The Dark Web is part of the Deep Web, which is a sub-section of the Internet not indexed by popular search engines (aka: hidden web content).

Because content on the Dark Web doesn’t use Internet Protocol (IP), there’s a whole network of further hidden sites that discuss and trade in often illegal information. You can only access it using the Tor browser.

The Deep Web & Dark Web (aka: Darknet) are two different concepts.

The deep web just refers to non-indexed pages, while the dark web refers to pages which are both non-indexed and sometimes involved in illegal niches.

There are numerous markets on the Deep Web for diverse kinds of services and “goods”.

The web (internet) is layered.

There’s the surface web (used by 95% of people), then the deep web, and below that the dark web, further down the Mariana Web is deeper still.

And supposedly at the “deepest” known is the Archon Interface (aka: Level 8).

Level 8 supposedly the controllers for the whole internet, IE the Holy Grail for hackers. Whoever controls the 8th level controls the internet and thus, the entire digital world.

Do you have a right to privacy? Yes

Thanks to Skillset Magazine for this:

You have an absolute right to privacy. The UN even said so in its Declaration of Human Rights. So how can you stay hidden on the ever-obtrusive Internet? The Deep Web and Dark Web are things you’ve heard about, but never explored on your own.

The Dark Web is a place full of underground criminals and intelligent hackers, but it is also a place much more secure than your favorite browser. It’s hardly a secret that when you go online, your activities are followed, not only by Google, Facebook, and Amazon but also by official surveillance teams and hackers.

The Deep Web is the hidden 95 percent of the Internet that you can’t search by conventional means. We’re talking hospital records, bank pages, academic records, and even social media accounts. Typically to reach it, you just need the actual URL, and some sort of username/password combo.

However, the Dark Web is a very small subset of the Deep Web where, unless you’re up to speed on how to access it, you won’t be able to find anything. It’s “No-Man’s Land”—unregulated, no street signs, and danger lurking around every corner if you’re not careful … kind of like Detroit. But if you have a bit of knowledge and a large dose of healthy paranoia, the Dark Web can be a whole new world.

Dark Web Facts

• Dark Web activity has increased by 300% in the last 3 years.
• Over 30% of North Americans access the Dark Web regularly.
• More than 2 million active users connect to the Dark Web through the TOR browser every day.
• TOR’s bandwidth capacity has increased from around 50 gigabits per second (in 2014) to approximately 300 gigabits per second (in 2018).
• The total value of bitcoin transacted on the Dark Web jumped by 65% in 2019.
• The estimated annual revenue generated by cybercrime in 2019 was $1.5 trillion.
• A ransomware attack will take place every 11 seconds by 2021.
• Hackers attack every 39 seconds, on average 2,244 times a day.
• 60% of the information available on the Dark Web could potentially harm enterprises.
• In addition to information, Dark Web markets also deal in other nefarious things like: criminal services, espionage, illegal collectibles or animals, human trafficking, credit card numbers, drugs, guns, counterfeit money, stolen goods, password lists, cybercrime software, cracked credentials, and other shady things.

What is the Dark Web?

 

Dream

The darknet’s longest standing market, Dream, has somehow survived since 2013. It accepts bitcoin core (BTC) and bitcoin cash (BCH) and features 63,000 digital goods, 87,000 drugs, and thousands of other listings under such categories as “drug paraphernalia” and “services.” Listings can be filtered by cryptocurrency, seller location, buyer location, vendor, and keyword. The marketplace features one-tick message encryption at checkout, but buyers are recommended to fully encrypt messages using the vendor’s public key. That way, if the website should be compromised, messages will be indecipherable.

6 Ways to Stay Safe From Compromised Tor Exit Nodes

https://www.makeuseof.com/tag/priority-wretched-hive-scum-villainy-5-ways-stay-safe-bad-tor-exit-nodes/

Here’s a useful Dark Web website that you might like:

Hidden Answers

 

Dark Web Link: 

http://answerszuvs3gg2l64e6hmnryudl5zgrmwm3vh65hzszdghblddvfiqd.onion/

Hidden Answers is like a cross between Quora and Reddit. You can ask any question on any topic, and the community will respond. However, unlike sites such as Reddit, there’s no censorship going on. Everything you see is uncensored.

The site has more than a dozen categories. The largest and most active categories are Technology, Money and Jobs, and Security and Privacy.

Some of the categories are adult-orientated, so make sure you give them a wide berth if you’re easily offended.

 

Is the Dark Web Illegal?

There are certainly legitimate uses of the Dark Web. For example, increased (but not absolute) anonymity, political protesting, whistleblowing, and journalism that requires the utmost security. But there are also very illegitimate uses like drug trafficking, trading in stolen financial data, and all those little activities that law enforcement tends to frown upon.

So before riding willy-nilly into the Dark Web, the best thing to do is have a plan. Why are you going there? Curiosity? Journalism? Looking for some of that fine sticky dank?

Just know that law enforcement is everywhere, so while most of the Dark Web is legal, if you choose to do illegal stuff, that’s on you. We’re showing you the door, but what happens after you walk through it is none of our concern.

 

The Best Dark Web Websites You Won’t Find on Google

https://www.makeuseof.com/tag/best-dark-web-websites/

 

Let’s Talk Hardware

Do NOT use a Windows machine. They attract viruses like Wuhan, China.

Use a Unix- or Linux- based system and keep your antivirus up to date.

There is even a full OS called Tails that you can run from a USB stick.

Protect your Internet connection with a VPN. We like services like NordVPN that give you an encrypted tunnel for all of your Web activities. Think of it like up-armoring your Internet connection. It ain’t perfect, but it’s more protection than what you had that night you stayed in Tijuana.

Now that you’ve set up your VPN, the only way to access the Dark Web is through TOR (The Onion Router), which utilizes its own navigation system—the TOR browser. TOR is a series of proxies through which communication is encrypted and anonymized. It’s the only easily accessible doorway into the Dark Web. So now you’ve got a layer of VPN and a second layer of encryption with TOR. The world is yours, right? Wrong.

Dark Web Browser

Once you’re in, you’ll need to use a search engine like DuckDuckGo or The Hidden WIKI to find locations. They will typically just be a jumble of letters and numbers and end in the .onion suffix. Addresses change often and the shadier sites are typically invite-only; either that or someone needs to vouch for you—kind of like getting into a gang.

There are scams and traps and malware everywhere, so act as if every link is infected. Kind of like you do right now in real life. With a little bit of forethought and preparation, the Dark Web can be a lot less scary. And now you’ve gained back a bit of liberty in a world that has very little left.

What is Tor?

Official website

https://www.torproject.org/

The TOR anonymity network is free, open-source software, originally developed by the US Navy Research Laboratory (NRL) in Washington, D.C. in the mid-1990s to protect intelligence online communications.

Later in 2004, the NRL released the TOR source code to the general public under a free license.

TOR is now managed by The Tor Project, Inc, a non-profit organization that maintains TOR development.

TOR network is composed of two components:

1. The TOR software used to access the TOR network.
2. TOR infrastructure, which is simply a set of volunteer computers spread all over the world that route users traffic across the TOR network.

To use TOR to browse the surf the internet anonymously, all you need to do is to download the TOR browser (https://www.torproject.org/download).

What’s it got to do with onions?

It’s all about layers. The data from your computer is sent through a series of ‘nodes’ (other computers, also known as ‘relays’) run by millions of volunteers around the world, building up layers of encryption like the layers of an onion. Tor gives you a different IP address every time you send or request data, disguising your real IP address and making it nearly impossible for prying eyes to know where the data originated.

TOR anonymizes internet traffic by bouncing your connection over at least 3 relays (also known as nodes or routers) before reaching the final destination.

The first relay is the entry relay (also known as the guard relay), it routes your data from the surface web and moves it to the middle relay. TOR uses at least one middle relay for each connection, however, it may use more, the middle relay then shifts your connection to the final one which is the Exit relay. When surfing the surface web sites using the TOR browser, your real IP address will be concealed and your connection will seem to originate from the TOR Exit relay IP address instead.

The most recent figures (metrics.torproject.org) suggest Tor has around 2.5 million daily users.

Facebook’s Tor-only website alone attracting more than 1 million visitors monthly.

 

How do I use Tor?

The Tor browser is based on Firefox but disables plugins that could compromise your privacy and security.

It won’t clash with other software you have installed, but you may need to configure your antivirus program or firewall to allow it access to the internet.

There’s also a Tor app for Android, called Orbot; and an operating system – Tails – that’s preconfigured to use Tor. 

The first time you use Tor you’ll be faced with a pop-up asking you to connect or configure the Tor network.

The majority of people will be able to click Connect, but if you’re on a censored or proxied internet connection you’ll need to configure your local proxy settings. If that’s something you need to do, the Tor Project has plenty of manuals on the nitty-gritty of configurations.

How to use Tor to get somewhere

The Tor window will look like a normal browser window, but you can now use it to access sites with a .onion suffix. Coming across these sites isn’t a matter of searching Google – you’ll need to find specific links.

What’s more, the addresses of these links tend to be a cluster of seemingly random letters, so it isn’t always entirely clear where they’re leading you.

The Hidden Wiki is one of the better-known resources for traversing the dark web, where you’ll find links to sites across various categories.

Another useful resource is the subreddit r/onions.

Obviously, be aware that both of these contain NSFW material.

If you’re particularly keen on maintaining anonymity, The Tor Project includes a number of warnings about what not to do when browsing the dark web. We would advise you to be extremely careful when using Tor.

If you’re worried about privacy and online tracking, there are easier ways to take steps to protect your data. From anonymous search engines such as DuckDuckGo and Oscobo to plugins such as Ghostery, there are simple ways to block trackers used by ad networks.

Who uses Tor?

The police, the military, medical researchers, human-rights groups, abuse victims, whistleblowers, journalists, and, increasingly, anyone who wants to keep their online activities private or is concerned about cyber-spying.

It is very popular among people in internet-censored countries such as Russia and the UAE and counts Human Rights Watch among its past donors.

How do you pay for things?

Cryptocurrency Bitcoin is Tor’s preferred currency.

Tor does not incite or condone illegal enterprises. On its website, it recognizes that criminal elements exploit anonymity, but points out: “Criminals can already do bad things… they already have lots of options available”. 

So Tor is completely legal?

Yes, completely. The US Navy isn’t in the habit of creating illegal software, and there’s nothing dubious about wanting to browse in private. Nobody has ever been arrested or prosecuted solely for using Tor, only for what they used it to do, and Tor itself says in its legal FAQ that “it is not a tool designed or intended to be used to break the law.”

7 Underground Torrent Sites for Getting Uncensored Content

https://www.makeuseof.com/tag/top-7-underground-search-engines-knew/

Thanks to Alphr for this:

Top Five Safe Ways to Use a Dark Website

Do #1: Ensure Tor is Always Updated

Tor is much more secure than Chrome and Firefox, but as with any software, it’s not impervious to attack. For example, the network was targeted in 2013 by a Trojan called Chewbacca, who stole banking details.

In 2016, it was revealed that the FBI had used specially created malware called Torsploit to ‘deanonymize’ Tor users and track their real IP addresses. There have also been cases of Tor exit nodes (the last relays that Tor traffic passes through before it reaches its destination) being used for malicious purposes rather than anonymous ones, and infecting users’ systems.

Fortunately, Tor usually addresses such threats and vulnerabilities very swiftly, making it essential to keep the browser up to date.

1. Every time you launch Tor, click the onion icon on the toolbar and choose ‘Check for Tor Browser Update’ (Tor updates itself periodically, but manually updating it ensures you’re using the latest version).
2. Additionally, if you’re using a service that involves sharing personal information, you should change Tor’s security level to High.

Don’t #1: Use Tor for Torrenting

As a powerful privacy tool, Tor might seem like the perfect means of downloading and uploading files via BitTorrent and other peer-to-peer networks, but it is not! Using a torrent client bypasses Tor’s protection and blows your anonymity by sending your real IP address to the torrent service and other ‘peers.’ This action allows them to identify you, the port you’re using for torrenting, and even the data you’re sharing, if it isn’t encrypted.

They can then potentially target you with malware or even notify the relevant authorities (if you’re sharing copyrighted material). Additionally, torrent traffic places a massive strain on the Tor network and slows it down for others, so it’s selfish and careless. 

For all these reasons, Tor says file-sharing is “widely unwanted,” and exit nodes are configured by default to block torrent traffic.

Do #2: Create a new identity when necessary

Tor does a great job of keeping you safe and anonymous, but you may still encounter websites that raise alarm bells. Tor may warn you that a site is trying to track you.

If you’re worried that your privacy has been compromised, do the following:

1. Click the onion icon on the toolbar.
2. Choose “New Identity.” This option will restart the Tor browser and reset your IP address, so you can carry on browsing as a fresh user. 

Don’t #2: Maximize the Tor Window

Leave Tor browser windows at their default size because maximizing them allows websites to determine the size of your monitor. This suggestion may not seem significant on its own, but combined with other data, it may provide the “extra” information websites need to identify you. 

Do #3: Use a VPN Alongside Tor

It’s important to remember that Tor is a proxy rather than a VPN, which only protects traffic routed through the Tor browser. As we explained earlier, there are some risks to using the Tor network, especially when downloading torrent files and inadvertently connecting through a malicious exit node.

You can boost your privacy and security by using Tor in conjunction with a VPN, to ensure all your data is encrypted and no logs are kept for your activities. Several VPNs offer features explicitly designed for Tor users, including:

• ProtonVPN, which lets you access servers pre-configured to redirect traffic through the Tor network
• ExpressVPN, which enables you to sign up anonymously through its ‘.onion’ website
• AirVPN, which routes traffic through the Tor network first and then through the VPN

None of the above VPN options are free, but they are faster, more flexible, and more trustworthy than free VPN services.

Don’t #3: Search The Web Using Google

Google isn’t known for respecting its users’ privacy, so to continue using it in Tor (it’s one of the available options) is rather self-defeating.

Not only does Google still try to track you and record your searches (based on your exit node’s IP address), but it also gets very snobbish and arrogant when it finds you’re connecting in an ‘unusual’ manner. Try searching with Google in Tor, and you’ll continually get CAPTCHAs that ask you to prove you’re not a robot.

We recommend using Tor’s default privacy search engine DuckDuckGo, its ‘Onion’ variant, or Startpage (which uses non-tracked Google results), all of which come pre-installed alongside Google. 

Do #4: Consider Running a Tor Relay

Tor relies on its loyal and ever-expanding community to provide relays that create circuits and deliver anonymity. The more relays or ‘nodes’ that are currently running, the faster and more secure the Tor network will be.

If you become a regular Tor user, consider giving back to the community by sharing your bandwidth and running your relay. You can either be a ‘middle relay,’ which is one of the two or more nodes that receive Tor traffic and then passes it on, or an ‘exit relay.’

Being a middle relay is much safer. If another user employs the Tor network to do something malicious or illegal, your IP address will not show up as the source of the traffic.

In contrast, an exit relay can be identified as that source, which means people who run exit relays may have to deal with complaints and even legal attention. Therefore you shouldn’t host an exit node from your home PC and, if you’re sensible, not at all!

One further problem: you need to have a Linux computer running Debian or Ubuntu to host a reliable relay. In Windows, you need to run a Linux distro as a virtual machine to set up your relay. It’s a bit of a hassle, but at least it will keep your Tor traffic separate from the rest of your system.

Don’t #4: Share Your Real Email Address

There’s no point in using Tor to stay anonymous if you sign up to a website using your real email address. It’s like putting a paper bag over your head, and writing your name and address on it. A disposable email service such as MailDrop or the brilliant Fake Name Generator can create a temporary address and identity for site registrations and keep your Tor persona separate from your standard web one.

Do #5: Use Tor for Anonymous Email

You can use your favorite email services in Tor, although Google may ask you to verify your Gmail account. However, the content of your messages won’t be encrypted in transit. Tor will, of course, disguise where you are, but unless you’re using a disposable email address (see above), anyone intercepting your messages will see your real email address and, potentially, your name.

For total privacy and anonymity, you can use a Tor-enabled email service. Several of these have been closed down by law-enforcement agencies in recent years because they were linked to criminal activities, but using one is not illegal, nor does it place you under suspicion. The best and most trustworthy option is ProtonMail, an end-to-end encrypted email provider, launched by the CERN research facility in 2013. 

Earlier this year, ProtonMail introduced a Tor hidden service specifically to combat the censorship and surveillance of its users. You can sign up for a free ProtonMail account at protonirockerxow.onion, but this limits you to 500MB of storage and 150 messages per day; to get advanced features, you need the Plus plan ($5.00 per month).

Because Tor is based on Firefox, it is still possible to install your favorite add-ons to suit your preferences, which makes sense if you are planning to use Tor as your default browser. Don’t be tempted! Even if extensions aren’t infected with malware (as some Chrome ones were recently found to be), they may seriously compromise your privacy.

Tor comes with two of the best protective add-ons preinstalled – NoScript and HTTPS Everywhere – and that’s really all you need if your reason for switching to the browser is to be anonymous. Also, bear in mind that browsing with Tor can be slower than Chrome or Firefox because of its roundabout way of connecting, so overloading it with add-ons will further reduce your speed.

Alternatively, you could try Bitmessage, a free Desktop client that lets you send and receive encrypted messages using Tor, and can be run from a USB stick.

Don’t #5: Go Overboard with Browser Add-Ons

Because Tor is based on Firefox, it is still possible to install your favorite add-ons to suit your preferences, which is understandable if you are planning to use Tor as your default browser. Don’t be tempted! Even if extensions aren’t infected with malware (as some Chrome ones were recently found to be), they may seriously compromise your privacy.

Tor comes with two of the best protective add-ons preinstalled – NoScript and HTTPS Everywhere – and that’s all you need if your reason for switching to the browser is to be anonymous. Also, bear in mind that browsing with Tor can be slower than Chrome or Firefox because of its roundabout way of connecting, so overloading it with add-ons will further reduce your speed.

 

What Is Infrastructure-as-a-Service (IaaS)?

Infrastructure-as-a-Service (IaaS) is an offering where a threat actor is selling access to infected devices that can be used to facilitate malicious campaigns, gain direct access to the device owner’s data or access the network that device is part of, including enterprise networks.

This infrastructure includes varying numbers of compromised machines spread throughout different parts of the globe. It would typically rely on servers hosted in hard to reach locations (think Syria or Darfur), or servers hosted by internet service providers that cannot or will not shut down malicious activity, or where that activity is not illegal.

By outsourcing the development of infrastructure to a dark web service provider, a threat actor can start planning their campaign without the skill or time required to set up a robust back-end infrastructure.

Recently, X-Force observed a MaaS provider selling the more_eggs Jscript backdoor, as well as associated network infrastructure to download malicious payloads and provide command and control. Multiple threat actors have been using this tool since early 2018.

Sold in underground markets, more_eggs is designed to help attackers remotely control compromised devices, enabling them to drop and execute additional payloads on the machines and their underlying networks.

The vendor selling this product reportedly also offers document exploit kits to deliver the more_eggs payload, including the Taurus Builder to generate documents using malicious macros and VenomKit, which can exploit several vulnerabilities on targeted devices.