Friday, April 25, 2014

What You Must Know About the "Deep Web"

As parents, first responders, and educators, it is imperative that we understand the deepest and darkest corners of the Internet to better protect all children from child abuse imagery and human trafficking.

Recently, I have seen an increase in the discussion of the terms “Deep Web” and “Dark Web.” People unfamiliar with these phrases may consider the Deep Web and the Dark Web to be interchangeable terms. However, these phrases refer to very different aspects of cyberspace. In an effort to better explain where child exploitation is happening online, I want to differentiate the two.

The term “Dark Web” (or Dark Internet) refers to areas of the Internet that are no longer accessible, or that have “gone dark” – i.e. dead ends. This happens when Internet routers stop referencing parts of the Internet, either because old addresses have become compromised by malware, or simply because the routers have forgotten where to access these areas. An example of the Dark Web is the old military site, MILNET, active in the 1980’s, which was part of ARPANET, the progenitor of the modern Internet. ARPANET is no longer accessible by today’s routers, unless they follow very specific instructions. The Dark Web is therefore fundamentally different than the Deep Web in that the Dark Web cannot be accessed, period.
The term “Deep Web,” refers to the “deeper” parts of the web that are accessible, but are considered hard to find because they are not indexed by regular search engines. Information on the Deep Web can be indexed, but only using complex search algorithms that have the ability to break down certain barriers. These algorithms are a result of complex research being done on the Deep Web. (For more information, read Marcus Zillman's excellent White Paper, “Deep Web Research and Discovery Resources 2014.”)
The Deep Web is made up of dynamic content, or content that is password-protected, unlinked, restricted by form-controlled entry, or updated ahead of search engine indexing. (Imagine an enormous labyrinth with a limitless amount of doors leading into it. But, you don't know where the doors are, what is behind each door, or the code to open any of the doors.) Harmless examples of “dynamic” content include your emails on Gmail, .pdf or .doc files stored on Dropbox, personal information stored on Facebook, or private photo albums from your last family reunion.
The malicious Deep Web content that should concern us is primarily hosted on Tor and .onion peer-to-peer network servers (P2P networks), as well as obscure image sharing websites that can only be accessed if you have specific URLs, usernames and passwords. These areas of the Deep Web are where proactive action needs to be taken to stop the largely undeterred child predators who are trading child pornography or offering children for sale.
I certainly applaud the efforts of the Department of Homeland Security for its successful “Operation Round Table,” which identified and dismantled a Deep Web child pornography website that was operating on the Tor network. This site hosted over 2,000 videos and 27,000 members, and was operated by 14 men, all of whom were arrested, and face 20 years to life in prison. Operation Round Table led to the seizure of over 40 terabytes of data that investigators have used to open more than 300 investigations into potential subscribers.
I am currently exploring what else can be done. Of course, I am interested to hear from you if you know of research or tools or have ideas of deterring and disrupting exploitation in the deep web. Contact me or at

Labels: , , ,