Google vs illegal search engines in dark test

Today, the internet has become an essential part of our daily life activities. It won't be false to say that today's human is incomplete without the internet.

We all have been appreciating the positive aspects of the internet for a long time. The question is that do we understand what the internet is?

The answer is No. Most of the users don't even know what they have been using for hours daily. Internet is divided into three layers.

For better understanding, a brief description of the layers is given below.

SURFACE WEB: The surface web is the peak/topmost layer of the cyber security iceberg. It is also called indexed or visible web and is well known to all of us. Our everyday daily life activities are carried out on the surface web.

• This part of the web is publicly/openly accessible to everyone, and it is indexed for search engines, e.g., Opera, chrome, Firefox, etc.
• All the data that can be found and accessed by the search engines are on the surface web.
• Usually, the legal acts are carried out on this part. It is small in size as compared to the deep and dark web.
• Only 4% content of the whole web is on the surface web.
• The surface web is used for the standard public websites, e.g., Wikipedia, Google, Bing, Facebook, Twitter, YouTube, etc.

DEEP WEB: Deep web is the middle part of the security iceberg. It is also called the invisible or hidden web.

• It cannot be accessed directly using the browsers; instead, it requires encryptions, passwords, and software to be accessed.
• It is not indexed for search engines. It is much more significant as compared to the surface and dark web.
• It is estimated to contain more than 90% of the entire web. Moreover, it is used for both legal and illegal activities.
• The deep web is used for different types of confidential information, e.g., government records, legal documents, financial transactions, etc.

DARK WEB: Dark web is the bottom layer of the security iceberg.

• It is restricted to particular browsers; hence, it is not publicly available/accessible.
• It cannot be accessed directly using commonly used browsers. As the deep web, the dark web is also not indexed for the search engines.
• It involves encrypted networks that can only be accessed using special software/browsers. It is estimated to contain about 6% of the entire web.
• A vast number of illegal activities are carried out on this part. It is used for anonymous transmissions, drug trafficking, protests, onion sites, etc.

Introduction to Darknet

As discussed above, Darknet comprises the content available on the internet, but it is not accessible by typical users and browsers.

In other words, Darknet is a restricted area for ordinary users. Many of us are entirely unaware of what the depth of the internet is.

The web pages that we see daily are just 4% of the entire web. Whereas 90% of the web is covered by deep web, the Darknet covers the remaining 6%.

A common perception about Darknet is that only illegal activities are carried out on this platform. This concept is correct up to some extent, but not completely.

Criminal activities are done on the Darknet. So, law enforcement agencies, intelligence agencies, police, surveillance groups use it to track down criminals.

The prominent feature of Darknet is its hidden identity. While surfing on Darknet, you are entirely hidden and masked automatically with all the security measures intact.

There is no need to use VPN or any such tool to mask your IP etc. Tor will automatically do that for you.

The contents of the Darknet are not publicly available. They are restricted to special browsers. We cannot access Darknet using the commonly used browsers. A particular browser called Tor Browser is used to access the Darknet.

Illegal Search Engines

• Using Illegal Search Engines
• Getting into the Darknet

As I have already mentioned in the start, Darknet cannot be accessed using standard browsers. It is restricted to specific browsers, especially Tor.

Similar to the browsers, it also required specialized search engines. Not all web pages are available on common search engines, e.g., Google, Bing, etc.

We didn't check the countries' restrictions to define if any listed browsers are illegal by law; thus, we can't conclude on that matter.

Nevertheless, since they are commonly used to access unlawful and potentially unsafe content, we called them "illegal" for the purpose of the article.

Legal search engines, in this case, those are not accessing the Deep or Darknet as well as avoiding indexing (or showing within results) non-safe content.

Using Illegal Search Engines

Multiple illegal search engines can be used to access the Darknet. Some of them are as follows:

• DuckDuckGo
  • Link: http://3g2upl4pq6kufc4m.onion/
• notEvil
  • Link: https://hss3uro2hsxfogfq.onion/
• Candle
  • Link: http://gjobqjj7wyczbqie.onion/
• Gibiru
  • Link: https://gibiru.com/
• Torch 
  • Link: xmh57jrknzkhv6y3ls3ubitzfqnkrwxhopf5aygthi7d6rplyvk3noyd.onion
• Ahmia
  • Link: Ahmia. fi
• Parazite
  • Link: http://kpynyvym6xqi7wz2.onion
• The Hidden Wiki
  • Link: https://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page
• Tor Links
  • Link: https://torlinkbgs6aabns.onion/
• HayStack
  • Link: https://haystakvxad7wbk5.onion/
• WWW Virtual Library
  • Link: http://vlib.org

All the above search engines can be accessed simply by clicking on the attached link.

Getting into the Darknet

We are ready to get into the Darknet by searching for the desired search engines, leading to the illegal areas of Darknet.

I have demonstrated the access for some of them below:

Accessing Ahmia Search Engine

• Accessing Gibiru Search Engine

• Accessing haystack Search Engine

• Accessing Hidden Wiki Search Engine

• Accessing OnionLinks Search Engine

• Accessing Torch Search Engine

• Accessing WWW Virtual Library Search Engine

All the above-shown search engines can be used to access any illegal content on the Darknet. This is how we access the illegal areas.

USING/COMPARING ILLEGAL & LEGAL SEARCH ENGINES

• Searching Cocaine Drug on Torch Search Engine (Illegal)
• Searching Cocaine Drug on Google (Legal Search Engine)
• Searching Fake USA Citizenship on Torch Search Engine (Illegal)
• Searching Fake USA Citizenship on Google (Legal Search Engine)
• Searching Fake UK Passports on Torch Search Engine (Illegal)
• Searching Fake UK Passports on Google (Legal Search Engine)

A list of some illegal search engines is given in the above section.

All these and many other similar search engines are used to access information beyond the scope of the common browsers, i.e., Google, Bing, etc. We can compare the usage of both types of engines by demonstration.

Let’s try accessing the same information from both search engines, legal and illegal.

Searching Cocaine Drug on Torch Search Engine (Illegal)

• We got the following results. Everything is open and easy to access by clicking on any tab being shown on the screen.

Searching Cocaine Drug on Google (Legal Search Engine)

A clear difference can be seen in the search results of Google and the torch search engine. Google does not provide us the direct links or information which is considered illegal or dangerous.

On the other hand, the Torch search engine took us directly to the drug stores.

Searching Fake USA Citizenship on Torch Search Engine (Illegal)

Searching Fake USA Citizenship on Google (Legal Search Engine)

We can see that the search results on google provide us only the legitimate results. It shows the results related to legal firms and lawyers etc.

Hence, it does not give deeper information. On the other hand, the Torch search results provide us with the exact results for fake citizenship.

Searching Fake UK Passports on Torch Search Engine (Illegal)

When we search "fake UK passports" on the torch search engine, it gives us the following results:

In the above results, the torch has provided us with numerous links to buy UK passports. Although these are fake passports, this data is added to the UK immigration database.

This allows the holder of such a passport to travel freely without any hindrance.

Searching Fake UK Passports on Google (Legal Search Engine)

Now, let us try searching the same keyword on Google.

Here, we can see that instead of providing us the links or sites for getting the UK passports, google has shown us some news regarding UK passports. Although the searched keyword was the same, the results are different.

This justifies the difference between web pages available on legal and illegal search engines. It also proves that illegal search engines such as torch can access the webpages beyond the scope of legal search engines.

Safety concerns regarding illegal areas of Darknet

Since the start of this article, we have discussed many different aspects of Darknet. Security has always been the most important concern in such domains. Darknet is a platform that can be used for both legal and illegal activities.

Unfortunately, it is primarily being used by illicit merchants, traders, hackers, spies, different harmful organizations, and much more. This generates a major security threat for every user on Darknet.

You might get compromised even without getting involved in anything illegal or harmful. The reason is that there are numerous hackers and bad-intended people out there on Darknet.

They have the sole purpose of finding and attacking or harming an innocent user on the Darknet. Many innocent people take this as fun and fantasy. In this excitement, they don't consider the security protocols and directly jump into the Darknet. This can lead to their system's breach.

There is a high chance that some attacker might attack them. This can result in data, financial, or privacy loss. An attacker can also put in some ransomware, resulting in encryption of everything. Then, the attacker might demand a heavy amount to normalize everything.

There is also another case in which the user interferes with something dangerous. For example, a novice user, who is not much aware of the Darknet, is surfing on it and accessing something they were not supposed to. It can be related to any law enforcement agency, intelligence agency, terrorist organization, police, hackers, or anything like that.

The user may unintendedly enter an unauthorized area that is being monitored. What would happen next? The victim will respond beck. There is a high probability that the other end-user may be an expert or daily life darknet user. He can cause something hazardous for this innocent user.

Therefore, while accessing the Darknet, all such security concerns must be kept in view. You should always keep yourself limited to what you are concerned with. Excessive roaming can lead to harmful effects, as discussed above.

Introduction to Tor

• Concept of Tor
• Tor Networks

Darknet is accessed by a special browser known as Tor. Tor stands for “The Onion Router”

It got the name "onion" because it is based on the concept of layers as found in the onion. Tor, as open-source software, ensures anonymity.

Image source – torproject.org

Concept of Tor

The sole purpose of Tor is to hide the original identity.

An attempt to access the illegal areas of Darknet without Tor can result in the reverse action.

This reverse action can be a cyber-attack or penetration in your system by someone from the Darknet. This may result in severe damage to the system.

Therefore, the concept of Tor was introduced in 2002 by The Tor Project. Some prominent features are:

• It keeps on updating from time to time. Its last release was on 15 August 2021.
• Tor is openly available for all Windows and Linux systems free of cost.
• Tor has been developed using C, Rust, and Python languages.
• It uses BSD 3-Clause License.
• Tor has multiple types. Some of them are:

1. Mix network
2. Onion router,
3. Anonymity application
4. Overlay network

Tor Networks

• Tor networks are different from common networks.
• It avoids direct access; rather, it involves multiple intermediate nodes.
• It uses encryption at the Application layer level. That is why a Tor network looks like the layers of an onion.
• These intermediate nodes resemble those layers. Tor network routes all the traffic over a network consisting of around 7000 relay nodes.
• This routing conceals the original user's identity from any analysis or surveillance.
• It becomes almost impossible for an attacker, monitor, or analyst who keeps track of the entire communication to track down exactly who the user is and what they are doing.
• Hence, it makes it completely safe to surf independently and carry out private communication and deals.

Image source – bizety.com

As you can see in the above diagram, we have:

• Web client (the user/source)
• Web server (the destination)
• Routers
• Tor nodes

The first node from the client-side in the tor network is called the entry node. Similarly, the last node in the tor network is called the exit node.

1. The web client establishes a tor network connection and approaches the server.
2. The traffic from the client is routed to the server.
3. The key point is that instead of approaching the server directly, the traffic is routed over a network of multiple intermediate nodes.
4. The traffic from the client is first routed to the entry node.
5. The entry node is routed through various nodes from all over the world, and finally, it reaches the exit node. All this traffic remains encrypted from client to exit node.
6. Once it reaches the exit node, it is routed to the destination server in unencrypted form. The response from the server also travels back to the client in the same way. This method keeps the identity of the web client hidden.
7. Since many nodes are involved in this communication, the traffic monitor cannot judge which node is producing this traffic or where it is going. Hence, the intended source and destination remain masked.
8. Also, the traffic is encrypted, so the security is enhanced. The only possible interception point can be from the exit node to the server because the traffic is not encrypted.
9. Even this interception won't reveal the identity of the original sender because they are far behind the intermediate nodes and that traffic is encrypted.
10. The monitor/analyzer will only correctly locate the last node (exit node), which is not the real source. Hence, the entire communication is perfectly safe and secure.

Installing Tor browser

• Creating Tor Connection
• Getting Ready to Surf Inside Darknet

I will be using Kali Linux to perform all these demonstrations.

• Tor browser is available for download at www.torproject.com
• You can simply search on google "download tor browser."

• Now open the first tab – "Download – Tor Project."

• Here, you will get four options regarding your platform. Choose your respective platform. Since In my case, I will choose "Download for Linux."
• As you click on "Download for Linux," you will be directed to another page about success, and the download will start immediately.

• Now, the download has started successfully.
• Once the download has been completed, you will see a zipped folder named “tor-browser-linux64-10.5.8_en-US.tar” in your downloads.

• Now extract this folder as your desired location. Upon extraction, you will get a folder as shown below:

• On opening this file, you will see a folder named Browser and the browser application called “start-tor-browser. desktop” inside this folder.

• Tor browser has been installed successfully. Now open the start-for-browser. Desktop to start the Browser.

Creating Tor Connection

Once you open the Browser, you will see the following interface.

• For creating a tor connection, click on “Connect”.
• You will get this page every time you open your tor browser. If you don't want to do this every time you open the Browser, simply check the Always connect automatically button. Now, for the next time, the Browser will automatically create a tor network without asking you.
• Once you click the Connect button, the connection will start to establish.

• As the connection establishes, you will see the following interface.

• The default search engine of the Tor browser is DuckDuckGo.

You can also check your circuit diagram, which shows the pathway of your connection. By seeing this, you can verify the concept of relays and onion routing.

• Here you can see that my Browser is not directly connecting to the duckduckgo.com server. Instead of doing so, the traffic from my Browser is directed to the Czech Republic. This is my entry node. Furthermore, the traffic is routed through Romania, United States, and finally to the duckduckgo.com server.
• You can also change this path by clicking on New Circuit for this Site button. The demonstration is as follows:

• Here you can see that my circuit path has been changed. Although I am accessing the same server, the path is different now. This time, my traffic is routed from the Czech Republic, France, Switzerland, and finally to the duckduckgo.com server.

Ready to Surf inside Darknet

Now, we are all set to surf into the Darknet and see the hidden world.

Conclusion

Since the beginning of this platform, it has evolved from time to time. The previously used onion sites (v2) are no more in use.

Nowadays, v3 onion sites are working. Similarly, in the times to come, it is expected to grow and evolve to the next level, adding the features to explore the hidden world better.

On the other hand, as the systems are growing day by day, the risk of security threats increases at an alarming rate. With the growth of such platforms, future security challenges might be complex compared to those facing now.

Still, the industry is continuously working over such things, and soon, we hope to see much more secure and safe methods and techniques for such platforms.