Week 3 - The Dark Web

Question 1

What are ‘don’ts’ when using TOR?

Answer 1

• Don’t have a clear web browser open
• Don’t use screen capturing software / add-ons unless you are aware of the implications
• Don’t use a VM (leaks that you are using one & you want to appear like a regular user)
• Don’t right click and save images

Question 2

What are ‘do’s’ when using TOR?

Answer 2

• use ‘ctrl prt sc’ / snipping tool
• disable JavaScript on Tor in the settings
• use refresh function to refresh your IP regularly when visiting different sites.

Question 3

What is TOR?

Answer 3

• The Onion Router
• open-source
• enabling anonymous communication
• directs Internet traffic via a free, worldwide volunteer overlay network that consists of more than seven thousand relays

Question 4

Usefull Links on DarkNet?

Answer 4

• Hidden Wiki - list of popular Onion sites
• Dark.fail - Also a list of popular onion sites, but in the clear web
• Torch - Search Engine for Onion sites

Question 5

What are positive aspects of the DarkNet?

Answer 5

• Privacy - escaping regimes blocking communication (e.g. China)
• Whistleblowers - leak information without disclosing their real identity (e.g. Wikileaks)

Question 6

Payment Methods used in the DarkNet?

Answer 6

• ESCROW
• DIRECT DEAL / FINALISE EARLY
• MULTISIG

Question 7

What is ESCROW?

Answer 7

• payments between a seller and a buyer are managed by a third party.
• funds are held ‘in escrow’ & released to the seller once the buyer has received their items.
• funds are managed by the marketplace - there has been a history of stealing customer funds (exit scams).

Question 8

What is Direct Deal / Finalise Early payment Method?

Answer 8

• no marketplace involvement in the financial transaction
• payment up front before delivery
• only trusted vendors

Question 9

What is the Multisig darknet payment?

Answer 9

• more complex & more advanced than escrow
• Uses public key system between 3 parties - the buyer, the vendor & marketplace
• need 2 of these 3 public keys to ‘unlock’ the payment
• Only secure if the vendor & the market place are not the same eprson.

Question 10

What is PGP used for in the DarkNet?

Answer 10

• verify communication between buyer and vendor (check authenticity of messages)
• verify if site is active and operated - canary message signed every x days
• verify funds - message encrypted using private Key of wallet

Question 11

What does PGP stand for?

Answer 11

Pretty Good Privacy

Question 12

Investigation Techniques for Dark Web Marketplace Vendors

Answer 12

• OSINT to research: username or profile image
• Search the clear web on their key phrases / slang and descriptions. * Look for unique / wrong spelling and grammar
• Exploit postal tracking services. E.G Can you get tracking numbers for TOR IP addresses?
• UC tactics. Controlled purchases / infiltration