C5.5 Dark Web Information from Technical Sources

1. Tor Network

The Tor network facilitates anonymous access to the Dark Web, and routes internet traffic through multiple relays to obscure users' locations and identities. This anonymity can be critical for:

• Understanding Threat Evolution: Despite attempts to remain hidden, threat actors may leave traces that reveal the growth, spread, and evolution of threats. This information is invaluable to contextualise threats and determine protective actions.
• Hidden Services: Tor hosts hidden services—sites with obscure domain names that are not indexed by conventional search engines. These sites often host illicit activities such as drug or weapons sales, which necessitates strategies to bypass traditional security measures.

2. Cryptocurrency Transactions

Cryptocurrencies like Bitcoin provide a popular means to conduct transactions on the Dark Web due to their decentralised nature and the anonymity they offer:

• Tracking Illicit Transactions: Law enforcement agencies focus on those behind Dark Web crime markets and forums, particularly through their cryptocurrency transactions. Understanding these financial flows is crucial to dismantle illegal operations.
• Marketplace Dynamics: The Dark Web hosts underground marketplaces that facilitate illegal transactions and include the sale and purchase of drugs, weapons, and stolen data. Monitoring these marketplaces helps understand the scope and scale of cybercriminal activities.

Underground Marketplaces

These platforms are critical in the ecosystem of the Dark Web, and offer a variety of illegal goods and services:

• Financial Data: Items such as credit card numbers and bank account information are traded, which are valuable to commit financial fraud.
• Personally Identifiable Information (PII): This includes names, addresses, and social security numbers, which criminals use for identity theft and other fraudulent activities.
• Compromised Accounts and Malware: Access to compromised email and social media accounts is sold, along with tools like exploit kits and malware, which are used to conduct further cyberattacks.

3. Phone Records

Phone records provide comprehensive data on an individual’s communications, which can include:

• Tracking Communications: Details such as the date, time, and duration of calls, along with the involved phone numbers, can reveal an individual’s contacts and patterns of behavior.
• Location Data: Collected from mobile phones, GPS devices, and social media, location data is used to track individuals’ movements and establish behavior patterns.

4. Surveillance Footage

Footage from CCTV cameras and other recording devices offers a visual record of events:

• Event Reconstruction: The analysis of surveillance footage can help identify individuals, track their movements, and reconstruct events which provide critical evidence for law enforcement and security analysis.
• Electronic Monitoring: Technologies used for remote monitoring, such as ankle bracelets and GPS trackers, play a vital role in law enforcement to ensure compliance with court orders and track individuals’ movements.

5. Big Data Analysis

This involves examining large datasets to uncover patterns and insights that inform security strategies:

• Machine Learning: By training models on vast amounts of data, analysts develop systems that can predict outcomes and identify anomalies without explicit programming for each task.
• Predictive Modeling: Employing statistical techniques and machine learning algorithms, predictive modelling forecasts future events based on past data, aiding in risk management and security planning.