Evgeny Voloshin, director of the BI.ZONE expert services unit, a cybersecurity expert, explains: “The prefix “dark” in the word “darknet” does not necessarily mean belonging to something illegal, it only says that this is a segment of the Internet where everything works a little differently. I would translate it as the “reverse” rather than the “dark” side.”
In addition to shadow forums with illegal activities, the darknet includes a large number of resources that are not used to commit something illegal: libraries without state censorship, analogues of social networks, portals for communication and much more.
How do intelligence agencies search for people on the darknet?
“It is important to remember that the darknet is trying to deanonymize not specific users, but the servers on which they communicate. Let’s say I host a server in New Zealand, but make it accessible only via Tor. While no one knows where it is located, everything is fine, — says Sergey Nikitin, deputy head of the Laboratory of Computer Forensics and research of malicious code Group-IB. — As soon as this becomes known, the special services will come to the hoster and seize the server and all the data on it. The log will show who visited the server, who is its administrator, lists of users and messages. Deaninomize the server, as a rule, due to incorrect site or browser settings: as a result, some of the data is transmitted over the open Internet, and they can be tracked.”
According to Nikitin, specific users are searched for much less often, since there is much more data on the server. Such opportunities are available only to special services that use SORM (a set of technical measures for access to mobile and network traffic), and only if users exchange traffic within the same country.