Deep Dive: A Guide to the Deep-Web for Law Enforcement

There's a part of the Internet known as the deep web. It is called the deep web because of its massive size, it's literally 'deep'. According to The Guardian, you can only access 0.03% of the internet via search engines like Google and the rest is what makes up the deep web.

You can't just access the deep web from a normal web browser – like Firefox for example – you can only access the deep web through a deep web browser. The most famous of these deep web browsers is called Tor and this is the one we recommend you get if you're looking to get onto the deep web.

The deep web is well known for containing some really messed up stuff (snuff/child porn etc as you might expect but we're going to try and avoid that for the most part), but if you successfully steer clear of all of that then you'll find some really interesting stuff on the deep web that you would never find on the public world wide web.

We'll start with what is definitely the most useful feature of the deep web to law enforcement & intelligence professionals.

First, Marijuana
Forget calling your dealer and having to wait in the cold for him to meet you at a dodgy bus stop on a dark, cold, wintery night just to be given a crappy 1.5 gram eighth of bush weed, just get on the deep web instead. Now you can do all your marijuana ordering from the comfort of your own sofa.

You buy your marijuana in bulk from this deep web site, with the prices varying upon the strain and the amount of you buy. There are a couple of ways you can have your ganja delivered: either standardly through DHL (after being vacuum packed four times) or via drop shipping.

Second, Silk Road
Other online drug markets also exist on the deep web where you can pick up pretty much any kind of drug or chemical. The most famous of these is known as Silk Road and you can literally pick up what you want from this site. You name it, somebody has got it on here and you'll pay with your bitcoins and it'll arrive in an untraceable package a few days later. It really is that easy. Apparently there's a 97% success rate on this.

Silk Road is set up kind of like eBay or Amazon. There are buyers and sellers and each buyer and seller has their own feedback rating so when you're looking to pick up some LSD or salvia or whatever drug takes your fancy that day, then you'll have a look through the site, find a seller with good feedback for that particular chemical high and then pay them with a bitcoin and sit back and wait for it to turn up. It's that easy.

Three, Hire a Hit Man
Want to take out your boss, nagging wife or that journalist who wrote that awful review for your restaurant? Well if you've got the cash this person will do it for you. This is taken from one website on the deep web that offers this service and includes the differing prices of a hit. These prices are dependent on who the person is and what information you need to send so the hit can take place. The most popular hire an assassin sites are White Wolves and C'thuthlu.

Fourth, Buttery bootlegging
Buttery bootlegging is run by a Dangler who is good at stealing and apparently will steal anything that you can't afford or just don't want to pay for. There are loads of these rob-to-order pages in the deep web.

Fifth, The Human Experiment
The Human Experiment is a deep web site that details medical experiments that are performed on homeless people that are usually unregistered citizens. They're picked up off the street, experimented on and then usually die but they're homeless and unregistered so nobody misses them.

As with most of the deep web, there's actually some debate about whether The Human Experiment was real or just a parody site as it could quite easily be either given its location on the deep web. The Human Experiment

Sixth, Buy Weapons
There's a site known as Euroarms that lets you buy all kinds of weapons and have them delivered to your door courtesy of the deep web. Unfortunately for those of you that jumped out of your seat when you read that as you envisioned shooting up your school or blasting your boss away, the ammunition for these weapons is sold separately and you have to track that down on a different site.

Seventh, Buy Credit Card Information
The site you want is called Atlantic Carding and as with most services, the more you pay the more you get for your Bitcoin and so you can potentially get access to business credit card accounts and infinite credit card accounts.

Of course, a lot of the time when you're buying stuff online with a credit card you're going to need the user's details – including their name, address and social security number – and this is all available on the site if you're willing to pay the premium. Again, it's unknown if all this stuff is true and easily available online but the fact that any of this even might be real is pretty disturbing.

Eight, Betting on Fixed Sporting Events
It's long been theorized that many sporting events are fixed – especially stuff like horse racing – and that people in the know are able to bet on said events in order to line their pockets. It would seem that thanks to the deep web this no longer needs to be achieved by shady phone calls and crumpled up post-it notes, but you can simply log onto a site and they'll do it all for you.

The financial investment in this one is particularly hefty but if it pays off and it's real then you'll make it back in no time.

Many of the sites might be designed to fleece unwitting fools out of their Bitcoins anonymously because it's so easy, but you've got to think they wouldn't be able to after a while because people would start talking because they're not legit and their reputation would soon be in the drain.

Ninth, the Hidden Wiki
Mail order marijuana, hiring a hitman and getting someone to steal something for you, match fixing and buying weapons are all just the tip of the iceberg of the deep web as there's also the 'hidden wiki', which is apparently the portal to anything you've ever wanted on the deep web. It explains everything you ever wanted to know about the deep web and features a full list of .onion sites and a description of each one as well as a bunch of other interesting information about it.

Tenth, Recent Developments
Last summer, a whole bunch of hidden websites – possiblyas many as 50% – vanished off the deep web. This was linked to the takedown of a hosting operation in Ireland, allegedly connected to the United State's attempts to extradite an Irish citizen called Eric Eoin Marques for questioning over the distribution of child porn online. Of course, it's no surprise that the deep web is a hotspot for this kind of activity and it goes without saying that this is definitely not a good use for it. It also really pinpoints the debate over whether its existence should even be allowed at all.

Tor released the following statement regarding the breach: 'In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address. Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR [extended support release], on which our Tor Browser is based. We're investigating these bugs and will fix them if we can.'

As Tor said in their statement regarding this event, Tor is still safer and more anonymous than almost every other Internet browser out there, so it's probably still going to be used for a long, long time.

http://blog.mcafeeinstitute.com/the-ultimate-guide-to-the-deep-web

« Cyber Warfare: Technology backfires on the powerful.
Memex – The new search tool and for the Deep Web »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Biscom

Biscom

Biscom offers solutions for secure file transfer, synchronization, file translation, and mobile devices, designed to deliver mission-critical reliability, streamline workflows and reduce costs.

SSH Communications Security

SSH Communications Security

SSH Communications Security is a leading provider of enterprise cybersecurity solutions for controlling trusted access to information systems and data.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Evok

Evok

EVOK is an IT Service provider specialized in installing, maintaining and supporting IT infrastructures for SMB's in Switzerland.

Holm Security

Holm Security

Holm Security are taking vulnerability assessment into the next generation as a cloud service.

ArcusTeam

ArcusTeam

ArcusTeam is at the forefront of the firmware and applications security industry, with a mission to increase the level of security on all IoT devices and applications.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

StealthPath

StealthPath

StealthPath is focused on endpoint protection, securing the “implicit trust” vulnerabilities of current leading information security solutions.

endpointX

endpointX

endpointX is a preventative cyber security company. We help companies minimize their risk of breach by improving cyber hygiene.

Semgrep

Semgrep

Semgrep is a fast, open-source, static analysis tool for profoundly improving software security and reliability.

Dynamic Networks

Dynamic Networks

Dynamic Networks provide Managed Cloud Services; Unified Communications; Security & Compliance Services and Network & Infrastructure Services for both Public Sector and Private sector businesses.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.

ABPCyber

ABPCyber

ABPCyber offers holistic cybersecurity solutions spanning DevSecOps, advisory and consultancy, designing and integration, managed operations, and cybersecurity investment optimization.