16 July 2016

How to safely access and navigate the Dark Web

By Dan Patterson
July 11, 2016

Is your business data on the Dark Web? Learn how to find out if you've been compromised in this step-by-step guide to accessing the underbelly of the internet. 

The Dark Web is easy to find. With the right tools, and a stomach made of steel, anyone can access and browse the internet's underbelly. Lurking under the surface of the clear web—sites we visit every day with traditional web browsers and search engines—are indeed black markets loaded with stolen credit card information, black hat hackers, and human and drug traffickers.

The Dark Web, the deep web, and darknet, are spooky-sounding phrases that refer to websites that mask their IP address and can only be accessed using encryption-friendly tools like The Onion Router. TOR is an open source project best known for developing a Firefox-fork web browser pre-loaded with a number of hard-coded security and encryption enhancements. TOR allows users to obfuscate browsing activity by scrambling a user's IP address through a secure and distributed network.

The TOR project also develops Tails, a live, pre-configured Linux distribution that will run on almost any computer. Popularized by Edward Snowden, Tails runs as a discrete operating system on USB flash drives. Tails provides additional layers of security so that Dark Web browsing is not tied directly to a user's machine. Tails also allows users to store encrypted files, run email programs and PGP, and run the TOR browser.

The modern Dark Web's notorious reputation is well-earned, and the hidden internet is undeniably dangerous. Though encrypted websites have existed for more than a decade, the Dark Web rose to mainstream prominence alongside the Silk Road, the now-defunct "Amazon for Drugs." YouTube is loaded with Dark Web horror stories, and the Hidden Wiki serves as a portal to the criminal underground.

There are also number of legitimate reasons users may want to access the Dark Web. The web's substratum is populated by mainstream web companies like Facebook, political activists, and journalists who need to communicate and share sensitive information. The United Nations, FBI, and CIA use the encrypted internet to monitor terror groups like Daesh and keep tabs on criminal profiteers. Corporate IT departments frequently crawl the Dark Web in search of stolen corporate credit card information and compromised accounts.

Here's how to safely access and browse the Dark Web:

Step 1: Plan ahead.

There are plenty of reasons companies and individuals may want to access the Dark Web. SMBs and enterprise companies in particular may want to monitor Dark Web portals for stolen corporate account information. Individuals may want to monitor sites for evidence of identity theft. Facebook's encrypted site, located at facebookcorewwwi.onion, is a feature-rich method of accessing the social network using end-to-end encryption. 
Set a goal, make plans, and stay focused. Be mindful of purpose. Make sure you know what information you're looking for and why you're logging on to the encrypted web. For example, if you're a reporter and need to communicate with sources, focus on PGP, email, and encrypted communication. If you're searching for credit card information, look for Silk Road-type markets that sell hacked data. 
Get what you need, safely disconnect TOR and Tails, then log off.

Step 2: Obtain a new USB flash drive.

Purchase a new 8 GB or larger USB flash drive. Make sure you use a fresh, unused drive. You will install Tails, and Tails only, directly on your storage device.

Step 3: Prepare your local machine.

Ideally, use a fresh laptop. This isn't an option for most users, so instead do everything in your power to secure and isolate mission-critical information. 
Back up critical data and local files. 
Make sure your hardware is optimized and malware-free. 

Step 4: Download Tails and TOR.

TOR and Tails are available on the TOR Project website. Access download links directly from https://www.torproject.org. Insert your USB drive and follow the instructions on https://tails.boum.org.

Step 5: Browse safely.

Common portals and search engines: 

Encryption is strong, but not impenetrable. The FBI discovered and exploitedvulnerabilities in the TOR network. Though the agency refused to disclose the source code used to penetrate the network, undoubtedly law enforcement agencies around the world monitor and operate on the Deep Web. Members of the TOR project vowed to patch network holes and strengthen the protocol.

TechRepublic does not condone illegal or unethical activity. Offensive material can sometimes be just a click away. Browse at your own risk. Never break the law. Use the Dark Web safely, and for legal purposes only.

We're interested in your feedback and thoughts about why and how SMBs and enterprise companies use the Deep Web. Your comments below are welcome. 

Image: Igor Stevanovic/Getty Images/iStockphoto 

The Dark Web is easy to find. With the right tools, and a stomach made of steel, anyone can access and browse the internet's underbelly. Lurking under the surface of the clear web—sites we visit every day with traditional web browsers and search engines—are indeed black markets loaded with stolen credit card information, black hat hackers, and human and drug traffickers. 

The Dark Web, the deep web, and darknet, are spooky-sounding phrases that refer to websites that mask their IP address and can only be accessed using encryption-friendly tools like The Onion Router. TOR is an open source project best known for developing a Firefox-fork web browser pre-loaded with a number of hard-coded security and encryption enhancements. TOR allows users to obfuscate browsing activity by scrambling a user's IP address through a secure and distributed network. 

The TOR project also develops Tails, a live, pre-configured Linux distribution that will run on almost any computer. Popularized by Edward Snowden, Tails runs as a discrete operating system on USB flash drives. Tails provides additional layers of security so that Dark Web browsing is not tied directly to a user's machine. Tails also allows users to store encrypted files, run email programs and PGP, and run the TOR browser. 

The modern Dark Web's notorious reputation is well-earned, and the hidden internet is undeniably dangerous. Though encrypted websites have existed for more than a decade, the Dark Web rose to mainstream prominence alongside the Silk Road, the now-defunct "Amazon for Drugs." YouTube is loaded with Dark Web horror stories, and the Hidden Wiki serves as a portal to the criminal underground. 

There are also number of legitimate reasons users may want to access the Dark Web. The web's substratum is populated by mainstream web companies like Facebook, political activists, and journalists who need to communicate and share sensitive information. The United Nations, FBI, and CIA use the encrypted internet to monitor terror groups like Daesh and keep tabs on criminal profiteers. Corporate IT departments frequently crawl the Dark Web in search of stolen corporate credit card information and compromised accounts. 

Here's how to safely access and browse the Dark Web: 

Step 1: Plan ahead. 

There are plenty of reasons companies and individuals may want to access the Dark Web. SMBs and enterprise companies in particular may want to monitor Dark Web portals for stolen corporate account information. Individuals may want to monitor sites for evidence of identity theft. Facebook's encrypted site, located at facebookcorewwwi.onion, is a feature-rich method of accessing the social network using end-to-end encryption. 

Set a goal, make plans, and stay focused. Be mindful of purpose. Make sure you know what information you're looking for and why you're logging on to the encrypted web. For example, if you're a reporter and need to communicate with sources, focus on PGP, email, and encrypted communication. If you're searching for credit card information, look for Silk Road-type markets that sell hacked data. 

Get what you need, safely disconnect TOR and Tails, then log off. 

Step 2: Obtain a new USB flash drive. 

Purchase a new 8 GB or larger USB flash drive. Make sure you use a fresh, unused drive. You will install Tails, and Tails only, directly on your storage device. 

Step 3: Prepare your local machine. 

Ideally, use a fresh laptop. This isn't an option for most users, so instead do everything in your power to secure and isolate mission-critical information. 

Back up critical data and local files. 

Make sure your hardware is optimized and malware-free. 

Step 4: Download Tails and TOR. 

TOR and Tails are available on the TOR Project website. Access download links directly from https://www.torproject.org. Insert your USB drive and follow the instructions on https://tails.boum.org

Step 5: Browse safely. 

Common portals and search engines: 

Encryption is strong, but not impenetrable. The FBI discovered and exploitedvulnerabilities in the TOR network. Though the agency refused to disclose the source code used to penetrate the network, undoubtedly law enforcement agencies around the world monitor and operate on the Deep Web. Members of the TOR project vowed to patch network holes and strengthen the protocol. 

TechRepublic does not condone illegal or unethical activity. Offensive material can sometimes be just a click away. Browse at your own risk. Never break the law. Use the Dark Web safely, and for legal purposes only. 

We're interested in your feedback and thoughts about why and how SMBs and enterprise companies use the Deep Web.

No comments: