Surfing the darknet — the part of the internet that lies beyond a normal web browser's reach, and is a haven for an astonishing amount of criminal commerce — has never been easier, or more popular.
Users access the darknet via The Onion Router, or TOR, which disguises a their identity by routing traffic through a complex network of servers.
While not everything that happens there is criminal (Facebook said that more than a million people now access via TOR every month, up from half a million less than a year ago, often activists living under totalitarian regimes), the criminal activity is what stands out to a visitor.
"The darknet is going mainstream," said Radware security researcher Daniel Smith.
About 2 million people use TOR every day, with 95 percent of that traffic going to the regular internet and 5 percent to the darknet, said a spokesperson for TOR.
Undeniably, the darknet is exploding in popularity among criminals. Cybercrime is big business, and is projected to grow to $600 billion this year, outpacing any other form of crime including the drug trade, according to the the United Nations Office on Drugs and Crime.
Law enforcement has taken notice. "It is a world full of criminals, which is why investigators for the FBI and our partners spend a whole lot of time there," said FBI Director James Comey in congressional testimony in September 2015.
You can hire people to hack different things, you can hire people to kill people, which is pretty scary."
-Daniel Smith, Radware security researcher
The FBI maintains a list of "Cyber's Most Wanted" criminals, and authorities have had some success prosecuting illegal darknet activity. In February 2015, Ross Ulbricht — the owner and operator of the Silk Road website — was convicted and sentenced to life in prison.
The site was used by more than 100,000 to buy and sell hundreds of kilograms of illegal drugs, goods and services. The operator of copycat website The Silk Road 2.0 was also arrested and charged. A Silk Road 3.0 is reportedly now in operation.
A vast array of illegal products and services — from hit men to hackers — can be found almost in plain sight. Assisting in all this grim commerce is bitcoin, which has made it easier than ever for anyone to do businesses anonymously.
The cryptocurrency has largely replaced other payment methods — stolen credit cards, wire transfers and PayPal — as the preferred method of payment. Savvy criminals run their bitcoin through a "fogger" to anonymize their bitcoin so it cannot be traced back to an individual wallet. "It's kind of like money laundering," said Smith.
Accessing the darknet has never been quicker and easier. Users download a darknet browser, such as the Tor Browser, launch the application and start surfing, which takes less than 10 minutes. On the Tor Browser, users can either surf the regular internet (or "clear net") anonymously, or access sites hosted on the darknet. Web addresses on the darknet consist of a random string of numbers, followed by a ".onion" extension (instead of the typical extensions found on the regular internet, such as ".com" or ".org," for example).
There are a number of websites on the clear net that provide directories of .onion sites, such as Hidden Wiki and Reddit. Warning: The links provided on those sites should be approached with extreme caution.
"It's really up to the user to decide what they report to the authorities or breached companies," said Smith. "It's important to report any child pornography-related material to the authorities immediately to avoid legal repercussions from accidentally viewing the abusive material."
"When you start seeing ads for 'hard candy,' you are walking into the danger zone," he said. "It escalates very quickly." ("Hard candy" in this context is slang for child pornography.)
"Steer clear of child porn and be careful about what is looked at, but the mere existence of these sites is typically not a requirement for a web surfer to report it," said Ben Johnson, chief security strategist at security firm Carbon Black.
"I don't recommend interacting with the individuals on these forums nor do I recommend trying to purchase or engage in any of these illegal materials or services," he said.
The criminal side of the darknet would be shocking to most normal people. A hit man can be hired for between $5,000 and $200,000. Buying a hit on CEOs and minor celebrities costs $30,000, on average, though there is a good chance some of these sites are fake, or could be government fronts looking to catch criminals, said Smith.
"You can hire people to hack different things, you can hire people to kill people, which is pretty scary," said Smith.
There are a number of TOR search engines vying to be the Google of the darknet, a complex challenge given the uniqueness of .onion web addresses, said Smith. For example, Torch has indexed almost a quarter of a million sites which it can search in 0.4 second, said Smith. Like Google, Torch is ad-supported — its landing page features an ad for hacked PayPal accounts and credit cards.
Grams — which looks a lot like Google — mainly searches for websites selling drugs, but those sites sometimes also sell products such as malware or software tools to exploit computer system flaws.
Drug cartels and the associated gang warfare also has moved online, with attacks being launched against competitors' websites to take them offline. By selling directly to users, dealers are slashing risk, cutting middlemen and boosting profit margins.
Doctor Drugs, a site which sells cocaine, ecstasy, speed, Ritalin and guns, includes a lot of detail about the products, including potency. A kilo of speed costs 3.9 bitcoin (around $1,800) — about the equivalent to street value, said Smith. The "Doctor" advertises a knowledge of stealth shipping and even posts shipping times. It is likely based in the Netherlands, given it can ship to anywhere within the Netherlands in one day, said Smith.
Alpha Bay is effectively the Amazon of the darknet. It sells a huge variety of products and services,including chemicals, counterfeit watches, hacker manuals and malware. Like savvy shoppers in the real world, cyber criminals research different products,for example botnets, on different marketplaces before making a purchase, said Smith.
The rise of extremely powerful botnets — enslaved computers used to complete specific tasks — is relatively new, said Smith.
These infected computers can be used to flood a webpage with traffic and knock it offline, spread viruses, steal passwords and send spam email. The enabling software can be bought straight up, or criminals can rent or learn how to build one.
Even students are getting malware here, said Smith. For just $20 students can rent a botnet that attacks school computers so they can register for classes while others cannot.
I don't recommend interacting with the individuals on these forums nor do I recommend trying to purchase or engage in any of these illegal materials or services
"You can hire people to hack different things, you can hire people to kill people, which is pretty scary."
-Ben Johnson, Carbon Black chief security strategist
A casual browser might think this all seems extremely vulnerable to law enforcement. But, as a user moves further into the underworld, they generally adopt measures to protect anonymity. For example, most of the vendors use Pretty Good Privacy (PGP), a popular program for encrypting and decrypting email. It allows users to communicate privately using without having to worry about law enforcement — or security researchers — being able to intercept and read messages.
There are also education services aimed at helping bad guys evade detection.
"They are saying, "We know you are going to be doing some bad things, you're probably going to have the FBI coming after you — let us help secure your network or your servers or help you figure out how to protect your identity," said Johnson.
Some of the forums where hackers talk openly require new members to commit a hacking crime to prove they are legitimate criminals. Others require new members to present invite codes from two separate vendors before granting access. There is a lot of smack talking on the forums and the alpha male ego is never far from the surface, said Smith.
"Also, you will see really kind-hearted individuals that want to teach you how to run an attack, which I find interesting every time — that someone is willing to take time out of their day to teach another person how to commit a huge crime," he said.