For those who know me, they will tell affirm I am bullish when it comes to evolving trends with dark nets. Moreso, I am the first person to admit I am as much a student as I am a teacher; eager to learn and conversely teach. Ever since I was thrown head first in the colloquial “wild west” of dark web investigations, I strive to be on the forefront, if not lead the frontline itself, in understanding how the “dark web” is constantly evolving and how we in law enforcement can similarly adapt. An uncomfortable truth is law enforcement’s understanding of the dark web remains stagnant, with those who fancy themselves as “experts” teaching antiquated trends, tactics, and procedures (TTP) often orbiting closely to the 2013 “Silk Road” case. Furthermore, the sentiment is conveyed that the “dark web” remains a veiled shadow world infested with criminal activity. Much has evolved on the TOR network since Ross Ulbricht was arrested, and in tandem, much has evolved with the other dark nets. And yet, time and time again, I find myself in the company of self-proscribed “experts” who will be the first ones to tell you “STAY OFF THE DARK WEB!” or better yet “IF SOMEBODY IS USING THE DARK WEB, THEY ARE UP TO NO GOOD!”. Consubstantially, I find these are the same people who think the dark web is solely the TOR Browser.
Over the past few years, we’ve witnessed the advent of cryptocurrency and blockchain technology become the technological paragon and consequently, an investment zeitgeist. While you will find many polarizing views on cryptocurrency, you will find few (if any) naysayers or neophobic attitudes towards blockchain technology. In the same breath, what we know as “Web 3.0” has risen from a theoretical concept to currently being able to buy .ETH, .BIT, .ZIL domains. It was only natural that from this technological furor, dark nets would emerge utilizing this technology. Enter the Oxen Privacy Tech Foundation (optf.ngo)
Based out of Australia, the Oxen Privacy Tech Foundation maintains the Oxen blockchain and the cryptocurrency $OXEN. Unlike other “alt coins” which are programmed and traded on other blockchains, like Ethereum or TRON, Oxen maintains it’s own blockchain. Because of this, OPTF utilizes the blockchain to host a dark net: LokiNet and an end-to-end encryption messaging platform: Session. If you are confused as to how this works, don’t be discouraged! It’s the same internet that you are on right now reading this article at the Cyber Social Hub, it’s just a variance in how the sites are hosted, how the data is distributed, and ultimately delivered to the user. I can break down the intricacies in the TCP/IP handshake, but this is not my dissertation for my dark web doctorate (say that 3 times fast!)
If you are one of the aforementioned people who believe the “dark web” in confined to the TOR dark net, don’t feel ashamed. The TOR network is unequivocally the largest, fastest, and oldest dark net in the world. The popularity of the TOR network is immeasurable, but TOR does have its limits. LokiNet, on the other hand, has established an impressive dark net in which we are merely seeing the infancy of its capabilities. For example, find me a 24/7 streaming radio service hosted on TOR. LokiNet has its own (peter.loki).
The main variance with an alternative dark nets (“alt nets”) versus TOR is the standalone or dedicated browser. The TOR Browser itself is the main draw of utilizing the TOR network. While you do not need the TOR Browser to traverse the TOR network (many VPN services now offer “Over Onion Routing”), the TOR Project is constantly updating the browser to ensure security and safety for their users. Adversely, dark nets like LokiNet and I2P don’t have a dedicated browser. Use can utilize whichever you please, but users should be cognizant that exploits which may exist for the browser can still be present while you are surfing the dark net of your choosing.
From a design standpoint, LokiNet looks beautiful. The LokiNet application itself offers a wonderfully designed GUI. Sites on LokiNet, which end in .loki domains, are known as “SNapps”. Similar to using a VPN, there isn’t a way to encapsulate your traffic (yet) on the LokiNet dark net to a specific browser, like the TOR Browser offers. LokiNet currently offers the two variances in how your traffic is routed through LokiNet: the Loki in-proxy and then VPN mode, in which the out-proxy is through LokiNet exit nodes.
From a design standpoint, LokiNet looks beautiful. The LokiNet application itself offers a wonderfully designed GUI. Sites on LokiNet, which end in .loki domains, are known as “SNapps”. Similar to using a VPN, there isn’t a way to encapsulate your traffic (yet) on the LokiNet dark net to a specific browser, like the TOR Browser offers. LokiNet currently offers the two variances in how your traffic is routed through LokiNet: the Loki in-proxy and then VPN mode, in which the out-proxy is through LokiNet exit nodes.
It is important for investigators of the dark web to understand the differences between the dark nets, and the advantages and disadvantages of each. If your knowledge of the dark web consisted solely of TOR before reading this article, fear not because you are in the vast majority. Up until two years ago when the darknet market AlphaBay resurfaced hosted on I2P, many had viewed I2P as mundane. When the AlphaBay admin DeSnake bemoaned TOR and proclaimed I2P was the true “dark net”, we have observed a vast improvement of the I2P network and an influx of usership. I2P is now offering I2P+, as more stable and user-friendly build.
The dark web very much a living thing, constantly evolving and always changing. It is important to be abreast to trends, especially as an investigator. None of the threat actors currently active on the dark web are talking about Ross Ulbricht and “Silk Road”, so why are we in law enforcement still teaching about it? If we aren’t talking about and teaching about LokiNet in law enforcement/investigator trainings…why not?
This article was written by Keven Hendricks.
