The Dark Web, when you hear those words it sounds rather ominous doesn’t it? Most of what people browse on the internet is referred to as the “Surface Web” and it’s open to anyone with a regular internet browser. However there is a more anonymous, private, and secure part of the internet referred to as the dark web. This is a type of the internet that has to be accessed through special software such as the Tor Browser or an I2P router. There are generally two competing dark web techologies Tor, which stands for “The Onion Relay” and I2P which stands for the Invisible Internet Project. Both operate differently, but many of the ideas are the same, to encrypt and anonymize any internet traffic passing through it. Tor and Onion Routing are both anonymizing proxy networks. The two primary differences between them are the threat model and the out-proxy design. In addition, Tor takes the directory-based approach – providing a centralized point to manage the overall ‘view’ of the network, as well as gather and report statistics, as opposed to I2P’s distributed network database and peer selection.
While the term Dark Web sounds ominous, the reality is that it’s also used by Journalists, Political Dissidents, and others needing a safe and secure way to browse and communicate through the internet. Companies such as Facebook, and several journalism outlets actually even create Darkweb versions of their sites to be accessed so those in China, Iran, and elsewhere that have walled off the internet can browse to their sites securely and anonymously. However due to it’s capabilities of anonymity, there are of course some malicious actors who use the Tor and I2P networks to cloak their attacks on innocent businesses and people, or even sell illicit goods online in a black market. Thousands of servers and networks run by both businesses and individuals have access logs filled with possible and even successful attempts to access a server or network that can be traced back to a Tor Exit Node or an I2P relay. Unfortunately because these attacks are through an anonymizing protocol which bounces the signal around the world in multiple layers of encryption, it can be next to impossible to figure out who was performing such an attack unless you are analyzing the attack while it’s happening. However, people usually don’t discover an attack while it’s happening, according to Infosecurity magazine ( https://www.infosecurity-magazine.com/news/hackers-spend-over-200-days-inside/ ) the average infiltration was detected after they had already been inside the system for over 200 days. Not to mention an inordinate number of malware, botnets, and Distributed Denial of Service attacks can be traced back to Tor nodes quite often, so it is definitely a well known avenue for many attackers to cloak their locations. So the best thing when it comes to the darknet is to configure your firewalls and servers to block Tor and I2P traffic from the very beginning to minimize your attack surface.. With Accunet we know how to detect if anyone in your business is using a Tor or I2P browser to access unauthorized content, as well as how to block Tor and I2P from being used to connect from or to your networks.