The Season of Light and The Dark Web – by Ron Benvenisti

During this universally celebrated season of light. A long-standing traditional season we all share to shine the victorious light of righteousness and justice into the darkness that permeates the world, I thought I might “shed some light” on the most modern and perhaps most dangerous world of darkness to be illuminated yet.




The Darknet provides anonymity by connecting users to destination servers through a series of hops, each of which is encrypted, ensuring that no single relay point can identify both the user and destination. Many Darknet users have legal and legitimate reasons for desiring anonymity, but the Darknet also helps terrorists and criminals better avoid monitoring by law enforcement agencies and the Intelligence Community (IC).




The Darknet is the network of communications systems that provides users anonymity (or pseudo- anonymity), and can only be accessed using special hardware and software tools called Darknet platforms. These platforms primarily serve two purposes: connecting users anonymously to the Open Web:


  • Providing users access to the Dark Web
  • Content is intentionally hidden and inaccessible through standard Web browsers.
  • The two most popular Darknet platforms are Tor (sometimes called The Onion Router) and the Invisible Internet Project (I2P).
  • Both can be used to access the Dark Web, but each Darknet platform is independent, so Tor does not grant users access to I2P hidden services.




Tor— is the most commonly used Darknet platform with approximately 2 million daily users— was developed by the U.S. Naval Research Laboratory (NRL) beginning in the mid-1990s. The U.S. Government is still one of Tor’s primary funders. Tor’s original purpose was to enable U.S. Government personnel overseas to access locally blocked Websites and avoid monitoring by foreign governments.


In 2004, the NRL released the software to the public to ensure that the users of the network were not just Federal Government personnel; if only U.S. Government personnel used Tor, every Tor connection could be attributed to the United States. Tor was designed to provide anonymous access to the Open Web, but it also provides access to the Dark Web, although less than 5 percent of Tor traffic goes to hidden services. Tor hidden services use addresses ending in “.onion.”




I2P— is a private initiative with between 50,000 – 100,000 daily users. I2P began in 2003 and was designed to allow individuals to anonymously host hidden services, in contrast to Tor which was initially designed to anonymize connections to the Open Web. Academic research indicates that I2P is especially popular in Russia. I2P Dark Websites use addresses ending in “.i2p” and are called “eepsites”.




Darknet platforms have different methods of anonymizing users, but most use an approach similar to the Tor platform. Tor runs Internet traffic through a series of volunteer nodes (user personal computers, dedicated and “hijacked” network servers) to create a circuit between the user and the destination server.


A circuit always consists of at least three nodes through which traffic “hops”:


  1. an entrance node through which the user connects,
  2. an exit node that connects to the destination server, and
  3. intermediate relay nodes.


Different encryption keys are used for each hop and the encryption layers are peeled off (like an onion) so that no single relay point can identify both the source and destination. A passive observer would have to control all of the nodes in the circuit to know both the user and the Websites the user is viewing. When accessing the Open Web, a Darknet user is anonymous to the destination server. When accessing the Dark Web, a Darknet user and the destination server are anonymous to each other.




More than 2 million people use the Darknet each day. Darknet users have many legitimate reasons for desiring anonymity. Individuals who fear retribution such as whistleblowers and victims of domestic abuse use the Darknet to attempt to avoid being monitored. Citizens in closed societies use the Darknet to access Websites that are blocked by some governments, such as social media sites and news sources. Privacy-conscious individuals use the Darknet simply because they distrust governments and private companies.


Unfortunately, the Darknet also can help terrorists and criminals better avoid monitoring by law enforcement agencies and the IC, including when posting or viewing propaganda on social media sites and other sites on the Open Web, or when buying and selling illicit materials on the Dark Web and planning malicious activities.




Hidden services range from news forums, social media sites, and reporting pages for whistleblowers; to terrorist propaganda Websites; to marketplaces for illicit drugs, guns, identification paperwork, financial information, stolen passwords, financial information, and malware. Approximately 50 percent of Tor hidden services primarily support illegal activities, and 80 percent of hidden service traffic goes to child exploitation sites. Many Dark Websites are hidden or require membership, and users need to know members of those sites to learn the URLs and get access. One of the best known hidden services was the marketplace Silk Road which at its peak served more than 100,000 buyers.


Silk Road was shut down by the FBI but other Dark Web marketplaces continue to emerge; one 2015 study estimates the Dark Web economy is between $100 and $180 million annually. Cryptocurrencies such as Bitcoin, while not illegal, support illegal activity on the Dark Web by making electronic payments for illicit goods and services more difficult to trace.


Many new versions of Cryptocurrencies continue to emerge and criminals are taking advantage of the “bursting bubble” potential to create scams, Pyramid and Ponzi schemes to bilk users after a period of apparent huge returns on investments. Banking institutions and government regulatory agencies such as the Financial Services Administration as well as the Federal Reserve are looking at adopting the concept with strict regulations.




In addition to the Tor and I2P Darknet platforms, there are other tools that can be used to access the Dark Web or keep Internet activity protected and fully or partially anonymous. Many of these tools can be used in conjunction with Darknet platforms to add extra layers of security.


  • Decentralized Peer-to-Peer (P2P) Networks: Decentralized P2P networks, such as ZeroNet, do not have a central administrative server that manages operations and content. They are therefore resilient to disruption or takedown, as there is no single server to target.


  • Private Darknet Platforms: A technologically savvy individual or group can set up a private Darknet platform to be able to communicate and share information while remaining hidden from potential monitors. In 2016, a team of university researchers set up their own secure anonymity network.


  • The Amnesic Incognito Live System (TAILS): A portable operating system that uses Tor for user anonymity. TAILS does not store data locally, leaving no forensic artifacts on a hard drive for analysts to later review.


A holiday gift that keeps on giving: Pictured below is an easily obtained USB drive disguised as a necklace containing the TAILS operating system which can then be used to compromise an entire organization through a USB slot and potentially cause a major catastrophe should it be a hospital, public utility, or government agency, again, leaving no forensic artifacts on a hard drive for analysts to later review. Imagine a water facility’s control systems reprogrammed to add huge amounts of chlorine to the water. Soon the hospitals are overflowing with burn and poison victims, traffic is at a standstill when suddenly the electric utility goes off grid. Supermarkets run out of food, SNAP and Credit Cards don’t work, pandemonium ensues. I shudder to think about it but it is something we must think about and be prepared and plan for.


  • Tor2Web: A tool that provides users access to Tor hidden services without downloading the Tor software. Tor2Web does not provide the same amount of anonymity as Tor.


  • Virtual Private Networks (VPNs): A “private communications network often used by companies or organizations, to communicate confidentially over a public network” such as the Internet. VPNs encrypt but do not anonymize traffic, and they are often used by companies to allow employees to securely access a company’s internal network from a remote location.


  • Other Encryption Tools: Commercial telecommunications companies are making communications tools more secure through encryption. More secure devices and applications such as WhatsApp and Telegram, and programs such as Pretty Good Privacy (PGP) encryption make it more difficult for law enforcement and others to read private communications.


The information in this article is provided courtesy of the United States Department of Homeland Security (DHS) NATIONAL PROTECTION AND PROGRAMS DIRECTORATE OFFICE OF CYBER AND INFRASTRUCTURE ANALYSIS (OCIA) and is based on the following sources and definitions:


1  The Open Web is any portion of the World Wide Web (Web) accessible with traditional Web browsers such as Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer.

2  Note that the Darknet, Dark Web, and Deep Web—the portion of the Open Web not indexed by common search engines—are distinct, although the terms are often used interchangeably. Also, these terms are often spelled differently from publication to publication. Examples include “Dark Net,” or “Darkweb.”

3  Chertoff, M. and Simon, T. (2015). “Impact of the Dark Web on Internet Governance and Cyber Security.” Paper Series: No. 6. Global Commission on Internet Governance.

Accessed May 5, 2017.

4  This is the definition used by OCIA and is not necessarily consistent with definitions used by other publications.

5 Syverson, P. “The Once and Future Onion.” Presentation delivered at the DHS/OCIA Workshop on the Future of the Darknet. Accessed February 17, 2016.

6  Levine, Y. (July 16, 2016). “Almost Everyone Involved in Developing Tor was (or is) Funded by the U.S. Government.” Pando. Accessed April 19, 2016.

7  “Metrics.” Tor Project. Accessed December 21, 2016.

8  “Tor: Hidden Service Protocol.” Accessed April 16, 2016.

9  Liu, P., et al. (2014). “Empirical Measurement and Analysis of I2P Routers.” Journal of Networks. Vol. 9, No. 9.

10  Ciancaglini, V., et al. (2014). “Deepweb and Cybercrime: It’s Not All About TOR.” Irving, TX: Trend Micro. p. 6.

11  “Tor Overview.” Accessed April 16, 2016.

12  “Who uses Tor?” Accessed June 8, 2017.

13  Ciancaglini, V., et al. (2014). “Deepweb and Cybercrime: It’s Not All About TOR.” Irving, TX: Trend Micro. p. 6.

14  Owen, G. and Savage, N. (2015). “The Tor Dark Net.” Paper Series: No. 20. Global Commission on Internet Governance. p. 2. Accessed May 5, 2017.

15  Zetter, K. (2008). “New Service Makes Tor Anonymized Content Available to All.” WIRED.

anonymized. Accessed 17 May 2016.

16  U.S. Attorney’s Office. (October 25, 2013). “Manhattan U.S. Attorney Announces Seizure of Additional $28 Million Worth of Bitcoins Belonging to Ross William Ulbricht, Alleged Owner and Operator of “Silk Road” Website.” FBI, U.S. Department of Justice. bitcoins-belonging-to-ross-william-ulbricht-alleged-owner-and-operator-of-silk-road-website. Accessed June 8, 2017.

17  Soska, K. and Christin, N. (2015). “Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem.” 22nd USENIX Security Symposium (USENIX Security 2015). Washington, D.C.

18  Hall, J. (2016). “MIT researchers devise a security anonymity network that’s 10x faster than Tor.” Accessed May 8, 2017.

19  Finley, K. (2014). “Out in the Open: Inside the Operating System Edward Snowden Used to Evade the NSA.” Wired. Accessed October 20, 2016.

20  Zetter, K. (2008). “New Service Makes Tor Anonymized Content Available to All.” WIRED. anonymized. Accessed 17 May 2016.

21  Intellipedia. “Virtual private network.” Accessed May 13, 2016.

22  Beal, V. “VPN – virtual private network.” Accessed May 13, 2016.

In this universally celebrated season of light, may the light of law and order illuminate the true path to peace for us all. Amen.

Wishing you all a Joyous, Healthy and Prosperous Holiday Season and for many New Years to come.


This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 15,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.