Dark Web mystery: 25,000 new Tor .onion sites have suddenly appeared – and nobody knows why
A mysterious sudden spike has experts perplexed
In an unprecedented surge, tens of thousands of hidden websites have been created on the Dark Web.
Professor Alan Woodward, a visiting professor with the University of Surrey, became aware that between 15-18 February, the number of .onion websites on the Dark Web suddenly shot up to over 60,000 websites from the previous number of 35,000 websites. Growth had been previously consistent in recent months.
"There has never been an increase of that magnitude before. The confounding factor in this latest jump is that the volume of traffic across the Tor network to hidden services has not seen a commensurate jump. If anything the last few days has seen a very small decrease," Woodward wrote in a blog post.
"Whatever or whoever has set up these new .onion sites it is as if they are being created ready for some purpose that we have yet to understand."
Woodward said that he could only think of two reasons for the sudden spike – either that a group of people were working together to suddenly set up a whole slew of new .onion sites, or that somehow a bot was creating the websites.
Other than that, perhaps Tor had suddenly stopped calculating the number of .onion sites correctly (unlikely), or it was due to a new anonymous messaging app called Ricochet that uses Tor to set up connections between two individuals – even then, a jump of over 25,000 in three days was highly unlikely.
What is the Dark Web and the Tor Network?
The Dark Web is a section of the internet not discoverable by conventional means, such as through a Google search or by directly entering a website URL. As the websites are hidden, they are perfect for cybercriminals, who list thousands of goods and services for sale on secret underground marketplaces, including narcotics, chemicals, firearms and counterfeit goods, as well as adverts for services such as hacking, gambling and sports betting.
For extra protection from the authorities, many users of the dark web also use the Tor (named after The Onion Router project) anonymity network to disguise their web traffic and ensure anonymity. In one recent example, the FBI caught a network of paedophiles by taking over their .onion website and running it on their own servers for two weeks.
The Tor technology consists of software that anonymises and redirects internet traffic through a worldwide network of relays, comprised of volunteers who set up their computers as Tor nodes.
Because the data travelling between any two nodes on the network only contains the details of those nodes, the source and final destination are effectively anonymised and protected from interception, and every Tor path is protected by at least three layers of encryption (ie three nodes).
Criminals found to be using 57% of crawlable Dark Web sites
Other than cybercriminals, there are a great number of people who use the Tor browser simply because they want to keep their activities online private. Some of these people create websites or host servers in the Dark Web to keep their users anonymous and prevent prosecution, such as Sci-Hub, the Pirate Bay for Scientists, which is fighting for information to be free and has 48 million academic papers available to download gratis.
However, researchers at King's College London recently found in a new study that 57% of all the websites hidden on the Dark Web are actively facilitating criminal activity such as the sale of drugs, illicit finance and extreme pornography.
The researchers used a crawler bot that discovered 5,205 websites on the Dark Web, but it was only able to properly crawl and analyse the data from 2,723 of these websites. From that number, 1,547 of the websites contained illegal and illegitimate content, but interestingly, there were almost no Islamic extremist .onion websites on the network.
"Militants and extremists don't seem to find the Tor hidden services infrastructure very useful. So there are few jihadis and militants in the darknet," Thomas Rid, professor of Security Studies at King's College London and co-author of the study told the Telegraph.
"It's used for criminal services, fraud, extreme, illegal pornography, cyberattacks and computer crime."
© Copyright IBTimes 2024. All rights reserved.