That's the premise behind "Disinformation" - with award-winning Evergreen host Paul Brandus. Get ready for amazing stories - war, espionage, corruption, elections, and assorted trickery showing how false information is turning our world inside out - and what we can do about it. A co-production of Evergreen and Emergent Risk International.
Democracy Dies In The Dark Web: Combating Disinformation in The Internet's Darkest Corners
| S:2 E:13
"The most common threat that the dark web poses for a disinformation point of view, however, is ...the fact that many marketplaces on the dark web host tools which can be used for disinformation. Manufacturing it, spreading it, monitoring it, so on and so forth."
On this episode, host Paul Brandus explores the hidden parts of the Internet known as the deep web and the dark web. The deep web refers to the unindexed parts of the Internet, such as databases and private networks, while the dark web is a subset of the deep web that requires specific software and authorization to access. The dark web provides anonymity and heavy encryption, making it attractive for those seeking to manufacture and distribute false information, or disinformation. The dark web has been used to spread conspiracy theories and false information during the COVID-19 pandemic, as well as the sale of fake vaccines and forged health certificates. It also facilitates criminal scams, such as pump and dump schemes and ransomware attacks. Tune in to learn about the involvement of state actors like Russia and China in spreading disinformation on the dark web, as well as the challenges faced by law enforcement agencies in combating these activities.
[00:04:20] Dark web and disinformation.
[00:11:28] Russian and Chinese dark web activities.
[00:15:55] Policing the dark web.
[00:20:18] The dark web and ransomware attacks.
Got questions, comments or ideas or an example of disinformation you'd like us to check out? Send them to [email protected]. Subscribe wherever you get your podcasts. Special thanks to our guest Neil Thompson, our sound designer and editor Noah Foutz, audio engineer Nathan Corson, and executive producers Michael DeAloia and Gerardo Orlando. Thanks so much for listening.
00:06Paul Brandus: The Internet that most of us know and use each day is visible. By that I mean platforms that are well-known and easily accessible to all. But most of the Internet is actually hidden and not so easily accessed. This part of the Internet is called, appropriately enough, the dark web. There is also something called the deep web. And, as we're about to see, this deep and dark environment can be rather helpful for those who seek to manufacture and distribute false information while covering their tracks. There is, of course, another word for false information – disinformation. I'm Paul Brandus, and that's the name of this award-winning podcast series, Disinformation, a co-production of Evergreen and Emergent Risk International, or ERI, a global risk advisory firm. But first things first, let's get some definitions here. Think of the Internet as an iceberg, only a small portion of it is above water and thus visible. This is the part of the Internet that the vast majority of people use, where sites can be easily found and accessed. You might not know it, but this is actually just a small portion of the internet. Most of it is below the surface. That's where you'll find the so-called deep web, as I mentioned, and as a subset of that, the so-called dark web. This stuff that's below the surface, again, picture that iceberg, is harder to access. With a more detailed explanation, here's Neil Thompson, a London-based analyst for ERI.
01:54Neil Thompson: The dark web is basically just one small part of the so-called deep or hidden web, which sounds quite mysterious, but actually it's simply parts of the internet whose contents aren't indexed in standard search engines like Google. in contrast to what we think of as the normal internet, which is the so-called surface web, which people connect to every day through their browsers. So the deep web is simply things like databases, where people store their public or private protected files, or things like the intranets within organizations like businesses. Now, the dark web is not just part of the deep web, which is to say it's not just an unindexed part of the internet, but it also requires specific software like TOR or Freenet to access, and also special configurations and authorizations by the people running the websites that you're trying to get into. That's usually because it's quite heavily encrypted in order to allow people using it and their locations to remain anonymous. So yes, basically the dark web was created in order to hide the activities of people who were using it. And yes, it's been around for about 10 years as far as we know.
03:16Paul Brandus: Let's focus on two elements to this that Neil mentioned, the anonymity and heavy encryption. In terms of enabling this information, both can be problematic in their own right, but when combined, the potential for it can be magnified.
03:33Neil Thompson: Well, the dark web plays a bit of a mixed role as far as disinformation is concerned. So, the first thing it does is, because by its nature it's a secretive hidden corner of the web, it tends to attract individuals who are looking for hidden or non-streamed sources of information, which is a particular trend that we see in countries with lower levels of trust in institutions, and also particular demographics like socially isolated young men, for example. It's not particularly navigable given its fragmented and clandestine nature, but in recent years there have been dark web versions of social media platforms which have emerged online where you could find disinformation being posted.
04:20Paul Brandus: Let's focus again on something else Neil said. Here's the clip.
04:26Neil Thompson: not particularly navigable given its fragmented and clandestine nature.
04:31Paul Brandus: The dark web is not easily navigated because of its fragmented and clandestine nature. I'll explain. The browser you probably use, you can't access the dark web with it. You need what's known as a TOR browser, T-O-R, and getting one, well, that's another subject. TOR, which stands for the Onion Router, again, TOR, was developed in the mid-1990s by computer scientists at the U.S. Naval Research Lab with a goal of better protecting American intelligence communications. Tor uses technology that balances traffic from server to server in a way that's encrypted, making it difficult to tell either who's doing the browsing or who controls the server. Timothy Lee is a Princeton-trained computer scientist and gave this description of Tor when he was a technology correspondent for the Washington Post.
05:29Timothy Lee: The Tor network is actually very well designed. The core network, the core concept of bouncing traffic from server to server and having encryption so that each server only knows the server on either side but not the entire chain, that has proven very difficult for anybody, including the NSA, to crack.
05:45Paul Brandus: Other networks on the dark web have names like Freenet, I2P, and Riffle. Now, bouncing content from server to server, here's how that works. Let's say you're in Virginia and want to connect to a site that's hosted in Maryland. Instead of your connection simply crossing the Potomac to that Maryland site, it might bounce from Virginia to India, from India to South Africa, and from South Africa to Maryland. This ecosystem, again with its anonymity and encryption, is good for manufacturers and distributors of disinformation, as Neil Thompson explains.
06:25Neil Thompson: OK, well, I've got two examples of how disinformation has interacted with the dark web. So the first one dates back to the COVID-19 pandemic, which we've so recently emerged from. So, DartWeb users and websites on the DartWeb both increased during the pandemic. And one of the things we saw, because of the unregulated, non-moderated nature of the DartWeb, is that conspiracy theories and false information concerning vaccinations, pandemic numbers, and so on and so forth, circulated there and then were regurgitated back onto the surface web. But we also saw the dark web marketplaces begin to offer fake vaccines or forged health certificates, which allowed people who purchased them the ability to bypass public health restrictions on things like attending events or international travel. So disinformation pushed by dark websites fueled sales of these fake items, which then were used to disobey COVID-19 restrictions and endanger public health. So you can see almost a circle between, you can see almost a financial incentive for people on the dark web to spread misinformation and then profit from it. Another example of disinformation in the dark web, which kind of predates a pandemic and then has carried on right through it and afterwards, is the sale of toolkits there to spread fake news for different, usually criminal related aims. So we've talked quite a lot about the state's state intelligence services use of disinformation, but it can also be used for ordinary criminal scams. One of these, a classic one of these is called pump and dump toolkits. This is where a dark web user would purchase a toolkit which spreads fake news to, for example, raise interest in a cryptocurrency offering while buying shares in the cryptocurrency.
08:34Paul Brandus: In other words, age-old scams now flourishing in this deep, dark world. And, Neil adds, there's more.
08:42Neil Thompson: The most common threat that the dark web poses for a disinformation point of view, however, is not people posting conspiracy theories or other types of misinformation on it. It's in fact the fact that many marketplaces on the dark web host tools which can be used for disinformation. Manufacturing it, spreading it, monitoring it, so on and so forth. Another threat that the dark web poses from a disinformation point of view is that it allows malicious actors who spread disinformation on the surface web to hide their activities. For example, a common way many people do this is to direct the activities of botnets. These are networks of internet-connected devices which have been infected with malicious software, and they are typically controlled by a central server, and using the dark web allows people who control these servers and direct the malicious activities of these botnets to hide their location and avoid having the botnet being taken down.
09:44Paul Brandus: This sounds like something not to paint with a broad brush that the Russians and the Chinese and other players may particularly excel at. Neil, what are the Russians doing, to your knowledge, in the dark web?
10:01Neil Thompson: Well, the Russians have been one of the foremost spreaders of disinformation. I mean, the classic example, obviously, is disinformation related to the 2016 US election. But more recent Russian disinformation operations have taken place to spread misinformation about conflicts in Africa and Ukraine. One of the examples that I can think of is disinformation activities tied to Russian operatives produced fake web pages, which impersonated Western newspapers. and spread false stories under fake mastheads. Perhaps another example of disinformation would be China's one against Australian firm Linus Rare Earths. So, for example, China dominates critical mineral supply chains, which Australian firm Linus Rare Earths is threatening to disrupt by creating its own facilities in the US. And China was using disinformation campaigns to spread, to impersonate Texas residents, in fact, to spread misinformation on social media, questioning the environmental record of Linus.
11:20Paul Brandus: Neil adds, and this is hardly a surprise, that the Russians and Chinese are quite active in the dark web.
11:28Neil Thompson: The dark web allows espionage services in authoritarian countries like Russia and China to conceal their activities. As I mentioned earlier, for example, with botnet users, if you're a botnet controlled by a hacking group which has been hired by the Russian or Chinese intelligence services, then Russia and China have the plausible deniability of a two-stage removal from their disinformation campaign. They're not the actor who's spreading the misinformation, and the actor who's doing it is doing it on the dark web, where their location and identity are both concealed. So they have plausible deniability. Plausible deniability is built into these operations, yes. It's very hard to attribute responsibility 100% when people are using the dark web.
12:21Paul Brandus: What have the Russians done with regard to the war in Ukraine and the dark web. What are they doing? Obviously, we know about a lot of their surface efforts through the Internet Research Agency and that kind of thing. To your knowledge, Neil, what about the war and their dark web efforts?
12:44Neil Thompson: OK, well, as far as I'm aware, the war in Ukraine has spurred a new generation of Russian disinformation efforts. Russia, to a certain extent, Eastern Europe, but certainly Russia, tolerates the presence of cybercrime groups on its territory and doesn't prosecute these groups as long as they act in the Russian state interest. And that is one reason. why this information has been so difficult to contain in Ukraine, because these cut-out groups, if you like, have a state haven which they can hide in and they can store their services in where these won't be disrupted and that has allowed false information such as claims that the french or german ministers have made certain quotes that are in favor of russian soldiers being killed in ukraine so for example uh… one false story which came out was that there was a false representation of the French Foreign Ministry's website, which was obviously spreading fake quotes from what were purporting to be French government sources. Another one was the French newspaper Le Monde, which said recently that it had been one of the media organizations whose website had been cloned and false stories had been published under its mask. I believe one of those said, French minister supports murders of Russian troops in Ukraine. and used an identical layout to that of the actual Le Monde websites. It's very difficult when disinformation is being spread to combat it, given how similar these malicious cyber actors can make their spoofed websites seem compared to the legitimate article.
14:51Paul Brandus: Combating disinformation on the so-called surface web is difficult enough. What about thwarting it on the dark web? We'll explore that after this short break.
15:04SPEAKER_00: This series on disinformation is a co-production of Evergreen Podcasts and Emergent Risk International, a global risk advisory firm. Emergent Risk International. We build intelligent solutions that find opportunities in a world of risk.
15:27Paul Brandus: Welcome back. Before the break, we were talking about the dark web, its anonymity, its encryption, the difficulty for even the National Security Agency to crack. More now from my conversation with Neil Thompson, a British-based analyst for Emerging Risk International. In his answer, you'll hear him mention something called Silk Road, a dark web marketplace, which I'll explain in a minute. But first, here's Neil.
15:55Neil Thompson: You're right. It is very difficult to police. I would say that probably people have developed more tools to handle the dark web than were, say, available about 10 years ago when original services like dark web services like the Silk Road were first being launched. That being said, the dark web has also got much bigger over the last decades. So one of the things that law enforcement agencies often do is they try to compromise individual hubs or websites on the dark web. If they can find the servers being used, that then allows them to compromise individual websites and then they can collect data on the users of these sites and identify them and their location before taking down the whole network. Police also often use what's called open source intelligence tools. These are tools which specialize in monitoring the dark web for information. I mean, criminals often use blogs or posts on marketplaces. You can harvest these for identifiers, clues to these people's locations or identities. Private businesses have also started sharing their intelligence with law enforcement. Banks and retailers routinely monitor the dark web for threats to their operations these days. Nevertheless, despite the far greater investment in intelligence gathering and efforts to sort of compromise the service that many of these dark web hubs use, it is a bit difficult to see the threat ever being entirely contained. New websites are always springing up to replace older ones which are shut down. And by design, these encrypted sites are very difficult for security researchers and law enforcement agents to penetrate. And of course, as we mentioned earlier, in some cases, Russia and China, for example, often many of the malicious actors behind some of these dark web sites haven in their own territory and North Korea is another country where there's many state-backed militia cyber actors who have a haven to operate out from.
18:12Paul Brandus: You know given this uh anonymity that the dark web conveys Are individuals taking advantage of that? We've been talking mostly about the state actors, Russia, China, the usual suspects. Individuals, though, who might be particularly savvy about this, it would seem like quite a playground for them as well.
18:36Neil Thompson: Oh, absolutely. I mean, obviously, to begin with, the dark web was mostly a kind of a private sector, if you like, beginning. Certainly nation-states have moved into it and used it and the groups which operate on it to their own end. But by and large, yes, individuals started the dark web. They were the tech-savvy kind of people who were cybercriminal entrepreneurs if you like, and the raison d'etre for the dark web in many cases is a playground for criminal activities. There is some overlap with disinformation. Disinformation as a criminal service is one of a suite of crimes carried out on the dark web, but I believe that the largest part of the dark web is illegal pornography, drug trafficking, and things like this.
19:39Paul Brandus: That's what Silk Road was. It has been described as the first true online black market, allowing users to buy and sell goods and services anonymously. It was particularly known, U.S. law enforcement said, for being an illegal drug marketplace. The FBI shut it down back in 2013. The American man who ran it is serving two life sentences with no possibility of parole at Supermax, the federal government's maximum security prison in Colorado. Neal says the dark web today is the source of another notorious form of criminal activity.
20:18Neil Thompson: The dark web is seeing an increasing number of RANS is enabling an increasing number of ransomware attacks, which are attacks where criminal gangs infiltrate a company's system, lock the data on the network, and then offer to sell it back to the company. or else publish the content on the web. I'm based in Britain, and here in Britain the figure which I've seen, ransomware attacks costing UK companies, is about 350 million pounds a year. However, it's difficult to place a figure on the kind of costs that the dark web imposes either on companies or on nation-states in terms of GDP. A lot of companies don't advertise the fact that they've been hacked by malicious cyber actors, and of course the dark web is by its very nature difficult to measure.
21:25Paul Brandus: Thanks to Neil Thompson, sound from Tim Lee via the Washington Post. Our sound designer and editor, Noah Foutz. Audio engineer, Nathan Corson. Executive producers, Michael D'Eloia and Gerardo Orlando. And on behalf of Meredith Wilson, the CEO of Emerging Risk International, I'm Paul Brandus. Thanks so much for listening.