The dark web. It’s a name that evokes the damp and dingy crevices of the internet; breeding grounds for a virulent strain of depravity. But is the hype justified? Threat intelligence agency Recorded Future has published research that attempts to demystify our concept of this subterranean section of the web.
The organisation has close ties to In-Q-Tel, the CIA’s investment arm and Google Ventures, after receiving a substantial suffusion of cash from both shortly after being founded in 2009. According to its website, it provides threat intelligence to 91 percent of the Fortune 100, including GSK, Raytheon and Morgan Stanley.
“The term dark web kind of has a Hollywood aura or mystique around it,” says Garth Griffin, director of data science at Recorded Future. “We wanted to make it more concrete, more specific, and measure what we could about what the dark web really is.”
To conduct the research, the team looked specifically at ‘onion sites’: those accessible through the Tor (The Onion Router) browser, which is generally seen as the gateway into the dark web.
One of the team’s first findings was the relatively small size of the dark web compared to the clear web. They discovered just 55,000 domains, of which only 8,400 were actually serving a website – a tiny fraction of the millions of domains supported by the clear web.
The instability and unreliability of dark web sites also became apparent, of which uptime is an incisive indicator. “The gold standard on clear websites is the ‘five nines’ – you know, 99.999% uptime,” says Griffin. The uptime on a Tor site generally hovers closer to 90%. Although this doesn’t suggest a radical difference, Griffin says that even the small step between four nines and five nines is noticeable in the user experience on the clear web.
“This is again counter to the image of the onion network as a sort of metropolis of bustling criminal activity,” says Griffin. “It’s actually kind of hard to use and disorganised.”
Recorded Future found that the dark web is more homogeneous than the clear web in terms of the languages used. Eighty-six percent of the language is English, while this is closer to 54 percent on the clear web.
Among the criminal sites on Tor, those home to the darkest shades of criminal activity are more concealed than others. The research quantified the visibility of these sites by counting the number of inbound links, that is, other sites hyperlinking back to them. They found that for popular markets on the site which are fairly visible, these numbered around 3,500 links. “Then we had this handful of sites that in our view represent top-tier criminal sites, where there is really scary criminal activity,” says Griffin. “These had a maximum of just 15 inbound links.”
By comparison, a popular site on the clear web like Wikipedia might count millions and millions of inbound links. These findings indicate the tiny scale of the slice of the dark web dealing in severe criminal activity. But even criminal users adept enough to worm their way into the dark web’s fetid undercarriage aren’t immune – scams running to catch out criminals abound, including typosquatting, and fake sites that promise to deliver goods or carry out actions they never will.
Griffin says the company has been harvesting from onion sites on the dark web for a very long time, but this research was novel in its wide-ranging view of the entire dark web, rather than just the explicitly criminal elements. Griffin says their clients are all in the security space, looking to protect their organisations from a variety of cyberthreats. “It gets a lot of attention focused on it by virtue of the Hollywood aura that surrounds it,” says Griffin. “In our view, the dark web is relevant, but it’s far from the only thing that matters.”
But is the dark web the safe haven for rampant, unchecked criminality it’s made out to be? Tor was set up by the US army agency, DARPA (Defense Advanced Research Projects Agency), and was solely funded by US government agencies for much of its existence, even at the height of the Edward Snowden leaks (that were orchestrated with the help of Tor).
Today, it still counts a number of US government agencies, or beneficiaries of US government money, among its donors that include the Open Technology Fund, the US Department of State Bureau of Democracy, Human Rights, and Labor and DARPA via the University of Pennsylvania.
That the very site portrayed as a secure space impenetrable to law enforcement agencies was also founded and funded by them should be enough to give most criminals pause. High profile takedowns of criminal users of the dark web, including most notably the founder of Silk Road, and Playpen, the child pornography site, have proved that it’s not beyond the reach of the law. In fact, some commentators have suggested that while Tor was founded by the US government primarily as a place where their operatives could act unseen, it also successfully acts as a honey pot that attracts criminals to congregate usefully in one place.
Griffin concurs: “It’s clearly not a silver bullet for the criminal community, because law enforcement has successfully taken down markets and carried out infiltration. It certainly does not prevent law enforcement from successfully disrupting criminal activity.”
This could explain why today there is still more criminal activity taking place on the clear web than through onion sites.