Strategies for Combating Dark Networks

Dark networks, which describe networks with covert entities and connections such as those representing illegal activities, are of great interest to intelligence analysts. However, before studying such a network, one must first collect appropriate network data. Collecting accurate network data in such a setting is a challenging task, as data collectors will make inferences, which may be incorrect, based on available intelligence data, which may itself be misleading. In this paper, we consider the problem of how to effectively sample dark networks, in which sampling queries may return incorrect information, with the specific goal of locating people of interest. We present RedLearn and RedLearnRS, two algorithms for crawling dark networks with the goal of maximizing the identification of nodes of interest, given a limited sampling budget. RedLearn assumes that a query on a node can accurately return whether a node represents a person of interest, while RedLearnRS dispenses with that assumption. We consider realistic error scenarios, which describe how individuals in a dark network may attempt to conceal their connections. We evaluate and present results on several real-world networks, including dark networks, as well as various synthetic dark network structures proposed in the criminology literature. Our analysis shows that RedLearn and RedLearnRS meet or outperform other sampling strategies.

Social network analysis (SNA) conclusions are drawn on terrorist and dark network data sets that may provide erroneous results due to an indeterminate amount of missing data or data corruption. Compounding these effects, information sources reporting on terrorist groups and other dark network organizations may intentionally or unintentionally provide false data. These introduced errors may be significant as they could produce analytic results that are counter to the true situation, leading to misappropriation of resources, improper strategy adoption, and erroneous actions. Analyst cognizance of the causes of imperfect social network data, the importance of proper boundary specification, biases introduced via the employed data collection methods, and characteristics of social network information sources, particularly inherent informant accuracy assumptions, are necessary for SNA analysts to ascertain the resultant social network model's limitations and the inferences that can properly be drawn from the analysis. Specific to investigating terrorist groups and dark networks, trusted and deceptive social network information sources are introduced.

The Industrial Internet of Things (IIoT) also referred as Cyber Physical Systems (CPS) as critical elements, expected to play a key role in Industry 4.0 and always been vulnerable to cyber-attacks and vulnerabilities. Terrorists use cyber vulnerability as weapons for mass destruction. The dark web's strong transparency and hard-to-track systems offer a safe haven for criminal activity. On the dark web (DW), there is a wide variety of illicit material that is posted regularly. For supervised training, large-scale web pages are used in traditional DW categorization. However, new study is being hampered by the impossibility of gathering sufficiently illicit DW material and the time spent manually tagging web pages. We suggest a system for accurately classifying criminal activity on the DW in this article. Rather than depending on the vast DW training package, we used authorized regulatory to various types of illicit activity for training Machine Learning (ML) classifiers and get appreciable categorization results. Espionage, Sabotage, Electrical power grid, Propaganda and Economic disruption are the cyber warfare motivations and We choose appropriate data from the open source links for supervised Learning and run a categorization experiment on the illicit material obtained from the actual DW. The results shows that in the experimental setting, using TF-IDF function extraction and a AdaBoost classifier, we were able to achieve an accuracy of 0.942. Our method enables the researchers and System authoritarian agency to verify if their DW corpus includes such illicit activity depending on the applicable rules of the illicit categories they are interested in, allowing them to identify and track possible illicit websites in real time. Because broad training set and expert-supplied seed keywords are not required, this categorization approach offers another option for defining illicit activities on the DW.

Data is termed as huge asset in today’s World. In this paper, an introduction to WWW, classification of different kinds of web, i.e. surface web, deep web and dark web is discussed along with differences among them. Trending research on deep and dark web is discussed focusing on benefits of deep web. The significance of searching deep web data underneath the surface web aids in getting access to gigantic data as 96% of data is hidden inside the deep web and it is freely available. TOR is a tool to access the deep data and how this works along with its benefits are deliberated and is the objective of this chapter. Deep web accessing method is described in detail with suitable examples. Ongoing research in deep web is discussed and later, attacks faced by the deep web and how cyber criminals use the dark web is emphasized. An overview of web, types of web and how it works is discussed focusing on surface web, deep web and dark web. Distinguish characteristics between deep and dark web are portrayed well with suitable examples. Attacks faced by the deep web are explained and the need to secure individuals system when accessing data hidden deeply inside the web and necessary measures to be considered are discussed.KeywordsSurface webDeep webDark webTORPhishing and cyber security attacks

In the era of big data, the amount of information on dark network resources has exploded. Massive dark network data contain abundant information. To detect dark network resources and obtain dark network information, in-depth understanding of the dark network is a prerequisite. However, due to the high anonymity of dark network, it is usually difficult to be found by traditional search engines. Users need to register strictly and use specific tools to log in dynamically. In this paper, we explore the simulation of dark network scene in the big data environment. The Tor network is built on the openstack platform, which simulate the dark network scene. By using wireshark software to analyze network traffic, and using nmon tool to analyze network performance, the results show that the dark network scene can be simulated realistically.

The blockchain technology is a distributed ledger system where it is distributed among the users who does the transactions using this technique, it first came in trend after the sudden rise in the value of bitcoin in 2017 and then people get to know about this blockchain system and its working, it provides anonymity and security both to the user and that is why cryptocurrencies like Bitcoin and now Monero are using the blockchain method to ensure the safe, secure and untraceable transactions. Anonymity and security are like two edges of the same sword, they can be used for the great purposes like protecting the privacy of people, fostering, freedom of speech etc on the other hand they can be misused for the illegal activities happening over the internet like cyber terrorism and perpetrators often go unaccounted for their acts. Where there are many qualities of blockchains there are also some downsides too, because of increased security and anonymity it worked as a fuel for the dark web users to illicit transactions and do the illegal activities on the dark web. In this paper we have shown what are the downsides of blockchain, how the transaction happen on the dark web happens and how we can regulate and track the illegal activities on the dark web using regulated and sovereign backed cryptocurrencies.

To date, most social network analyses (SNAs) of terrorist groups have used network data that provide snap-shots of the groups at a single point in time. Seldom have they used network data that take into account how the groups have changed over time. In this article, a unique longitudinal network data set, the Noordin Top terrorist network from 2001 to 2010, is examined in order to explore whether a recently developed method – social network change detection (SNCD) – can help analysts monitor a dark network's topography (e.g. centralization, density, degree of fragmentation) in order to detect significant changes in its structure and identify possible causes. The application of change detection to this historical data set illustrates the method's potential usefulness, including its ability to detect significant changes in the network in response to a series of exogenous factors, such as the acquisition of bombing materials, the capture of key leaders and groups, and the death of Noordin himself. The method's inability to detect other significant events, however, highlights important limitations when working with it. While SNCD should not be the only method analysts have at their disposal, the results detailed in this article suggest that it should be included in their toolkit.

No abstract available.

The complexity of the current threat landscape associated with terrorism and criminal networks continues to be a top national and global security agenda item. With heightened awareness and concern regarding the proliferation and expansion of ISIL and connections to homegrown violent extremism, understanding the network structure and functional perspectives is a key enabler to supporting counter terrorism disruption strategies. Challenges associated with understanding these ‘dark networks’ stems both from contextualizing the information (plagued by uncertainty and ambiguity) and from the multiplex nature of the actors whereby they can share more than one type of relation. In this exploratory work, Counter-Terrorism Architectural Frameworks (CTAF) is introduced as an application of the Department of Defense Architectural Frameworks (DODAF) to support ‘opening the blackbox’ of terrorist activities to identify terrorist network vulnerabilities and to develop disruption strategies. The multiple views afforded by the application of DODAF provides a more comprehensive picture to support decision making and can highlight the complex organizational dynamics that are not readily observable through Social Network Analysis (SNA) alone. In this chapter the methodology is explained and applied to an analysis of the Lashkar-e-Taiba (LeT) terrorist network (Subrahmanian et al. in Computational analysis of terrorist groups: Lashkar-e-Taiba. Springer, Berlin, 2013) and the Noordin Top terrorist network (Roberts and Everton in J Soc Struct 12(2), 2011).

Crime, terrorism, and other illegal activities are increasingly taking place in cyberspace. Crime in the dark web is one of the most serious challenges confronting governments around the world. Dark web makes it difficult to detect criminals and track activities, as it provides anonymity due to special tools such as TOR. Therefore, it has evolved into a platform that includes many illegal activities such as pornography, weapon trafficking, drug trafficking, fake documents, and more specially terrorism as in the context of this paper. Dark web studies are critical for designing successful counter-terrorism strategies. The aim of this research is to conduct a critical analysis of the literature and to demonstrate research efforts in dark web studies related to terrorism. According to result of study, the scientific studies related to terrorism activities have been minimally conducted and the scientific methods used in detecting and combating them in dark web should be varied. Advanced artificial intelligence, image processing and classification by using machine learning, natural language processing methods, hash value analysis, and sock puppet techniques can be used to detect and predict terrorist incidents on the dark web.

The use of hacking tools by law enforcement to pursue criminal suspects who have anonymized their communications on the dark web presents a looming flashpoint between criminal procedure and international law. Criminal actors who use the dark web (e.g. in the commission of a crime or in order to evade authorities) obscure digital footprints left behind with third parties, rendering existing surveillance methods obsolete. In response, law enforcement has implemented hacking techniques that deploy surveillance software over the Internet in order to directly access and control criminals’ devices. The practical reality of the underlying technologies makes it inevitable that foreign-located computers are subject to the remote “searches” and “seizures” that take place. The result may well be the greatest extraterritorial expansion of enforcement jurisdiction in U.S. law enforcement history. This article examines how the use of hacking tools on the dark web profoundly disrupts the legal architecture upon which cross-border criminal investigations rest. The overseas cyber operations that result raise increasingly difficult questions regarding just whom may authorize these activities, where they may be deployed, and whom they may lawfully be executed against. The rules of criminal procedure fail to regulate law enforcement hacking because they allow these critical decisions to be made by rank-and-file investigators, despite potentially disruptive foreign relations implications. This article outlines a regulatory framework that reallocates decision-making to institutional actors best suited to determine U.S. foreign policy, without sacrificing law enforcement’s ability to identify and locate criminal suspects that have taken cover on the dark web.

Dark networks such as terrorist networks and narcotics-trafficking networks are hidden from our view yet could have a devastating impact on our society and economy. Understanding the topology of these dark networks can reveal greater insight into these clandestine organizations and help develop effective disruptive strategies. Based on analysis of four real-world “dark” networks, we found that these covert networks share many common topological properties with other types of networks. Their efficiency in communication and flow of information, commands, and goods can be tied to their small-world structures characterized by small average path length (l) and high clustering coefficient (C). In addition, we found that because of the small-world properties, dark networks are more vulnerable to attacks on the bridges that connect different communities than to attacks on the hubs. This may provide authorities with insight for intelligence and security purposes. An interesting finding about the three human dark networks is their substantially high clustering coefficients, which are not always present in other empirical networks.

While the Web has evolved to be a global information platform for anyone to use, terrorists are also using the Web to their own advantages. Many terrorist organizations and their sympathizers are using Web sites and online bulletin boards for propaganda, recruitment and communication purposes. This alternative side of the Web, which we call the Dark Web, could be analyzed to enable better understanding and analysis of the terrorism phenomena. However, due to problems such as information overload and language barrier, there has been no general methodology developed for collecting and analyzing Dark Web information. To address these problems, we developed a Web-based knowledge portal, called the Dark Web Portal, to support the discovery and analysis of Dark Web information. Specifically, the Dark Web Portal integrates terrorist-generated multilingual datasets on the Web and uses them to study advanced and new methodologies for predictive modeling, terrorist (social) network analysis, and visualization of terrorists’ activities, linkages, and relationships.

Due to its anonymity and non-traceability, it is very difficult to research websites on the dark network. The research of the dark network is very important for our network security. Now there is very little data for studying the dark network, so we independently developed dark web crawler that runs automatically. This article will detail the implementation process of our dark web crawler and the data analysis process of crawled data. Currently, we can use crawled data to detect if multiple urls belong to the same site. We can use data to extract features of similar websites and we have generated an ever-increaing data set that can be used for simple website classification.We use the crawled data as a categorical dataset to categorize newly discovered urls.When we get the a certain number of new urls, we crawl again and the crawled data will be added to the previous data set. After multiple rounds of crawling, our data sets will be more and more abundant. through our approach, we can solve the problem that the dark network data is small, researchers can use our method to get enough data to study all aspects of the dark network.

Nowadays, everyone has access to a burst of data in Cyberspace. The classic Web or Clear web consists of all the sites Internet and pages that are indexed by search engines conventional research; however, it only represents 5% of the entire web. Despite the multiple Internet advantages, it can hide several threats for nations and people, such as blackmail, illegal drugs and arms sales and murder. This side is the dark side of Internet which includes illegal activities starting from bullying to terrorism. In this paper, we define the Dark Web (DW) and who are the users of this part of cyberspace. We define dark web and emphasize illegal activities related to it. Our study focuses on cyber terrorism activities. Additionally, we define what is cyber terrorism? Who are the responsible of it and why this phenomenon has been exacerbate in the last few years? Moreover, present efforts done by international and national organization to combat against this phenomenon