by Andy Spore
If you were looking at an iceberg from the deck of a ship, you would only be viewing approximately 10 percent of it—90 percent is hidden from view, below the surface of the ocean. You can think of the Internet in much the same way. The sites we visit every day, like Facebook, Amazon and CNN, represent the tip of the iceberg. But like the iceberg, the Internet keeps its secrets below the surface of the water, on the Deep Web.
The sites mentioned above are easily found using most search engines. In other words, when the pages were created, they were registered with standard search engines, or indexed. These sites represent the Surface Web.
However, not every page has been indexed—in fact, the vast majority of pages on the Internet have not. These pages cannot be found using, for example, Google or Yahoo; they can only be found if you know the specific web or IP address. These sites comprise what is commonly referred to as the Deep Web, and, like the bottom of the iceberg to the sightseer on the ship, they are hidden to the casual Internet user.
So, what’s on the Deep Web? In short, quite a bit. It’s been estimated that it is ~500 percent larger than the Surface Web. And although it’s hidden, the Deep Web can be accessed and used for good or ill. For example, a subset of the Deep Web, the DarkNet, can only be reached using encryption software designed specifically to anonymize your identity.
Several such software platforms exist, so take Tor as an example. Short for “the onion router,” Tor sends your IP address and other identifying information through multiple layers of encryption—like an onion—before allowing access to the network. Therefore, once you’re on the network, you are completely anonymous to other Internet users.
Additionally, when you log off, your online activity remains anonymous. Even if using a browser that has “private browsing sessions,” the browsing history is still stored on your hard drive. Software like Tor allows you to browse the entirety of the Internet, including the Surface Web, while saving information only to RAM, not the hard drive. As soon as the computer is powered off and the RAM shuts down, the information is lost.
One of the very few setbacks is that while Tor can encrypt your identity while on the Internet, it cannot encrypt the server you are using to access the Internet. Thus, should law enforcement be able to identify and monitor an unencrypted server that is being used by Tor software to access the web, they could potentially tap into the server and monitor the activity.
This begs the question: who is using this technology and why? Unfortunately, a great deal of illegal activity is conducted on the DarkNet. For example, Silk Road, a Tor-supported website that was shut down by the FBI in 2013 and again in 2014, dealt primarily in the trafficking of illegal substances. Other websites on the DarkNet have been reported to sell everything from unregistered weapons to hit men. Because of the heavy encryption required just to access these sites, finding the persons operating them has proven extremely difficult for law enforcement. The Silk Road was shut down primarily because the man running the website failed to encrypt the computer he was using to access the site. Had it not been for human error, he may never have been caught.
While the DarkNet can be very sinister, it can be used for legitimate and legal reasons. For example, the New York Times has a portal on the DarkNet where corporate or government whistleblowers can drop information, ensuring that the necessary data gets to the right people while keeping themselves anonymous, their jobs secure, etc. Civil dissidents also reportedly used it during the Arab Spring; they could trade information back and forth without the regime they were operating under being made aware.
The Deep Web is neither good nor bad; it simply exists. That said, it is an ideal space for less than aboveboard activities to take place. For the moment, law enforcement is struggling to find ways to bring the criminals who use it to justice; the encryption software is extremely good, and with very few identifying traces left behind, there isn’t even much for a computer forensics expert to search for. So, at least for now, enforcing the rule of law on the Deep Web is one of the great challenges in computer forensics.