这篇文章是最后一篇 我的系列 它探索了互联网的各个部分. 在讨论暗网的时候, some might say that one will never find a more wretched hive of scum and villainy. 但如果这是真的,为什么它会继续存在? 是什么阻止了执法部门关闭它? 去寻找答案, it is imperative to understand how the dark web works—and what makes it so difficult to solve its crimes and detect its activity.
The dark web was created by the US federal government to produce an environment in which individuals could maintain their anonymity. The government has many managed attribution environments, some of which I helped develop. The dark web is one that has become quite popular due to its availability and peer-to-peer nature.
Websites on the dark web are hosted separately and distinctly from the open or deep webs. 暗网建立在洋葱路由器(Tor)上。. The collection of Tor routers is what provides anonymity within the infrastructure. Accessing the dark web typically requires the use of an entrance node and an exit node, 虽然有些网站可以直接访问,如果他们的域名以 .洋葱. These nodes are connected using the same communication infrastructure that the open and deep webs use. The entrance node knows where a user is coming from and the exit node knows where they are going. 然而, the two nodes recognize only each other and do not share points of origin or destination. In order to connect to an entrance node, one must use a certain browser. The first browser was Tor, named after the router on which the dark web is implemented. Today there are several browsers that can be used to access the dark web.
一旦与入口节点建立了连接, one has entered a network that is layered in encryption tunnels and secure methods for establishing those tunnels. 这些隧道用作端到端加密(例如.e., vice link encryption) between the Tor browser and the dark website being accessed. 应该指出的是,在大多数情况下, websites hosted on the dark web are not crawled or advertised by search engines. This means one must know where they are going if they wish to take advantage of the dark web; 然而, 这并不意味着暗网上没有搜索引擎, but rather that they are not a complete representation of all hosted websites. 这是有道理的, as the reason many sites exist on the dark web is to conduct nefarious business activities such as weapon sales, 人口贩卖, 药品销售, 刑事业务, 信用卡销售等等. 不幸的是, there are also hostile sites that attempt to install hostile code onto one’s computer, which can then be used as a zombie or bot to act on malicious intentions.
然而,并非所有暗网的使用都涉及非法活动. This network allows news reporters and people who experience Internet censorship to maintain anonymity while reaching out to the world.
尽管有加密, 隧道化和缺乏可追溯性, 识别使用过暗网的人是可能的. 有一段时间, the US federal government was the largest owner of entrance nodes and exit nodes 通往黑暗之网. This means it is possible that the government could have possessed a tool that put together the point of origin (the Tor browser) and a user’s destination. 这也意味着加密密钥(i.e., root key) is owned by the US federal government, meaning that it can decrypt all traffic. 还记得, this is the same organization that released certified encryption algorithms for public use that contained back doors that it could use to get to your data. The most popular way to overcome this vulnerability is to use a proxy or virtual private network (VPN). Many VPN service providers contend that they flush all their audit trails when one disconnects from their service and do not cooperate with law enforcement. 然而, most VPN service providers are required to obey the laws of the countries in which they operate, meaning that a subpoena or other legal action could result in one’s identity being revealed.
Traffic analysis is an effective technique for targeting users who are on the dark web to conduct criminal activity. 在流量分析期间, 分析师建立网络, 观察谁去了哪里,谁在和谁说话. The identity of any one individual is not the primary interest; instead, an analyst tries to identify communication patterns that may be susceptible to compromise. 还记得, if I can compromise anyone in the network, I can find my way to you.
The next approach to compromising identity on the dark web is the crosspollination of identity from the analog world, 打开或深网, 通往黑暗之网. 我知道这很可笑, but many times someone will compromise their anonymity by buying a product from a commercial website using their cover account and then providing their real name, 地址及电话. 在暗网上, 标识名称的使用, tag or callsign that is traceable 打开或深网 is the beginning of success for criminal investigators. 现在, 基于用户的活动, they become a person of interest and more resources are expended to discover their identity.
The reality is there is not enough space here to go into extensive technical or operational detail about the dark web, but this introduction should help one achieve a basic understanding of it. 暗网可以是一个很好的管理归属系统, 然而, 在没有保护的情况下使用了错误的进出口节点, 一个人可能会比他们意识到的更熟悉这个系统. 不管你为什么使用暗网, they should ensure that all antivirus software on their device is up to date. But it is important to keep in mind that antivirus software protects against known viruses; by choosing to visit the dark web, 一个人可能会受到最新和最大的病毒的影响. 这意味着你可能会感染以你的名字命名的病毒. 祝你好运.
布鲁斯·R. 威尔金斯,CISA, CRISC, CISM, CGEIT, CISSP的首席执行官 TWM联营公司. 以这种身份, he provides his customers with secure engineering solutions for innovative technology and cost-reducing approaches to existing security programs.