, , , , , , ,

My last two posts were about anonymity and getting around Internet filtering through proxies. However, my little recce into the darker corners on the Internet was more about digital urban exploration for the sake of it.

What is it, Exactly?
The following terms are sometimes confused by journalists and even some INFOSEC people. Basically there’s a ‘clearnet’, which refers to sites people typically access through search engines. There are also parts of the Internet most of us never see, such as:
– Deep Web: Simply all the web pages that haven’t been indexed by search engines, which of course includes sites hosted on the .onion domain. However, there are search engines out that claim to trawl the Deep Web.
– Darknet: The Tor hidden services and sites hosted on the .onion domain are what I call ‘The Darknet’. The term ‘darknet’ can also refer to any hidden P2P network.
– Dark Internet: Networks, hosts and IP addresses that became unreachable for reasons probably related to routing protocols.

Since my last post, I realised the Vidalia client indicated Tor was running happily, but Firefox was still sending its traffic through port 80 straight out the network interface. What’s supposed to happen is Tor functions as a local proxy through which the browser traffic is routed.

Firefox must be configured to connect to the Internet using a proxy (the local Tor software). In the Advanced Network Settings configure it to use localhost ( on port 9051 or 9050.



Start Tor in the command line first (with the ‘tor‘ command), then use the ‘vidalia‘ command to launch the GUI. The browser should now be ready to browse the Onion. This can be confirmed by visiting https://check.torproject.org/, which should display the following message:


This gets us as far as anonymous browsing and uncensored access to the clearnet, but the published links to the Hidden Wiki (and other sites on the .onion domain) don’t work straight away. I’ll leave that bit for readers to figure out.

The Hidden Wiki
This is our starting point, which is basically a static page listing the sites others have added. A good 60% of the links are dead, or the servers are online intermittently. In addition there are several other directories, such as TorLinks and TORDIR. There appear to be much fewer .onion sites than I expected, unless most the links are being shared through private channels. The .onion search engines were also down at the time.


First impressions: It’s pretty much just like the Web in its early days, very rough around the edges and not just because JavaScript was disabled. As for content, I was hoping to get a handle on who’s buying and selling malware, who’s trading credit card details, and how useful the darknet might be as an intelligence source for security researchers.
After poking around the Onion for about two hours, most of what I found consisted of lame ‘black hat’ tricks, libertarian politics, conspiracy theories, a bit of small-scale file sharing and doxing, black market stuff, and more libertarian politics. Nothing that couldn’t be found in two minutes on Google. Bitcoins are indeed popular, but again most the information on it exists elsewhere.

The ‘hacking’ links are the ones I was personally interested in, but as you can see there’s little depth or sophistication compared to what’s on the normal Web (DeepSec, Shell In A Box and TM Comm were unfortunately offline):


Just to address The Darknet’s reputation for the nasty sites – they’re pretty much consigned to their own little section, where they wouldn’t be accessed without deliberately following certain links. As I understand it, most the distributors scuttle off to some invite-only P2P network anyway. Pretty much the case with the Web, but it shows there’s at least a vague consensus on what’s considered acceptable. Whether this was the case prior to Op DarkNet, I don’t know.

Overall, The Darknet is pretty much like the primitive Web, right down to the content, and not exactly the subversive underworld the media makes it out to be. How it develops as the ‘cyber warfare’ bullshit and power grab to control the Internet plays out is hard to predict, not that I’ve seen any coherent opinions addressing that issue on there anyway.

Although the media portrays it as a monolithic den of naughtiness, there are really two distinct groups at play here. Collectively I think The Darknet is more a statement of defiance against The Powers That Be (which often isn’t a bad thing), and a statement made by kids who themselves feel a little alienated and powerless, the type of kids who become amateur ‘black hats’ for a while. Anonymous could potentially do some really interesting stuff with this, if they’re around long enough.

The other group form the black market, the importance of which has evidently been exaggerated by ignorant journalists who either got the information second-hand or actively went on the Onion looking for it. Since the vast majority of serious online crime is a drawn-out process involving multiple parties acting through the normal Web, and identities are stolen prior to any trading on The Darknet, we’ll only see the final stages of it on places like the Silk Road. A lot of stuff here, such as selling the wrong plants and cigarettes for Bitcoins, probably shouldn’t even be considered crimes in a supposedly tolerant society. But that’s just my personal opinion.