Abstract:
The term “deepweb” is used to denote a class of content on the Internet which, for different technical reasons, is not indexed by search engines. Among the different strategies in place to bypass search engine crawlers, the most efficient for malicious actors are so-called “darknets.” Darknets refer to a class of networks that aim to guarantee anonymous and untraceable access to Web content and anonymity for a site.
While deep web has often been uniquely associated with The Onion Router (TOR), in this paper, we introduce several other networks that guarantee anonymous and untraceable access— the most renowned darknets (i.e., TOR, I2P, and Freenet) and alternative top-level domains (TLDs), also called “rogue TLDs.”
We analyzed how malicious actors use these networks to exchange goods and examined the marketplaces available in the deep web, along with the goods offered. Due to a large variety of goods available in these marketplaces, we focused on those that sparked the most interest from cybercriminals and compared their prices with the same class of merchandise found in traditional Internet underground forums, mostly Russian.
Finally, we introduced some of the techniques that researchers can use to more proactively monitor these so-called hidden parts of the Internet.