Welcome to the Darknet Chronicles, a series brought to you by Teramind. This collection of eight articles will focus on bridging the gap between stolen information, insider threats, and the darknet. You can expect to learn about the journey of information after it is stolen, how insiders help set up the breach, and what you can do to protect your company from darknet insiders.
In the past, IT Security Central has covered some introductory articles on the darknet. Specifically in helping to define what the surface web is, the deep web, and the darknet. Together these form the whole of the internet as we know it. People who engage with the darknet have also developed a language around which is important to understand. The first word you need to know is the term clearnet. The rest of the terms you will become familiar with as the series continues on.
Put simply the clearnet is a term used by darknet users to define the regular internet accessible from any browser. This definition bundles the surface web and the deep web. Essentially covering anything accessible by the average non-TOR user. It is in the clearnet where most people conduct business, have conversations, organize events, and anything else relevent to exchanging information. Activity in the clearnet is often monitored by larger organizations often for the purposes of building more robust profiles of users. People tend to find privacy on the clearnet by using a virtual private network (VPN). For those seeking even more anonymity there is always the darknet. For many clearnet users they often find out about the darknet through Reddit and 4chan. While the darknet has existed for a long time, it’s only recently that is has gained much more attention, this is mainly due to the leaks by Snowden and the sudden rush people had to anonymize themselves. You can find articles from popular publications about their test runs on the darknet.
Also known as hidden services or websites, these sites can only be accessed through specialized software or means. The most popular is a browser known as TOR. Another software used is called I2P for more advanced users. For the purposes of this article we will be writing from the perspective of the TOR browser. The darknet exists as hidden layer on top of the clearnet. The difference with users of the tor browser and regular browsers is that the TOR browser is able to access .onion extensions for hidden websites/services.
When accessing the darknet through the TOR browser the connection is routed through several other computers (nodes) while would seemingly cover anyone’s tracks. However many federal agencies have discovered that if they monitor the final exit nodes they can track all activity that happens. It is for this reason that many darknet users suggest to each other to also use either a VPN or the TAILS operating system in order to avoid identification if their IP address is revealed.
It is not illegal to access the darknet, but due to the anonymity some of the more shady actors of the world exist on there. This includes hitmen, traffickers, state financed hackers, free agent hackers, malicious insiders, and your general thieves. The darknet is not all doom and gloom though. Often people also find safety and connection on there via support groups and hidden forums. Some of these can include marginalized groups from a variety of countries. Journalists also communicate with whistle blowers via the darknet. As you can see the darknet attracts all sorts of people with a variety of interests.
On the darknet many websites are not able to be found by search engines. Often people rely on other’s postings on reddit. The most notable of these forums is the subreddit /r/onions. Additionally there are darknet news sites which serve as a hub of advice and information of what .onion links are active. For any user finding their way to a hacker forum, stolen information market, drug market, or even blackhat training space is not hard at all. Your average user will be able to find any of this within an hour if they know how to navigate social media sites to find information.
Accessing the Darknet
With such a variety of people attempting to access and use the darknet, you will find varying levels of expertise and ability to remain hidden. For the most novice of users you can almost guarantee they will leave a trail of their behavior online. This is primarily because they only download the tor browser and immediately start to browse forums for .onion links. Although this is the most straightforward way people, including insiders, access the darknet. Some short reading of online posts will recommend that any prospective darknet users connect with a VPN or better yet a flash drive based OS called TAILS. If your employees, managers, or partners are using any of these extra security layers while accessing the darknet, they are a force to be reckoned with.
Difference Between Clearnet vs. Darknet
The primary difference between the clearnet and the darknet is the ability to be anonymous. When you’re on the clearnet it is difficult to be truly anonymous. If your devices IP address and MAC address are not hidden in any way then you are identifiable too. The same rules apply to the darknet, but the software which accesses the darknet often is designed to keep people anonymous. On the clearnet, many of the websites one visits and the browser used can produce a comprehensive profile that understands you in ways that may surpass your own self-awareness.
This is in contrast to the darknet where anonymity is the primary purpose of its existence. Under the veil of privacy people can and will do everything. This is why in this series we will be covering how the darknet applies to insider threats. Up next, we will explore the myriad of ways in which an insider can use the darknet against your organization.