Introduction
For many, the “dark web” harbors a stigma. After the rise of notorious “dark net markets” like “Silk Road” and “AlphaBay” in the early 2010s, pop culture has come to equate the “dark web” with illegality and contraband. Something often forgotten and the altruistic cornerstone as to why the dark web exists in the first place is the mitigation of internet censorship. The dark web is a medium for those to access information and communicate in a censorship-resistant environment. It is imperative for U.S. Department of Defense partners to understand dark web intelligence is a crucial component of the open-source intelligence discipline, especially for countries in conflict.
Because of freedom of speech and freedom of press, America is naive when it comes to internet censorship. Many countries throughout the world heavily censor the internet for their citizens and completely control what content the populus can view. It is estimated that 5.18 billion people utilize the internet, equated to 64.6% of the world’s population as of April 2023 [1], for countless purposes—from news/information to social media to entertainment. Of those 5.18 billion users, how many are throttled by their governments as to what they are allowed to do when they go online?
A January 2023 article published by Comparitech [2] rated the various countries throughout the world that strictly control the internet for their citizens. North Korea and China possessed the most internet censorship. Furthermore, the commonality of heavy internet censorship coinciding with totalitarian regimes/dictatorships is unremarkable. From this, how does internal and external conflict in a country correlate to internet censorship and, by extension, the means to circumvent those protocols? How does dark web usage or virtual private network (VPN) connectivity to peer-to-peer facilitated “mesh nets” directly impact war or civil unrest?
The Dark Web During the Russia-Ukraine War
The ongoing conflict between Ukraine and Russia has surpassed a year. In August 2022, The New Statesman published an article about how the Russian invasion in Ukraine was “reshaping the dark web” and that “the geopolitical tensions that have changed the world are also changing the dark web” [3]. Although this article was published during the first six months of the Russia-Ukraine conflict, the perception of geopolitical tensions transcending to the dark web is apparent.
While the dark web is often shrouded with anonymity, individual “dark nets” are often very transparent in the metrics concerning the scope of their usage. For example, global privacy service Tor offers its metrics via the Tor Project, where multiple components of the network can be viewed (Tables 1 and 2).
Russia started tightening its restrictions on VPN services like Tor and dark web usage two months before the invasion of Ukraine, in December 2021. In an article published that same month, Reuters highlighted the “crackdown,” where the Russian government blocked access to the Torproject.org, a climax in a multiple year campaign of enforcing restrictions for VPNs [5].
Conversely in February of 2023, Russia elicited the dark net market’s “BlackSprut” for a paid billboard advertisement displayed in Moscow. CybersecurityConnect described this move as follows [6]:
The important question is how the advertisement made it onto the billboard in the first place. It could be a hacked device, or an innocent oversight from the billboard’s operator, but there’s no denying that Russia is a far friendlier place for darknet markets to operate than many countries. That the country is profiting from a wide range of crypto transactions to get around strict sanctions placed upon the country following its illegal invasion of Ukraine could also be a factor. And it doesn’t hurt that, reportedly, the operators of the market support Russia’s war and have even gone so far as to support Russian-allied troops with crypto donations.
Phone Apps During the Russia-Ukraine War
Another development with dark web usage germane to Russia was the rise of mobile phone apps for individual dark net markets juxtapose the traditional dark web browser usership (Tor, I2P, etc. [7]) (Figure 1). As the conflict between Russia and Ukraine neared its one-year anniversary, a DeviceSecurity.io article highlighted the recent rising trend of Russia eliciting dark net markets for mobile app connectivity for its customers [8]. The ease of use with market-specific apps built for Android operating systems allowed ready access to Russian markets like “RuTor,” “Blacksprut, and “OMG!OMG!”
Inasmuch, the events that unfolded in the months leading to the one-year anniversary of the Russia-Ukraine conflict beckons the question as to why Russia seemingly laxed its stranglehold on Tor/VPN usage. As highlighted in the CybersecurityConnect article [6], could the illicit cryptocurrency economy derived from the various dark net markets result in an influx of pro-Russia donations from those market administrators? Could this “passive income” circumvent international sanctions and subsidize Russian military aggression? Could the Russian government want to keep its population appeased by turning a blind eye to the illicit activity with a dark web nexus? Could the increase in dark web usage, more specifically Tor, simply be state-sponsored cyberwarfare vs. the general population?
According to the Tor Metrics data in Tables 1 and 2, Russia has accounted for upward of 20% to 35% of the bridge users by country since December 2021, when Moscow tightened the dark web/VPN restrictions. However, according to the same data, over the past year, another country ripe with internal conflict and social unrest has taken over as the top country for bridge users—Iran.
The Dark Web in Iran
Iran is a country that has a unique relationship with the dark web. They have very successful cyber criminals and ransomware groups with no affiliation to the Islamic Revolutionary Guard Corps, like SamSam actors, and state-sponsored cyber espionage and hacking groups known as advanced persistent threats. Iran is also a country that restricts dark web usage for its citizens and often completely turns off their internet during heightened periods of civil discourse, as highlighted in a WIRED magazine article that described when the nationwide protest and vision clashes with the government sparked a five-day internet shutdown on November 15, 2019 [9].
For a populous that has grown accustomed to such authoritarian practices as well as highly publicized events, it is no surprise that when the Mahsa Amini protests began in September 2022, many rushed to aid the inevitable forthcoming internet “lockdown.” One month after the protests began, CNBC reported such hacking conglomerates as “Anonymous” were conducting cyberattacks on the Iranian government infrastructure [10].
One VPN service that has spearheaded the campaign for internet freedom in Iran is Lantern VPN (Figure 2). However, the Oxen Privacy Tech Foundation (OPTF), which developed the “LokiNet” dark net as well as the end-to-end encryption messenger “Session,” saw an overwhelming influx of Iranian users since September 2022. The OPTF worked diligently to incorporate the support Persian (Farsi) script into the Session service and support connectivity from various VPNs circumventing Iranian firewalls (Figure 3).
While Iran’s extreme tactics carry much notoriety, internet censorship is well known in many countries throughout the Arabian Peninsula. Many human rights and free press organizations have a presence on various dark nets. An example can be seen in Figure 4, where Saudi Arabia Human Rights campaign group ALQST hosted on I2P to sidestep the governmental firewalls.
Conclusions
With the events unfolding across Europe or in the Middle East, the dark web remains an essential component to empower internet freedom for those engulfed in the turmoil. For many in the United States, it merely remains a novelty—a gateway into a shadowy underworld where contraband and taboo reign supreme. It is something we are quick to portray in pop culture with many negative connotations. For those who are enveloped within country conflicts and severely restricted from what they can view or say online, the dark web serves as the only avenue to communicate or see the outside world. Gathering intelligence from its sources is a critical process to understanding social sentiments and developing trends within war-torn regions.
References
- Statista. “Number of Internet and Social Media Users Worldwide as of April 2023.” https://www.statista.com/statistics/617136/digital-population-worldwide/, accessed on 29 august 2023.
- Comparitech. “Internet Censorship 2023: A Global Map of Internet Restrictions.” https://www.comparitech.com/blog/vpn-privacy/internet-censorship-map/, accessed on 29 August 2023.
- Grunewald, Z. “How the War in Ukraine Is Reshaping the Dark Web.” The New Statesman, https://www.newstatesman.com/spotlight/tech-regulation/cybersecurity/2022/08/ukraine-war-cyber-attacks-the-dark-web, accessed on 29 August 2023.
- Tor Metrics. https://metrics.torproject.org, accessed on 29 August 2023.
- Reuters. “Russia Blocks Privacy Service Tor, Ratcheting Up Internet Control.” https://www.reuters.com/technology/russia-ratchets-up-internet-crackdown-with-block-privacy-service-tor-2021-12-08/, accessed on 29 August 2023.
- CyberSecurity Connect. “Russian Dark Web Market Advertises Itself on Moscow Billboard, While Donating to Russian Troops.” https://www.cybersecurityconnect.com.au/defence/8678-russian-darkweb-market-advertises-itself-on-moscow-billboard-while-donating-to-russian-troops, accessed on 29 August 2023.
- i2p Forum. “PurpleChan.” http://purplechan.i2p, accessed on 29 August 2023.
- DeviceSecurity.io. “Darknet Markets Using Custom Android Apps for Fulfillment.” https://www.devicesecurity.io/blogs/darknet-markets-using-custom-android-apps-for-fulfillment-p-3351, accessed on 29 August 2023.
- WIRED. “The Dark Web, Iran Style.” https://wired.me/technology/iran-dark-web-internet-blackout/, accessed on 29 August 2023.
- CNBC. “Hacktivists Seek to Aid Iran Protests With Cyberattacks and Tips on How to Bypass Internet Censorship.” https://www.cnbc.com/2022/10/05/how-anonymous-and-other-hacking-groups-are-aiding-protests-in-iran.html, accessed on 29 August 2023.
- Lantern. “HomePage.” https://lantern.io, accessed on 29 August 2023.
- Session. https://twitter.com/session_app/status/1578255877429022721?lang=en, accessed on 29 August 2023.
- ALQST for Human Rights. “Eepsite.” http://alqst.i2p, accessed on 29 August 2023.
Biography
Keven Hendricks is a 16-year veteran detective with a municipal police department and has served as a task force officer for two separate federal agencies. He is a published author with the FBI Law Enforcement Bulletin and American Police Beat and currently works as an instructor for Street Cop Training and Noble Supply & Logistics, teaching a class for law enforcement on dark web and cybercrime investigations. He is a certified cybercrime examiner and cybercrime investigator by the National White Collar Crime Center, a certified cryptocurrency investigator through the Blockchain Intelligence Group, and a certified digital asset professional through the Global Digital Asset & Cryptocurrency Alliance.