Deep Dive: A Guide to the Deep-Web for Law Enforcement

There's a part of the Internet known as the deep web. It is called the deep web because of its massive size, it's literally 'deep'. According to The Guardian, you can only access 0.03% of the internet via search engines like Google and the rest is what makes up the deep web.

You can't just access the deep web from a normal web browser – like Firefox for example – you can only access the deep web through a deep web browser. The most famous of these deep web browsers is called Tor and this is the one we recommend you get if you're looking to get onto the deep web.

The deep web is well known for containing some really messed up stuff (snuff/child porn etc as you might expect but we're going to try and avoid that for the most part), but if you successfully steer clear of all of that then you'll find some really interesting stuff on the deep web that you would never find on the public world wide web.

We'll start with what is definitely the most useful feature of the deep web to law enforcement & intelligence professionals.

First, Marijuana
Forget calling your dealer and having to wait in the cold for him to meet you at a dodgy bus stop on a dark, cold, wintery night just to be given a crappy 1.5 gram eighth of bush weed, just get on the deep web instead. Now you can do all your marijuana ordering from the comfort of your own sofa.

You buy your marijuana in bulk from this deep web site, with the prices varying upon the strain and the amount of you buy. There are a couple of ways you can have your ganja delivered: either standardly through DHL (after being vacuum packed four times) or via drop shipping.

Second, Silk Road
Other online drug markets also exist on the deep web where you can pick up pretty much any kind of drug or chemical. The most famous of these is known as Silk Road and you can literally pick up what you want from this site. You name it, somebody has got it on here and you'll pay with your bitcoins and it'll arrive in an untraceable package a few days later. It really is that easy. Apparently there's a 97% success rate on this.

Silk Road is set up kind of like eBay or Amazon. There are buyers and sellers and each buyer and seller has their own feedback rating so when you're looking to pick up some LSD or salvia or whatever drug takes your fancy that day, then you'll have a look through the site, find a seller with good feedback for that particular chemical high and then pay them with a bitcoin and sit back and wait for it to turn up. It's that easy.

Three, Hire a Hit Man
Want to take out your boss, nagging wife or that journalist who wrote that awful review for your restaurant? Well if you've got the cash this person will do it for you. This is taken from one website on the deep web that offers this service and includes the differing prices of a hit. These prices are dependent on who the person is and what information you need to send so the hit can take place. The most popular hire an assassin sites are White Wolves and C'thuthlu.

Fourth, Buttery bootlegging
Buttery bootlegging is run by a Dangler who is good at stealing and apparently will steal anything that you can't afford or just don't want to pay for. There are loads of these rob-to-order pages in the deep web.

Fifth, The Human Experiment
The Human Experiment is a deep web site that details medical experiments that are performed on homeless people that are usually unregistered citizens. They're picked up off the street, experimented on and then usually die but they're homeless and unregistered so nobody misses them.

As with most of the deep web, there's actually some debate about whether The Human Experiment was real or just a parody site as it could quite easily be either given its location on the deep web. The Human Experiment

Sixth, Buy Weapons
There's a site known as Euroarms that lets you buy all kinds of weapons and have them delivered to your door courtesy of the deep web. Unfortunately for those of you that jumped out of your seat when you read that as you envisioned shooting up your school or blasting your boss away, the ammunition for these weapons is sold separately and you have to track that down on a different site.

Seventh, Buy Credit Card Information
The site you want is called Atlantic Carding and as with most services, the more you pay the more you get for your Bitcoin and so you can potentially get access to business credit card accounts and infinite credit card accounts.

Of course, a lot of the time when you're buying stuff online with a credit card you're going to need the user's details – including their name, address and social security number – and this is all available on the site if you're willing to pay the premium. Again, it's unknown if all this stuff is true and easily available online but the fact that any of this even might be real is pretty disturbing.

Eight, Betting on Fixed Sporting Events
It's long been theorized that many sporting events are fixed – especially stuff like horse racing – and that people in the know are able to bet on said events in order to line their pockets. It would seem that thanks to the deep web this no longer needs to be achieved by shady phone calls and crumpled up post-it notes, but you can simply log onto a site and they'll do it all for you.

The financial investment in this one is particularly hefty but if it pays off and it's real then you'll make it back in no time.

Many of the sites might be designed to fleece unwitting fools out of their Bitcoins anonymously because it's so easy, but you've got to think they wouldn't be able to after a while because people would start talking because they're not legit and their reputation would soon be in the drain.

Ninth, the Hidden Wiki
Mail order marijuana, hiring a hitman and getting someone to steal something for you, match fixing and buying weapons are all just the tip of the iceberg of the deep web as there's also the 'hidden wiki', which is apparently the portal to anything you've ever wanted on the deep web. It explains everything you ever wanted to know about the deep web and features a full list of .onion sites and a description of each one as well as a bunch of other interesting information about it.

Tenth, Recent Developments
Last summer, a whole bunch of hidden websites – possiblyas many as 50% – vanished off the deep web. This was linked to the takedown of a hosting operation in Ireland, allegedly connected to the United State's attempts to extradite an Irish citizen called Eric Eoin Marques for questioning over the distribution of child porn online. Of course, it's no surprise that the deep web is a hotspot for this kind of activity and it goes without saying that this is definitely not a good use for it. It also really pinpoints the debate over whether its existence should even be allowed at all.

Tor released the following statement regarding the breach: 'In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address. Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR [extended support release], on which our Tor Browser is based. We're investigating these bugs and will fix them if we can.'

As Tor said in their statement regarding this event, Tor is still safer and more anonymous than almost every other Internet browser out there, so it's probably still going to be used for a long, long time.

http://blog.mcafeeinstitute.com/the-ultimate-guide-to-the-deep-web

« Cyber Warfare: Technology backfires on the powerful.
Memex – The new search tool and for the Deep Web »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

Bit4id

Bit4id

Bit4id provides software and systems for security and identification based on PKI technology.

HYAS Infosec

HYAS Infosec

HYAS is a highly skilled information security firm developing the next generation of information security technology.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

The Security Company (TSC)

The Security Company (TSC)

The Security Company is a leading provider of creative employee security awareness programmes.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Elron Ventures

Elron Ventures

Elron partner with early stage ventures to build companies that transform lives and industries. Our main areas of focus are enterprise software, cybersecurity, and healthcare.

McIntyre Associates

McIntyre Associates

McIntyre Associates is an Executive Search boutique specialized in recruiting for the Cybersecurity industry. Our clients range from Venture Capital backed startups to Fortune 100 companies.

Stefanini Group

Stefanini Group

Stefanini is a global IT services company providing a broad range of solutions for digital transformation including automation, cloud, IoT and cybersecurity.

KirkpatrickPrice

KirkpatrickPrice

KirkpatrickPrice is dedicated to providing you with innovative security guidance and efficient audit services.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators provides services and information about financial fraud, fraud investigation and fraud prevention.

VMware

VMware

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control.

Frontier Technology Inc. (FTI)

Frontier Technology Inc. (FTI)

Frontier Technology Inc provides the technology and deep data expertise to drive the best defense and intelligence solutions.