The document discusses the structure and components of the web, highlighting the differences between the surface web, deep web, and dark web, alongside their uses and risks. It covers the benefits of technologies like Tor and Bitcoin, noting their implications for privacy, censorship, and transactions. The document also addresses the associated risks of utilizing the deep web, including criminal information access and data breaches.

1. The Deep Web, Dark Web
Christian Back | Jennifer Chien
Bich Chu (Evelyn) | Lingman Guo
Manpreet Singh
Rolling in the Deep

2. 1 Introduction
1.1 Surface Web, Deep Web, and Dark Web
1.2 The Onion Router (TOR)
2 Benefits of Using the Deep Web
3 Bitcoin
4 Risk of Using the Deep Web
Agenda

3. Layers of the Web
❖ Surface Web: Also known as Visible Web, Clearnet, Indexed Web
- Searchable content with ordinary search engines. Ex: Google It
❖ Deep Web: Also known as the Deepnet, Invisible Web, Hidden web
- Contents not indexed by standard search engines
- Common Uses: Web Mail, Online Banking, Ex: Netflix Video Content
❖ Dark Web: A small part of the DeepWeb
- Available through virtual overlay networks or Onion Networks Ex: Tor,
FreeNet, i2P (Silkroad Example)

4. Regular Web Browsing
❖ Your assigned IP address gives away your
physical location
❖ Many companies collect your digital footprints
and personal information for target advertising
and much more!
Picture source: cyberbullying.us

5. Google,
Wikipedia, Bing
Banking, Mail,
Paid Content
Silkroad, Hidden
Wiki

6. How Google Auto-
detect Your
Location?
According to Google:
“If you don't set your location, Google
shows an approximate location
based on the following things to help
provide you with the most relevant
results:
❖ Your IP address.
❖ Your Location History if you
have it turned on.
❖ Google Toolbar's My Location
feature if it’s turned on.
❖ Recent locations you’ve
searched for.”
Source: Google.com - change location on Google

7. Picture source: http://www.ip-address.org
IP Address

8. Linking Your IP Address to You
Picture source: screenshot - thatsthem.com

9. Picture source: screenshot - thatsthem.com

10. U.S. Naval Research Lab
Anonymous communication
The Free Haven Project
Increase freedom of informationThe Onion Router
Picture Source:Torproject.org

11. How Tor Works
❖ Virtual Overlaying Network
❖ Hard to trace the data back to
original user
❖ Uses volunteer nodes to reroute
and conceal user IP address
❖ Envelope encryption example
❖ The riskiest node - Exit node
Picture Source:Infographic

12. Maps of Tor Nodes Around the World
Picture Source: screenshot of Onionview.com, April 08, 2016.

13. Leave No Trace: TOR Alternatives
❖ The Invisible Internet Project (I2P) - “A network within a network”
❖ Trails - Linux based live operating system
❖ Freenet - Allows people to share files and communicate anonymously

14. Who uses TOR?
❖ Journalists - Whistleblowers sites & Securedrop
❖ Political Activist
❖ Researchers
❖ Law enforcement - NSA
❖ Hackers
❖ Businesses - HR for background check
❖ Everyday Individuals for privacy enhancement tool

15. Individual Benefits
An anonymous and private online experience is of value to many people
❖ Information flow for citizens of highly censored countries Ex: China
❖ Anonymity for anyone searching sensitive information Ex: Disease
❖ Safe haven for activists leaking info. Ex: Snowden
❖ Anonymous transactions Ex: Silkroad, BitCoin

16. Picture Source: Andy Greenberg, Forbes.com
Picture Source: https://whispersystems.org/
Picture Source: https://leap.se/en
Rolling in the Deep Web
Picture Source: securedrop.propublica.org
❖ Dark Web ❖ The Bright side

17. Individual Benefit - Freedom of Information
Censored Content: Chinese Government
❖ 18,000 Websites Blocked
❖ 12 of top 100 Global Websites (G-mail)
❖ Taiwanese and Tibetan Independence Movements
❖ Foreign Media Websites (BBC, Bloomberg News, New York
Times)

18. Individual Benefit - Freedom of Information
❖ Facebook is available through Tor
- Oct. 2014
- Ramped-up privacy
- Locked out issues solved
- Used .onion URL

19. Business Benefits - Enterprise Use
❖ Cyber Security Companies (Digital Shadow)
❖ Media Outlets (Vice & Al Jazeera)
❖ Drug Firms
❖ Consulting Companies (Bright Planet)

20. Bright Planet
❖ Collect and analyze Deep Web content at Big Data scale
❖ Enrich and harvest data to give customers output that becomes
usable
❖ Beneficiary:
- Pharmaceutical Community
- HR Staffing Company

21. Google Search v.s. Deep Web Harvesting
❖ Search v.s. Harvesting
- How late is Burger King open?
- Who is selling my products fraudulently online?
❖ Mentions v.s. Page Changes
- Why it matters?
- Monitor and track changes on existing pages
- Receive real time alerts
❖ Define Your Own Dataset

22. Bitcoin
● First described in 1998, first
published in 2009.
● New payment method which only
used cryptocurrency.
● Decentralized peer-to-peer
payment network.
● Nobody owns the Bitcoin
network--all of worldwide users
control the network.

23. Other Crypto Currency
Future cryptocurrency:
● Litecoin

24. Silver vs Gold

27. Benefits of Using Bitcoin
❖ Anonymity
❖ Decentralized digital currency
❖ Public ledger
❖ Audit trail

28. Bitcoin and Blockchain

29. Still confused about what is Blockchain?
Blockchain-Public Ledger:
Everyone on the network keeps
a record of the transaction.
Cannot manipulate the
transaction value because it
would not sync up with
everybody else.

30. Downside
❖ Transaction malleability: an attack that lets someone change the unique ID of
a bitcoin transaction before it is confirmed on the bitcoin network.
❖ Use in illegal transaction: Apple ransomware.
❖ Fluctuation wildly in value

32. Interesting facts

33. Risks of using the Deep web
❖ Unregulated access to criminal
information
❖ Simplifies monetization of Corporate
IP/Personal Identifiable Information
❖ Trade of zero-day Malware
Picture Source: wordpress.org, 2013 SQA

34. 2015: Ashley Madison was Hacked
❖ 25gb of company data leaked by a group of hackers known as ‘The Impact
Team’
❖ Credit Card Transaction data, including full names and addresses
❖ GPS Coordinates
❖ Email addresses compromised
➢ Lack of email verification lead to public media vilifying massive amounts of .gov and .mil

36. Example

39. Personal Identifiable Information

43. Zero-day Exploits Market

46. Take-away Message
The Deep Web is a neutral
environment for anonymous
communication,
and its impact on businesses
and societies are defined
the user's intent.

47. Questions?

48. Contacts
Christian Back
(408) 960 - 9037
official.cback@gmail.com
Bich Chu
(408) 688 - 6109
bichchu1502@yahoo.com
Jennifer Chien
(408) 887 - 7609
jennifer.chien@sjsu.edu
Lingman Guo
(650) 666 - 5600
tinaguo1994@gmail.com
Manpreet Singh
(408) 881 - 4564
msgillon0@gmail.com

49. ❖ Unidirectional tunnels instead of bidirectional circuits, doubling the number
of nodes a peer has to compromise to get the same information.
❖ Essentially all peers participate in routing for others.
❖ Tunnels in I2P are short lived, decreasing the number of samples that an
attacker can use to mount an active attack with, unlike circuits in Tor, which
are typically long lived.
Appendix: I2p

50. Appendix:Tails
❖ Linux based live operating system that
works on most computers
❖ Tails OS can be booted from most
devices like DVD, USB or SD card
❖ Main benefit of Tails is built-in-
preconfigured applications for web
browsers
❖ It leaves no evidence -- Route all
traffic through Tor
Picture Source: Deepbotweb

51. Appendix: Mini Deep Web

52. References
https://www.digitalfirst.com/bitcoin-transform-accounting-know/
https://bitcoin.org/en/faq
http://www.coindesk.com/bitcoin-bug-guide-transaction-malleability/
https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-
secure/1526085754298237ies
https://teksecurityblog.com/blog/2015/04/13/hacked-how-safe-is-your-data-on-adult-social-sites/
http://www.wired.com/2015/04/therealdeal-zero-day-exploits/
http://motherboard.vice.com/read/hell-forum-dark-web-hacking-site
http://darkmatters.norsecorp.com/2015/04/07/a-buyers-guide-to-stolen-data-on-the-deep-web/
https://www.linkedin.com/pulse/look-hacker-landscape-debraj-ghosh-phd-mba
https://geti2p.net/en/comparison/tor
http://cybersecurityventures.com/cybersecurity-market-report/