Cryptomixers, Linksites, and Dark Web Search Engines

Aidan Murphy: Hello, and welcome to another episode of the Dark Dive. The podcast that delves into the depths of the dark web. My name is Aidan Murphy and I’m your host as each episode we look at different aspects of the dark web. In the podcast feed, you can already find the entire limited series. In other episodes, we look at how the dark web works and areas of...

Aidan Murphy: Hello, and welcome to another episode of the Dark Dive. The podcast that delves into the depths of the dark web. My name is Aidan Murphy and I’m your host as each episode we look at different aspects of the dark web. In the podcast feed, you can already find the entire limited series. In other episodes, we look at how the dark web works and areas of the dark web like marketplaces, hacking forums and ransomware leak sites. But in this episode, we’re going to look at what I call dark web service providers by which I mean the wider ecosystem of services like crypto mixers dark web search engines that support many of the marketplaces and forums we’ve discussed over the past four episodes. This is a term that, as far as I can tell, no one else has adopted but here today to help me coin the term, ‘Dark Web service providers,’ are two cyber security experts that are engrossed in the ecosystem of the dark web. Rob Fitzsimons, Lead Threat Intelligence Engineer at Searchlight Cyber. Hello, Rob.

Rob Fitzsimons: Hi, Aidan, thanks for having us.

Aidan Murphy: And Carlito Perschky, Senior Threat Intelligence Analyst at Searchlight Cyber. Hello, Carlito.

Carlito Perschky: Hello, hello.

Aidan Murphy: So I’m just going to ask you to really quickly introduce yourself to our listeners. We’ll start with you Rob, if you don’t mind telling everybody what you’re about.

Rob Fitzsimons: Hi. So my name is Rob Fitzsimons, thanks for the introduction Aidan. I have a background as-, sort of, coming up through my cyber security career as an Intelligence Analyst within the British Army. It gave me incredible insights as to not only the fundamental aspects of intelligence, how it works and why it is so important and how that intelligence relates to cyber security but also being able to pull through to understand how it really can be leveraged through a good effect within a operational requirement.

After leaving the military, I worked for a number of years at a network monitor and security provider and then, since that, I’ve been working at Searchlight Cyber for almost two years now. So I had a lot of time to explore all the intricacies of the dark web and trying to understand why people are using it and the different things that are maybe happening within that environment.

Aidan Murphy: Brilliant. Thanks Rob and Carlito, if you don’t mind just saying a word on yourself for our listeners?

Carlito Perschky: My name is Carlito. Coming out of my university, finishing my degree in criminology, I spent three years working for the Yorkshire & Humber Regional Organized Crime Unit. One of the civilian investigators. I spent a lot of time focusing on cryptocurrency based investigations, tracking crypto through the blockchain. People’s ill-gotten gains, things of that nature. After the stint there, I spent about nine months at PayPal working on their crypto department so filing suspicious activity reports for PayPal and helping build out the crypto wing there and then a small stint in fraud before landing here in Searchlight for the best part of, I think, maybe four or five months now.

Aidan Murphy: Brilliant. Well, we’re going to be talking about cryptocurrency so you are the right person to be talking to. Looking at the wider eco system of the dark web, I think it really is the place to start. So just to bring you guys up to speed, on our very first episode our CTO, Dr Gareth Owenson, laid out his theory, I guess, or his view point, that the dark web really took a turn when cryptocurrency became more mainstream and suddenly, you know, a quite niche, maybe, area of the internet was compounded with a way to pay for elicit services. I guess what I might ask each of you first, you know, did you agree with that assessment? Has cryptocurrency spurred on the cyber criminal community? I’ll ask you first, maybe, Carlito?

Carlito Perschky: Yes, absolutely. Traditionally, like, committing crimes and transferring funds from one another would either be done through cash in hand, actually meeting individuals or through banking systems. The KYC for banking systems today is, like, incredibly good. It’s very difficult for you to sign up with fraudulent details. Things of that nature. Using mules is incredible common in that area of crime but cryptocurrency sort of circumvent the majority of that. The ability to send funds to someone in another country, there might be sanctions in place, just the other side of the world, within the space of ten/fifteen minutes which is not anonymous but pseudo-anonymous is the best way, really helped shape the future of how online crime is, especially in the dark web eco-system.

Aidan Murphy: Brilliant, Rob-, and before I just, kind of, pull up Carlito on some of the points he made there, do you have a view point on that? On how cryptocurrency is, kind of, fueling, I guess, the crime you see day to day in your work?

Rob Fitzsimons: Yes so I was just going to touch on the point there, Carlito raised, regarding the sort of pseudo-anonymity associated with crypto currencies. Ultimately, the majority of the criminals that are leveraging the dark web utilize it for its anonymity, any element-, the privacy that it is perceived to give them. So not only operating in a global manner, being able to hide the element of where they are distributing it from, where they are distributing it to, has always been an element of attraction around the dark web. So bringing cryptocurrency into that, that provides, again, an element of additional anonymity privacy around people’s payments, it helps to further secure their transactions, further secure their activities, and always gives the façade of added impunity against all their actions that they are having on the dark web.

So it kind of goes hand in hand that any additional capabilities it can provide a higher level of anonymity to these individuals is going to potentially be sought and leveraged to its full effect.

Aidan Murphy: I’m really interested in this anonymity element but just before I get on to that, I think it would be good to give the listener a sense of, you know, how often do we see cryptocurrency on the dark web? How prevalent is it and what are people using it to pay for? Rob, maybe you can come in on that? You’ve spent a lot of time, kind of, looking at-, investigating-, it’s part of your job, obviously. Investigating this kind of activity. Yes, can you give a sense of the scale of the, sort of, cryptocurrency?

Rob Fitzsimons: Where do we start? I mean, it’s like currency in the wider world, right? Whether it’s the US Dollars, British Pounds. It is the currency of the dark web whether it’s Bitcoin, Litecoin, Ethereum. Whatever people may be using, they are leveraging it for almost any purchase on the dark web. So some of the things I know have been talked about on the podcast previously, leveraging crypto to buy gold bars and bars of silver on the dark web. Anything from that to, you know, buying drugs for whatever reason you may want them, to hire in a hit man, and anything in between. Cryptocurrency is the currency of choice on the dark web these days.

Aidan Murphy: And paying for ransomware payments as well, I imagine, is quite a big one?

Rob Fitzsimons: And paying for ransomware payments, yes.

Aidan Murphy: You’ve mentioned a few different ransomware payments there. Carlito, a question that I would have as a listener is, is there a cryptocurrency of choice for criminal deeds or does it not matter to them? It’s just whichever cryptocurrency they favor in general?

Carlito Perschky: I think it depends on the type of criminal you’re dealing with. Perhaps newer or maybe old hat, I suppose you could call them, would probably take the majority. Bitcoin is, sort of, the hugest among the most of these just due to how prevalent it is in society. If you ask anyone about crypto currencies, if they know anything about it, they’ll be like, ‘Oh yes, that’s all the Bitcoin thing, isn’t it?’ But there are individuals who maybe are working as Nation State actors or things along their nature and who are a bit more privy to understanding how blockchain tracing can work and will use more privacy focused coins. Things like Monero, things like Litecoin, e-Cash. Things of that nature.

Aidan Murphy: Interesting. So this brings us on to the anonymity element and I’m not very au fait with cryptocurrency so I’m going to ask what might be the stupid question. My understanding is cryptocurrency works on the blockchain and the blockchain is a ledger. In theory, it should be pretty transparent. Why is cryptocurrency more anonymous than fiat payments?

Carlito Perschky: So while everything is on there, on the ledger, it’s available to see that X address has paid Y address. Things of that nature. There’s firstly, sort of, a degree of illiteracy with the majority of people. You’re sort of in this community or out of it. If you understand what these payments mean and the ability to trace them, you’re sort of golden but there’s this wall for people, sort of, trying to come in and understand that initially. Secondly, unless you have a starting point you’re not really able to identify where these addresses are tagged as. You can see that X address has paid X amount to Y address or, you know, clusters of addresses but without understanding who either of these addresses are, where they’ve been located, who they can be tied to, it’s just like saying, you know, ‘Bob Jenkins has sent two pounds to Susie Smith.’ It doesn’t really mean anything to anyone without any context.

Aidan Murphy: So it’s difficult to tie a real world persona or identity to a cryptocurrency wallet?

Carlito Perschky: Yes. Absolutely. That’s all the majority of the work that’s done. The ability to, sort of, drag these individuals who try and hide behind these pseudo-anonymity out into the light and being able to tie them to real world identities is, sort of, the base of what we do.

Aidan Murphy: You mentioned before, you know, your customer systems that regular, I guess, traditional financial services have in place and this, I guess, is designed to make it more difficult to conduct fraud, criminal activity, with that money. Crypto currencies don’t have as stringent know your customer-, I know some of them do but as stringent know your customer, kind of, policies and things in place. Systems.

Carlito Perschky: Crypto regulations are, sort of, changing every year recently. I think at the start of 2023, the UAE banned the use of these types of privacy focused coins or maybe banned is a bit of a strong word but you need to be able to prove to the government where you’ve obtained these funds from which sort of removes the anonymity element of it. The most large crypto exchanges, places like Binance, CoinBase, things of that nature, have very stringent KYC policies in place where maybe in the early 2010s you could go to local Bitcoins. People would have mined their own Bitcoins. They’ll then transfer them peer to peer. There was, sort of, a very different time from where we’re living currently.

Aidan Murphy: Interesting. So it’s an industry on the change then? One thing I think listeners might be wondering is whether there’s anything the cryptocurrency industry should be doing to combat the use of, you know, these currencies for crime? If it is as prevalent as-, well, we know it’s prevalent, as we say it is. It is very prevalent. Is there not something that they should be doing about it or is it not their priority or their belief that they have a responsibility in monitoring how this currency is used?

Carlito Perschky: It’s interesting because as the industry has been evolving, it’s sort of evolved from a place of where there were no regulations in place and, as businesses operating for profit, they don’t have to do anything. You know, why would they not want to take these funds in, take part of the transaction fee and pay them out. As governments have become more privy, as dark web sales have gone up, as this has sort of become a little bit more mainstream, if you’d like to say. Governments are pushed, put a lot of pressure on, bodies like the European Union as well, for these to make regulation changes and enforce (a) more stringent KYC for people who are paying out. They additionally have, sort of, their own in-house tools for analyzing where payments have come from. If they come from places like known market places, scam sites, things of that nature, they might reject them or take them in, hold the payment and ask for specific information.

There are also a lot more contacts within these exchanges for the ability for more enforcement bodies around the world to get in contact, get this information for people that they believe who have tried to launder, sort of, stolen or elicit gained funds via these means.

Aidan Murphy: I want to go back a step, maybe, and look a bit at how cyber criminality is done because I guess you can imagine it as a closed eco-system. So if you run a drugs market, for example, you get people to pay in cryptocurrency and then, you know, you have this bucket of money that sits there. But presumably there is, at some point, a need for the criminals to cash out in order to be able to use this money. How does that element work? How can they go about cashing out without drawing attention to themselves, I guess, for a huge amount of cryptocurrency they’ve amassed maliciously.

Carlito Perschky: That’s always, sort of, the question, isn’t it? Okay. It’s amazing that I’ve managed to gain X amount of funds through these illicit activities but now how do I launder this effectively, sort of, into the system. A lot of the ways that people do is the main way to try and obfuscate the source of funds. So they’ll either swap chains, transfer them to a different type of coin or they’ll use the services of mixers. Things of that nature. Just, again, to assist with the obfuscation of where the funds have come from.

Aidan Murphy: So you’ve bought on something-, you’ve bought on something that I wanted to touch on. So crypto mixers, how do crypto mixers work?

Carlito Perschky: So essentially it’s, sort of, a very large pool of funds. You’ll transfer them X amount of Bitcoins. We’ll say one for arguments sake. You’ll tell them where in which they are going to deposit the funds out and they’ll send the funds the address and within this large pool. The aim of it, sort of, with the mass amount of these transactions, is to say with a greater difficulty that person A has sent funds to person B due to this intermediary source, as well as sort of, ‘Is transaction A actually going to transaction B?’ If there are maybe hundreds, thousands, of people putting in one Bitcoin at a time and there are thousands of people on the other side also gaining a Bitcoin, how are you supposed to say that A and B are connected?

Rob Fitzsimons: Just to add to Carlito’s point there, it’s money laundering, right? Something that has been happening for, I mean, as long as I know. People, particularly criminals, are gaining money through some sort of elicit service but they want to be able to utilize that money to pay for actual goods and make it look like legitimate currency. Money laundering has been going on forever and there’s always been capabilities to do that, whether it’s going to a casino or something and making it look like winnings through to Walter White in Breaking Bad selling additional air fresheners for every car wash that goes through. Ultimately, the technological advancement of cryptocurrency has just shifted that focus from a physical currency through to the digital currency, and it’s given that additional capability to criminals to continue to conduct their malicious, elicit services on a dark web, continue to have that ease of money laundering, if you will, because they still don’t need to have access to it. They can transport it digitally to any of these mixers or tumblers, wherever they want to in the world, which ever one is potentially better or has not been viewed that particular time and ultimately, get that money to where they want to, as Carlito was saying, have that currency ex-filtrated into whichever account it needs to be and it ultimately looks like legitimate transactions.

Aidan Murphy: Yes, I was going to say that it’s effectively sophisticated money laundering, and I think we’ve come across this a few times on the podcast already, that we’re effectively seeing traditional, as you say, Rob, exactly right, traditional criminal services effectively just having a dark web counterpoint. Maybe more sophisticated, sometimes quite rudimentary, really. You know, exactly the same technique being used, just different words around it. You’ve mentioned that there is, I guess, a side part of the cyber security industry that does focus on tracing these elicit payments, and I noticed, looking at mixers, there are a couple of examples like Blender and Chipmixer that are no longer with us, that they have been taken down by law enforcement. Rob, I don’t know maybe if you could talk a little bit about how the cyber security industry is tackling the use of cryptocurrencies.

Rob Fitzsimons: Yes, that’s a great question. So, we understand we are seeing people use it and there is ways of monitoring and understanding where those transactions are going. Ultimately, there are pieces of information that have to be shared actively. So as Carlito mentioned earlier, if you’re making a payment, it needs to go into a crypto wallet, for example. Now, we often see, particularly on the, sort of, criminal side of the dark web, individuals in markets or in forums, they ultimately want to be paid. Right? They’re selling a service, they need to be paid. The question is, where do we get paid to? That answers that question. It’s their crypto wallet that they will have a specific reference to and they ultimately share, which could be on a private message from something like Telegram or it can be commonly listed on the bottom of their market. So, ‘This is my crypto address, this is how much I want for this product, send it to this wallet.’ They are pieces of information as they stand individually but we can start leveraging those pieces of information. Say, okay, potentially-, if we take the wallet example, where else have we seen this wallet? Are we seeing multiple individuals leveraging the same wallet? In such a case, it could be the same individual under multiple alias’. It could be a single wallet leveraged by a larger, organized, criminal group. Regardless of how it’s been leveraged, we understand that there is a wallet that is receiving, potentially receiving, funds from some sort of malicious actor. What we can start doing then is leveraging additional tools such as Chainanalysis or Elliptic who offer capabilities to start enabling investigations into the blockchain. So, again, as Carlito was referencing earlier, being able to monitor and follow those transactions through the digital ledgers to understand where the money is coming and going. Understand where it’s potentially being shared and potentially who this information, well this currency, is being attributed to.

Aidan Murphy: Yes so I saw chain analysis, I think, we can name as they are a friend of Searchlight, and what they do complements what we do quite nicely but they effectively, from what I understand, start flagging accounts that are tied to criminal activities and I guess if you’re a law enforcement officer or a cyber security professional, maybe investigating a ransomware group or something like that, building these profiles and attaching them to specific cryptocurrency accounts and that kind of information, like you say, you start to kind of accumulate a body of evidence. Is that the right way of looking at it?

Rob Fitzsimons: Yes. I would say that’s fair to say. Ultimately, it’s about evidence and it’s about-, we’re talking about the law enforcement side of things. It’s all about investigations, right? (TC 00:20:00) Particularly around the cryptocurrency. It’s fraudulent or, sort of, financial investigations. Again, going from where it used to be, trying to understand which money is being transferred from which accounts and who is potentially taken out in the Cayman Islands. It’s looking more specifically in that digital perspective to see, okay, which wallets are these crypto currencies going to and from. Again, trying to conduct those investigations in an effective way within this digital remit.

Aidan Murphy: So it’s possible that-, would it be fair to say that crypto currencies have made law enforcements job much more difficult? I can see Carlito, you’re nodding very vigorously.

Carlito Perschky: Yes, I think it’s a point that I, sort of, touched on earlier. It’s that whenever there are these new and emerging-, and again, sort of, air quotes in new and emerging. There’s a spin around since the early 2010s, and while there have been individuals who have, sort of, delved into this area, it sort of hasn’t been as widespread for the use of payments of goods and things of that nature since, maybe, sort of 2017 onward. It presents a challenge for something new that, sort of, the layman has to understand to a certain degree. When a police officer goes through the house of a drug dealer and he sees one XY3GB4, you know, ongoing, written on his desk, he’s like, ‘Ah, that’s weird’. There’s this new, sort of, understanding that they have to be aware that, ‘Oh, this could be a cryptocurrency address. Perhaps he’s taking funds through cryptocurrency. Perhaps there’s a lot of money that we don’t know about,’ things of this nature. There’s also a whole new demand for a whole new set of skills that really need to come in. Sort of, while it’s great, maybe you could accumulate these individuals who have cryptocurrency and say, ‘Okay, then what?’ There need to be people in this remit who understand and are capable of using this information to leverage it and help with convictions.

Aidan Murphy: Yes, and, I guess, there’s also the added element of, like you say, in inverted commas, newer technology, that perhaps the regulation and everything else around it isn’t quite there yet as well. Is that the case, or has the industry come on further around that, in terms of really legislating to stop the use of cryptocurrencies for illegal activity?

Carlito Perschky: For where we are at the moment, I’d say the majority of large exchanges are doing a pretty good job. They have very stringent KYC policies that I touched on earlier and they have their own in-house tools. They adhere to pretty strict regulations, and I’m pretty sure there are rumblings that regulations are going to get a bit tighter as well. They do a pretty good job of keeping to these, so I think currently, from where they’re at, I think they’re doing a pretty good job.

Aidan Murphy: Okay. Just before we move on from crypto mixers, are they strictly illegal? Are there any use cases in which they are acceptable? Or, really, is it if you’re operating a crypto mixer, you are under the watch of law enforcement?

Carlito Perschky: I think as long as you’re using it for the correct purposes, right? It’s a tool like any other. It’s the ability to transfer funds anonymously from X to Y in the way that, sort of, you can make anonymous donations to charities and things of that nature. Anonymous transactions aren’t inherently bad. It’s when they are abused that’s, sort of, the issue. Maybe if you’re a journalist and you have some sources that you want to pay money to for whistle-blowing information and you want to ensure that their safety is there. The ability to, sort of, help anonymize your payments to them while, you know, crypto is already a good, additional step, you want to take every step possible to protect your sources. That would be, sort of, one pretty strong example or in countries where their currencies aren’t particularly stable. Maybe Venezuela is a pretty good example where their currency fluctuates almost daily, I believe. The ability for this universal currency to be able to hold its value when maybe sending money home to family or to provide aid is also, like, quite a handy tool.

Aidan Murphy: So very like the dark web itself, in a way. That nothing really inherently bad in the technology but it’s the way it’s used that strays into the illegal or ethically questionable-,

Carlito Perschky: Yes, absolutely. There’s not really bad things, just bad people.

Aidan Murphy: Just bad people. At this point, I might move us on to the idea of dark web search engines because it’s an interesting topic. So, again, going back to episode one, Gareth said one of the key elements of the dark web is that the sites are not indexed on search engines and not to call our co-founder a liar, on the fifth episode of the series, but there are search engines on the dark web. Rob, I guess, what’s going on there? Can you explain that?

Rob Fitzsimons: Gareth just messaged me and said he’d like a chat with you after this. Yes, it’s an interesting-, I think you referred to it as an interesting paradox in the dark web. Something that is ultimately designed for anonymity and ultimately hide everything away, all of a sudden you’re starting to see dark web search engines which are trying to index certain sites, forums and markets and enable people to find what it is that they’re looking for. This is an element-, maybe an element of a challenge within the dark web. Whilst people are using it, again, there are some legitimate reasons for accessing the dark web. The majority of what we see and what we deal with is for illegitimate reasons. It’s people selling illicit goods. As we touched on earlier, you know, trying to sell anything from drugs to weapons to, again, hit men for hire. It’s a service, right? They are ultimately trying to sell. You cannot sell anything in this world without somebody being aware of it. So, ultimately, if you’re not making yourself visible, if no one can find you, you’re going to have a load of product, whatever that product may be, and you can’t shift it. So, ultimately, there is, I believe, a bit of a gravity towards having things like dark web search engines to make certain markets and certain forums more visible, easier to find for people who are, sort of, fairly new to the dark web, don’t necessarily know how to search it, but ultimately, they can get on and find what it is they’re looking for and potentially make a purchase and take advantage of those services being offered.

Aidan Murphy: Yes, I think the listeners are going to be sick of me talking about the dark web paradox, but I do think there’s no other way to describe this. It’s back to that idea of wanting to use the dark web for its anonymity but, like you said, they’re trying to sell something so there has to be a degree of being found. I was shocked when I started working here, someone told me that dark web search engines even have advertisers, sponsored ads, like you might get on Google or Bing, which is slightly crazy in my mind. That in one hand, they’re using the dark web to avoid detection, and on the other hand, they’re paying for advertising. Rob, can you give the listener maybe an idea, what does the dark web search engine look like? Are we literally talking, kind of, a knockoff version of Google? If someone visited a dark web search engine, which we would not recommend, what would they see?

Rob Fitzsimons: Yes, I would say you’re not far off, to be fair. Think of Google search engine but in one of its earlier iterations. So, kind of, like, dial-up versions of the internet. It’s all a little bit dated, a little bit clunky. It works, it’s a little bit slow, but ultimately it does get you to where you need to be and it gives you some links and some references to areas that may be of relevance to you. It’s not infallible. It’s not the best search engine in the world. Ultimately the dark web is an extremely volatile place so a site that might be up today might be down tomorrow. So if you’re finding a reference to that site on the search engine, you can go through dead link after dead link of just going on to forums and markets which, you know-, the search engine found that link for you but ultimately there’s nothing behind it.

Aidan Murphy: I was just going to ask Carlito, I guess there’s also a risk of following unknown links on the dark web? An inherent risk of, I guess, using a search engine in that way?

Carlito Perschky: Yes I suppose it always comes with the disclaimer that everything that’s, sort of, advertised there, the dangers of this are really real. Anything that you wouldn’t want to see on he clear web, things that are banned, can crop up on there. So it’s always important to be incredibly careful with (a) protecting yourself from things like malware but also ensuring that you’re not seeing content that is upsetting or offensive to you. There is an awful tonne of that on there.

Aidan Murphy: Yes I guess this is one of the inherent risks for researchers and security professionals who, as part of their job, they have to monitor the dark web but it is an inherently dangerous place.

Rob Fitzsimons: And also you’ve got to consider the people, generally younger individuals, who are new to the dark web. It sounds like a kind of cool place to go, you know? If you’re a bunch of teenagers and you’re thinking, ‘Oh i’ve-,’ you know, talking about it on a playground. ‘Have you heard of the dark web?’ It is unbelievably accessible these days. It’s that risk where people like security researchers, threat intelligence analysts, investigators, are often generally aware of these risks and have capabilities in place to hopefully protect them from the likes of activity that Carlito has just referenced. But for people who are very new to It, who don’t understand, who don’t have these backgrounds to be aware of some of the things that happen on there, they are the ones that have potentially fallen into the trap of seeing this horrible activity on a dark web that they really don’t want to and then that’s associated with that additional risk.

They’ve been on there, potentially stuff has got on to their systems, potentially malware or worse, and that starts to add an additional challenge to protecting certain individuals from-, you know, almost an awareness piece. A broader awareness piece of making people understand what the dark web is and what the risks are associated with it so they can better prepare themselves and, you know, maybe not go on there in the first instance unless it is for a legitimate reason, particularly from a work perspective, and in which case they’ve got the tools and capabilities in place to protect them from things they shouldn’t be seeing.

Carlito Perschky: There was a very large phase-, not to out anyone here as being older than me or anything, but as a young man on the YouTubes and on the TikToks, there were these phases where individuals would create videos which were like, ‘I ordered the 250,000 dollar mystery box from the dark web.’ These videos are obviously targeted at, sort of, younger audiences, creating this sort of air of mystery of, like, ‘There was like a knife here with a bit of ketchup on it. Maybe this was used in a murder,’ and things like this that really piked the curiosity of young individuals. While it’s cool and fun to do that for entertainment purposes, the ability to ensure that you’re not pushing this on a young audience who are vulnerable is very important.

Aidan Murphy: Absolutely. I mean I hope everybody listening to our podcast would, at this point, be very aware of the dangers of the dark web and not be looking to go for themselves unless, of course, they are a cyber security professional and have all the proper parameters around them and are doing it strictly for research and security purposes. Search engines, slightly problematic, as you said. You know, the search function isn’t great. They are quite dangerous. My understanding is that almost more popular in the dark web. I mean, talking really old school, are very simple sites, we might call them link sites, where you go and it’s like an index of links to follow, are either of you kind of aware of those?

Carlito Perschky: Yes absolutely. There are a lot of these sites which are often just HTML pages with links attached to them saying, ‘This is how you get to, sort of, X place.’ Dread is a very large forum which I’m sure at some point was touched on the podcast. All the large market places that are going on as well as other resources. You know, Wikipedia, BBC News, all have their own dark web marketplaces. They are all often on these places. One example, off the top of my head, is called Tour.Taxi which is a website which does, you know, exactly as previously described.

Rob Fitzsimons: So I was just going to add, ultimately these link sites are almost, like, a more easy to use version of the search engine. Right? If you’re looking for the search engine, you’re provided loads of links referencing the word or the term that you’ve looked for which could be relevant, it could not be. If you can find links to these sites, maybe by using the search engine, but something like TorTaxi, you get on this page and you’re no longer necessarily trying to go through the challenge of finding something of interest. It’s kind of more readily presented to you. So you would have, like, categories, maybe, of forums. It would be user-maintained of the top five forums currently. All of them hyperlinked through to their onions. That could be markets, forums, crypto mixers, how to set up crypto address, Wikis. There are all sorts of areas that can generally be quite useful.

Again, from that sort of security research, threat intelligence perspective, if you know where these sites are, index them and you can leverage them for your own investigative purposes. But yes, they can be handy, for sure.

Aidan Murphy: You’ve touched on something there Rob that I wanted to talk about in this episode. So we’ve had these previous episodes that were very specific areas that are-, well, it’s the way I like to think of it. Marketplaces, forums, ransomware leak sites. It’s quite easy to start to categorize these tour sites into these buckets but obviously the dark web is vast and has a lot of strange things on it that don’t necessarily fit into these very clearly defined areas. I wanted to ask you guys, you know, what are the areas of the dark web that maybe our listeners won’t have heard of before? Won’t have come across? Maybe never want to come across but maybe should know about?

Carlito Perschky: A personal one that really stood out to me, I saw maybe in my first two years as starting as an investigator for the Yorkshire & Humber Regional Organized Crime Unit, was a website titled Pee-Pick Of The Day. It was just a webpage with an image of an individual in a public stall. Nothing inherently poor about it. No genitalia or anything of that nature. Just a picture of an individual in a public place to urinate.

Aidan Murphy: That is a particularly strange area of the dark web, I would say. Did that come up in the course of an investigation?

Carlito Perschky: You know, I believe at the time we called it Horizon scanning. Going and looking at new websites and just finding if there were any investigative lines there. To a degree, I suppose you could but there was no other real information unless you were particularly good at identifying what bathroom tiles look like, perhaps, and where they could be located in certain countries. A very niche set of skills which unfortunately I didn’t manage to cultivate in my time.

Aidan Murphy: Rob, any areas of the dark web that maybe the listeners may not have come across or heard of before?

Rob Fitzsimons: So, I do have a particular favorite on this which I fortunately stumbled across after a, sort of, slightly-, the investigation is the slightly darker side of the dark web, so I needed something a little bit more uplifting and not necessarily what you would assume to be on the dark web. It was a site called GetGnomed, as in the little garden gnome that you would have. It doesn’t exist anymore, the site is down, unfortunately, but essentially it was a fairly humorous service that was supposedly being provided from the dark web where they had different categories and you could essentially request a service to have an individual, be it a friend or an enemy, gnome in some way shape or form. If I remember right, they had, say, multiple services. One of the lower tiers started at about 500 bucks, so you could get an individual gnome. It would simply be their front lawn would be filled with gnomes which, kind of humorous, I imagine it would be infuriating if it happened to me. But, you know, you tidy them up and it’s forgotten about. The increment in tiers had-, I think one was called something like Cursed Gnomes or Gnome Haunting, and you’d start off with a single gnome. If you removed that, the next day there would be two and then four and then eight and they would multiply day after day to essentially, kind of, terrorize someone in one of the nicest and most harmless ways possible. It was quite weird.

But to go back to one of the points that Carlito made earlier, I’m pretty sure-, and, you know, you can find this widely reported on the internet, it does seem like a hoax. I mean, I can’t imagine anybody is going to spend 500 dollars to try and get a bunch of garden gnomes put in their friend’s garden, but this started and was widely covered on TikTok by an individual and it seems like they probably started it off initially. Started recording it and trying to get a load of traction. They made loads of videos, hundreds of thousands of views, but, as I say, that point Carlito made earlier, that sounds really interesting. It went viral. It’s an insight into the dark web that a lot of people don’t see. A really light-hearted insight into the dark web which can often be that stepping stone for people trying to get into it and then, ultimately, go down certain avenues and find other things that they potentially weren’t looking for. But, yes, for me, GetGnomed is probably the best site on the dark web.

Aidan Murphy: I’d never heard of that before. That’s fascinating and it sounds like a horror movie. I’m not sure that is an innocent use of the dark web, to be honest. I would be terrified if a collection of gnomes appeared on my door step every morning. I guess both of your stories illustrate that there are, just, weird, quite funny use cases out there. You have both also drawn out the more serious element. I might just finish off by asking, why is it important that people know about these areas of the dark web? Maybe not the gnome site but, in particular, about what is out there and what’s on the dark web? From your perspective, why is it relevant to them? Rob?

Rob Fitzsimons: From my perspective, in the investigations that I’ve been involved in and the sort of use cases that a number of our customers are involved in, there is a growing criminal activity within the dark web eco system. We see a lot of activity. Again, relating to things like the crypto addresses. It is being leveraged for more-, provide that pseudo anonymity around these activities. It’s allowing people to more readily access sites, buy services, conduct criminal, malicious-, elicit activities. Ultimately, there’s things happening. Everything from ransomware groups or threat actors developing exploits through to, you know, data being released on the dark web after a company has been breached and anything in between. It’s all of those pieces combined, depending on your specific use case, that you can start deriving value from. Investigating an individual, monitoring a ransomware group, understanding what’s happening so that we can ultimately have informed decisions about what we may need to do, from a cyber security perspective, protect our organizations. From a law enforcement perspective, identify individuals. Track activities and understand what is happening.

Aidan Murphy: Brilliant. Okay. Well, in the next episode we’re going to look at what cyber security professionals and law enforcement can do to crack down on the more criminal element so, again, if you’re interested in that, stay tuned. You can find that episode already in your podcast feed but this seems like a good time to draw a line under this episode of the dark dive. A big thank you to Rob and Carlito for joining me and if you can’t wait to find out more, remember to follow us for free on Apple podcasts, Spotify and whatever podcast app you have on your device. If you’d like to get in touch with us at Searchlight Cyber, you can find our social media account and email address in the show notes or you can find plenty of information on our website www.slcyber.io. Until next time, stay safe.