MATT ASHBURN
Welcome to NeedleStack, the podcast for professional online research. I'm your host, Matt Ashburn. By the way, OSINT is my favorite flavor of ice cream. And we're here with Jeff.
JEFF PHILLIPS
Well, I'm Jeff Phillips, tech industry veteran and curious to a fault. And today we're discussing the dark web, Matt. We're going to talk about what it is, how it can be leveraged as an information resource, and most importantly probably, the things you need to consider whenever you're accessing the dark web.
MATT ASHBURN
That's right, Jeff. And in fact, our next several episodes and guests will be focused on this topic, the dark web, and exactly what that means. But today we're going to start with the basics because while a lot of people have heard of the dark web, many don't understand how it works or maybe never have accessed it and maybe just be a little curious about the dark web or Tor or all these other terms you may have heard about. And so it might be a bit of a mystery to a lot of people. And for sure the dark web is associated typically with criminal activity, but there are both legitimate and illegitimate uses of the dark web. So for example, legitimate uses can include things like protecting communications so that they're resistant to censorship and regimes that are maybe oppressing free speech or in a country perhaps that is maybe more hostile and is monitoring communications. You want to secure those communications in a way that even if it's monitored, they can't detect who is sending what message to whom. But there are also some illegitimate uses of dark webs as well. They can not only protect free speech. They can also protect criminal activity or give the appearance of protecting criminal activity with lots of forums and delivery mechanisms for malware, stolen information or illegal products and services.
JEFF PHILLIPS
I love that you, Matt, gave both and gave first the legitimate reasons, right. A lot of people I talk with don't realize that there are legitimate reasons for using the dark web. And you nailed that with the different communications methods from certain... under certain regimes. I think another thing to set up for people is, if people have heard of the dark web or search on it, they often will see this. People use an iceberg to describe it. So in the context of well we have the surface web, we have the deep web, and then there's the dark web. And the way you tend to think about it is the surface web is what we all access every day. It's where you go for your regular news sites. It's freely available and accessible through a standard browser, right. So whether you use Chrome, you use Edge, you use Safari, Firefox, et cetera, it's what you get to go to your new sites, get your email, whatnot. Now, the other key thing is you can use search engines. The surface web is indexed, right. So you can use Google. I can go in and look for topics and Google will present all these results because it's out indexing all of these sites. So on the surface web everything's indexed and accessible through a browser that I have on my machine. Then you have the deep web, which is similar, but it's the part of the internet that it's going to sit behind paywalls, even like accessing your Netflix account or your bank account behind a username and password. So it requires some sort of account to log in. That could be academic research and databases. So surface web, it's freely available. You get to it with your browser. Deep web, you're going to get to it through your standard browser also, but then you're going to have to have a login to get past that. Then what we're here to talk about, then the dark web. The smallest area, at least by what researchers and academics say in terms of what percentage of the internet it makes up. But the dark web's an area of the internet that can only be accessed using specific software. And you have to download and have access to the specific software. And that allows you to go and access the dark web, which is basically an overlay network to the internet, right. And it uses all kinds of special routing and encryption to provide some of the anonymity we're going to go into. But the key takeaway here at our basics level is, you can't just use your Chrome browser or Firefox and go into Google, say dark web and get to a dark web address or a dark website.
MATT ASHBURN
That's exactly right. And that's an important note. And when people hear dark web they may think it's just one thing, one entity, one type of technology, but really the dark web is a broader term that applies to technologies, software, and also dark networks that make up various dark webs. So that may sound a little confusing, right. So let's take a little step back. The most well known dark net, that is a dark web network, is Tor, T- O- R. It's The Onion Router. There are also some other dark webs and dark nets that are out there such as ZeroNet, I2P, as well as Freenet. Each of these, really for the sake of this show, they work off of a different network model and have different levels of anonymity, location concealment, and also different types of encryption that are used as well. By far though, TOR is the most popular. So when you hear dark web or dark net, TOR is typically what people are referring to. And it was actually conceptualized by US government researchers back in the 1990s, who were concerned about communication privacy on the internet. They were looking at the internet and how it was growing, how people are using it. And they were concerned that if someone were monitoring a communication network, that perhaps they could glean information about two parties if they were communicating together. So the problem they were trying to solve was, how do we ensure communications can be anonymous and also encrypted even if the network communication itself was monitored. So that could be a difficult challenge and the solution was essentially TOR, onion routing. And that essentially is a term to describe the way in which traffic can tunnel through multiple nodes on the way to the end destination of the client, making it really, really hard to trace the origin of that content or that communication.
JEFF PHILLIPS
And the thing, for some of us that are not as technical and get into the routing, that next layer to be able to access so when I'm talking to people, the dark web's always a fun dinner topic with people that get very interested in it. But you think about, they may have even heard about the TOR browser. So to get access to that TOR network, you need to use the TOR browser, which you can... I mean, anybody can go right now online, you can go and download it. It's open source. It's freely available. You can download it and on the surface web, so through your Chrome browser. You can go and download the TOR browser. And it's the only browser that will allow you to resolve or use the addressing scheme that the forms and marketplaces use on the TOR network, which are called dot, it's a dot onion URL addressing scheme. And if you've not seen it, so it doesn't look as www.needlestack.com is a very clean, simple address on the surface web. On the dark web, they're very long. They're much more complex and the addresses are always changing. We will, as we go through this, get more and more, and then how do you find your way around? But it's not that easy. And that's the point, but, from one hand you can just download this browser onto your computer and off you go, but that's probably not the best thing to do.
MATT ASHBURN
Yeah, that's right. And you can access the dark web and especially TOR, right, using the TOR browser. It's not always the best option. It's not always recommended. And that's because TOR is encrypted, it's anonymous or mostly anonymous, but it's not perfect, right. It doesn't have features built in to protect you from malware, for example, right. It doesn't isolate you from that stuff. So you can still come across malicious content. So you just need to be aware of that and just be a bit cautious there. So you need to have not only the TOR browser installed or something similar to that, you also want to make sure that you have some kind of isolation between you and the malicious or potentially malicious content that you're accessing. So think about using maybe a virtual machine or a dedicated laptop, something like that. There are also some managed attribution solutions out there and browser isolation services with TOR access that are built in that can also be a great assistance and provide you not only the access that you need, but also security benefits as well. So as an investigator, the last thing we want to do is to infect our corporate network or our organization's network while we're trying to investigate a case.
JEFF PHILLIPS
For sure. All right. So we've talked about what it is. Now we've gone into how to access it, right. So what are the ways and ways to go, and we're going to go deeper into those and being safe in future episodes, but there's a why angle to this. Why would I want to investigate it or get on the dark web? And when I talk to practitioners, it really depends. There's reasons to get on the dark web for a lot of different use cases and different teams, right, so it's a resource, if you will, to get the whole story, get a complete picture and provide additional context for your investigation or your research, or to corroborate it or even disprove it. But that goes across categories, right. Whether you're in the cybersecurity side or you're a SOC analyst. And so you're more so dealing with malware and the types of threats that are happening or could be happening, whether you're on the financial crime side and so you're looking at have credit cards been released or you're again, looking for passwords that have been breached. So from financial crimes to cybersecurity, to political movements the dark web, as we said, on the illicit side or illegitimate side, there's... it's full of information that could be valuable in any of those scenarios for you as a...in terms of your investigation.
MATT ASHBURN
Yeah. That's exactly right. And lots of use cases out there. You touched on a few of those, things like stolen corporate data, right. Or credentials, leaked company data breaches. If you're doing investigations for, on behalf of a company organization, it's probably helpful for you to know if there is data that's out there that was stolen from your organization and also to be able to access that data, right, and then now apply that to your security processes. Also, looking at malware or ransomware sales or websites or other things like that. Illicit sales of let's say, guns or ammunition, or perhaps narcotics, all those things are also sold and exchanged on the dark web. So you may be a law enforcement officer interested in those types of targets. Also, tracking financial crimes, things like money laundering, credit card theft and use, insider trading. And of course, also other law enforcement activities also benefit from the dark web, such as counter-terrorism operations or tracking human trafficking. All of these things, when you're committing these types of crimes, they require a certain degree of anonymity, or at least the veil of anonymity. And we can get into that in a couple of other episodes, but that makes the dark web and TOR especially attractive to criminals. So it's great for us as investigators as well.
JEFF PHILLIPS
Well, before we close out, I do think there's some key things to consider. And again, as we go through the next several episodes and talk with various guests we're going to go deeper into topics around what you need to really consider before you access the dark web. But to highlight a few that we've touched on so far, you've got to be concerned with malicious content on the dark web. What we mean by that is malware, let's be a little more specific. In the sense of every site likely on the dark web, you have to believe that it's looking to put something on your machine and to infect you with some type of malware to pass along. So, that's one element. There is, while it claims to be anonymous, you do run the risk of someone understanding who you are, right, and being able to attribute back to you that, and find out physically where you are or what company you're associated with. So there's the malware there, the attribution side, but there's some other things that are going to be key. What are your company's rules? We often get asked, we even had one of the live questions was is it illegal or not to get on the dark web, which we answered and it's not illegal just to get on, but depend...you can't be doing anything illegal. But even beyond that, there's just, what's your company's policy? What are your rules of engagement? Are you as an employee allowed to get on the dark web. And last, but not least, if you are going to get on the dark web, is there an audit trail, is there someone, is there something there that you can point back to that is able to prove what you did and didn't do and what you did and didn't access when you got onto the dark web?
MATT ASHBURN
Yeah, that's exactly right. Those are great tips. And like you said, Jeff, in last week's episode, if you missed it, definitely go back and take a look at that. We did provide some resources and references to guide folks on some best practices there for accessing some of the content on the dark web. Well, thanks again to everyone for tuning into this week's show. If you liked what you heard today, you can, of course, subscribe to our show, wherever you get your podcasts. You can also watch episodes on YouTube and view those transcripts and other episode info on our website at authentic8, that's authentic with a number eight.com/needlestack. Also, be sure to follow us @needlestack_pod on Twitter. We'll be back next week with more information on the dark web and how you can safely use it in your professional research. To register for that episode, visit authentic8, that's authentic with the number eight. com/needlestack. We'll see you then.