What Is the Dark Internet?

The Internet is a multi-layered structure. The "surface net" is on the surface of the Internet and can be accessed and browsed by standard search engines. Hidden under the "surface net" is called the "deep net." The content in the Deep Web cannot be accessed through regular search engines. The "Dark Web" is generally considered to be a subset of the "Deep Web". Its distinctive feature is the use of special encryption technology to intentionally hide relevant Internet information. ^[1]

What a search engine that we use every day ca nt find, a network that can only be accessed by a series of special operating settings on the computer or with the assistance of special software or after special authorization of the machine This is called the "dark web." The data in the "Dark Web" are all transmitted and communicated in a conventional "stealth" manner, which is difficult to retrieve.

The dark web has become a hotbed of criminal activities of all kinds

The birth of the "Farmer's Market" in 2006 signified that illegal activities in the dark web were developing towards maturity and commercialization, and a large number of dark web sites came into being. In 2013, the "Silk Road" known as "Dark Taobao" was destroyed, and its main businesses such as drug trading, arms sales, and even organ trading and population trading began to be understood by the public. In July 2017, the US Department of Justice announced the closure of Alpha Bay, the world's largest dark web trading market. By the time the website was closed, the number of sellers on the platform had reached 40,000, and the number of buyers even exceeded 200,000. According to conservative estimates, since the website went into operation in 2014, its transaction value could reach $ 1 billion. ^[2]

Typical dark web technologies currently include Onion Routing (TOR), Invisible Internet Project (I2P), and freenet. The principles of these types of technologies are largely similar, basically all born from the onion routing technology ideas developed by the US Naval Research Laboratory (NRL) and the Defense Advanced Research Projects Agency (DARPA) in the mid-1990s. ^[6]

Anonymous communication is a privacy protection technology that uses data forwarding, content encryption, and traffic obfuscation to hide communication content and relationships. In order to improve the anonymity of communication, these data forwarding links are usually composed of multi-hop encryption proxy service nodes, and all these nodes constitute an anonymous communication system (or an anonymous communication network). Anonymous communication system is essentially an overlay network that provides anonymous communication services and can be provided to ordinary users

Research on Improved Communication Link Control Methods

The dating node is the core relay node and control node of the entire dark web communication, and it is also a vulnerable node in the dark web communication link. We can propose an improved control of the dark web communication link for the vulnerable dating node. method. First, you need to control the node of the appointment, and further change its communication route structure to the service provider through this node. According to the ingress node selection strategy, the onion route is directly selected from the ingress node list in the directory server as the ingress node of the dark web user. Because the information list of the node at the entrance is changed only once in a while, a sniffing attacker can be set up that is the same as the information list of the entrance location of the client. In this way, the analysis can be used to identify the request links from the dark web users in the network. If the dark web user only uses the controlled ingress node, then it is necessary to prepare to search for the request link of the next node. Once connected to the normal use of the ingress node, then a reset attack is performed on the node, so that the user will disconnect from the link and then randomly find the ingress node again, and so on until the controlled node is selected. After controlling the entry node, the corresponding information of the intermediate position node can be obtained, the link between the controlled node and the normal node in the middle is disconnected, and then the corresponding controlled appointment node is connected. After transmitting the corresponding identity information of the dating node to the hidden service, it will receive instructions from the hidden service. In this way, the controlled dating node immediately recognizes that it is a key node for data communication in the dark web, and clearly knows that the IP address sending the instruction is the exit node of the hidden service. Then, the attacker can perform a denial-of-service attack on the egress node, so that the egress location node cannot be used as usual, which leads to disconnection and reconnection. After controlling the node at the exit, you can tell whether the intermediate node is controlled. In this way, the communication link between the hidden user and the hidden service can be fully grasped, the identity information of the hidden service is exposed, and the anonymous function of the dark web disappears. ^[4]

At present, the attack technologies against the dark web are divided into two types of attack technologies based on traffic analysis and attack technologies based on protocol weaknesses according to whether the internal vulnerabilities of the dark network network protocols are needed. Attack technology based on traffic analysis is by treating the dark web as a whole (black box), and monitoring and analyzing routing by passive monitoring.

On November 14, 2019, the Ministry of Public Security of China held a press conference in Beijing to inform the public security organs of the whole country of the implementation of the "Net Net 2019" special operation and typical cases. Since 2019, there have been 16 dark web related cases nationwide, and 25 criminal suspects engaged in illegal criminal activities involving dark web have been arrested. ^[3]