Terrorists and dark web, what is their relationship?

A new study reveals that terrorist organizations are largely uninterested in using resources and services hosted on the dark web.

Every day I receive a lot of requests about terrorist activities in the Dark Web, and contrary to what you might think anonymizing networks like Tor and I2P aren’t cyber places preferred by terrorist organizations. My experience is supported also by studies conducted by colleagues involved in the same analysis.

On the other side, law enforcement and intelligence agencies correctly fear that the rise of the Islamic State will be associated with an increasing use of the anonymizing networks that makes hard investigations.

A few hours after the 13 November 2015 attacks in Paris, security experts found in the Tor Network a new propaganda hub.

The website was containing translations in English, Turkish, and Russian of content shared by the members of Daesh claiming credit for the Paris attacks.

The new propaganda center was discovered by the popular researcher Scot Terban (aka @krypt3ia ), who reported it to the colleagues at Salted HASH.

The expert noticed a post that explained the need to create a new hub for propaganda, this is the response to the numerous operations against other websites used by the ISIS that were seized by law enforcement or targeted by hacktivists online. The terrorists decided to move on the Darknet to make the Daesh more resilient to take over attempts.

According to the study conducted by Daniel Moore & Thomas Rid, and titled “Cryptopolitik and the Darknet,” terrorists and radical groups hardly use darknets.

The researchers developed a web crawler that allowed them to analyze and classify about 300,000 hidden services on the Tor network. Below the results shared by the researchers:

The experts explained that terrorists prefer to share propaganda content on the Surface Web in order to reach a wider audience, including wannabe terrorists and the curious interested in the activity of radical groups.

Another problem when dealing with anonymizing networks it must be considered that they are not stable and often very slow. Be careful, this doesn’t mean that terrorists don’t use the dark web, instead, experts highlighted that militants of groups like the ISIS commonly use Tor to anonymizing their navigation on the Internet.

“The darknet’s propaganda reach is starkly limited, not least because novices may be deterred by taking an ‘illicit’ step early on, as opposed to simple, curious Googling. Hidden services, secondly, are often not stable or accessible enough for efficient communication; other platforms seem to meet communication needs elegantly. Islamic militants do commonly use the Tor browser on the open internet, however, for added anonymity.” states the study.

The researchers noticed that jihadists online are not very active, for example on the Tor network it is very difficult to find extremist content on the dark web forums.

“One noteworthy finding was our confirmation of the near-absence of Islamic extremism on Tor hidden services, with fewer than a handful of active sites,” states the study.

Terrorists use the web for propaganda and recruiting, two goals that could be easily achieved maximizing the results by using social media platforms such as Twitter and Facebook.

The study conducted by the researchers confirms the dark web host a significant portion of services used by criminal organizations to propose their products and services, including “drugs, illicit finance and pornography involving violence, children and animals.”

1,547 of the 2,723 active sites of the dark web analyzed by the researchers were used for illicit services.

It’s my opinion that in the next months a growing number of hidden services will be managed by terrorist organizations, mainly for propaganda and to share applications and services.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Dark Web, Terrorism)