The DarkNet


Everyone is talking about "The DarkNet" these days. What exactly is it? To begin to understand the darknet and the dangers you must first understand "what" it is.

Before you continue reading, you should fully understand that any actions that result out of reading this is entirely YOUR responsibility. The darknet can be a dangerous place and you should understand that before experimenting or exploring. Think of it as learning to do the tango while in a digital minefield, one wrong step and it's lights out.

The darknet is a collection of computers and technology that is configured in such a way as to provide for as much anonymity as possible. How this works is very simple. You connect through a special browser (discussed below) and bounce through a series of relays. This keeps the user anonymous as well as each relay node that is connected through. As you pass through each node, encryption is added and removed at each node. Also, on the normal internet we have websites, such as www.arrakisconsulting.com, and those websites are accessible through an internet service called DNS. Domain names (www.arrakisconsulting.com) are easier to remember than IP addresses (10.20.30.247). So for the purposes of making our lives easier DNS takes those domain names and translates them into IP addresses for us and connects to the website. Darknet follows the same process but uses a different extension or last name (ie. .com or .net). The darknet extensions, or last name, are .onion or also called "onion links". Because onion links are not serviced by DNS servers on the Internet, the links are sort of pseudo hidden. Generally, the first name (google in google.com) is also a random set of letters and numbers making it harder to remember. Additionally, how you connect to the darknet is through a special browser. The most common browser is the TOR browser, offered by the TOR Project. Anything that is not found on the Internet, also known as "The ClearNet", would be considered on the darknet. Also, originally, the darknet was designed and used primarily for countries that had restrictive laws around freedom of speech. The darknet removed those restrictions and free speech advocates or reporters could anonymously and securely submit information without a restrictive country from knowing. The deeper you go into the darknet you will find the more perverse, strange, and illegal it will also get.

What most people don't know is that the DarkNet was designed by the USG in the 90's with the intention of being able to get to blocked websites in countries where normally it wouldn't be allowed. In 2004, the USG had to open up the DarkNet to the rest of the world or else any TOR traffic would be associated to the USG. By opening it up to everyone the USG also is anonymous.

Here is the easy part, once you download the TOR browser and install it. You are now just a couple mouse clicks away from being on the darknet. After opening the TOR browser, just treat it like any other web browser and you can easily browse the darknet. While the browser is running it will natively bounce through multiple TOR relays before putting you on the darknet. Generally, you get bounced 3-4 times but it could be more. This way, you may be in Texas and bounce through Netherlands, Germany, and Canada before accessing an onion link in California. As far as the onion server is concerned, you are in Canada. If there was a hostile or inquisitive entity then they would have to work backwards through all the relays before getting to you...assuming they know how to do that.

So, you just saw how easy it was to get on the darknet. So, should you do it? Unless you have a good reason to do so, Arrakis recommends against it. The reasons are simple, because the darknet can be a dangerous place. Should you attract the wrong attention then you may become a target for hostile parties. Should you ask the wrong questions you may attract the attention of law enforcement who may also want to have a discussion with you. To be clear, law enforcement is all over the darknet. Additionally, there are numerous private entities that monitor the darknet and provide information to law enforcement. As an example, should you run across an illegal drug onion site and you attempt to purchase those illegal drugs, then you should very well expect to get a visit from law enforcement. The short story about the darknet is if you play stupid games then you will win stupid prices. You will run across a variety of illegal and unethical onion sites and before you become too curious and click that onion link you should know that some things can't be unseen. If you would like to see an example, without getting on the darknet, then do a google search for "silkroad" and you will find an illegal narcotics distribution site that was shut down.

So how can you protect yourself a little bit more. Firstly, and most importantly, don't attract attention to yourself. Secondly, if you are unsure of something, then do some research and learn about it as opposed to just doing it. However, you can also add a few layers of protection in addition to the anonymity offered by the TOR browser. What can help increase your security is to use Whonix in a virtual environment. Whonix offers a free workstation and proxy ISO that can be loaded into a virtual environment on your computer. Then on the virtual whonix workstation, you load the TOR browser and configure the workstation to access the darknet through the whonix proxy (also virtual). So what happens, is the virtual whonix workstations runs the TOR browser (3-4 layers of anonymity) then connects to the virtual proxy (also anonymous). Because of the way virtual technology works, your virtualized environment would bounce through several private and unroutable networks (more anonymity). The end result is that if someone does attempt to hack your machine, the workstation is virtual so you simply shut shut off the virtual machine. If the machine does get compromised then you can delete it and spin up a new virtual machine in a matter of minutes. Instructions on how to set all this up can be found on the Internet however it's really not that hard to do. You can even add another layer of protection by subscribing to a commercial VPN service in a neutral country such as Switzerland that your whonix proxy connects to before getting on the darknet.

Can the darknet be useful? It sure can...if you are a cybersecurity professional that is. Quite often cybersecurity persons will browse the darknet looking for company or personal data that has been compromised. So, say for example, you work for a large company and you are unsure if a server has been compromised...theoretically, you could seek out various onion sites on the darknet that sells compromised servers. If you find your compromised server then you can purchase it from the hacker and then go about fixing the issue. You may consider that this could be a little difficult to swallow, but if your company can purchase your own compromised server back from the hacker for $100 as opposed to suffering down time which could be several thousands of dollars, then it seems to be good business sense to pay that $100. Some companies even have $5K in BitCoin available as a part of the Incident Response Plan for immediate usage to avoid downtime in the fastest way.

From the personal standpoint, again as a cybersecurity professional, it never hurts to see if your own information has been compromised or is for sale. The IRS, Target, Home Depot, Blizzard, and many other entities have been hacked. Given the population of the USA, and the general personality of an American, it is unlikely that you are not affected by any of those breaches.

The darknet is also becoming more and more popular. The below graph shows the daily amount of darknet users, by country, for 2014. You can only imagine how much it has grown today.

The darknet can come in different flavors also. Essentially anything not the Internet, is the darknet as previously discussed. We discussed using the TOR browser because it is the most popular, however there are others that are less popular and possibly more dangerous because they are more secretive. Specifically there is Freenet, I2P, and some others that are much much more private. All offer some of the same functionality as TOR but are slightly different and have extra features to help ensure anonymity. In a few cases interconnectivity is based on trust and uptime so the longer you are on the darknet then the more trust you have. The more trust you have the more darknet sites you get to browse.

Some advice if you do decide to get on the darknet: 1. use whonix as described earlier in a virtual environment, 2. establish an onion email address, don't use your real Internet email address. Just understand that onion emails can only be reached on the darknet, 3. never release your real name or any actual information about yourself. Hackers have been known to pull minor bits of data over time and then rebuild it to have a target profile, 4. don't make friends with anyone on the darknet, they aren't your friends, they are there to either sell or purchase something that can't be found on the clearnet which generally means it will be illegal, 5. if you are accessing the darknet from your company computer, be sure you have permission first in order to avoid getting terminated or opening a hole into your corporate network.

Stay alert...stay safe...don't do something stupid.

If you would like to see a quick video on the DarkNet, then click this link to a YouTube video

Contact Arrakis for more information.