecting emerging malicious activities.


Do You Have Any Questions about Dark Web Crimes?

Whether you were unjustly trapped in a Dark Web criminal investigation, had your privacy violated, or simply want a good defense to your charges, you have the entitled to legal assistance. A lawyer with experience in such cases would understand the complexities of both the law and the technology involved.


At Olisa Agbakoba Legal (OAL), we have skilled and experienced cyber lawyers who can provide legal support and advisory services relating to cybercrime, particularly Dark-web related crimes.


Our Cyber lawyers handle cybercrime cases that involve individuals, organizations, or the government, as well as cases involving e-commerce, e-contracts and digital signatures, intellectual property rights, cybersecurity, and other topics.


Please do not hesitate to contact OAL’s Cyber Lawyers if you have any questions about internet technologies or cyber crimes in Nigeria.



Written By:

Josephine Uba

Lead Digital Strategist, Olisa Agbakoba Legal (OAL)