Did you ever visit the Dark Web?

[JoFrance]

I keep getting an offer from Norton for a dark web scan.  I know they're doing it so they can sell me on a Lifelock subscription, but if I did do the scan to see if my email is out there, how concerned should I be if it is?  Couldn't I just change my email password and be ok?

At this point, there has been so many data hacks, I would think just about everyone's email address would be out there.  There have been big hacks for years to get people's identities.  I wonder how many people really were affected. 

Still, identity theft is very scary.

[G0ddard B0lt]

The dark web is all of the web that's visible through the Tor router and Tor browser. Allegedly even government spooks can't identify users from their dark web addresses alone, because it was CIA/NSA engineering used to create Tor in the first place, as an intelligence tool. So anyone trading stolen information on the darkweb is pretty well anonymous. Basically it's another "internet" side by side the public/real internet.

When I've used Tor and moused around there I guess I never found all of the good places where snuff movies and bomb making are available.

Once in awhile on some internet bulletin boards (example: the forum on "roadfood.com" gets this a lot) thieves will post offers of stolen credit card numbers and CV code lists for sale. I suppose even this board could get used to host such offers, until I see it and take it down.

So Norton is saying that they know places on the dark web where stolen ID credentials are available and they crawl that data?

[JoFrance]

They say they can scan the dark web for your email address and help you fix any problems if your identity is stolen.  This is their ad (minus the graphics).


   Norton by Symantec
   
Check to see if your email address is on the dark web?
CHECK NOW
   
   

You chose Norton to secure you everywhere online. Now it’s essential to have protection for your identity and if it’s stolen, get the right help to fix it. Data breaches can happen anywhere, anytime—even at big companies we know and trust. Here are just a few recent breaches:

BestBuy®, Delta Airlines, Sears, & Kmart   
Online chat service provider exposed names, addresses
and credit card numbers
in 2017 data breach

Cambridge Analytica™   
Up to 87 million Facebook™
users' public profile data
harvested by the political
consulting firm

Orbitz.com®   
Up to 880,000 customers'
payment card numbers
and related information may
have been accessed in
data breach

PaneraBread.com   
KrebsOnSecurity reports
over 37 million consumer
records vulnerable on
website for months

Saks Fifth Avenue, Saks OFF 5th and Lord & Taylor stores   
As many as 5 million
debit and credit cards
reported breached

Under Armour®   
Approximately 150 million
MyFitnessPal™ accounts
accessed

Don't wait for The Next Breach

Because you don't know when the next breach will happen, it's more important than ever to get help protecting your identity. Here's why:

Equifax
Long after a data breach,
criminals can use your
personal info to harm
your identity.   Equifax
Over half of consumers
have experienced a
data breach.°
Equifax
Because criminals can use
your info to file a tax return and
more, putting a freeze on your
credit may not be enough.


We Help Fix Identity Theft Problems

Norton and LifeLock are now part of the same company so we can help protect your identity. Not only do we see potential threats that you could miss by just monitoring your credit†, we can also help you restore your good name if your identity is ever stolen. Unsure if you need identity theft protection? Check to see if your email address is detected on the dark web.

CHECK NOW
–Your Norton Team


I don't know how Norton knows what to scan on the dark web, they don't say.  Just scan it, dummy!  You don't need to know our methods.  I bet if I did scan it, they'd be putting my email address out on the dark web.  What prevents them from doing that?  Who would know?

I'm really skeptical.  I guess Tor is only good if you know where to look.  Criminals know where but does Norton?  I kind of doubt it. 

[G0ddard B0lt]

Three things.

It's just a marketing angle.

Norton cashing in on a current awareness of something almost nobody (not even here on this supposed IT board) really understands, the dark web.  It adds plausibility to paranoia.

Obscurity? Think - reformed black hats. This information is semi-well-known in hacking circles. How do journalists and whistle blowers find out this stuff? They probably have reformed black hats as sources who look for or are aware of this stuff.

Thirdly, about "searching for". If Norton even HAS this information then Norton *probably* crawls the dark web based  data  files  or websites for evidence. I doubt it's a real time up to the second transactional database of hacked information.  Norton doesn't have to store everything, just the key identifying information such as personal email addresses.

Doable if they actually back up the marketing hype with actions.

[ilconsiglliere]

I have been on it just to look but was always careful about what I looked at. If you dont think the govmt is watching everyone than you got rocks in your head.

[JoFrance]

I've always been very leery about even looking out there, especially because of the government.  Still, what if my email address was available on the dark web?  I don't think I should be alarmed at that.

Norton is using fear to market their product, but if I change my password, my email address is useless.  They don't really say how they get their information to determine you're on the dark web.

Experian offers a more extensive scan for your social security number

https://www.experian.com/consumer-products/free-dark-web-email-scan.html

Both Norton and Experian offer to monitor your credit to combat any threat.

[G0ddard B0lt]

I looked this up because the assertions in this thread about the guv knowing that you visit the dark web were concerning to me.

The NSA is interested if you have even downloaded Tor or used a Tor browser: https://www.cnet.com/news/nsa-likely-targets-anybody-whos-tor-curious/

Four years old:

81% of Tor users can be de-anonymised by analysing router information, research indicates

Last year:

Tor users at risk of being unmasked by ultrasound tracking

Apparently, Tor the protocol is pretty unbreakable, so tracking needs to happen by taking advantage of network hardware quirks or leveraging the local environment (sounds.)

[Richardk]

I've heard some of that too, where they can look at packet delays and other quirks to track down where you are. I would think at some point the "selected pool" gets small enough that a brute force approach can single out who they are looking for.

Being targeted just for checking out Tor is weird. The government created it but if you check it out, to see your tax dollars at work, then you get put on a list? Yikes, I routinely use Tor at work to keep my employer out. No need for them to see my job search during lunch.

Oh, what if everyone used Tor and the dark web? Then their database would be useless since it would include all users.

On a side note, I like how the article once again refers to Snowden. Love him or hate him but without him, how much of this would be unknown?

[jbucks]

I find all the "Dark Web" fearmongering hilarious.

I can remember when it was all "Dark Web" (Dark Web being a web server that has not been crawled / indexed by something - Google, Yahoo, etc.).

During my recent cleaning out of old stuff, I have books (The Internet Phone Book, etc.) and file folders full of sheets and sheets of IP's and web addresses / ftp sites, etc.   If you didn't get the info about the location passed to you, it was "dark".....

sigh......

Jim

[Richardk]

You bring up a great point! I always thought that the "Dark Web" was just like you stated, simply sites that have not been indexed or publicly known.

Yet I sometimes hear about how you have to use Tor or special protocols or some kind of magic because it's all scary. So which is it? I suspect it's people that don't know what they are talking about but I wonder if there's a part of the web that requires something special?

In the end it's all IP addresses and maybe the "magic" is knowing what you're connecting to and the appropriate protocol? Not every site is a web server, and I've seen people discover ftp sites like it's a new continent.  Heck, you can have a service sitting at an IP that's very specific and it can look all "magical".

Here's a throw back about the dark web, ever have your modem randomly dial numbers and see what it connects to?

[G0ddard B0lt]

I find all the "Dark Web" fearmongering hilarious.

I can remember when it was all "Dark Web" (Dark Web being a web server that has not been crawled / indexed by something - Google, Yahoo, etc.).

During my recent cleaning out of old stuff, I have books (The Internet Phone Book, etc.) and file folders full of sheets and sheets of IP's and web addresses / ftp sites, etc.   If you didn't get the info about the location passed to you, it was "dark".....

sigh......

Jim

Jim, I believe that the Tor router is necessary to view those dark web sites. That's the main difference between today's indexed web and yesteryear's startup web.

Otherwise, this is exactly the missing piece that's been bugging me about the phrase "dark web". Before search engines, when everything was manually indexed, all websites were obscure backwaters.

[G0ddard B0lt]

Ok, you alleged IT people who oughta find this stuff out yourselves ... lol... here is the specific definition of dark web services. It's a lot more than Jbucks described but does have definitely similarities culturally with the pre-boom Internet.

Dark web sites use specific address resolution and handshake protocols that are quite different from the normie internet.

I was wondering myself if it were possible to use a commercial VPN instead of Tor to go to the sites. The issue here is that Tor uses something called rendevous points to keep both sides, client and server anonymous. So, no, you absolutely need Tor software.

From ICANN itself: https://www.icann.org/news/blog/the-dark-web-the-land-of-hidden-services

Names for Dark Websites Unlike the human-readable domain names that we are accustomed to using when we navigate the web, Dark Websites use names of Tor hidden services. These are always 16-character values prepended to the .onion top-level domain. Any computer that runs Tor software can host a hidden (e.g., web) service. Dark Web users often find names out of band, for example, from pastebin or Dark Web market lists.
Tor software operating on a Tor host will create a local file directory, assign a port number for the service, and generate a public-private key pair when it configures a hidden service. Tor software creates a 16-character hostname by first computing a hash of the public key of that key pair and then converting the first 80 bits of this hash from a binary value to ASCII to make the resulting 16 characters conform to the "letter digit hyphen" requirement for the Domain Name System (DNS) protocol.
Dark Web visitors do not use the public DNS to resolve .onion names to Internet Protocol (IP) addresses – instead, resolution occurs using the entirely separate Tor hidden service protocol. This protocol helps services make their existences known and helps clients find services, while preserving the anonymity and the location (IP address) of both client and service. Both the client and the hidden service host have active roles in this process.
First, a Tor host "advertises" a hidden service by creating and publishing a service descriptor to a distributed directory service. This descriptor contains the hidden service public key and a list of Tor nodes that will serve as introduction points, trusted intermediaries for the hidden service. Next, the Tor host creates connections to the introduction points it has listed. Any Tor client that wants to connect to the hidden service can now do so through these introduction points.
To connect to a hidden service, a Tor client queries the directory service for the service descriptor. It randomly chooses an introduction point from the list in the service descriptor. The Tor client then randomly chooses a rendezvous point in the Tor network, anonymously connects to the chosen introduction point through the rendezvous point, and transmits a message to the hidden service via the introduction point. This message contains the identity of the rendezvous point, encrypted using the hidden service's public key, and material needed to begin a cryptographic "handshake." The hidden service also creates a connection back to this chosen rendezvous point and sends a message that completes the cryptographic handshake. At this point, the client and hidden service have set up a private network pathway that is resistant to surveillance – and they can exchange data anonymously and confidentially.
 Why Are All Dark Websites in the .onion Top-Level Domain ? The .onion top-level domain is reserved for hidden service names. Contrary to popular misconception, ICANN did not delegate .onion from the public root of the DNS. The Internet Engineering Task Force (IETF) designated .onion as a special-use top-level domain (see RFC 7686) to be used in implementing an anonymous service with strong confidentiality characteristics, deemed to be "desired new functionality" (see RFC 6761).

[Richardk]

Oh, so the plot thickens...

First am I correct in saying that you can use Tor as a kind of VPN to hide your traffic, bounce it around a bit and have it connect to a normal website? I know that works but the only thing I gain is no prying eyes from my wifi provider, correct? So even if you connect to a wifi honey pot, they don't get anything useful?

Second, with .onion there is a whole other network that is not accessible without Tor. It's more than just "not indexed".

Third, if by chance you "knew" the IP of a .onion site, what would you get using a regular browser? I'm guessing nothing other than some handshaking since the two are not compatible?

[G0ddard B0lt]

Oh, so the plot thickens...

First am I correct in saying that you can use Tor as a kind of VPN to hide your traffic, bounce it around a bit and have it connect to a normal website? I know that works but the only thing I gain is no prying eyes from my wifi provider, correct? So even if you connect to a wifi honey pot, they don't get anything useful?

Second, with .onion there is a whole other network that is not accessible without Tor. It's more than just "not indexed".

Third, if by chance you "knew" the IP of a .onion site, what would you get using a regular browser? I'm guessing nothing other than some handshaking since the two are not compatible?

First, yes. Tor is an OK alternative to commercial VPNs. However... speedwise it's not suitable for videos, torrenting, etc. Plus, most of the commercial CDNs like Cloudflare block Tor exit nodes by policy. So do a lot of websites. I've seen security plugins for Wordpress that block stuff such as Tor.

2nd, yes, just what the article says.

Third, the web server would have to serve the site on port 80 in addition to handling the Tor handoff. And I assume that by intent nobody running a darkweb site will allow confirmation of the site's actual identity.

The dark web is by design in a different universe from the normal/normie internet.

[JoFrance]

I've heard some of that too, where they can look at packet delays and other quirks to track down where you are. I would think at some point the "selected pool" gets small enough that a brute force approach can single out who they are looking for.

Being targeted just for checking out Tor is weird. The government created it but if you check it out, to see your tax dollars at work, then you get put on a list? Yikes, I routinely use Tor at work to keep my employer out. No need for them to see my job search during lunch.

Oh, what if everyone used Tor and the dark web? Then their database would be useless since it would include all users.

On a side note, I like how the article once again refers to Snowden. Love him or hate him but without him, how much of this would be unknown?

Packet delays are very important on a network.  Every device you connect on a network has different speed capabilities.  USB has always been slow, but remote access is even slower.  There is a noticeable difference.  A brute force attack would be pretty easy on a smaller target.

I would like to think that its ok to visit TOR, just to look around, but I think it puts you under suspicion because nefarious sh$t goes on there.