|

DARK WEB

Sinister world of the dark web is just a few clicks away

by

Staff Writer

The internet has long been an essential fixture of people’s lives. But the candy-colored cupcake photos on Instagram and hilarious animal videos on YouTube are just the sugar-coated, cat-tastic surface of the internet.

There’s also the web’s seamy underbelly — an anonymous hidden marketplace that serves as a hotbed of drug and arms trafficking, fraud, hacking and other cybercrimes.

The following are questions and answers on the so-called dark web, accessible just a few clicks away on any computer.

What is the dark web?

The dark web is digital space with hidden content intended in particular for malicious activities.

It exists within the so-called deep web, a part of the World Wide Web that is unreachable through regular search engines like Google, but can be accessed using specific software, most commonly Tor, that provides a cloak of anonymity for the user.

Anyone who has the free software can gain entry to the dark web without revealing who and where they are, making it difficult for authorities to crack down on illicit activities.

It is difficult to gauge how many hidden websites actually exist today. But the size of the hidden web in 2001 was approximately 400 to 500 times larger than the surface web, the regular sites visible through standard search engines, according to a white paper by BrightPlanet. The U.S.-based web research firm estimates that the deep web could be even larger today, as the number of regular web pages has grown significantly since 2001.

Neither using Tor nor accessing the dark web is by itself illegal. In fact, people such as whistleblowers and journalists will often use Tor to protect their identities from online surveillance. But, what is illicit is most of the content on the dark web, such as information on drug trafficking and child pornography.

Why do people use the dark web?

The dark web has flourished as a major marketplace for shady businesses, said Katsuyuki Okamoto, a security expert at Tokyo-based cybersecurity firm Trend Micro Inc.

One of the largest e-commerce markets on the dark web today boasts more than 170,000 registered users and sells about 360,000 items, including illegal drugs, guns and how-to instruction manuals on anything imaginable ranging from hacking to making bombs.

Personal data obtained by hackers, such as login IDs and passwords for Twitter and Facebook, as well as credit card security information, are openly traded on the dark web. These credentials are then exploited by thieves for account hacking and online shopping, Okamoto said.

Most transactions are conducted by using virtual cryptocurrencies like bitcoin, he said. Some sellers say they can send items such as illegal drugs and guns to Japan, although shipments are likely to be seized at customs before they can reach buyers, he added.

In one case, apparently hacked health care insurance data on 9.3 million people in the U.S., including names, addresses, phone numbers, email and Social Security numbers, were being sold on the dark web for 200 bitcoin (about ¥14 million at the going exchange rate in July 2016), according to Trend Micro.

Some users sell ransomware — malicious software that holds computer files hostage in exchange for a ransom — as a ready-made service, enabling people without programming skills to spread the malware easily via email.

Hackers try to make money by selling their ransomware on the dark web as there is no guarantee victims will really pay ransom, Okamoto said.

Since it is virtually impossible to identify who is accessing the dark web and from where, it is thus unsurprising that underworld groups and terrorists are exploiting the space, Okamoto said.

“We can’t keep track of the flow of money on the dark web. But it is possible the market is being exploited by malicious people,” he said.

Is browsing the dark web dangerous?

Accessing the dark web poses no risk if it’s only for browsing, Okamoto said.

But using Tor may raise flags for the police and draw suspicion about potential wrongdoing, because there are not many legitimate reasons to conduct business through an encrypted network in Japan, he said.

People might find trouble once they purchase goods sold on the dark web.

“Some items might never be shipped after you pay money,” Okamoto said. However, he pointed out that even if network traffic is encrypted, the police can arrest buyers using other evidence, such as when illegal items are actually shipped by a courier.

The dark web has become “a gateway for cyberattacks” and contributed to its unprecedented rise in recent years, said Okamoto.

Trend Micro statistics showed it detected 65,400 ransomware attacks in Japan in 2016, about 10 times the year before.

Trend Micro spokesman Junsuke Sawarame said the dark web has also motivated hackers to steal personal information, as it has served as a main platform to monetize activities.

“Many people are not aware of how hackers treat the personal information they steal after cyberattacks. But I think it’s important to know the information is exchanged for cash,” he said.

Is the dark web growing?

The dark web has lost some momentum after the crackdown of an online black market in 2013, Okamoto said.

In October 2013, U.S. authorities arrested and convicted Ross William Ulbricht — who operated Silk Road, a now-defunct online black market dubbed the “eBay of drugs” — for narcotics trafficking, computer hacking and money laundering. Ulbricht was sentenced to life imprisonment without parole in May 2015.

Okamoto warns that the dark web has been gaining a foothold in Japan, especially attracting youths and offering easy access to information that could be used for cybercrimes.

In 2015, police arrested a 17-year-old for hacking a publisher’s website. The same year, a 14-year-old in Sapporo was arrested on suspicion of possessing and selling computer virus software designed to steal personal data of online banking users. He told the police that he obtained the software online.

National Police Agency statistics show 31 percent of 200 people arrested for illegal computer access, including hacking and phishing fraud, in 2016 were aged between 14 and 19 — more than any other age groups. The trend has continued since 2011.