Intelliagg, a European security researcher, and Darksum, its U.S. affiliate, have released a new report titled “Shining a Light on the Dark Web.” Its focus is the Tor browser, which is the most common and largest compilation of dark websites.

The study defines the Dark Web as content that cannot be reached without the use of specialized encryption software. It is not indexed by search engines, and those who use it can do so with what they feel to be anonymity.

Analyzing the Dark Web

They found that, over two weeks in February 2016, only 29,532 sites used Tor’s .onion suffix as a top-level domain identifier, which means they are reachable by the Tor browser. To get this figure, researchers started by using pre-existing lists of Tor links. They also used spider programs and conducted an analysis of the Tor network itself.

The report found that 54 percent of these addresses were not continually available, which could mean they were specialized, functional sites such as the command-and-control center of a botnet or file-sharing applications.

Classifications of Sites

Intelliagg went on to manually classify the content of 1,000 discovered sites before using an AI training template for the remaining websites.

The analysis found 76 percent of the sites were in English, while 4 percent were in German and 3.7 percent were in Chinese.

Interestingly, less than half of identified sites — 48 percent — engaged in activities that were illegal under U.S. or U.K. law, while 52 percent were classified as legal.

“I thought it would be mostly guns and drugs, but actually if you look at the content, there is much more file sharing, discussion boards and generally good uses for the Dark Net,” Thomas Olofsson, CEO of Intelliagg, told SC Magazine. “Some of the sites were anything from whistleblowing sites to sites where journalists are digging up research.”

The Upshot of It All

The report noted the potential advantages of the Dark Net. “Tor hidden services have a number of properties that make them useful to those worried about ‘man-in-the-middle attacks’ on the Internet — where a communication is changed or intercepted, something sometimes done by government agencies,” researchers wrote.

“However, this legitimate use of Tor has yet to be employed widely. Nonetheless, we expect it to increase over time and, eventually, the technologies developed by the Tor project to become mainstream, with positive benefits for security and privacy.”

The Dark Web has not yet been fully charted or understood. Though its noncriminal sites may have admirable purposes, there is still no public way to fully chart all the activities or weed out the malicious activities from the legitimate.

more from

To Cybersecurity Incident Responders Holding the Digital Front Line, We Salute You

Over the course of two decades, I’ve seen Incident Response (IR) take on many forms. Cybercrime’s evolution has pulled the nature of IR along with it — shifts in cybercriminals’ tactics and motives have been constant. Even the cybercriminal psyche has completely rebirthed, with more collaboration amongst gangs and fully established ransomware enterprises running. When I was first starting off,…