Table of Contents
Introduction
The dark web has long been a haven for individuals seeking anonymity, ranging from whistleblowers and activists to cybercriminals and terrorists. Unravelling the identities behind these hidden personas and websites requires a combination of technical expertise and innovative investigative techniques. In this article, we will explore how Open-Source Intelligence (OSINT) tools can assist in dark web investigations, shedding light on the clandestine activities that take place in this hidden realm.
Technical Vulnerabilities: Illuminating the Shadows
While not considered OSINT, technical vulnerabilities in the technology used to host dark websites have occasionally offered a glimpse into their true identities. These vulnerabilities may stem from software flaws or misconfigurations, potentially exposing the site’s actual IP address. Although rare and uncommon, discovering such vulnerabilities often requires the use of penetration testing tools like Burp Suite to induce error messages that inadvertently reveal the IP address. Additionally, dark website operators may unknowingly use SSL certificates or SSH keys that can be associated with their real IP address through services like Shodan or Censys.
Cryptocurrency Tracing: Following the Digital Trail
Cryptocurrency plays a significant role in transactions conducted on the dark web, with illegal goods and services frequently exchanged for digital currencies. This opens up avenues for identifying individuals involved in these activities through blockchain analysis tools.
To prevent money laundering, financial institutions adhere to Anti Money Laundering & Know Your Customer (AML/KYC) regulations, which require customers to provide government-issued identification. Similarly, many countries have imposed similar requirements on cryptocurrency exchanges. Blockchain analysis tools offered by various companies attempt to link cryptocurrency addresses to specific exchanges, such as Coinbase or Binance. Law enforcement and financial investigators can request identifying information for the owners of these accounts, thereby aiding in the identification of individuals involved in dark web transactions.
Bringing Them Down to the Internet: Unmasking the Shadows
In the SANS SEC497 Practical OSINT course, we delve into the dark web on the afternoon of Day 5. This strategic placement allows us to understand why uncovering the connection between the dark web and the surface internet is crucial.
Imagine running a food truck that must constantly change locations due to city ordinances. To build brand loyalty and inform potential customers of your whereabouts, you would likely encourage them to connect with you on social media platforms, visit your website, or follow you on Twitter. Surprisingly, a similar dynamic exists within the dark web.
While the dark web provides anonymity, it lacks stability and security. Law enforcement agencies have successfully taken down major dark web marketplaces like Silk Road, AlphaBay, Hansa, Wall Street, and most recently, Genesis. Denial of Service attacks on the Tor network further exacerbate the challenges faced by dark web operators, often disrupting their business operations for prolonged periods. In such an unstable environment, sellers attempt to achieve stability and resiliency by selling on multiple marketplaces and providing direct contact methods. This presents a golden opportunity for OSINT practitioners, who can utilise these contact methods (selectors) to find and identify individuals on the surface internet.
Historical WHOIS Lookups: Unveiling Ownership Details
Domain registration information, such as WHOIS records, can provide valuable insights into the owners or operators of websites. Criminals may inadvertently expose their identities or locations by using inaccurate or incomplete privacy protection measures. Even if the current WHOIS information for a site is anonymous, there may have been a time in the past when it was not. By analysing historical WHOIS data, gaps as short as four days can disclose an owner’s true identity.
OSINT on Forums: Extracting Clues from Discussions
Participants in the dark web often engage in forums for communication and knowledge sharing. Inadvertently, they may reveal information that can aid OSINT practitioners in uncovering their true identities. The language used or unique expressions can serve as valuable clues in the investigation process.
Breach Data: Unlocking Hidden Connections
Even if an email address is associated with an anonymous service, individuals may have used it on other platforms, including forums and social media. If legally and ethically permissible, leveraging breach data can potentially link an online persona to a real name, physical address, and more. Notably, the 2021/2022 leak of 10GB of data from VPN providers like SuperVPN, GeckoVPN, and ChatVPN proved invaluable to investigators, as it contained full names, billing details, and potential device identifiers.
These topics and numerous others are covered in the SEC497 course before diving into the dark web, allowing students to understand the available options once a selector acquired from the dark web is brought back to the surface internet.
Future Developments and Trends: Unleashing the Power of AI and ML
Future dark web market takedowns will undoubtedly incorporate the discussed methods while embracing emerging technologies. Artificial Intelligence (AI) and Machine Learning (ML) are poised to revolutionise OSINT practices.
AI can facilitate the development of web scraping tools capable of swiftly gathering and analysing data from multiple sources. ML algorithms can be trained to identify patterns and relationships within the collected data, saving investigators substantial time and resources. By automating labour-intensive tasks, investigators can focus on other crucial aspects of their investigations.
In conclusion, OSINT tools and techniques are instrumental in uncovering the secrets of the dark web. By exploiting technical vulnerabilities, tracing cryptocurrency transactions, and unmasking the hidden connections between the dark web and the surface internet, investigators can shine a light on the activities that take place in this clandestine realm. As technology evolves, the integration of AI and ML will further enhance the capabilities of OSINT practitioners, enabling them to stay one step ahead in the pursuit of truth and justice.