Dark Web For Dummies - Jennifer Holland

Hi everyone. Goodness me, I thought there'd be like 10 of you. Um, so yeah, good morning. I hope we're all having a very lovely warm day here in Leeds. Um, so yeah, today we're going to be talking about the dark web. Now, this is, as you heard, this is the 101 track. So, it's going to be a very kind of surface level introduction. There's nothing there going to be nothing that's really technical, nothing too much of a deep dive here. We're just going to hopefully you can learn some things and you'll go away with some new information. So, just a couple of disclaimers before we do get started. First of all, just the obligatory my opinions are all my own

and nothing I say represents my employer. You know the gist. Um the second one is as this as a as a talk about the dark web. Um we are going to be discussing some sensitive topics. So that's mainly like drugs and weapons. Um, but there will be a couple of mentions of child sexual abuse material. So, if this is something that might upset you or you maybe don't want to hear about, that's absolutely fine. Please feel free to leave the talk at any time. I'm not going to be offended and I'm not going to hunt you down after and be like, why didn't you leave my talk? Um, really, and even if you're just like too warm, please don't feel

like you have to sit through the whole talk cuz we're all melting in here today. So, we're going to get started. We're going to talk about some definitions to get us started because like some people there's a lot of terms that get bandied about and some people will use like the deep web and dark web interchangeably and they're not the same thing. So, we're going to start with some definitions. So, the surface web is your day-to-day internet use. You know, you go on and you use Google or Wikipedia or YouTube. That's like your surface web basically. The deep web is anything on like the internet basically that isn't indexed. So if for example anyone in here could go to the Bank of

Scotland website, right? But not everyone in here hopefully could access my personal Bank of Scotland account details. That's the dark web. So in this case, it's behind my credential. It's not indexed. You can't just Google Jennifer's bank account and you can find out all my information. Um, same thing with things like if you have like newspaper articles that are behind pay walls, they're not like indexed by search engines. Um, cuz you have to like pay or or not pay depending on how you can maybe get access. But yeah, so that kind of thing is the deep web. It's just things that aren't available. They're not indexed by a search engine. The dark web, which is what we're here to talk

about today, is the basically websites that you need special software to access. Um, and they're not they're also not indexed. You can't access them using like Google or Firefox or your kind of regular browsers. Um, a lot of the time this is associated with criminal activity as we will see. Um, that's the reputation it's got for a good reason. And the dark web has a really big emphasis on anonymity. So these special software um the big one is tour. Everyone talks about tour. I got my slides a nice tour to purple today. Um you also will hear it um I2P and free. Those are some other ones, but tour is the kind of the big one that

everyone talks about. That's the one I'm going to be kind of referencing today just so I'm not like spreading myself too thin and trying to cover everything. So tour was originally created by the US Naval Research Lab for protecting um American intelligence. Um and one of the special things about tour is that it uses different URLs. So instead of if you were I don't know you were looking up Wikipedia on Firefox, you'd go Google or Wikipedia.com or whatever. Um with tour links they end in dot onion and they're often quite randomized. We'll see some examples of that coming up. Um, so I mentioned the dark web has a big focus on anonymity, and this is one of the ways it does it.

Now, it's never foolproof. As you'll see, we have some examples of some sites that have been taken down and people that have been arrested and things like that. So, it's never foolproof using the dark web, but we'll take this as an example. So, at the top, you can see this browser. That would be like your IP address. If you're going to go on the dark web, I would recommend using a VPN in the first place anyway. But so this is your IP address or your representation of your IP address at this browser. So in this case, my IP address is bound to Germany and then to the Netherlands and then back to Germany and then it connects to a dot onion site

on on the tour network on the dark web. And you can refresh this if you think, oh, I don't know about this. I'm accessing access accessing some dodgy stuff. I don't know. You can like generate like new connections and these will bounce like all over the world. And it basically is the aim of it is to stop these websites being able to see your IP address. So some of these dodgy links that I was talking about that look a bit funny. Um the this is what a link on the dark web might look like. In this case I'm not got any dodgy. This is actually the link for the tour project on the dark web. So

if you went to this link on the dark web you would just see the information for tour basically. Um, so the reason that they have these randomized like this is for security mostly. You know, they don't want it to be, if you're hosting a website that's selling something that you don't want the cops to know about, for example, then you, you know, it's good to have a randomized thing like this, so it's not super easy to find. They also rotate these quite often, so they'll often change. Um, they're not all totally randomized like this, though. Um, I've got an example here. You can see, so this is the link for accessing Reddit on the dark web. So you

can see it's got Reddit tour at the start and then it goes on and it's got all the random letters and numbers. So how could you find if you were a a weward soul and you wanted to go into the dark web and find something um you know how would you find it? Well, one of the ways that people keep track of all these different links is through wikis. Now, the big famous one is the hidden wiki. There was at one point one hidden wiki and since then there were now like thousands and the original one I think got taken down years ago, but you can have all these different ones that are just links to various sites. I mean,

what have we got here? We've got I mean, cocaine, heroin, Bitcoin mining, create your own store, UK guns and ammo. So, yeah. I mean, there's all kinds of all kinds of things you can see. And you can see at the top here, there are actually links to like other hidden wikis. So, it's a rabbit hole. Once you start looking at this kind of thing, you just go down and find some yeah, some weird stuff. I don't do a lot, but you can look up I think John Hammond on YouTube is pretty good for like investigating sites like that. So, I would really recommend if you're interested. So, we're going to talk now about some of the kind of the big sites and the

kind of types of websites. So, marketplaces are really big in the dark web. you're going to want to buy, don't know what you might want to buy in the dark web. Maybe some drugs you can't get. Maybe maybe a gun, maybe some fake passports, you know, you never know. Um, there are two different types of dark web marketplaces. You have escro marketplaces and autoshop marketplaces. So, escrow marketplaces are where you're going to be buying like physical items like fake passports, whatever. Um, in this case, the escrow basically is that you will have there's like if you pay, there will be like a third party that'll hold the money until like you get or they whatever is sent and then it's not

escrow is not like a dark web specific thing. It's just like a kind of financial thing where there is a third. >> Sorry. >> Yeah. Um, so yeah. Um that's one type and that's normally for buying physical items. And then you have autoshop marketplaces which are where you would buy uh digital items. So things like maybe remote access or credentials or financial information. So those are like automatic transactions. There's no third party involved. It's just a straight transaction. when you're buying your drugs or whatever on the dark web, um you're not going to be paying in pounds or in dollars or in yen or whatever. You're going to be most likely using some kind of cryptocurrency. Now, you could have a

whole talk on cryptocurrency. You could have a whole track on cryptocurrency. I am not the person for that. I know very little. I know just enough to understand vaguely how it works. Um one of the the biggest one that everyone kind of knows about is Bitcoin. Um that other logo on the other side there, the gray one, that's the logo for Ethereum. Um so these are cryptocurrencies. Basically, you can exchange your pounds or dollars or whatever and get these cryptocurrencies that are meant to be, again, they're meant to be more anonymous. And in most cases, they are, but they can be traced. And there are companies who have set up their their whole company is their whole business is

tracing Bitcoin transactions for like law enforcement and things like that. So, does anyone can anyone tell me what marketplace this is the logo for? Does anyone recognize this? Yes. >> Silk Road. >> The Silk Road. Brilliant. Thank you. So, this is one of the most famous um dark web marketplaces, the Silk Road. Um this is what it looked like back in the day. I know it's a really crunchy screenshot, but it's from 2012, so just excuse the slight crunchiness. So, this is what it looked like back in the day. Um it was created by a guy called Ross Albert and he made this website. You can I mean you can look into it. It's a long story but

he had a lot of uh political views about you know what people should be allowed to do and what they can put in their own bodies and things like that. So he created this website and it blew up completely. Um you mean most of it it was drugs but as time went on you could buy other things. I mean on the side here we have books, computer equipment. I mean, erotica fireworks and food sounds like a pretty good night to be fair. Um, but this is what it looked like back in the day. Um, but it wasn't to last, unfortunately. And in 2013, the Silk Road was seized. Now, at the time, this was like the biggest dark web

marketplace. So, it was huge, like huge investigation to try and take this guy down. I mean, there's so many resources that you can read about or watch videos about this Silk Road and the take down and all that kind of thing. Um, yeah, it was taken down. Um, Ross was put in jail. And if you follow anything like this, you might know where I'm going with this. In January, um, President Trump did pardon Ross Albrien. He's now out and about. He was keynoting at Bitcoin 2025, um, I think last month or very recently. And so, he's back out and about. This is a very a lot of the stuff in this talk, well some of the

some of the stuff in this talk it's very your own opinion what you think. Did he deserve to be put away like I think he was put away like for life or something like that. I can't remember exactly but like did he deserve it? Did he deserve to be let back out? You know you when you look into it he didn't just run a dark web marketplace. He also tried to get people murdered and paid for them to be murdered. He thought he was getting real people murdered. Uh, turned out he wasn't, but you know, he thought he was getting real people murdered and now he's black out in society. Yay. It's it's a personal opinion. A lot of this

stuff is really there's no black and white with a lot of it. Um, these are another two really famous marketplaces, um, Alphab and Hanza. If you're interested in this kind of stuff, please look into this story. I don't have enough time to go into all the ins and outs of it in this talk, but basically these were two big dark web marketplaces that came up in the gap that was left when the Silk Road was seized and Ross was arrested. And essentially what happened is they were both seized by law enforcement around about the same time and they shut down Alphab Bay but left Hanza up. So everyone that was selling and buying on Alpha Bay went, "Oh, damn.

That's a shame. Where am I going to sell my drugs now?" Oh, Hanza's still up. That's fine. We'll go there. Um, meanwhile, law enforcement were really controlling it the whole time. So, they left it up for a while and they were able to gather a lot of information um on people who were selling, people who were buying moderators and things like that. Um, this is another it's like a moral dilemma. How long do you leave a website selling like illegal drugs? How do you long do you let that go on for before you shut it down? So, that's another interesting one. Um this is a really really interesting video. Um this guy Sam Bent, he was um a vendor and an

and a moderator on Hanza. And this is a a talk from Defcon a while back that he did. So basically he talks about all of the measures he took to try and not get arrested. Um being on Hanza so much h didn't work in the end. and he did he did get arrested and he went to jail and now he's back out and he's doing talks like this and he's got a YouTube channel as well. So, it's a really interesting talk. If you're interested in like the kind of the mentality behind it, I would really recommend it. So, that was marketplaces. Now, we're going to move on to forums. So, forums are where you're going to see your threat actors

chatting to each other. They're going to be sharing some of the things they found during their escapades. Um maybe trying to scam each other. you know, you never know what you might find. The two of the big ones, um, we have Dreads on this side nearest me and Breach Forums on the other side. Um, now with these ones, a lot of the time, you know, I think Breach Forums has been down and come back up and then gone down and then been seized and then someone else has brought it back up. It these are never just like there is one website called Breach Forums and that's it. Like it's really complicated to try and keep track of

where who's owning the websites at certain times and all that kind of thing. But dread um is kind of like as far as I know it's kind of like Reddit where it's not like like there's a lot of like chatter stuff as well. Breach forms is a forum quite centered around sharing like data dumps and things like that. So these so breach forms kind of filled the gap of raid forms which was a massive um forum that was up for a long time and it was yeah I mean pretty big. Um eventually as well it was seized it was seized in 2022 and kind of breach forums kind of came in and filled that gap. So some examples

of some kind of things you might see um we have solid bit here. So solid bit is a ransomware and in this case they're looking for an affiliate. They're looking for someone to come and join them. They want someone who's good at, you know, getting initial access that can get into systems for them and then they can then set loose their ransomware once they've got access. Um we've also got this one here. Um a different type of post from someone else who has leaked the Shanghai national police database and is just saying, "Hey, look what I've got. Isn't this cool?" Um do that a lot. just like, "Hey, look what I've got. You want to give me some Bitcoin and I'll

give it to you maybe if you're lucky." So, so far we've seen a few different talked about a few different forums, a few different marketplaces. Um, these are the most popular really big ones. If you Google dark web, those are probably what will come up. Um, unfortunately there are thousands and thousands and thousands of dark websites and um, many of them that deal with much darker subjects than just like buy a fake passport. Um, so TRM Labs reported in March that over the last 2 years um, there has been at least one crypto transaction to a web address hosting child sexual abuse material every 2 minutes. Um, and there will be so much more than we can ever discover and

report on in these kinds of scenarios. So, with that being said, why can't we just take these sites down, you know? Why can't we just go, "Right, that site's doing something bad. We want it taken down. Let's go take it down like that. Why can't we just do that? Why can't we just do that? I forgot I had a slide for that. How nice." Um, number one, jurisdictions. How exciting. Um, so let's say you're the British police and someone's come to you and they've said, "Yes, this website is bad." And you go, "Okay." and you look at it and you go right okay and you can work out well fine so this is being hosted in France

and servers in France and Germany and its owner is in I don't know Scotland and it's got moderators in Sweden and Norway that then becomes quite a a big case you know you you as as the British police or whatever you can't just go right that's fine. I'm going to go to Sweden and arrest this man. You can't do that. Um you there it has to then become if you want to take something like this down it becomes a big operation. Um I put back up this the seizure notice forums I had up earlier on and you might notice that the maj a big chunk of the screen is taken up by the logos of all the

different organizations that had to work together to bring it down. So you've got the American ones along the top, the Swedish police, the NCA, Europole, all different all these different organizations that all had to work together. And these become this is a lot of money that goes into these and a lot of time. And unfortunately sometimes when it comes to things like this, the law enforcement and other groups kind of just go, we don't have the resources for that. Um, which is a shame really. Um, but it's very difficult. The same thing here with Hanza. The Dutch police were really big um in this case, but again um you can see like American um American

logos, Europol I think were also in this one potentially. Yeah, Europole in this one as well. So big it it's diff very difficult for them to get all of the time and money and collaboration between different countries and departments and whatever to bring these things down. But when they do get down, when they do get brought down, it's brilliant. But it just it's it's very difficult for them to put this together. Um, another reason that it's difficult to take these down is bulletproof hosting. So you have a website, it needs to be hosted somewhere, hosted on a server somewhere in the world. um bulletproof hosting are services they host websites um particularly dark web webs websites and they're very very

resilient to take down notices or complaints or law enforcement coming you know normal hosting sites you get the police coming to be like yeah I've got a warrant can you take this site down they'll go yes of course no problem bulletproof hosting sites won't do that they'll go yeah right whatever go away and they just ignore it um unfortunately this does lead to some really like difficult situations. Um, one of the really big bulletproof hosting sites that used to be up was one called Freedom Hosting and they were responsible for hosting over 200 sites uh that had child sexual abuse material on them. Um, so Freedom Hosting was basically responsible for those sites being able to stay up and to be run. Um,

so it was set up in 2008 and it was taken down in 2013 and the owner was jailed for 27 years, which in my opinion is not long enough, but there's not really much we can do about that unfortunately. Um, but as a result of that being taken down, all of those sites then were also taken down. I'm sure probably many of them went and found other services to host their websites, but they they can be brought down. Um, but again, it takes a lot of time and a lot of money that goes into these big operations to take these sites down. Um, so that being said, it's a bit depressing. You can get in a funk if you

think about it for too long. Is the dark web all just one big horrible cessp of evil? Maybe. But no, I'm going to say no. No, it's not. Um there are some glimmers of hope amongst the darkness. Um so one use for the dark web uh is for journalism and whistleblowing. So in this case this is literally just like you can go on to Google and type in the Guardian. This is like the Guardian website and the Guardian uh newspaper and this is their website and these are the instructions on how to access their secure drop service on the dark web. So, if you've got information about something that you want to share, but you're scared about

it maybe being linked back to you, or if you're a whistleblower that's like, "Hey, I've got this information that I want to share, but I don't want anyone to know it was me." You can follow these instructions, go onto their dark website and you can anonymously share that information with the newspaper and they they will give you like a unique code and if you want to like if they want to contact you, then they can use that and it will keep your information more safe than it would be if you just went on using your own IP address and went to like emailed the guardian yourself. Um, this is another one that can kind of be

up for debate. Um, so, uh, a while back, I can't remember when this was, I should I should have really written it down. Um, so I'm sure everyone's heard of Anonymous, the activist group, uh, they took down a bunch of sites that had child sexual abuse material on them. Um, part of their operation darknet. But on one hand, you go, great, fantastic, they're taking down these sites. That's good. But then on the other hand, if you know, as it says in the article, if these are ongoing investigations, have they now tampered with evidence? Are they now obstructing this case um from law enforcement or whoever that's doing the investigation? Um, this was another one. Everyone's Oh,

oh my god. I I nudged the cable and I've messed everything up. >> Unplug it and replplug it. It should come back. So that was part of the talk. >> Oh, it would have been really good. I shouldn't have pretended it was. >> It's a dark web hackers. They've come for me.

>> Did I do it again? >> Uh, try it again. >> Yeah, >> we were almost done. This is like my second last slide. >> Have you tried turning it off?

>> I'm sorry. I won't nudge the cable again. Um, okay. So, very recently part of the lock bit lock bit ransomware um kind of association um they were hacked and someone from Prague don't do crime. Crime is bad. kisses from Prague and they leaked uh loads of chat logs basically. So there's a lot of people have been doing a lot of like reading through these and scanning and seeing what they were talking about. So these are a lot of conversations that the lock bit um kind of affiliates workers were having with victims and like talking about how to you know like how to pay and like they have like support they have like help desk support. Um these

conversations were this is another example. I mean, this is someone's gone in and has thought, "Yeah, you know what? I'm just going to piss off Lock, but I'm sure that won't have any repercussions for me whatsoever, and they've u defaced their site and dumped um logs from their like chat help desk basically. Um, so just some recommendations because it's one of those questions that I feel is like it's good to have some recommendations. So, in terms of podcasts, feel like a lot of people know Dark Knight Diaries, but I recommend it anyway. Um, The Dark Dive is a really good one as well. Books, uh, Jeff White is great. Um, his books, The Lazarus Heist and Rinsed are both really good.

They're a bit money laundering, but they've got talks about the dark web in them. And the Lazarus Heist is focused on um, the North Korean state actors. So, that's a good one as well. American Kingpin by Nick Bton um, is about Ros, the founder of the Silk Road. So, I would recommend that. Although I read it, right? And you're reading it and like it's a it's a really interesting book, but you're reading it and it's like Ross is perfect. He's an angel. And then it's like, yeah, you're also trying to get people murdered. But the way it's written, it's like he wouldn't harm a fly. He just wanted to sell drug, not sell drugs, but he wanted people to sell

all these drugs. And it writes it like he's like a saint, which depending on your point of view, maybe you'd like that. Um but yeah, that was that was my recommendations and that's the end of my talk with only one technical issue. Brilliant.

>> I'm told I have two minutes for questions if anyone does. Hello. >> I got a question. I I I don't know whether it's feasible or not with the nature of money and booting you talking about take but could authorities just or not feasibly possible way that it's accessible through >> yeah um to repeat the question for the recording uh so is it possible um in terms of um these sites for them to just be dossed and just find out their information that Um, so again, I'm not an expert, so I'm not 100% sure how it all works, but um, I think a lot of the time or what I've seen is they often they can find out

like, okay, so this site is being hosted on it's this bulletproof hosting server and it's we know exactly it's being hosted here in I don't know, some country like I don't know, we'll say Russia and hopefully they're not listening. Um, but because of like the jurisdictions and the way that like if a certain country has much more lax laws, even if they know exactly where the server is, often times there's nothing they can do about it. Um, which is yeah, unfortunate, they can try, but yeah. Um, that's what I've seen at least. So, >> um, any more questions? I think I have like time for one more possibly. Yes. of the do of the dark web used a separate

DNS system. >> Uh the question is do I know if the dark web uses a separate DNS system and no I don't is the honest answer. Um but would be something cool to look into definitely. Yeah. Cool time. Thank you all so much for coming. I really appreciate it. It's really warm in here.