{ "id": "R44101", "type": "CRS Report", "typeId": "REPORTS", "number": "R44101", "active": true, "source": "EveryCRSReport.com", "versions": [ { "source": "EveryCRSReport.com", "id": 459574, "date": "2017-03-10", "retrieved": "2017-03-13T19:03:20.258259", "title": "Dark Web", "summary": "The layers of the Internet go far beyond the surface content that many can easily access in their daily searches. The other content is that of the Deep Web, content that has not been indexed by traditional search engines such as Google. The furthest corners of the Deep Web, segments known as the Dark Web, contain content that has been intentionally concealed. The Dark Web may be used for legitimate purposes as well as to conceal criminal or otherwise malicious activities. It is the exploitation of the Dark Web for illegal practices that has garnered the interest of officials and policy makers.\nIndividuals can access the Dark Web by using special software such as Tor (short for The Onion Router). Tor relies upon a network of volunteer computers to route users\u2019 web traffic through a series of other users\u2019 computers such that the traffic cannot be traced to the original user. Some developers have created tools\u2014such as Tor2web\u2014that may allow individuals access to Tor-hosted content without downloading and installing the Tor software, though accessing the Dark Web through these means does not anonymize activity. Once on the Dark Web, users often navigate it through directories such as the \u201cHidden Wiki,\u201d which organizes sites by category, similar to Wikipedia. Individuals can also search the Dark Web with search engines, which may be broad, searching across the Deep Web, or more specific, searching for contraband like illicit drugs, guns, or counterfeit money. While on the Dark Web, individuals may communicate through means such as secure email, web chats, or personal messaging hosted on Tor. Though tools such as Tor aim to anonymize content and activity, researchers and security experts are constantly developing means by which certain hidden services or individuals could be identified or \u201cdeanonymized.\u201d\nAnonymizing services such as Tor have been used for legal and illegal activities ranging from maintaining privacy to selling illegal goods\u2014mainly purchased with Bitcoin or other digital currencies. They may be used to circumvent censorship, access blocked content, or maintain the privacy of sensitive communications or business plans. However, a range of malicious actors, from criminals to terrorists to state-sponsored spies, can also leverage cyberspace and the Dark Web can serve as a forum for conversation, coordination, and action. It is unclear how much of the Dark Web is dedicated to serving a particular illicit market at any one time, and, because of the anonymity of services such as Tor, it is even further unclear how much traffic is actually flowing to any given site.\nJust as criminals can rely upon the anonymity of the Dark Web, so too can the law enforcement, military, and intelligence communities. They may, for example, use it to conduct online surveillance and sting operations and to maintain anonymous tip lines. Anonymity in the Dark Web can be used to shield officials from identification and hacking by adversaries. It can also be used to conduct a clandestine or covert computer network operation such as taking down a website or a denial of service attack, or to intercept communications. Reportedly, officials are continuously working on expanding techniques to deanonymize activity on the Dark Web and identify malicious actors online.", "type": "CRS Report", "typeId": "REPORTS", "active": true, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "http://www.crs.gov/Reports/R44101", "sha1": "a3de7b1a3dcc356f1328ce6dc36ea1268dc26fc8", "filename": "files/20170310_R44101_a3de7b1a3dcc356f1328ce6dc36ea1268dc26fc8.html", "images": null }, { "format": "PDF", "encoding": null, "url": "http://www.crs.gov/Reports/pdf/R44101", "sha1": "5fb41e306ada4c98ff46f7bf6e586eb9e4197bdf", "filename": "files/20170310_R44101_5fb41e306ada4c98ff46f7bf6e586eb9e4197bdf.pdf", "images": null } ], "topics": [ { "source": "IBCList", "id": 4794, "name": "Science for Security" }, { "source": "IBCList", "id": 4820, "name": "Cybersecurity" }, { "source": "IBCList", "id": 4933, "name": "Cybercrime" } ] }, { "source": "EveryCRSReport.com", "id": 444635, "date": "2015-07-07", "retrieved": "2016-04-06T18:49:44.518247", "title": "Dark Web", "summary": "Congressional Research Service\n7-5700\nwww.crs.gov\nR44101\nSummary\nThe layers of the Internet go far beyond the surface content that many can easily access in their daily searches. The other content is that of the Deep Web, content that has not been indexed by traditional search engines such as Google. The furthest corners of the Deep Web, segments known as the Dark Web, contain content that has been intentionally concealed. The Dark Web may be used for legitimate purposes as well as to conceal criminal or otherwise malicious activities. It is the exploitation of the Dark Web for illegal practices that has garnered the interest of officials and policy makers.\nIndividuals can access the Dark Web by using special software such as Tor (short for The Onion Router). Tor relies upon a network of volunteer computers to route users\u2019 web traffic through a series of other users\u2019 computers such that the traffic cannot be traced to the original user. Some developers have created tools\u2014such as Tor2web\u2014that may allow individuals access to Tor-hosted content without downloading and installing the Tor software, though accessing the Dark Web through these means does not anonymize activity. Once on the Dark Web, users often navigate it through directories such as the \u201cHidden Wiki,\u201d which organizes sites by category, similar to Wikipedia. Individuals can also search the Dark Web with search engines, which may be broad, searching across the Deep Web, or more specific, searching for contraband like illicit drugs, guns, or counterfeit money. While on the Dark Web, individuals may communicate through means such as secure email, web chats, or personal messaging hosted on Tor. Though tools such as Tor aim to anonymize content and activity, researchers and security experts are constantly developing means by which certain hidden services or individuals could be identified or \u201cdeanonymized.\u201d\nAnonymizing services such as Tor have been used for legal and illegal activities ranging from maintaining privacy to selling illegal goods\u2014mainly purchased with Bitcoin or other digital currencies. They may be used to circumvent censorship, access blocked content, or maintain the privacy of sensitive communications or business plans. However, a range of malicious actors, from criminals to terrorists to state-sponsored spies, can also leverage cyberspace and the Dark Web can serve as a forum for conversation, coordination, and action. It is unclear how much of the Dark Web is dedicated to serving a particular illicit market at any one time, and, because of the anonymity of services such as Tor, it is even further unclear how much traffic is actually flowing to any given site.\nJust as criminals can rely upon the anonymity of the Dark Web, so too can the law enforcement, military, and intelligence communities. They may, for example, use it to conduct online surveillance and sting operations and to maintain anonymous tip lines. Anonymity in the Dark Web can be used to shield officials from identification and hacking by adversaries. It can also be used to conduct a clandestine or covert computer network operation such as taking down a website or a denial of service attack, or to intercept communications. Reportedly, officials are continuously working on expanding techniques to deanonymize activity on the Dark Web and identify malicious actors online.\nContents\nLayers of the Internet\t2\nAccessing and Navigating the Dark Web\t3\nCommunicating On (and About) the Dark Web\t4\nNavigating the Deep Web and Dark Web\t5\nIs the Dark Web Anonymous?\t6\nWhy Anonymize Activity?\t7\nOnline Privacy\t7\nIllegal Activity and the Dark Web\t8\nPayment on the Dark Web\t11\nGovernment Use of the Dark Web\t11\nLaw Enforcement\t12\nMilitary and Intelligence\t13\nGoing Forward\t14\n\nFigures\nFigure 1. Layers of the Internet\t3\n\nContacts\nAuthor Contact Information\t14\nAcknowledgments\t14\n\nBeyond the Internet content that many can easily access online lies another layer\u2014indeed a much larger layer\u2014of material that is not accessed through a traditional online search. As experts have noted, \u201c[s]earching on the Internet today can be compared to dragging a net across the surface of the ocean. While a great deal may be caught in the net, there is still a wealth of information that is deep, and therefore, missed.\u201d This deep area of the Internet, or the Deep Web, is characterized by the unknown\u2014unknown breadth, depth, content, and users. \n/\n\n2011 Silk Road reportedly launched by Ross William Ulbricht, who was known online as the \u201cDread Pirate Roberts.\u201d \nSEP 2013 Federal agents seized the Silk Road site. \nOCT 2013 the Federal Bureau of Investigation (FBI) arrested Ulbricht. \nMay 2015 Ulbricht sentenced to life in prison for his role in operating the Silk Road.\nUlbricht received over $13 million in commissions from sales on the Silk Road. While the Silk Road was primarily used to sell illegal drugs, it also offered digital goods, including malicious software and pirated media; forgeries, including fake passports and Social Security cards; and services, such as computer hacking. \n\nThe furthest corners of the Deep Web, known as the Dark Web, contain content that has been intentionally concealed. The Dark Web may be accessed both for legitimate purposes and to conceal criminal or otherwise malicious activities. It is the exploitation of the Dark Web for illegal practices that has garnered the interest of officials and policy makers. Take for instance the Silk Road\u2014one of the most notorious sites formerly located on the Dark Web. The Silk Road was an online global bazaar for illicit services and contraband, mainly drugs. Vendors of these illegal substances were located in more than 10 countries around the world, and contraband goods and services were provided to more than 100,000 buyers. It has been estimated that the Silk Road generated about $1.2 billion in sales between January 2011 and September 2013, after which it was dismantled by federal agents. \nThe use of the Internet, and in particular the Dark Web, for malicious activities has led policy makers to question whether law enforcement and other officials have sufficient tools to combat the illicit activities that might flow through this underworld. This report illuminates information on the various layers of the Internet, with a particular focus on the Dark Web. It discusses both legitimate and illicit uses of the Dark Web, including how the government may rely upon it. Throughout, the report raises issues that policy makers may consider as they explore means to curb malicious activity online.\nLayers of the Internet \nMany may consider the Internet and World Wide Web (web) to be synonymous; they are not. Rather, the web is one portion of the Internet, and a medium through which information may be accessed. In conceptualizing the web, some may view it as consisting solely of the websites accessible through a traditional search engine such as Google. However, this content\u2014known as the \u201cSurface Web\u201d\u2014is only one portion of the web. The Deep Web refers to \u201ca class of content on the Internet that, for various technical reasons, is not indexed by search engines,\u201d and thus would not be accessible through a traditional search engine. Information on the Deep Web includes content on private intranets (internal networks such as those at corporations, government agencies, or universities), commercial databases like Lexis Nexis or Westlaw, or sites that produce content via search queries or forms. Going even further into the web, the Dark Web is the segment of the Deep Web that has been intentionally hidden. The Dark Web is a general term that describes hidden Internet sites that users cannot access without using special software. Users access the Dark Web with the expectation of being able to share information and/or files with little risk of detection.\nIn 2005, the number of Internet users reached 1 billion worldwide. This number surpassed 2 billion in 2010 and crested over 3 billion in 2014. As of June 2015, more than 40% of the world population was connected to the Internet. While data exist on the number of Internet users, data on the number of users accessing the various layers of the web and on the breadth of these layers are less clear.\nSurface Web. The magnitude of the web is growing. In the United States alone, about 100,000 new web domains are reportedly registered every day. Simultaneously, it is estimated that 40,000\u201370,000 web domains go offline each day. If these estimates are accurate, there are at least 30,000 web domains added daily.\nDeep Web. The Deep Web, as noted, cannot be accessed by traditional search engines because the content in this layer of the web is not indexed. Information here is not \u201cstatic and linked to other pages\u201d as is information on the Surface Web. As researchers have noted, \u201c[i]t\u2019s almost impossible to measure the size of the Deep Web. While some early estimates put the size of the Deep Web at 4,000\u20135,000 times larger than the surface web, the changing dynamic of how information is accessed and presented means that the Deep Web is growing exponentially and at a rate that defies quantification.\u201d\nDark Web. Within the Deep Web, the Dark Web is also growing as new tools make it easier to navigate. Because individuals may access the Dark Web assuming little risk of detection, they may use this arena for a variety of legal and illegal activities. It is unclear, however, how much of the Deep Web is taken up by Dark Web content and how much of the Dark Web is used for legal or illegal activities.\nFigure 1. Layers of the Internet\n/\nSource: Congressional Research Service (CRS).\nNotes: Proportions in the figure may not be to scale.\nAccessing and Navigating the Dark Web\nThe Dark Web can be reached through decentralized, anonymized nodes on a number of networks including Tor (short for The Onion Router) or I2P (Invisible Internet Project). Tor, which was initially released as The Onion Routing project in 2002, was originally created by the U.S. Naval Research Laboratory as a tool for anonymously communicating online. \nTor \u201crefers both to the software that you install on your computer to run Tor and the network of computers that manages Tor connections.\u201d Tor\u2019s users connect to websites \u201cthrough a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy.\u201d Users route their web traffic through other users\u2019 computers such that the traffic cannot be traced to the original user. Tor essentially establishes layers (like layers of an onion) and routes traffic through those layers to conceal users\u2019 identities. To get from layer to layer, Tor has established \u201crelays\u201d on computers around the world through which information passes. Information is encrypted between relays, and \u201call Tor traffic passes through at least three relays before it reaches its destination.\u201d The final relay is called the \u201cexit relay,\u201d and the IP address of this relay is viewed as the source of the Tor traffic. When using Tor software, users\u2019 IP addresses remain hidden. As such, it appears that the connection to any given website \u201cis coming from the IP address of a Tor exit relay, which can be anywhere in the world.\u201d \nWhile data on the magnitude of the Deep Web and Dark Web and how they relate to the Surface Web are not clear, data on Tor users do exist. According to metrics from the Tor Project, the mean number of daily Tor users in the United States across the first three months of 2015 was 360,775\u2014or 16.56% of total mean daily Tor users. The United States has the largest number of mean daily Tor users, followed by Germany (over 9%) and Russia (nearly 8%).\nCommunicating On (and About) the Dark Web\nThere are several different ways to communicate about the Dark Web. One of the first places individuals may turn is Reddit. There are several subreddits pertaining to the Dark Web, such as DarkNetMarkets, Onions, or Tor. These forums often provide links to sites within the Dark Web. Reddit provides a public platform for Dark Web users to discuss different aspects of the Tor. It is not encrypted or anonymous, as users who wish to engage in forum discussion must create an account. Individuals who wish to use a more secure form of communication may choose to utilize email, web chats, or personal messaging hosted on Tor: \nEmail service providers, for instance, typically only require users to input a username and password to sign up. In addition, email service providers generally offer anonymous messaging and encrypted storage.\nA number of anonymous, real-time chat rooms such as The Hub and OnionChat are hosted on Tor. Feeds are organized by topic. While some sites do not require any information from users before participating in chats, others require a user to register with an email address.\nPersonal messaging is another option for Tor users who wish to communicate with an added layer of anonymity. Bitmessage is a popular messaging system which offers encryption and strong authentication. Secure Messaging System for Tor allows a user to write a message and generates a unique link for that message. The messages are encrypted and self-destruct after the link is used once. Specific vendor sites may host private messaging as well.\nNavigating the Deep Web and Dark Web\nTraditional search engines often use \u201cweb crawlers\u201d to access websites on the Surface Web. This process of crawling searches the web and gathers websites that the search engines can then catalog and index. Content on the Deep (and Dark) Web, however, may not be caught by web crawlers (and subsequently indexed by traditional search engines) for a number of reasons, including that it may be unstructured, unlinked, or temporary content. As such, there are different mechanisms for navigating the Deep Web than there are for the Surface Web.\nUsers often navigate Dark Web sites through directories such as the \u201cHidden Wiki,\u201d which organizes sites by category, similar to Wikipedia. In addition to the wikis, individuals can also search the Dark Web with search engines. These search engines may be broad, searching across the Deep Web, or they may be more specific. For instance, Ahmia, an example of a broader search engine, is one \u201cthat indexes, searches and catalogs content published on Tor Hidden Services.\u201d In contrast, Grams is a more specific search engine \u201cpatterned after Google\u201d where users can find illicit drugs, guns, counterfeit money, and other contraband.\nWhen using Tor, website URLs change formats. Instead of websites ending in .com, .org, .net, etc., domains usually end with an \u201conion\u201d suffix, identifying a \u201chidden service.\u201d Notably, when searching the web using Tor, an onion icon displays in the Tor browser.\nTor is notoriously slow, and this has been cited as one drawback to using the service. This is because all Tor traffic is routed through at least three relays, and there can be delays anywhere along its path. In addition, speed is reduced when more users are simultaneously on the Tor network. On the other hand, increasing the number of users who agree to use their computers as relays can increase the speed on Tor.\nTor and similar networks are not the only means to reach hidden content on the web. Other developers have created tools\u2014such as Tor2web\u2014that may allow individuals access to Tor-hosted content without downloading and installing the Tor software. Using bridges such as Tor2web, however, does not provide users with the same anonymity that Tor offers. As such, if users of Tor2web or other bridges access sites containing illegal content\u2014for instance, those that host child pornography\u2014they could more easily be detected by law enforcement than individuals who use anonymizing software such as Tor.\nIs the Dark Web Anonymous?\nGuaranteed anonymity is not foolproof. While tools such as Tor aim to anonymize content and activity, researchers and security experts are constantly developing means by which certain hidden services or individuals could be identified or \u201cdeanonymized.\u201d \nFor example, in October 2011 the \u201chacktivist\u201d collective Anonymous, through its Operation Darknet, crashed a website hosting service called Freedom Hosting\u2014operating on the Tor network\u2014which was reportedly home to more than 40 child pornography websites. Among these websites was Lolita City, cited as one of the largest child pornography sites with over 100GB of data. Anonymous had \u201cmatched the digital fingerprints of links on [Lolita City] to Freedom Hosting\u201d and then launched a Distributed Denial of Service (DDoS) attack against Freedom Hosting. In addition, through Operation Darknet, Anonymous leaked the user database\u2014including username, membership time, and number of images uploaded\u2014for over 1,500 Lolita City members. \nIn 2013, the Federal Bureau of Investigation (FBI), reportedly took control of Freedom Hosting and infected it with \u201ccustom malware designed to identify visitors.\u201d Since 2002, the FBI has supposedly been using some form of a \u201ccomputer and internet protocol address verifier\u201d\u2014consistent with the malware in the Freedom Hosting takeover\u2014to \u201cidentify suspects who are disguising their location using proxy servers or anonymity services, like Tor.\u201d\nWhy Anonymize Activity?\nA number of reasons have been cited why individuals might use services such as Tor to anonymize online activity. Anonymizing services have been used for legal and illegal activities ranging from keeping sensitive communications private to selling illegal drugs. Of note, while a wide range of legitimate uses of Tor exist, much of the research on and concern surrounding anonymizing services involves their use for illegal activities. As such, the bulk of this section focuses on the illegal activities.\nOnline Privacy\nTor is used to secure the privacy of activities and communications in a number of realms. Privacy advocates generally promote the use of Tor and similar software to maintain free speech, privacy, and anonymity. There are several examples of how it might be used for these purposes:\nAnti-Censorship and Political Activism. Tor may be used as a \u201ccensorship circumvention tool, allowing its users to reach otherwise blocked destinations or content.\u201d Because individuals may rely upon Tor to access content that may be blocked in certain parts of the world, some governments have reportedly suggested tightening regulations around using Tor. Some have purportedly blocked access to it. Political dissidents may also use Tor to secure and anonymize their communications and locations, as they have reportedly done in dissident movements in Iran and Egypt.\nSensitive Communication. Tor may also be used by individuals who want to access chat rooms and other forums for sensitive communications\u2014both for personal and business uses. Individuals may seek out a safe haven for discussing private issues such as victimization or physical or mental illnesses. They may also use Tor to protect their children online by concealing the IP addresses of children\u2019s activities. Businesses may use it to protect their projects and help prevent spies from gaining a competitive advantage.\nLeaked Information. Journalists may use Tor for communicating \u201cmore safely with whistleblowers and dissidents.\u201d The New Yorker\u2019s Strongbox, for instance, is accessible through Tor and allows individuals to communicate and share documents anonymously with the publication. In addition, Edward Snowden reportedly used Tails (an \u201coperating system optimized for anonymity\u201d)\u2014which automatically runs Tor\u2014to communicate with journalists and leak classified information on U.S. mass surveillance programs. Among the documents leaked by Snowden was a top-secret presentation outlining National Security Agency (NSA) efforts to exploit the Tor browser and de-anonymize users.\nIllegal Activity and the Dark Web\nJust as nefarious activity can occur through the Surface Web, it can also occur on the Deep Web and Dark Web. A range of malicious actors leverage cyberspace, from criminals to terrorists to state-sponsored spies. The web can serve as a forum for conversation, coordination, and action. Specifically, they may rely upon the Dark Web to help carry out their activities with reduced risk of detection. While this section focuses on criminals operating in cyberspace, the issues raised are certainly applicable to other categories of malicious actors.\nTwenty-first century criminals increasingly rely on the Internet and advanced technologies to further their criminal operations. For instance, criminals can easily leverage the Internet to carry out traditional crimes such as distributing illicit drugs and sex trafficking. In addition, they exploit the digital world to facilitate crimes that are often technology driven, including identity theft, payment card fraud, and intellectual property theft. The FBI considers high-tech crimes to be the most significant crimes confronting the United States. \nThe Dark Web has been cited as facilitating a wide variety of crimes. Illicit goods such as drugs, weapons, exotic animals, and stolen goods and information are all sold for profit. There are gambling sites, thieves and assassins for hire, and troves of child pornography. Data on the prevalence of these Dark Web sites, however, are lacking. Tor estimates that only about 1.5% of Tor users visit hidden services/Dark Web pages. The actual percentage of these that serve a particular illicit market at any one time is unclear, and it is even less clear how much Tor traffic is going to any given site.\nOne study from the University of Portsmouth examined Tor traffic to hidden services. Researchers \u201cran 40 relay\u2019 computers in the Tor network ... which allowed them to assemble an unprecedented collection of data about the total number of Tor hidden services online\u2014about 45,000 at any given time\u2014and how much traffic flowed to them.\u201d While about 2% of the Tor hidden service websites identified were sites that researchers deemed related to child abuse, 83% of the visits to hidden services sites were to these child abuse sites\u2014\u201cjust a small number of pedophilia sites account for the majority of Dark Web http traffic.\u201d As has been noted, however, there are a number of variables that may have influenced the results.\nThe Dark Web can play a number of roles in malicious activity. As noted, it can serve as a forum\u2014through chat rooms and communication services\u2014for planning and coordinating crimes. For instance, there have been reports that some of those engaged in tax-refund fraud discussed techniques on the Dark Web. The Dark Web can also provide a platform for criminals to sell illegal or stolen goods. Take the role of the Dark Web in data breaches, for example:\nMalware used in large-scale data breaches to capture unencrypted credit and debit card information has been purchased on the Dark Web. One form of malware, RAM scrapers, can be purchased and remotely installed on point-of-sale systems, as was done in the 2013 Target breach, among others.\nThieves can sell stolen information for profit on the Dark Web. For instance, within weeks of the Target breach, the underground black markets were reportedly \u201cflooded\u201d with the stolen credit and debit card account information, \u201cselling in batches of one million cards and going for anywhere from $20 to more than $100 per card.\u201d Such \u201ccard shops\u201d are just one example of the specialty markets on the Dark Web.\nNot only can data be stolen and sold through the Dark Web, it can happen quickly. In a recent experiment by a security vendor, BitGlass, researchers created a treasure trove of fake \u201cstolen\u201d data including over 1,500 names, social security numbers, credit card numbers, and more. They then planted these data on DropBox and seven well-known black market sites. Within 12 days, the data had been viewed nearly 1,100 times across 22 countries.\nCybercriminals can victimize individuals and organizations alike, and they can do so without regard for borders. How criminals exploit borders is a perennial challenge for law enforcement, particularly as the concept of borders and boundaries has evolved. \nPhysical Borders. For law enforcement purposes, jurisdictional boundaries have been drawn between nations, states, and other localities. Within these territories, various enforcement agencies are designated authority to administer justice. When crimes cross boundaries, a given entity may no longer have sole responsibility for criminal enforcement, and the laws across jurisdictions may not be consistent. Criminals have long understood these phenomena\u2014and exploited them.\nPhysical\u2013Cyber Borders. The relatively clear borders within the physical world are not always replicated in the virtual realm. High-speed Internet communication has not only facilitated the growth of legitimate business, but it has bolstered criminals\u2019 abilities to operate in an environment where they can broaden their pool of potential targets and rapidly exploit their victims. Frauds and schemes that were once conducted face-to-face can now be carried out remotely from across the country or even across the world. For instance, criminals can rely upon botnets to target victims across the globe without crossing a single border themselves.\nCyber Borders. While cyberspace crosses physical borders, boundaries within cyberspace\u2014both jurisdictional and technological\u2014still exist. Some web addresses, for instance, are country-specific, and the administration of those websites is controlled by particular nations. Another barrier in cyberspace involves the lines between the Surface Web and the Deep Web. Crossing these boundaries may involve subscriptions or fee-based access to particular website content. Certain businesses\u2014news sites, journals, file-sharing sites, and others\u2014may require paid access. Other sites may only be accessed through an invitation.\nDo malicious actors need, or benefit from, the Dark Web to carry out their activities? Researchers have pointed to pros and cons of relying upon the anonymity of the Dark Web. Criminals selling illicit goods may benefit from the Dark Web\u2019s added protection of anonymity by being better able to evade law enforcement. However, they may have more trouble getting business. Trend Micro\u2019s 2013 study of the Dark Web notes that on it, \u201c[s]ellers suffer from lack of reputation caused by increased anonymity. Being untraceable can present drawbacks for a seller who cannot easily establish a trust relationship with customers unless the marketplace allows for it.\u201d In other words, anonymity can be a barrier online if one is trying to sell goods and has not been otherwise vetted.\nPayment on the Dark Web\nBitcoin is the currency often used in transactions on the Dark Web. It is a decentralized digital currency that uses anonymous, peer-to-peer transactions. Individuals generally obtain bitcoins by accepting them as payment, exchanging them for traditional currency, or \u201cmining\u201d them.\nWhen a bitcoin is used in a financial transaction, the transaction is recorded in a public ledger, called the block chain. The information recorded in the block chain is the bitcoin addresses of the sender and recipient. An address does not uniquely identify any particular bitcoin; rather, the address merely identifies a particular transaction. \nUsers\u2019 addresses are associated with and stored in a wallet. The wallet contains an individual\u2019s private key, which is a secret number that allows that individual to spend bitcoins from the corresponding wallet, similar to a password. The address for a transaction and a cryptographic signature are used to verify transactions. The wallet and private key are not recorded in the public ledger; this is where Bitcoin usage has heightened privacy. Wallets may be hosted on the web, by software for a desktop or mobile device, or on a hardware device.\nGovernment Use of the Dark Web\nBecause of the anonymity provided by Tor and other software such as I2P, the Dark Web can be a playground for nefarious actors online. As noted, however, there are a number of areas in which the study and use of the Dark Web may provide benefits. This is true not only for citizens and businesses seeking online privacy, but also for certain government sectors\u2014namely the law enforcement, military, and intelligence communities. \nLaw Enforcement\nJust as criminals can leverage the anonymity of the Dark Web, so too can law enforcement. It may use this to conduct online surveillance and sting operations and to maintain anonymous tip lines. While individuals may anonymize activities, some have speculated about means by which law enforcement can still track malicious activity.\nAs noted, the FBI has put resources into developing malware that can compromise servers in an attempt to identify certain users of Tor. Since 2002, the FBI has reportedly used a \u201ccomputer and internet protocol address verifier\u201d (CIPAV) to \u201cidentify suspects who are disguising their location using proxy servers or anonymity services, like Tor.\u201d It has been using this program to target \u201chackers, online sexual predators, extortionists, and others.\u201d\nIn addition to developing technology to infiltrate and deanonymize services such as Tor, law enforcement may rely upon more traditional crime fighting techniques; some have suggested that law enforcement can still rely upon mistakes by criminals or flaws in technology to target nefarious actors. For instance, in 2013 the FBI took down the Silk Road, then the \u201ccyber-underworld\u2019s largest black market.\u201d Reportedly, \u201cmissteps\u201d by the site\u2019s operator led to its demise; some speculate that \u201cfederal agents found weaknesses in the computer code used to operate the Silk Road website and exploited those weaknesses to hack the servers and force them to reveal their unique identifying addresses. Federal investigators could then locate the servers and ask law enforcement in those locations to seize them.\u201d \nLess than one month after federal agents disbanded the Silk Road, another site (Silk Road 2.0) came online. After discovering that the site\u2019s proprietor made critical errors, such as using his personal email address to register the servers, federal agents seized the servers and shut down the site. While law enforcement may aim to defeat criminals operating in the Dark Web technologically, some of their strongest tools may be traditional law enforcement crime-fighting means. For example, law enforcement can still request information from entities that collect identifying information on users. In March 2015, federal investigators \u201csent a subpoena to Reddit demanding that the site turn over a collection of personal data about five users of the r/darknetmarkets forum [a subreddit where users discussed anonymous online sales of drugs, weapons, stolen financial data, and other contraband].\u201d Though, as some have suggested, such law enforcement actions could drive these conversations and activities to anonymous forums such as those on Tor.\nMilitary and Intelligence\nAnonymity in the Dark Web can be used to shield military command and control systems in the field from identification and hacking by adversaries. The military may use the Dark Web to study the environment in which it is operating as well as to discover activities that present an operational risk to troops. For instance, evidence suggests that the Islamic State (IS) and supporting groups seek to use the Dark Web\u2019s anonymity for activities beyond information sharing, recruitment, and propaganda dissemination, using Bitcoin to raise money for their operations. In its battle against IS, the Department of Defense (DOD) can monitor these activities and employ a variety of tactics to foil terrorist plots. \nTor software can be used by the military to conduct a clandestine or covert computer network operation such as taking down a website or a denial of service attack, or to intercept and inhibit enemy communications. Another use could be a military deception or psychological operation, where the military uses the Dark Web to plant disinformation about troop movements and targets, for counterintelligence, or to spread information to discredit the insurgents\u2019 narrative. These activities may be conducted either in support of an ongoing military operation or on a stand-alone basis.\nDOD\u2019s Defense Advanced Research Projects Agency (DARPA) is conducting a research project, called Memex, to develop a new search engine that can uncover patterns and relationships in online data to help law e", "type": "CRS Report", "typeId": "REPORTS", "active": true, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "http://www.crs.gov/Reports/R44101", "sha1": "415ab41ed4862cacaca3b031fac93e185a59d604", "filename": "files/20150707_R44101_415ab41ed4862cacaca3b031fac93e185a59d604.html", "images": null }, { "format": "PDF", "encoding": null, "url": "http://www.crs.gov/Reports/pdf/R44101", "sha1": "5772344fd117e0e830418a273f38fcda4a87061a", "filename": "files/20150707_R44101_5772344fd117e0e830418a273f38fcda4a87061a.pdf", "images": null } ], "topics": [ { "source": "IBCList", "id": 4300, "name": "Cybersecurity" } ] } ], "topics": [ "Intelligence and National Security" ] }