Introduction 

In recent years, more attention has been drawn to the “dark web,” an area of the internet that most people will never visit and many are unaware of.  Although the technical features of the dark web are specifically intended to provide anonymity, high-profile investigations and prosecutions have exposed websites and services that facilitate criminal activity.  Nevertheless, both technical and organizational challenges remain for law enforcement in identifying and prosecuting these crimes, while criminals continuously adapt their tactics to evade detection and identification. 

This article provides an overview of the dark web and the technologies that power it, discusses some of the ways in which people engage with and use the dark web, and examines how law enforcement can more effectively investigate criminal activity taking place there. 

What is the Dark Web? 

The dark web consists of the internet-accessible content (such as world wide web pages) that are reachable only through the use of specialized software tools and configurations.  Although dark web traffic travels over the public internet, these tools are specifically designed to encrypt data and obfuscate user identities and locations.  This is accomplished through the use of overlay networks (“darknets”) which include both well-known networks (such as Tor) and small, ad-hoc peer-to-peer networks. 

An overlay network is similar to a VPN in that it creates a secure connection from an endpoint device (such as a computer, tablet, or phone) to a private network that generally does not allow public access; the device then behaves as though it is directly connected to that network, even though it is communicating over the internet.  In the case of a corporate VPN connection, the device is connected to a company’s network.  With an overlay network, the private network spans the entire internet and the VPN servers are decentralized. 

To further anonymize traffic, darknets such as Tor and I2P employ multiple layers of encryption and routing.  These tools route data through multiple intermediate servers, and information is encrypted such that it may only be decrypted by subsequent nodes in the route.  For this reason, it is nearly impossible to reproduce the traffic path and decrypt the information, even with direct access to the servers in the network.  Additionally, websites accessed via darknets are unable to track and locate users (for example, geolocation via IP address); similarly, users cannot obtain this information about the host with which they are communicating. 

Although not strictly included in a definition of the dark web, cryptocurrencies such as Bitcoin are commonly used to facilitate transactions in darknet markets.  Cryptocurrencies allow for secure, peer-to-peer payments that, like the dark web itself, are obfuscated, anonymized, and processed by a decentralized network.  Services such as “tumblers” are also available on darknets, which can be used to further hide the source and destination of electronic payments. 

Use Cases (Legal or Otherwise) 

It is important to understand that it is not illegal in and of itself to access the dark web.  In fact, there are any number of reasons why law-abiding people might use the dark web, including privacy concerns or simply to access benign content that is not available on the public internet (“Clearnet”).  Examples include: 

• Security and Privacy: Connecting to a darknet when using Clearnet services offers additional safeguards against information theft and user tracking. 
• Search Engines: Dark web search engines are focused on confidentiality, making them an attractive alternative to traditional Clearnet search engines that track and sell user activity. 
• Social Media: Dark web social media services provide forums and groups for a wide range of benign activities such as recipe and book clubs.The Torist is a literary journal containing essays, short stories, and poetry. 
• Email: Dark web email providers allow secure, anonymous email 

Given its anonymous nature, however, the dark web also provides an ideal environment for criminal activity, such as the trading of illicit substances and weapons, or the coordination of violent activities.  The Silk Road darknet market is perhaps the best-known, both for its popularity and subsequent shuttering in 2013 after an FBI investigation.  Examples of criminal activity on the dark web include: 

• Darknet Markets: Black markets that sell or broker transactions involving illegal substances, weapons, stolen identities and credit cards, child pornography, and other illicit goods. 
• Hacking Services: The dark web is frequently used by hackers, both individually and in groups, to sell and trade their services.Attacks themselves often leverage the dark web to obfuscate their source, for example by hosting a scam site within the darknet that infects users with a computer virus. 
• Currency Services: Tools such as Bitcoin tumblers are available on the dark web and can be used to further anonymize peer-to-peer payments.Although not illegal in and of itself, such services are often used for money laundering and other illegal purposes. 
• Terrorism: Darknet web sites have been used by terrorist organizations to organize and coordinate activities, recruit members, and distribute propaganda materials. 

Challenges for Law Enforcement 

The dark web presents challenges and concerns for law enforcement, both in terms of investigating and tracking dark web activity as well as the nature of those activities.  Furthermore, in many cases, law enforcement agencies are unaware that these crimes are taking place, even when those crimes have an effect in their local jurisdiction. 

In many ways, the challenges of investigating crime on the dark web are not dissimilar to investigating cybercrime in general.  The global, cross-jurisdictional nature of the internet requires close collaboration between investigators.  Specialized technical training is required to identify and preserve evidence, as well as understand the techniques used by criminals.  Interdicting shipments of illicit goods through postal systems is difficult and often requires a warrant. 

On the dark web, these challenges are exacerbated by design features specifically intended to prevent tracking and identification of users.  As a result, many law enforcement successes involving the dark web have instead focused on targeting service providers such as The Silk Road marketplace.  Additionally, the ability to recognize evidence in the physical world that may be indicative of activities occurring on the dark web has aided investigators in tracking and prosecuting suspects. 

Overcoming these hurdles requires a combination of comprehensive training and improved information sharing between law enforcement agencies.  Effective training should include officers at all levels, so that, for example, a junior officer is aware of common artifacts that might be used to support an investigation.  Improved information sharing and cross-organization arrangements, both internationally and domestically, further counter the decentralized nature of the dark web. 

Conclusion 

The dark web allows users and service providers to communicate and exchange information securely and anonymously.  Using special tools, these services are accessed in a manner similar to other internet-based applications, although the pathways between clients and servers are obfuscated as a matter of design. 

Although most commonly associated with illegal activities, there are numerous, benign use cases for the dark web including enhanced privacy and the ability to access content that is otherwise unavailable on Clearnet.  Nevertheless, the scope and scale of criminal activity on the dark web is a concern for law enforcement and policymakers, and the anonymous and decentralized nature of these networks present additional challenges in enforcement and prosecution. 

Although the technical obstacles are not insurmountable, effective cybercrime investigations require specialized training for law enforcement officers of all levels.  This training, coupled with enhanced inter-agency information sharing agreements and processes is key to identifying, investigating, and prosecuting criminal activity on the dark web.