Areas of
 Mark Penner and Daniel Tobok

Take caution when exploring dark web, Internet symposium told

Friday, July 27, 2018 @ 11:01 AM | By Carolyn Gruske

Despite the potential for confusion between similar sounding names, the deep web and the dark web are different online spaces, but lawyers should be familiar with both.

The differences between the two were explained by Mark D. Penner, a partner in the intellectual property (IP) group at Fasken LLP and by Daniel Tobok, CEO of Cytelligence, a Toronto-based online security company, during the 8th Fasken Toronto Symposium, held on June 7, 2018.

Penner and Tobok presented a session titled “Why you should still be afraid of the dark: the dark web and why you need to understand what it is and what it does.”

Mark Penner and Daniel Tobok

(L-R) Mark D. Penner, Fasken LLP and Daniel Tobok, Cytelligence

Penner opened the talk by giving the audience the iceberg analogy of what the web actually looks like. He explained that the surface web — the part that most people visit — is made up of indexed pages that can be found and explored through search engines. This, he said, accounts for roughly four per cent of the web.

Beyond the surface is the deep web. This is the part of the Internet that search engines don’t find — the remaining 96 per cent of the web. He told the audience, that “not all of it is necessarily nefarious or bad. It’s academic institutions, companies, anything that really can’t be accessed by a search engine. They’re behind log-in information, paywalls. It’s generally not accessible unless you have credentials to log into it.

“Then, within that deep web, there’s an even smaller portion and that’s called the dark web. This is intentionally hidden and inaccessible from your standard web browser. You basically have to access the deep web through specific software that is able to provide for the anonymity and the secrecy that people who use that dark web are looking for,” Penner explained.

“They say that most of the iceberg is beneath the surface, so you see a little bit on the surface, that’s the surface web, and everything else is the deep web and the dark web.”

Tobok then explained that the deep and the dark web have been around as long as the Internet has been.

“Everything you see on the deep web or the dark web are items that are not archived or meta-tagged by the search engines, that’s the reasons you cannot see them,” he said.

Tobok described the dark web as the place to go to buy everything from stolen identification and fake passports, to pirated copyrighted content (“Napster on steroids”), to adult content to stolen credit cards. Ransomware is also available on the dark web. (Ransomware as a service is a $140 billion business in North America, according to Tobok.) Penner added that counterfeit goods can also be found on the dark web.

“Imagine you are walking into a flea market with no lights, and just criminals hanging around there in dark trench coats, talking in various languages that you don’t understand,” Tobok said.

“The dark web is a fairly scary place because you can buy anything from a hand grenade delivered to your door, to a child slave, to a hit for as low as US$1,800 to illegal porn. It’s a fairly scary place where a lot of crazy things go on.”

The dark web isn’t a place that anybody can just accidentally venture into. It can only be accessed through web applications that have been designed with privacy and security and anonymity in mind. The most well-known browser that can be used for this is TOR. Most users, however, add an extra layer of security and direct their browsing through a virtual private network (VPN) which works to mask a user’s location. Of course that sense of anonymity goes away — at least to a degree — if a person starts engaging with some of the more nefarious parties on the dark web.

“The moment you start associating yourself with criminal groups or you try to enter into a particular chat, or join a particular group, they want to actually know who you are. They want to screen you, and you will start getting watched if you don’t know what you’re doing,” said Tobok.

“If you’re not using a proper protection when communicating with these people, it is very easy to hunt you down. Because they’ll give you a file, they’ll look at the file and right away, it will tell them your location. This is not something out of Mission Impossible II. This is a real thing. It’s very easy. It has been around for a very long time.”

Just because it’s potentially dangerous, however, that doesn’t mean people should avoid the areas of the Internet below the surface, said Tobok, telling the audience “that it’s good to explore” the hidden parts of the web.

“I always caution everybody to go and create a new hobby of searching things on the dark web and see how much you can get for that unicorn you found,” he said, joking about the type of obviously fake and fraudulent items that are often listed for sale on the dark web, “but you just have to be protected. It’s like entering a flea market with a bunch of criminals. It’s not for the faint of heart.”

He suggested people who go out and explore the deep or dark web “do a bit of reading” to gain an understanding of the technology, “mask your IP, use a VPN, make sure you protect yourself.”

Unlike the modern surface web, Tobok said the dark websites are a lot plainer, with basic HTML, very little multi-media content, cartoon graphics, a lot of data and information and a look and feel that would have been common on websites designed between 2001 and 2005.

According to Penner, one of the most common types of content found on the dark web is stolen company information, including IP. As a brand owners, he suggested that companies have an awareness of how much of their IP is out there for sale, and the type of damage that can do to a brand. Some of that can come from the sale of counterfeit goods, but it goes beyond that.

People who send out phishing e-mail or who gather information via social engineering techniques, can easily make use of a company’s branding information, and incorporate that into their fraudulent activities to make their illegal activities appear more legitimate.

“The important thing is these sites aren’t indexed, but they are reachable. In these phishing e-mails or in other social engineering exercises, you can get employees or customers to disclose information by incorrectly or mischievously directing them to these websites.” This practice, which is a form of cybersquatting, has a number of names including typosquatting, URL hijacking and brand hijacking, and it is often difficult for casual users to notice, especially if they aren’t paying attention of if the stolen IP and branding makes the e-mail look especially convincing.

“This has created a new front in the war of IP infringement and IP theft,” said Penner, who suggested that businesses partner with experts who can explore the dark web and discover what stolen information is out there and available.

“One of the things you can do is take proactive steps, monitor the dark web and see what people are saying about your company, what’s out there, and what’s potentially problematic,” he said.

To get that information, it requires essentially engaging in counterespionage operations. “That involved cover stories, fake personalities, all this cloak and dagger stuff … you really have to adopt a counterintelligence mindset.”

Glossary of terminology

Search engines: Search engines include, but are not limited to Google, Bing, Yahoo, DuckDuckGo, and others. Baidu, which serves the Chinese market, is the second largest search engine in the world after Google. They can be used to find pages and sites on the web based on keyword searches.

Meta tags:  These are descriptions of the content of a web page that doesn’t appear visible to a typical reader. The descriptions are contained within the code of the web page and are readable by search engines.

Ransomware: Ransomware is a malicious type of code that infects a computer. It prevents legitimate owners from accessing their own data, unless a fee is paid to the cybercriminal. Sometimes there is also a threat to release the data and make it public.

Web browsers: These are the applications that allow access to the Internet. Common, everyday browsers, such as Google Chrome, Firefox, Opera, Internet Explorer, Microsoft Edge, Safari, Vivaldi, etc. won’t grant access to the dark web. The most well-known browser that can be used to explore the dark web (although it has other uses as well, including general Internet surfing) is the TOR browser (the acronym stands for “The Onion Router”) but there are other browsers as well, including I2P — Invisible Internet Project and Freenet. Browsers such as Whonix, Subgraph OS and TAILS — The Amnesic Incognito Live System, are built on a TOR foundation.

VPN: A virtual private network creates a secure tunnel between two or more devices on the Internet. It is used to surf without revealing your location, and as such it is often used to access sites that are geoblocked (set up to prevent those from outside a particular country or residing inside the boundaries of a particular country from accessing a website). VPNs can be used for perfectly legal and legitimate reasons, such as when using Wi-Fi networks to prevent people from snooping into your browsing and looking at your data. Like any type of technology, however, VPNs aren’t foolproof and there still can be risks with using them, including governments accessing records of VPN service providers. Topok said Cyintelligence tends to use a double VPN setup when doing its dark web investigations.

HTML:  Hyper Text Markup Language or HTML is the standard language used to develop web pages.

IP: While in legal terms, IP typically stands for intellectual property, in online parlance it refers to Internet Protocol as in an IP address. This is the individual numeric address that is assigned to every device or computer on the network. It can be used to identify that device based on the location of its host (or home) network (including a person’s or company’s Internet service provider or ISP). Combined with the geolocation software, it can be used to determine where in the world that device is located.