In the recent tradecraft training, How to Use the Dark Web for Your Investigations, we addressed the basics of the dark web and precautions when venturing out into its murky depths. Here is the Q&A from the webinar.
While a VPN is a good place to start, it doesn't offer complete protection because the webcode is still executing directly on your machine, and the VPN service can still lead an adversary back to you, your organization, and your network. Similarly, when using private browsing (incognito mode), search engines can still track your activity through canvas fingerprinting, e-tags or tracking a mobile phone across multiple contexts using battery status API. There’s an excellent blog on what is and isn’t concealed by VPN and private browsing — check it out!
If using the Silo for Research browser, a fresh disposable browsing session is started each time you use the application. This allows you to safely access the Dark Web with no persistent tracking mechanisms. However, if you sign into a service (such as Google), activity on that service would be associated with your account.
Here’s the link to the Twitter feed for Rakesh Krishnan that we mentioned during the training. Rakesh describes himself as the person who “sheds light on the dark web”, and has lots of useful information for investigators.
Authentic8 is prohibited from offering you legal advice. Please consult your attorney or your organization’s attorney for legal advice.
With respect to the utility of viewing leaked or stolen data, investigators frequently gain useful insights from reviewing data that was obtained as a result of a compromise or fraud. Knowing what specific information was stolen as a result of a breach or leak could help with incident investigation; a list of stolen usernames and email addresses could help reveal which user accounts have been compromised and offer additional views into criminals’ motives and methods.
With respect to the utility of analyzing crypto exchanges, they can be a great tool for tracking specific transactions. If you have a cryptocurrency wallet address, you can run it through a blockchain search tool to follow the wallet’s incoming and outgoing transactions.
Additionally, you might review Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources, published by the Department of Justice Cybersecurity Unit.
Yes! Silo for Research creates an impenetrable isolation layer between users and the web, delivering a remote browser session that keeps web code from reaching the environment or end device.
No! Silo for Research can be installed as a web browser application on your current computer, or can be accessed via a legacy web browser without any installation or changes to the endpoint. Silo’s isolation technology conveniently allows use of your existing computer to safely access needed web content without attribution.
Silo uses managed attribution to allow researchers to spoof their location, manipulate their hardware and software fingerprints, and to collect, annotate and securely store internet-based data – even on the dark web – without exposing their devices and networks to potential malware traps or revealing their intent. No need to maintain a separate infrastructure or “dirty” networks – once the session is closed, Silo safely disposes of all potentially dangerous content.
Silo for Research gives investigators the appearance of being an ordinary, everyday internet user. Nothing distinguishes an investigator from a person using a traditional internet service or a regular commercial browser.