The Dark Web of Crime

Do you have to be a nerd to write about cyber criminals? It can’t hurt. Just as with a police procedural or legal thriller, if you’re going deep into the woods, you need to know the terrain. But even little things can trip you up. We all know that cartridge cases won’t be left behind by a revolver, but what kind of evidence is (or is not) left by computers?

That’s what Dylan Proulx discussed at the September meeting of the Rocky Mountain chapter meeting of the MWA as he peeled away the layers of the internet.

dylanatlecternDylan Proulx started professional programming in the late ’90s working on Y2K projects for CARL corporation, a library-automation company. He has since worked for, ESPN, a bank, and most recently ADT. He has taught company-wide web security classes at, and once was given a parking spot for “dedication to security” (where he was promptly ticketed for parking in a reserved spot).

The first layer of the worldwide web is what Dylan calls “The Surface Web.” That’s where we spend most of our surfing time and where most internet content resides. As Dylan puts it, it’s anything you can find with a Google search. Those websites reside on Domain Name Servers that have digital IP addresses such as, which is a whole lot less user-friendly than But since machines are talking to one another, it makes perfect sense to them.

Literally millions of times a minute, robot programs search the internet looking for all the servers they can find and process that information to build searchable databases for curious surfers. And when a searcher goes searching, they leave a trail of breadcrumbs, both on the user’s machine and on their web browser. This information is hugely valuable to marketers and, in the case of a sloppy criminal, law enforcement. And while you can stop the collection of some of this data with ad blockers, virtual private networks (VPNs), “in private” browsing and proxy services, much of it can be retrieved from hard drives with forensic techniques. Depending on how well you’ve masked your browsing, it may take weeks or months, though.

A second layer of the internet is The Deep Web. That’s where private information like bank accounts, government records and medical information are kept and is a primary target for hackers trying to steal sensitive information. These are the places that are only accessible with passwords, and hackers go to great lengths to get their hands on them for financial gain or more sinister reasons like stalking and luring. Typical methods of hacking include intercepting transmissions on open Wi-Fi networks, “phishing” for information with phony requests for personal information, or “spoofing” legitimate requests by impersonating trusted sources.

Parts of the Deep Web, certain government and financial records, for instance, are also legitimately accessible through subscription services like Lexis-Nexis, Equifax, and IRBsearch and are commonly used by reporters, law enforcement, and private investigators.

So where do the smart crooks go to hide on the internet? They head for the Dark Web, a corner of the internet that can’t be found with search engines. They don’t use domain names (www.whatever addresses), so the web crawlers can’t usually find them and index them on search engines. They never link to or from other websites. And the web address is carefully guarded to prevent unwanted access. An estimated 2-15% of sites reside on the Dark Web.

But what if you don’t want to set up your own hiding place yet still want to deal on the black market? That’s where TOR comes into play. TOR is an acronym for The Onion Router project. It was started by the U.S. Navy as a way to protect internet communications by routing data through an encrypted network of multiple servers that has so many layers (hence the onion analogy) that it effectively obscures the path from source to destination, making it virtually untraceable. Aside from its originally noble uses (protecting dissidents from being tracked down by hostile governments, for instance), there are also “Hidden Services” hosted within the TOR network. These are places where you can buy drugs, counterfeit money and passports, hacked databases, weapons, or even (maybe) hit men. It’s also a source of other illegal things like child pornography. And since traditional payments are easily tracked, the currency of choice on TOR is bitcoin, a cryptocurrency that’s virtually impossible to track.

To sum up, Dylan offered these ways to keep cyber malfeasance a deep dark secret:

  • Use an inexpensive laptop, one that runs Linux or a derivative.
  • Have multiple VPNs, one for “outward” traffic and one for downloads.
  • Do all of your work in a vehicle attaching to open Wi-Fi networks, but never re-use networks.
  • Never sign in using a real identity on that laptop, ever.
  • Don’t use other devices while using the laptop.
  • Keep everything encrypted with a tool like Gnu Privacy Guard.
  • Discard the laptop at the first sign of trouble.

Forgetting any of these things could also be a character’s fatal mistake. Just make sure you get the http’s crossed and the DNSs dotted so some @jerk doesn’t drop a #Wrong! on an Amazon review page for your cyber thriller.

It was an information-packed hour, and you can hear Dylan’s complete presentation in the member section of the RMMWA website.

— Mike McClanahan