Darknets in the Deep Web, the home of assassins and pedophiles

Pierluigi Paganini June 26, 2015

Security experts at Trend Micro published a report on the Deep Web and related illegal activities that exploit the darknets it contains.

Experts at TrendMicro published an interesting report on the Deep Web focusing their analysis on the services and products available in the dark part of the internet that is not indexed by the principal search engines.
First of all, let me clarify the difference between the Deep Web and the Dark Web, two terms often confused. The “Deep Web” refers the part of the Internet that is
The most popular “dark nets” are TOR, Invisible Internet Project (I2P) and Freenet, and in order to explore these networks it is necessary to use specific tools. Unfortunately, the anonymity offered by such networks is an element of attractive for cyber criminals that concentrated their illegal activities in this hidden part of the Web.
It is quite easy to find hidden services and marketplace where is it possible to buy any kind of illegal product and service, including drugs, stolen credit card data, weapons, malware, zero-day exploits and fake documents.

In the deep web it is also possible to pay for various illegal services, like hacking services, money laundering services and hire an assassin.

The report, published by Trend Micro, is a sort of “census report” of the Deep Web, based upon information gathered over the past two years by the Trend Micro Deep Web Analyzer. The Deep Web Analyzer is described by the experts of the security company as a web crawler that scan the hidden services and resources collecting URLs of TOR- and I2P-hidden websites, Freenet resource identifiers, and domains with nonstandard TLDs, and extracting content information of interest (i.e. Links, email addresses, and HTTP headers).

The researchers at Trend Micro identified 8,707 pages they dubbed “suspicious,” examined the “Surface Web” sites that those sites linked to, and discovered that the majority of them fall into the following categories:

  • Disease vector (drive-by download) sites (33.7%).
  • Proxy avoidance sites (31.7%).
  • Child exploitation (26%).

Let’s walk through the report, starting to analyze the site content and language used to try to figure the possible origins of their users.

The English is the prevalent language fro the content crawled by the experts, nearly the 62 percent of website analyzed of 3,454 scouted domains are in English followed by Russian (228 domains) and French domains.

Deep Web Content Language Analysis
The interesting data are related to the language distribution based on the number of URLs, the number of Russian URL is greater than the English one. The experts motivated this data confirming that some website are mirrored in both TOR and I2P.

By analyzing the principal black markets, the experts tried to profile principal operators, even if the operation is very hard the results are very approximative in my opinion. The analysis revealed that the principal illegal activity remains related to the sale of drugs and chemicals.

“Top 15 vendors across all marketplaces showed that light drugs were the most-exchanged goods in the Deep Web. This was followed by pharmaceutical products like Ritalin and Xanax, hard drugs, and even pirated games and online accounts. This data backed up the idea that a majority of Deep Web users—at least those who frequent the top marketplaces—go there to purchase illicit drugs.” states the report.

DeepWeb Black markets vendors buyers

The researcher discovered many suspicious websites on the Dark Web proposing assassinations services, they included the price list of a criminal group calling itself C’thulhu. The services, including rape, “underage rape,” maiming, bombing, crippling, and murder. The prices are ranging from $3,000 for “simple beating” of a “low-rank” target to $300,000 for murdering a high-ranking or political target and making it look like an accident.”

deep web assassination services

The report also confirms the exploitation of resources in the dark web to hide command and control infrastructure of a number of malware, including the Vawtrak and Dyre banking Trojan, and the Critroni ransomware.

I strongly  suggest you to read this interesting report.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Deep Web, Dark Web)



you might also like

leave a comment