Threats from the Dark: A Review over Dark Web Investigation Research for Cyber Threat Intelligence

From proactive detection of cyberattacks to the identification of key actors, analyzing contents of the Dark Web plays a significant role in deterring cybercrimes and understanding criminal minds. Researching in the Dark Web proved to be an essential step in fighting cybercrime, whether with a standalone investigation of the Dark Web solely or an integrated one that includes contents from the Surface Web and the Deep Web. In this review, we probe recent studies in the field of analyzing Dark Web content for Cyber Threat Intelligence (CTI), introducing a comprehensive analysis of their techniques, methods, tools, approaches, and results, and discussing their possible limitations. In this review, we demonstrate the significance of studying the contents of different platforms on the Dark Web, leading new researchers through state-of-the-art methodologies. Furthermore, we discuss the technical challenges, ethical considerations, and future directions in the domain.

Crawling the Deep Web Using Asynchronous Advantage Actor Critic Technique

In the digital world, World Wide Web magnitude is expanding very promptly. Now a day, a rising number of data-centric websites require a mechanism to crawl the information. The information accessible through hyperlinks can easily be retrieved with general-purpose search engines. A massive chunk of the structured information is invisible behind the search forms. Such immense information is recognized as the deep web and has structured information as compared to the surface web. Crawling the content of deep web is very challenging and requires filling the search forms with suitable queries. This paper proposes an innovative technique using an Asynchronous Advantage Actor-Critic (A3C) to explore the unidentified deep web pages. It is based on the policy gradient deep reinforcement learning technique that parameterizes the policy and value function based on the reward system. A3C has one coordinator and various agents. These agents learn from different environments, update the local gradients to a coordinator, and produce a more stable system. The proposed technique has been validated with Open Directory Project (ODP). The experimental outcome shows that the proposed technique outperforms most of the prevailing techniques based on various metrics such as average precision-recall, average harvest rate, and coverage ratio.

HackerRank: Identifying key hackers in underground forums

With the rapid development of the Internet, cybersecurity situation is becoming more and more complex. At present, surface web and dark web contain numerous underground forums or markets, which play an important role in cybercrime ecosystem. Therefore, cybersecurity researchers usually focus on hacker-centered research on cybercrime, trying to find key hackers and extract credible cyber threat intelligence from them. The data scale of underground forums is tremendous and key hackers only represent a small fraction of underground forum users. It takes a lot of time as well as expertise to manually analyze key hackers. Therefore, it is necessary to propose a method or tool to automatically analyze underground forums and identify key hackers involved. In this work, we present HackerRank, an automatic method for identifying key hackers. HackerRank combines the advantages of content analysis and social network analysis. First, comprehensive evaluations and topic preferences are extracted separately using content analysis. Then, it uses an improved Topic-specific PageRank to combine the results of content analysis with social network analysis. Finally, HackerRank obtains users’ ranking, with higher-ranked users being considered as key hackers. To demonstrate the validity of proposed method, we applied HackerRank to five different underground forums separately. Compared to using social network analysis and content analysis alone, HackerRank increases the coverage rate of five underground forums by 3.14% and 16.19% on average. In addition, we performed a manual analysis of identified key hackers. The results prove that the method is effective in identifying key hackers in underground forums.

Use of Darknet to prepare and commit crimes

The article examines the concept, essence, specificity, structural elements of the Surface Network (from the English «Surface web») as well as so-called Deep Internet (from the English «Deep web»). The peculiarity of the use of the deep Internet in which the content is available only through connections created with the help of special software is discussed. The article describes the type of network separated from the rest of the public content forming the Darknet. It existed under the name of ARPANET (network of advanced research project agencies) before the civilian Internet known to us today has been separated from it. The creators of the Darknet haven’t foreseen all its applications. The paper lists software products used to connect to the Darknet. The purpose of special software products usage is to ensure its users’ maximum anonymity to complicate the tracking of their identity, IP-address as well as location in the network. The study reveals the main types of Darknet crimes and outlines ways to improve law enforcement activities to tackle these crimes. In addition, it identifies the problem of development and increasing use of the dark web for criminal purposes.

Illicit Activities Beneath the Surface Web: Investigating Domestic Extremism on Anonymous Social Media Platforms

At the beginning of 2021, the Internet was used to spread words to incite insurrection and violence through social media, incited a pro-Trump mob riot into a U.S. Capitol building. Furthermore, due to recent acts of domestic terrorism in Texas, New Zealand, and California, police authorities have begun investigating social media presence that premeditated harmful acts. In all three instances, the shooters posted their manifesto online and had a presence on 8chan. The common thread among all shooters is their identification as a white nationalist and their social media site affiliation with Infinitechan, where they hid their radical ideas. Similarities in the shooters’ profiles include their perceived viewpoints of population groups regarding their political, ethnic, and social identities. This paper will provide insight into the forums where domestic terrorists spread their agendas. It will also set the foundation for further research towards a strategic algorithm that compiles and analyses relevant users’ profiles by using OSINT and data analytics techniques).

Thai Citizens and their roles in National Security of Thailand

The objective in this study was to investigate the state of art of Thai citizens and their roles in national security of Thailand. Documentary research was employed in this study. The findings revealed that Thai citizens played a big role as both supporters and objectors for national security of Thailand due to both external and internal changes. As supporters of Thai government’s jurisdiction, good citizens must comply with IT-related laws that allowed Ministry of Digital Economy and Society (MDES) and related authorized agencies that enhanced the level of controlling on data via surface web sites. As objectors, they committed civil disobedience-oriented activities beyond Thai government’s jurisdiction via the application of privacy-based non-governmental cryptocurrency (such as Monero) and web browsers for underground web sites (such as TOR and I2P) for hiding all data of their identities and money transfer. In addition, Thai citizens were also protected by net states as citizen-user in a form of business civil disobedience.

Information Retrieval in the Hidden Web

Information retrieval is finding material of unstructured nature within large collections stored on computers. Surface web consists of indexed content accessible by traditional browsers whereas deep or hidden web content cannot be found with traditional search engines and requires a password or network permissions. In deep web, dark web is also growing as new tools make it easier to navigate hidden content and accessible with special software like Tor. According to a study by Nature, Google indexes no more than 16% of the surface web and misses all of the deep web. Any given search turns up just 0.03% of information that exists online. So, the key part of the hidden web remains inaccessible to the users. This chapter deals with positing some questions about this research. Detailed definitions, analogies are explained, and the chapter discusses related work and puts forward all the advantages and limitations of the existing work proposed by researchers. The chapter identifies the need for a system that will process the surface and hidden web data and return integrated results to the users.

Ciberterrorismo e soberania: análise da Operação Hashtag como ato atentatório ao Estado

Devido a expansão e progressão tecnológica, bem como o uso intenso da Internet, foi possibilitado o surgimento de diversos crimes praticados no âmbito virtual, tais como o ciberterrorismo. Desse modo, o presente trabalho monográfico propõe, em síntese, um estudo acerca dos atos ciberterroristas, perfazendo uma análise de sua conceituação e atuação no âmbito virtual, seja na Surface Web, Deep Web ou Dark Web e, ainda, de como deverá ser aplicado o ordenamento jurídico brasileiro quando da incidência do referido crime. Ademais, destaca-se que esses ataques terroristas, um problema mundial que aparentava ser distante da realidade brasileira e que agora são passíveis de realização no ciberespaço, possuem o potencial de causar o pânico na sociedade, ameaçando, inclusive, um Estado, tornando-os refém do medo. Tendo em vista tais aspectos, será feita uma apreciação da legitimidade para aplicação da Lei Antiterrorismo (Lei nº 13.260, promulgada em 16 de março de 2016) de caráter excepcional, bem como um estudo de caso concreto da primeira aplicação efetiva da Lei. A problemática da nova realidade tecnológica será abordada mediante pesquisa exploratória que visa analisar uma real possibilidade de ataque ciberterrorista. O método de pesquisa utilizado é o bibliográfico, através de artigos, críticas e reflexões, ponderando seu impacto no Direito Penal vigente. Todavia, não se pode descartar a possível desestabilização do Estado em razão da propagação ao terror causado por essa cibercriminalidade, sendo necessária uma adequada abordagem devido ao grau de periculosidade, excepcionalidade e dimensão dos danos, com embasamento nos direitos fundamentais previstos na nossa Carta Magna.