Approximately 400 times larger than the visible Web, the Deep Web is also home to many of the Internet’s illicit activities such as identity theft, doxing, firearm trading and employing contract killers. Some may be familiar with the “Dark Web” or “darknets”: but these are only a portion of the Deep Web.
However, what really goes on in the Deep Web? After two years of research, Trend Micro has released a paper “Below the Surface: Exploring the Deep Web” detailing the anatomy of the Deep Web explaining the various degrees of everyday criminal activity that take place. It is strongly believed that more malware families will shift to the Deep Web in the future, given all the benefits cybercriminals will reap by hosting the more permanent parts of their infrastructure on TOR-hidden services – making the it the perfect host for malware activity.
The paper highlights several case studies breaking down both typical cybercrime and more unusual services, including the key findings below:
· Light drugs were the most-exchanged goods, with Cannabis topping the ranking at 27.28% on the buyer breakdown as of 3 June 2015. This was followed by pharmaceutical products like Ritalin and Xanax, hard drugs, and even pirated games and online accounts.
o In addition to dedicated shops or forums, a popular site—Grams—allows people to easily search and index Deep Web sites that deal in illegal drugs. With a logo mimicking that of Google, it has become a de facto site for those in search of such goods.
· 8,707 suspicious pages were identified in the Deep Web, including those that host phishing kits, malware or drive-by downloads, or those that run shady marketplaces (used to trade hacking tools, etc.).
o Child exploitation ranked 3rd at 26.07% out of the “suspicious” pages category, with proxy avoidance (31.69%) (URLs that provide VPN access or ways to avoid corporate firewalls) coming in 2nd and disease vectors coming in 1st at 33.74%.
· Bitcoin is frequently used when purchasing illegal goods and services due to its anonymous transactions, however it is still traceable through public means. As a result, Bitcoin-laundering services have surfaced to help increase the anonymity of moving money throughout the Bitcoin system. The process involves “mixing” Bitcoins—transferring them through a spidery network of microtransactions before returning them to you. In the process, the user ends up with the same amount of money (normally, minus a small handling fee) but a transaction trail that is substantially harder to track.
· Leaked details of Government, law enforcement, and celebrities: Attackers and sometimes even insiders, often dox (the act of researching and broadcasting an individual’s personally identifiable information such as dates of birth, social security numbers, personal email addresses, phone numbers, physical addresses, and more) of companies, celebrities, and other public figures.
o One site—Cloudnine—lists possible dox information for public figures including FBI agents, political figures like Barack and Michelle Obama, Bill and Hillary Clinton, Sarah Palin, U.S. senators, and celebrities like Angelina Jolie, Bill Gates, Tom Cruise, Lady Gaga, Beyoncé, Dennis Rodman, and more.
· Assassination services for hire can also be found in the Deep Web, with prices varying based on the preferred manner of death or injury and the target’s status.
The report also highlights ties between the Deep Web and the “surface web” we all use every day. One shocking finding is that more than 25% of ties between Deep Web and surface web sites analyzed are for purposes of child exploitation and pornography.
The Deep Web and anonymity that comes with it will continue to raise a lot of issues and be a point of interest for both law enforcers and Internet users who want to circumvent government surveillance and intervention.