The rebels in Syria who sent photographs of the atrocities committed by the Assad regime to the West have exposed one of the less contemptible aspects of the Darknet, an underground version of the Internet in which users remain anonymous and IP addresses are not publicly shared. The Darknet zealously guards the privacy of users, whose locations and computer numbers are hidden and whose addresses are dynamic and change at a rapid pace to prevent them from being located.
This underground Internet is the true sanctuary for freedom fighters and rebels against oppressive totalitarian regimes. There, surfers from Syria can act without fear of Assad’s long arm. Many of the first activities of the “Arab Spring” took place on the Darknet as operational messages sent anonymously to activists.
But the Darknet does not serve only the political underground. It also serves the underworld. Most activity taking place there is illegal. Under cover of anonymity, crime organizations, arms traffickers and hit men offer their services to anyone, without a paper trail. The Darknet has more than 200,000 websites that are not accessible to the average surfer. These websites serve crime and terrorist organizations and constitute a platform for electronic trafficking in drugs, arms, women and organs, as well as for identity thieves, hit men and pedophiles. Anyone who wishes to use the Internet to market illegal wares while concealing his actions will eventually discover the Darknet.
“Most of us see the Internet as a powerful tool for individual and commercial use. But most of us are unaware of the fact that there is a parallel Internet that uses exactly the same technologies. It stays hidden and allows anonymous surfing,” says Dr. Yossi Raanan, the head of 013-Netvision’s Center for the Study of Internet and Society, which is on the College of Management’s academic track. “It’s estimated that the amount of information on the Darknet is 400 times greater than the amount of information on the ‘public’ Internet. In light of that statistic, the Darknet is definitely a multi-faceted economic and moral threat, and we have a duty to take it down.”
As well as commercial and promotional websites, the Darknet contains thousands of closed forums that can be joined by invitation only. Every few minutes, usernames pass randomly from server to server to obliterate their traces and blur their locations. The servers are located in many countries to make it difficult for the police and security services of the various countries to locate the users.
Raanan says that while it’s impossible to provide exact numbers, there is plenty of dark activity going on over the Internet in Israel, and there are plenty of illegal websites in Hebrew.
“It’s hard to get to them because the whole idea is that they hide themselves very well,” he says. “There are shocking pedophilia sites. There are sophisticated commercial sites that allow buyers to order light drugs, heavy drugs and prescription medications, and whatever is ordered will get to the customer in the conventional manner.”
From 12 websites to 5,800
The members of the Darknet like to be far from the spotlight. They are not looking for “likes” or friends. They don’t register their sites with Google. Instead, they work by word of mouth to find customers or chat partners and exchange illegal, pornographic and even pedophilic data. In one Israeli forum, the following question was asked openly: Who has little girls? The answer came back quickly: “I have an 11-year-old daughter. She’s trained.”
“It’s shocking,” says Raanan. “Even if shocking is a mild way to describe what goes on there.” Raanan says that government agencies from every country are also getting into the Darknet. Legitimate surfers also take cover there to avoid being discovered by censorship agencies in their countries. The Syrians used the Darknet to send photographs of the atrocities committed by Assad’s forces, including photographs of the massacre of the children in Homs. The anonymity of the Darknet, where addresses are dynamic and hard to pinpoint, allowed them to pass along the information without being discovered by Assad’s agents.
Such sites can be accessed only by invitation. It is only after one arrives that one can begin one’s journey to the center of the earth, as it were. One has to download the Firefox browser and the TOR plugin, which operates like a shadow, adding layers of concealment to the underground surfing.
After adding several layers, one reaches the penultimate stage, the stage just before reaching the Darknet. This is where one must make a connection with a live user to be brought in. Even people who arrive at these sites without an invitation can peek inside, seeing a tiny bit of the enormous world that lies just beneath the surface. The addresses can be located on legitimate sites, and sometimes they also come up in open forums as cyber criminals try to recruit more customers for their forbidden wares.
“The cyber criminals use every technological innovation that’s out there,” says Raanan. “Many things that were developed for good purposes serve the criminals as well. When a Pandora’s Box is opened, we all pay dearly later on. We need to act against the phenomenon, because the more immune to discovery and enforcement crime becomes, the worse it is for us.”
Gabriel Weimann, a professor of communications at the University of Haifa who wrote “Terror on the Internet: The New Arena, the New Challenges,” found 12 websites operated by terrorist groups. Today, he keeps close watch on more than 5,800 such websites. Terrorists also use the Darknet to talk among themselves, thus creating a large area of activity for counter-terror agencies.
There is a different Wikipedia, too
A very large portion of the Darknet is made up of commercial websites where one can buy almost any illegal item: personal weapons, platoon-level weapons, drugs and illegal services. To enter the Darknet, one needs a plugin named TOR, an acronym for “the onion router.” The software was created with funding from the U.S. Navy, but once the extent of the criminal activity there became known, the FBI tried to shut it down, so far with no success. The program opens the first in a series of gates that lead to the Internet within the Internet, and that allow surfers to hide behind a secret IP address within a multi-branched Internet of dozens of servers on five continents where websites with unknown suffixes such as .onion and .bit are stored.
These websites are not managed by the DNS system of all open WWW addresses registered with ICANN. Rather, they are registered separately, through a secret authority known as Namecoin, which is run exactly like the open Internet. But Namecoin boasts of true freedom and the absence of any censorship. The Darknet’s complete disconnection from the public Internet allows it to exist with no government supervision by any established country, and allows users to change identities like socks. They ask the Darknet for a new identity and, by pressing a button, any connection that they had to their previous identity is wiped out. They can now operate under another name, with a new IP address, with no trace of their previous activity.
The ability to change identities frequently makes it appear as though the number of the Darknet’s users is larger than it really is. The Darknet is certainly growing at a rapid pace, just as the temptation to commit crimes anonyomously is also a big one. It is hard to catch the criminals. It is harder there than on the public Internet, where a court order can expose any criminal by the IP address that he used at a particular point in time.
The Darknet’s activity is evident to anyone who manages to get in. The people who are active there do not hide their wares, and there is also a Wiki-type encyclopedia, known as Hidden Wiki, that contains all the information one needs to get to know the Darknet and how things are run there. Advocates of its establishment say that it arose as a protest against government censorship and restrictive laws that violate the freedom that the Internet should symbolize. They dismiss the illegal activity, such as the trafficking in drugs, human beings or arms, as incidental to the political activity, which they consider important.
Since there are no laws on the Darknet, one can advertise anything there. Nobody can identify or arrest anyone who writes on a website. With the high connectivity speed common in homes today, many Internet users have set up servers to store pornographic information, photographs and particularly shocking video clips, as well as want ads where, on occasion, one can see the phrase: “Wanted: murderer for hire.”
Running parallel to TOR is another system known as I2P2, which is even more flexible and open. It has a direct link to the Internet that is accessible to everyone. Here one can find many IRC chats, and sharing of various kinds of files, including of videos and music. One can also gain access to websites with the I2p. It is black market heaven, with highly developed electronic commerce, including clearing-houses connected to the clearing-houses of international credit companies. But all this takes place with no evidence or documentation.
The police are working quietly
Detective agencies are finding it difficult to deal with the enormous mass of illegal activity on the Darknet. For this reason, researchers of the Artificial Intelligence Laboratory at the University of Arizona are developing automatic tools that can gather and analyze terrorist content in a systematic way.
The project, entitled Dark Web, uses “spiders” to find and catalogue millions of web pages, advertisements on terrorist forums, video clips and other multimedia content on an ongoing, day-to-day basis. The project’s managers have identified dozens of jihadi websites with an enormous amount of information, including step-by-step training films that show how to build improvised explosive devices. The findings have been handed over to American intelligence agencies.
Dr. Nimrod Kozlowski, the co-founder and chairman of Altal Security, says, “The power of the Darknet is inherent in the fact that many of its users put their trust in the anonymity that it gives them. But that is also its weakness. Law-enforcement agencies can take advantage of that trust. They distribute fake Internet codes, and then follow the activity on the Darknet, distribute feedback files, and can also operate undercover Internet users from their own agencies. An undercover police officer who is invited to a forum on the Darknet can exchange files with other users and thus gather intelligence, analyze information, and, most important, keep the person under surveillance.”
The Israel Police, with its meager forces, is also trying to cope with the Darknet by means of activities that it is not willing to divulge. The police are doing a great deal more than they are willing to share with the public. They prefer to act quickly so as not to expose their abilities or the level of knowledge that they have gathered in the tiny unit that deals with cyber crime. Since the police act legally, a crime must be committed first, and only then its forces may act.
According to Cmdr. Itzik Kesiel, the director of the Israel Police’s investigative team that deals with cyber crime, “A crime has to reach the real world. Otherwise, it’s not considered a crime, but just talk. In the field of drug trafficking, if there’s no buying and selling of a drug, no crime has been committed. The police can intervene only when something real happens to somebody.”