1. The Deep Web, Dark Web
Christian Back | Jennifer Chien
Bich Chu (Evelyn) | Lingman Guo
Manpreet Singh
Rolling in the Deep
2. 1 Introduction
1.1 Surface Web, Deep Web, and Dark Web
1.2 The Onion Router (TOR)
2 Benefits of Using the Deep Web
3 Bitcoin
4 Risk of Using the Deep Web
Agenda
3. Layers of the Web
❖ Surface Web: Also known as Visible Web, Clearnet, Indexed Web
- Searchable content with ordinary search engines. Ex: Google It
❖ Deep Web: Also known as the Deepnet, Invisible Web, Hidden web
- Contents not indexed by standard search engines
- Common Uses: Web Mail, Online Banking, Ex: Netflix Video Content
❖ Dark Web: A small part of the DeepWeb
- Available through virtual overlay networks or Onion Networks Ex: Tor,
FreeNet, i2P (Silkroad Example)
4. Regular Web Browsing
❖ Your assigned IP address gives away your
physical location
❖ Many companies collect your digital footprints
and personal information for target advertising
and much more!
Picture source: cyberbullying.us
6. How Google Auto-
detect Your
Location?
According to Google:
“If you don't set your location, Google
shows an approximate location
based on the following things to help
provide you with the most relevant
results:
❖ Your IP address.
❖ Your Location History if you
have it turned on.
❖ Google Toolbar's My Location
feature if it’s turned on.
❖ Recent locations you’ve
searched for.”
Source: Google.com - change location on Google
10. U.S. Naval Research Lab
Anonymous communication
The Free Haven Project
Increase freedom of informationThe Onion Router
Picture Source:Torproject.org
11. How Tor Works
❖ Virtual Overlaying Network
❖ Hard to trace the data back to
original user
❖ Uses volunteer nodes to reroute
and conceal user IP address
❖ Envelope encryption example
❖ The riskiest node - Exit node
Picture Source:Infographic
12. Maps of Tor Nodes Around the World
Picture Source: screenshot of Onionview.com, April 08, 2016.
13. Leave No Trace: TOR Alternatives
❖ The Invisible Internet Project (I2P) - “A network within a network”
❖ Trails - Linux based live operating system
❖ Freenet - Allows people to share files and communicate anonymously
14. Who uses TOR?
❖ Journalists - Whistleblowers sites & Securedrop
❖ Political Activist
❖ Researchers
❖ Law enforcement - NSA
❖ Hackers
❖ Businesses - HR for background check
❖ Everyday Individuals for privacy enhancement tool
15. Individual Benefits
An anonymous and private online experience is of value to many people
❖ Information flow for citizens of highly censored countries Ex: China
❖ Anonymity for anyone searching sensitive information Ex: Disease
❖ Safe haven for activists leaking info. Ex: Snowden
❖ Anonymous transactions Ex: Silkroad, BitCoin
16. Picture Source: Andy Greenberg, Forbes.com
Picture Source: https://whispersystems.org/
Picture Source: https://leap.se/en
Rolling in the Deep Web
Picture Source: securedrop.propublica.org
❖ Dark Web ❖ The Bright side
17. Individual Benefit - Freedom of Information
Censored Content: Chinese Government
❖ 18,000 Websites Blocked
❖ 12 of top 100 Global Websites (G-mail)
❖ Taiwanese and Tibetan Independence Movements
❖ Foreign Media Websites (BBC, Bloomberg News, New York
Times)
18. Individual Benefit - Freedom of Information
❖ Facebook is available through Tor
- Oct. 2014
- Ramped-up privacy
- Locked out issues solved
- Used .onion URL
19. Business Benefits - Enterprise Use
❖ Cyber Security Companies (Digital Shadow)
❖ Media Outlets (Vice & Al Jazeera)
❖ Drug Firms
❖ Consulting Companies (Bright Planet)
20. Bright Planet
❖ Collect and analyze Deep Web content at Big Data scale
❖ Enrich and harvest data to give customers output that becomes
usable
❖ Beneficiary:
- Pharmaceutical Community
- HR Staffing Company
21. Google Search v.s. Deep Web Harvesting
❖ Search v.s. Harvesting
- How late is Burger King open?
- Who is selling my products fraudulently online?
❖ Mentions v.s. Page Changes
- Why it matters?
- Monitor and track changes on existing pages
- Receive real time alerts
❖ Define Your Own Dataset
22. Bitcoin
● First described in 1998, first
published in 2009.
● New payment method which only
used cryptocurrency.
● Decentralized peer-to-peer
payment network.
● Nobody owns the Bitcoin
network--all of worldwide users
control the network.
29. Still confused about what is Blockchain?
Blockchain-Public Ledger:
Everyone on the network keeps
a record of the transaction.
Cannot manipulate the
transaction value because it
would not sync up with
everybody else.
30. Downside
❖ Transaction malleability: an attack that lets someone change the unique ID of
a bitcoin transaction before it is confirmed on the bitcoin network.
❖ Use in illegal transaction: Apple ransomware.
❖ Fluctuation wildly in value
33. Risks of using the Deep web
❖ Unregulated access to criminal
information
❖ Simplifies monetization of Corporate
IP/Personal Identifiable Information
❖ Trade of zero-day Malware
Picture Source: wordpress.org, 2013 SQA
34. 2015: Ashley Madison was Hacked
❖ 25gb of company data leaked by a group of hackers known as ‘The Impact
Team’
❖ Credit Card Transaction data, including full names and addresses
❖ GPS Coordinates
❖ Email addresses compromised
➢ Lack of email verification lead to public media vilifying massive amounts of .gov and .mil
46. Take-away Message
The Deep Web is a neutral
environment for anonymous
communication,
and its impact on businesses
and societies are defined
the user's intent.
49. ❖ Unidirectional tunnels instead of bidirectional circuits, doubling the number
of nodes a peer has to compromise to get the same information.
❖ Essentially all peers participate in routing for others.
❖ Tunnels in I2P are short lived, decreasing the number of samples that an
attacker can use to mount an active attack with, unlike circuits in Tor, which
are typically long lived.
Appendix: I2p
50. Appendix:Tails
❖ Linux based live operating system that
works on most computers
❖ Tails OS can be booted from most
devices like DVD, USB or SD card
❖ Main benefit of Tails is built-in-
preconfigured applications for web
browsers
❖ It leaves no evidence -- Route all
traffic through Tor
Picture Source: Deepbotweb
