Last weekend, I wrote a three-part series on the Dark Web. A lot of content was covered, focusing on the following:
*How to safely surf the Dark Web;
*What not to do on the Dark Web;
*The top 9 websites that you should visit on the Dark Web. Note that we did not include the criminal sites in this list!
I had also mentioned that if I came across any thing new about it, that I would cover the topic again. Well, I did come across that, and it has to deal with some of the Security vulnerabilities that are found in the Tor web browser, and in Bitcoin as well. So, here we go.
- The Traffic Confirmation Attack:
Remember, although the Tor browser is probably one of the most secure ones out there (versus the ones that are most used today on the Public Web), it is still very much prone to Cyber-attacks, even in the Dark Web. In this kind of attack (as it is implied by the title), a Cyber attacker can gain access to the various nodes of the secure network communications that is taking place in between the Tor browser and the Dark Web site. Once enough nodes are collected, the identity of the individual could then be potentially revealed. But keep in mind, there are two nodes that are the most critical to capture:
*The Guard Node: This is when the individual first hits upon the site in the Dark Web;
*The Exit Note: This is when the individual leaves the site on the Dark Web.
This sequencing can create a pattern in of data flow at one end of the secure communications chain, and thus, it can be recognized coming out at the other. It is important to note that this kind of attack is very difficult accomplish on the Public Web. The reason for this is that the DNS System makes it so that any network communications between an end user and a website will contain thousands of these nodes. But in the Dark Web, this kind of attack is much easier to accomplish, because there is no such thing as the DNS that exists from within it. Rather, the entity that owns this site has to grant you direct permission to access it. Thus, they only need to have access to the Guard Note, which of course they control. Once they can access the information and data that resides on it, your identity could potentially be confirmed in just a matter of seconds.
- The use of Bitcoin:
Ok, I have to admit that I am contradicting myself here. Last weekend I had mentioned that you should always use Bitcoin to make any transactions on the Dark Web that you dare to go forward with. But, using Bitcoin is not a totally anonymous approach either. For example, every single Bitcoin transaction is recorded in the public blockchain and thus, it can be seen and analyzed by anyone on the Dark Web. Every transaction you make on the Dark Web makes creates an even greater opportunity for tracking and confirming your identification (primarily your IP Address). It gets even easier to track you down if you keep purchasing from the same site, as a history of your identity is thus created.
- Other areas in which your identity can be revealed:
*If you go on the Dark Web without using a solid Virtual Private Network (VPN), there are very high chances that you could get infected with a nasty piece of malware which can very easily reveal your identity. That is why I had recommended using a separate and isolated computer for surfing the Dark Web.
*Beacons and Canary Traps:
Sites on the Dark Web can pass onto your computer what are known as “Beacons” and “Canary Traps”. The former are pieces of active content that try to hone in on your with identification when they are opened. Viewing these documents and files on a normal desktop will expose you in seconds. With the latter, slightly different versions of certain content are distributed to each visitor on the Dark Web. Any time that content shows up somewhere else, that particular site immediately “knows” who shared it.
*Other areas in which you can get tripped up:
Even your writing style and choice of your account name can instantly reveal your identity. So, as I wrote last time, never post anything on the Dark Web (such as forums and the like), and pick an account name that is totally bizarre.
On both the Dark Web and the Public Web, the Cyber attacker is trying to evade being caught. This is especially true with the former. Because of the increased presence of under cover law enforcement agencies on it, many Cyber attackers have now resorted to using one-to-one communication applications which make use of end-to-end encryption.
This makes criminal investigations that much more difficult, because there is no central location for discussions that can be tracked down.
My advice? If you dare to visit the Dark Web, take all the precautions I have mentioned in the series last weekend. Perhaps visit the Dark Web no more than thirty or so minutes at a time. Remember, randomness is key. Access the Dark Web at varying times, and even consider changing your account name(s) on a frequent basis.
I have been asked if I will ever visit the Dark Web? I have not yet, and may never. But one time I may try to just poke around. But, it will for sure be a chapter in the new book I am planning to write starting next year.