Abstract
It has been argued that the anonymity the dark web offers has allowed criminals to use it to run a range of criminal enterprises, acting with impunity and beyond the reach of law enforcement. By designing a process that can identify sites based on their criminality, law enforcement officers can devote their resources to finding the people behind the sites, rather than having to spend time identifying the sites themselves. The scope of the study in this chapter is focused solely on Tor’s hidden services. The research problem was to identify what percentage of hidden services are accessible and how many of these are connected to criminal/illicit activities. Additionally, our research also aims to determine if it is possible to automate a system to identify sites of interest for law enforcement by categorising them based on the prevalent crime type of the hidden service. In this chapter, we look at how hidden services are set up. To facilitate this, an experiment was conducted where a hidden service was set up and hosted on the Tor network. It is connected to the Tor network and obtained an un-attributable IP address, identified over 12,800 .onion addresses from which it scraped the HTML from the home page, before checking this against a pre-determined list of keywords to identify illicit sites and categorise each of these dependant on their type of criminality. Our approach successfully identified criminal sites without the need for human interaction making it a very useful triage solution. Whilst further work is required before its categorisation process is sufficiently robust enough to provide an accurate, unquestionable strategic overview of hidden services, the tool in essence, works very well in achieving its primary function; to identify criminal sites across the dark web.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Spitters, M., Verbuggen, S., Ataalduinen, M.V.: Towards a comprehensive insight in the thematic organization of the tor hidden services. Perspective 5, 6–9 (2014)
Hayes, L.: 60 Minutes: the Dark Web. Retrieved 26 Oct 2016, from nine.com.au. http://www.9jumpin.com.au/show/60minutes/stories/2014/september/the-dark-web/ (2015)
The Economist.: Shedding Light on the Dark Web—Buying Drugs Online. Retrieved 13 Oct 2016, from The Economist. http://www.economist.com/news/international/21702176-drug-trade-moving-street-online-cryptomarkets-forced-compete (2016)
Intelliagg.: Deeplight: Shining A Light On The Dark Web. Onyx, London (2016)
Biryukov, A., Pustogarov, I., Thill, F., Weinmann, R.-P.: Content and popularity analysis of Tor hidden services. Retrieved 9 Nov 2016, from arXiv.org. https://arxiv.org/abs/1308.6768 (2014)
Mitchell, R.: Web Scraping with Python: Collecting Data from the Modern Web. O’Reilly, Sebastopol (2015)
McCoy, D., Bauer, K., Grunwald, D., Kohno, T., Sicker, D.: Shining Light in Dark Places: Understanding the Tor Network. Privacy Enhancing Technologies, pp. 63–76. Springer, Cham (2008)
Chaabane, A., Manils, P., Kaafar, M.A.: Digging into anonymous traffic: a deep analysis of the tor anonymizing netowork. In: 4th International Conference on Network and System Security (pp. 167–174). IEEE Computer Society, Grenoble, France (2010)
Christin, N.: Traveling the Silk Road: a Measurement Analysis of a Large Anonymous Online Marketplace. Carnegie Mellon University, Pittsburgh, PA (2012)
Zander, S., Murdoch, S.: An improved Clock-Skew measurement technique for revealing hidden services. In: 17th USENIX Security Symposium (pp. 211–225) (2008)
Murdoch, S.J.: Hot or not: revealing hidden services by their Clock Skew. In: CCS ‘06 Proceedings of the 9th ACM Conference on Computer and Communications Security (pp. 27–36). ACM Press, Alexandria, VA, USA (2006)
Biryukov, A., Pustogarov, I., Weinmann, R.-P.: Trawling for tor hidden services: detection, measurement, deanonymization. In: IEEE Symposium on Security and Privacy, pp. 80–94 (2013)
Savage, N., Owen, G.: Emperical analysis of tor hidden services. Inst. Eng. Technol 10(3), 113–118 (2015)
Guitton, C.: A review of the available content on Tor hidden servcies: the case against further development. Comput. Hum. Behav. 2805–2815 (2013)
Sui, D., Caverlee, J., Rudesill, D.: The Deep Web and the Darknet: A Look Inside the Internet’s Massive Black Box. Wilson Center, Washington DC (2015)
Ciacaglini, D.V., Balduzzi, D.M., McArdle, R., Rosler, M.: Below the surface: exploring the deep web. Trend Micro (2015)
Warren, C., El-Sheikh, E., Le-Khac, N.-A.: Privacy preserving internet browsers—forensic analysis of browzar. In: Daimi, K., et al. (eds.) Computer and Network Security Essentials. Springer, New York. DOI: https://doi.org/10.1007/978-3-319-58424-9_21 (2017)
Reed, A., Scanlon, M., Le-Khac N-A.: Forensic analysis of epic privacy browser on windows operating systems. In: 16th European Conference on Cyber Warfare and Security, Dublin, Ireland, June 2017 (2017)
Tor Project.: Tor: Anonymity Online. Retrieved 31 Oct 2016, from The Tor Project. https://www.torproject.org/ (2016)
Acharya, S.: Crawling Anonymously with Tor in Python. Retrieved 15 Oct 2016, from www.sacharya.com. http://sacharya.com/crawling-anonymously-with-tor-in-python/ (2014, March 5)
Mathewson, N.: Special Hostnames in Tor. Retrieved 20 Nov 2016, from The Tor Project. https://spec.torproject.org/address-spec (2006)
Crummy.com.: Beautiful Soup. Retrieved 11 Oct 2016, from Crummy.com. https://www.crummy.com/software/BeautifulSoup/ (2016)
National Crime Agency: National Strategic Assessment of Serious and Organised Crime 2016. National Crime Agency, London (2016)
Boucher, J., Le-Khac, N-A.: Forensic framework to identify local vs synced artefacts. J. Dig. Inv. 24(1), S68–S75. https://doi.org/10.1016/j.diin.2018.01.009
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kinder, A., Choo, KK.R., Le-Khac, NA. (2020). Towards an Automated Process to Categorise Tor’s Hidden Services. In: Le-Khac, NA., Choo, KK. (eds) Cyber and Digital Forensic Investigations. Studies in Big Data, vol 74. Springer, Cham. https://doi.org/10.1007/978-3-030-47131-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-47131-6_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-47130-9
Online ISBN: 978-3-030-47131-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)