This presentation provides an overview of the deep web and discusses some of the dangers it poses. It defines the deep web and explains how it differs from the surface web. The presentation notes that the deep web is much larger than the surface web and contains dynamic, unlinked, private, and restricted content that search engines cannot access. It describes how tools like Tor can be used to anonymously access dark web sites ending in .onion and discusses some of the illegal activities that occur on the deep web, like drug trafficking, weapons sales, and hiring criminals. The presentation aims to educate information security professionals about the deep web so they can help address illegal activities occurring there.

1. Scary Halloween Lecture
Information Security 365/765 10/31/2017
The Deep Web—From Spooky to Creepy
Presented by Nicholas Davis, CISSP, CISA

2. This presentation contains explicit content, which some people
may find offensive. If you find at any time that this presentation is
too disturbing, you may leave the classroom with absolutely no
negative implications upon your grade. Horrible things happen on
the Deep Web. It is important for information security
professionals to know about these, so that we can help to stop
them. Silence is acquiescence----We are not the silent types!
The examples shown do not represent my views or opinions, and
are used for demonstration only.
I do not endorse the use of the Deep Web for unethical or illicit
activities.
10/31/17 UNIVERSITY OF WISCONSIN 2

3. Session OverviewSession Overview
Introduction and Warning
The Deep Web Defined
Dynamic Content
Unlinked Content
Private Web
Contextual Web
Limited Access Content
Scripted Content
Non-HTML Content
Deep Web Search Engines & Tor Client
Examples of what can found on the Deep Web
Exciting Documentary Video
Question and Answer session
10/31/17 UNIVERSITY OF WISCONSIN 3

4. Some DefinitionsSome Definitions
Deep Web, Deep Net, Invisible Web, or
Hidden Web is not part of the Surface
Web (that which is normally accessed).
Do not confuse it with the Dark Internet,
which refers to computers which can no
longer be reached over the Internet
Some people think that the Deep Web is
a haven for serious criminality, and I
agree with them
10/31/17 UNIVERSITY OF WISCONSIN 4

5. Normal Web SearchNormal Web Search
vs. Deep Web Searchvs. Deep Web Search
Searching on the Internet today can be
compared to dragging a net across the
surface of the ocean: a great deal may be
caught in the net, but there is a wealth of
information that is deep and therefore
missed
10/31/17 UNIVERSITY OF WISCONSIN 5

6. Normal Web SearchNormal Web Search
vs. Deep Web Searchvs. Deep Web Search
Traditional search engines cannot see or
retrieve content in the deep Web—those
pages do not exist until they are created
dynamically as the result of a specific
search. As of 2001, the deep Web was
several orders of magnitude larger than
the surface Web
10/31/17 UNIVERSITY OF WISCONSIN 6

7. Deep Web SizeDeep Web Size
It is impossible to measure
or put estimates onto the
size of the deep web
because the majority of the
information is hidden or
locked inside databases.
Early estimates suggested
that the deep web is 4,000
to 5,000 times larger than
the surface web
10/31/17 UNIVERSITY OF WISCONSIN 7

8. Deep Web ResourcesDeep Web Resources
Dynamic ContentDynamic Content
Dynamic pages which are returned in
response to a submitted query or
accessed only through a form, especially
if open-domain input elements (such as
text fields) are used; such fields are hard
to navigate without domain knowledge.
10/31/17 UNIVERSITY OF WISCONSIN 8

9. Deep Web ResourcesDeep Web Resources
Unlinked ContentUnlinked Content
Unlinked content: pages which are not
linked to by other pages, which may
prevent Web crawling programs from
accessing the content. This content is
referred to as pages without backlinks
(or inlinks).
10/31/17 UNIVERSITY OF WISCONSIN 9

10. Deep Web ResourcesDeep Web Resources
Private WebPrivate Web
Private Web: sites that require
registration and login (password-
protected resources).
10/31/17 UNIVERSITY OF WISCONSIN 10

11. Deep Web ResourcesDeep Web Resources
Contextual WebContextual Web
Contextual Web:
pages with content
varying for different
access contexts (e.g.,
ranges of client IP
addresses or previous
navigation sequence).
10/31/17 UNIVERSITY OF WISCONSIN 11

12. Deep Web ResourcesDeep Web Resources
Limited Access ContentLimited Access Content
Limited access content: sites that limit
access to their pages in a technical way
(e.g., using the Robots Exclusion
Standard or CAPTCHAs, or no-store
directive which prohibit search engines
from browsing them and creating
cached copies
10/31/17 UNIVERSITY OF WISCONSIN 12

13. Deep Web ResourcesDeep Web Resources
Scripted ContentScripted Content
Scripted content: pages that are only
accessible through links produced by
JavaScript as well as content
dynamically downloaded from Web
servers via Flash or Ajax solutions.
10/31/17 UNIVERSITY OF WISCONSIN 13

14. Deep Web ResourcesDeep Web Resources
Non HTML ContentNon HTML Content
Non-HTML/text
content: textual
content encoded
in multimedia
(image or video)
files or specific
file formats not
handled by
search engines.
10/31/17 UNIVERSITY OF WISCONSIN 14

15. Accessing the Deep WebAccessing the Deep Web
While it is not always possible to
discover a specific web server's external
IP address, theoretically almost any site
can be accessed via its IP address,
regardless of whether or not it has been
indexed.
10/31/17 UNIVERSITY OF WISCONSIN 15

16. Accessing the Deep WebAccessing the Deep Web
Certain content is
intentionally hidden from
the regular internet,
accessible only with special
software, such as Tor. Tor
allows users to access
websites using the .onion
host suffix anonymously,
hiding their IP address.
Other such software includes
I2P and Freenet.
10/31/17 UNIVERSITY OF WISCONSIN 16

17. The Onion Router (Tor)The Onion Router (Tor)
Tool For the Deep WebTool For the Deep Web
Tor is software that installs into your
browser and sets up the specific
connections you need to access dark
Web sites. Critically, Tor is an encrypted
technology that helps people maintain
anonymity online. It does this in part by
routing connections through servers
around the world, making them much
harder to track.
10/31/17 UNIVERSITY OF WISCONSIN 17

18. Who Invented Tor?Who Invented Tor?
Oddly enough, Tor is the result of research
done by the U.S. Naval Research
Laboratory, which created Tor for political
dissidents and whistleblowers, allowing
them to communicate without fear of
reprisal.
10/31/17 UNIVERSITY OF WISCONSIN 18

19. Tor Client AvailableTor Client Available
For DownloadFor Download
10/31/17 UNIVERSITY OF WISCONSIN 19

20. Accessing the Deep WebAccessing the Deep Web
.onion.onion
.onion is a pseudo-top-level domain host
suffix designating an anonymous hidden
service reachable via the Tor network.
Such addresses are not actual DNS
names, and the .onion TLD is not in the
Internet DNS root, but with the
appropriate proxy software installed,
Internet programs such as Web
browsers can access sites with .onion
addresses by sending the request
through the network of Tor servers.
10/31/17 UNIVERSITY OF WISCONSIN 20

21. Accessing the Deep WebAccessing the Deep Web
Tor2web
10/31/17 UNIVERSITY OF WISCONSIN 21

22. What Deep Web LinksWhat Deep Web Links
Look LikeLook Like
Deep Web links
appear as a random
string of letters
followed by the .onion
TLD. For example,
http://xmh57jrzrnw6i
nsl followed by .onion,
links to TORCH, the
Tor search engine web
page.
10/31/17 UNIVERSITY OF WISCONSIN 22

23. Searching the Deep WebSearching the Deep Web
To discover content on the
Web, search engines use web
crawlers that follow
hyperlinks through known
protocol virtual port
numbers. This technique is
ideal for discovering
resources on the surface
Web but is often ineffective
at finding Deep Web
resources.
10/31/17 UNIVERSITY OF WISCONSIN 23

24. Give the People What TheyGive the People What They
Came Here For, Tonight!Came Here For, Tonight!
Just like general web search, searching
the Invisible Web is also about looking
for the needle in the haystack. Only
here, the haystack is much bigger. The
Invisible Web is definitely not for the
casual searcher. It is a deep but not dark
because if you know what you are
searching for, enlightenment is a few
keywords away.
10/31/17 UNIVERSITY OF WISCONSIN 24

25. Deep Web SearchDeep Web Search
EnginesEngines
10/31/17 UNIVERSITY OF WISCONSIN 25

26. In mid-2014, a hacker created Grams, the Dark Web’s
first distributed search engine. Grams allows would-be
criminals to search for drugs, guns, and stolen bank
accounts across multiple hidden sites. It even includes
an "I’m Feeling Lucky" button and targeted ads where
drug dealers compete for clicks.
10/31/17 UNIVERSITY OF WISCONSIN 26

27. Grams Sample SearchGrams Sample Search
Crunchy Dutch MoonrocksCrunchy Dutch Moonrocks
10/31/17 UNIVERSITY OF WISCONSIN 27

28. Tools of the TradeTools of the Trade
10/31/17 UNIVERSITY OF WISCONSIN 28

29. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Cryptocurrency
Digital cash, such as bitcoin and darkcoin, and the
payment system Liberty Reserve provide a convenient
system for users to spend money online while keeping
their real-world identities hidden.
10/31/17 UNIVERSITY OF WISCONSIN 29

30. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Bulletproof Web-hosting Services
Some Web hosts in places such as Russia or Ukraine welcome all
content, make no attempts to learn their customers’ true
identities, accept anonymous payments in bitcoin, and routinely
ignore subpoena requests from law enforcement.
10/31/17 UNIVERSITY OF WISCONSIN 30

31. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Cloud Computing
By hosting their criminal
malware with reputable
firms, hackers are much less
likely to see their traffic
blocked by security systems.
A recent study suggested that
16 percent of the world’s
malware and cyberattack
distribution channels
originated in the Amazon
Cloud.
10/31/17 UNIVERSITY OF WISCONSIN 31

32. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Crimeware
Less skilled criminals can buy
all the tools they need to
identify system
vulnerabilities, commit
identity theft, compromise
servers, and steal data. It was
a hacker with just such a tool
kit who invaded Target’s
point-of-sale system in 2013.
10/31/17 UNIVERSITY OF WISCONSIN 32

33. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Hackers For Hire
Organized cybercrime
syndicates outsource
hackers-for-hire. The
Hidden Lynx group boasts
up to 100 professional
cyberthieves, some of whom
are known to have
penetrated systems at
Google, Adobe, and
Lockheed Martin.
10/31/17 UNIVERSITY OF WISCONSIN 33

34. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Multilingual Crime Call
Centers
Employees will play any
duplicitous role you would
like, such as providing job
and educational
references, initiating wire
transfers, and unblocking
hacked accounts. Calls
cost around $10.
10/31/17 UNIVERSITY OF WISCONSIN 34

35. Be Careful of What YouBe Careful of What You
Search For, You Might Just Find ItSearch For, You Might Just Find It
10/31/17 UNIVERSITY OF WISCONSIN 35

36. Deep WebDeep Web
Dangerous WebDangerous Web
10/31/17 UNIVERSITY OF WISCONSIN 36

37. Deep WebDeep Web
Dangerous WebDangerous Web
10/31/17 UNIVERSITY OF WISCONSIN 37

38. Deep Web, Dangerous WebDeep Web, Dangerous Web
SteganographySteganography
(ste-g&n-o´gr&-fē) (n.) The art and
science of hiding information by
embedding messages within other,
seemingly harmless messages
10/31/17 UNIVERSITY OF WISCONSIN 38

39. Deep WebDeep Web
Dangerous WebDangerous Web
10/31/17 UNIVERSITY OF WISCONSIN 39

40. Deep WebDeep Web
Dangerous WebDangerous Web
10/31/17 UNIVERSITY OF WISCONSIN 40

41. Deep WebDeep Web
Dangerous WebDangerous Web
10/31/17 UNIVERSITY OF WISCONSIN 41

42. Deep WebDeep Web
Dangerous WebDangerous Web
10/31/17 UNIVERSITY OF WISCONSIN 42

43. Deep WebDeep Web
Dangerous WebDangerous Web
10/31/17 UNIVERSITY OF WISCONSIN 43

44. Deep WebDeep Web
Dangerous WebDangerous Web
10/31/17 UNIVERSITY OF WISCONSIN 44

45. Deep WebDeep Web
Dangerous WebDangerous Web
10/31/17 UNIVERSITY OF WISCONSIN 45

46. Deep WebDeep Web
Dangerous WebDangerous Web
10/31/17 UNIVERSITY OF WISCONSIN 46

47. Deep Web VideoDeep Web Video
https://youtu.be/EUZGY1gQgnw
10/31/17 UNIVERSITY OF WISCONSIN 47

48. Class DiscussionClass Discussion
You love the Internet. However, you favorite sites, such as Facebook,
Amazon, and wisc.edu are just the surface. There is another world out
there: the Deep Web
The Deep Web is where online information is password protected, or
requires special software to access—and it’s massive, yet it’s almost
completely out of sight. The Deep Web contains a hidden world, a
community where malicious actors unite in common nefarious purpose.
Should the government control or forbid certain sites? Why? Do you
think buying the following items on the Internet is possible? If it is
possible, should they be forbidden? How and why?
• Drugs (both prescription and clearly the clearly illegal type)
• Forged identity papers
• Weapons, explosives and ammunition
• Hired assassins
• Human organs
10/31/17 UNIVERSITY OF WISCONSIN 48