Studies in Conflict & Terrorism

ISSN: 1057-610X (Print) 1521-0731 (Online) Journal homepage: http://www.tandfonline.com/loi/uter20

Going Dark: Terrorism on the Dark Web

Gabriel Weimann

To cite this article: Gabriel Weimann (2016) Going Dark: Terrorism on the Dark Web, Studies in
Conflict & Terrorism, 39:3, 195-206, DOI: 10.1080/1057610X.2015.1119546

To link to this article: http://dx.doi.org/10.1080/1057610X.2015.1119546

Accepted author version posted online: 18

Nov 2015.
Published online: 22 Dec 2015.

Submit your article to this journal

Article views: 1292

View related articles

View Crossmark data

Full Terms & Conditions of access and use can be found at

http://www.tandfonline.com/action/journalInformation?journalCode=uter20

Download by: [Uniwersytet Jagiellonski] Date: 17 July 2016, At: 12:46

 STUDIES IN CONFLICT & TERRORISM
2016, VOL. 39, NO. 3, 195–206
http://dx.doi.org/10.1080/1057610X.2015.1119546

Going Dark: Terrorism on the Dark Web

Gabriel Weimanna,b
a
Department of Communication, University of Haifa, Haifa, Israel; bSocial Sciences, NYU–Shanghai,
Shanghai, China

ABSTRACT ARTICLE HISTORY

The terms Deep Web, Deep Net, Invisible Web, or Dark Web refer to the Received 14 October 2015
content on the World Wide Web that is not indexed by standard search Accepted 8 November 2015
engines. One can describe the Internet as composed of layers: the
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

“upper” layer, or the Surface Web, can easily be accessed by regular

searches. However, “deeper” layers, the content of the Deep Web, have
not been indexed by traditional search engines such as Google.
Michael K. Bergman who wrote the seminal paper on the Deep Web,
compared searching the Internet to dragging a net across the surface
of the ocean: a great deal may be caught in the net, but there is a
wealth of information that is deeper and therefore missed. In fact,
most of the Web’s information is buried far down on sites, and
standard search engines are unable to access it.

Too much focus on closing down websites could also be counter-productive, since it likely forces
terrorist to go underground to the so-called [dark] or hidden web.
—Mark Burgess, Director of the World Security Institute, Brussels, 20071

During the early days of the Internet, online information was easily indexed and there was
no difficulty for users to access it easily. However, as the usage of the Internet expanded, con-
ventional search engines were able to retrieve static pages but proved inefficient for dynamic
pages. A static page is one linked to other pages on the Internet while a dynamic page is
linked to a particular web-page and can be retrieved only through targeted queries or pro-
grams. This created a gap between the static and dynamic web-pages on the Internet and the
chasm started to widen as time passed. Thus, already in 1994, Jill Ellsworth coined the
phrase “invisible Web” to refer to information that remains “invisible” to queries of conven-
tional search engines used at that time. In 2001, Bergman coined another term, “Deep
Web,” commonly defined as informational content on the Internet that is: (a) inaccessible
through direct queries by conventional search engines; (b) accessed only through targeted
queries or keywords; (c) either not indexed or unable to be indexed by conventional search
engines; (d) protected by security mechanisms like login IDs, passwords, membership regis-
trations, and codes.2
It is almost impossible to measure the size of the Deep Web because the majority of its
information is hidden or blocked. While some early estimates put the size of the Deep Web
at 400–500 times that of the Surface Web,3 “the changing dynamic of how information is

CONTACT Gabriel Weimann weimann@soc.haifa.ac.il Dept. of Communication, University of Haifa, Israel.

© 2016 Taylor & Francis Group, LLC
 196 G. WEIMANN

accessed and presented means that the Deep Web is growing exponentially and at a rate that
defies quantification.”4 According to a study published in Nature, Google indexes no more
than 16 percent of the Surface Web and misses all of the Deep Web. Any given search turns
up just 0.03 percent of the information that exists online. As RAND Corporation expert Lil-
ian Ablon noted, “Everything above the water is what we would call the surface web that can
be indexed through Google or you can find through a search engine. But below the water
that huge iceberg is 80% bigger than what is above the water, that’s the deep web, that’s the
part of the web that’s not indexed. There is so much of the web that we can’t just Google for;
it’s dark to us, it’s dark to Google.”5
The deepest layers of the Deep Web, a segment known as the Dark Web, contain content
that has been intentionally concealed. The “Dark Web” can be defined as the portion of the
Deep Web that contains generally illegal and anti-social information and can only be
accessed through specialized browsers. Thus, for example, the Dark Web is used for material
such as child pornography, unauthorized leaks of sensitive information, money laundering,
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

copyright infringement, credit card fraud, identity theft, illegal sales of weapons, and so on.
A 2014 study by University of Portsmouth computer science researcher Gareth Owen pre-
sented the results of a six-month probe of the Web’s dark layers. Owen found that the most
commonly requested types of content on these Dark Web platforms were child pornography
followed by black markets, while the individual sites with the highest traffic were dedicated
to botnet operations.6 In 2014, journalist Jamie Bartlett in his book The Dark Net describes a
range of underground and emergent sub-cultures, including social media racists, cam girls,
self-harm communities, drug markets, crypto-anarchists and transhumanists.7 In recent
years, the Dark Web has been moving toward more secretive locations due to the crackdown
of government agencies on it.
The Dark Web can be visited by any Web user, but it is very difficult to work out who is
behind the sites and the sites are not found by using search engines. Individuals can access
the Dark Web by using special software such as Tor (short for The Onion Router) or I2P
(Invisible Internet Project). Tor was initially created by the U.S. Naval Research Laboratory
as a tool for anonymously communicating online. Tor relies on a network of volunteer com-
puters to route users’ Web traffic through a series of other users’ computers so that the traffic
cannot be traced to the original user. Some developers have created tools—such as Tor2-
web—that allow individuals to access Tor-hosted content without downloading and instal-
ling the Tor software, although accessing the Dark Web through these means does not
anonymize activity. Not all Dark Web sites use Tor, but the principle remains the same. The
visitor has to use the same encryption tool as the site and—crucially—know where to find
the site, in order to type in the Uniform Resource Locator (URL) and visit. Once on the
Dark Web, users often navigate it through directories such as the “Hidden Wiki,” which
organizes sites by category, similar to Wikipedia. In the Dark Web, individuals may commu-
nicate through means such as secure e-mail, Web chats, or personal messaging hosted on
Tor.8
The Dark Web made headlines in 2015 with the hacking of the Ashley Madison database.
Ashley Madison is an online dating service for married people, under the slogan “Life is
short. Have an affair.” The company received attention on 15 July 2015, after hackers broke
into its database, stealing the personal data of some 37 million customers. Later, the group
dumped 9.7 GB worth of data onto the Dark Web including the e-mails, names, home
addresses, sexual fantasies, and credit card information of the clients. The Ashley Madison
 STUDIES IN CONFLICT & TERRORISM 197

hack is not the first time that the Dark Web has made it into the news. Perhaps the most
high-profile story is the case of the online black market Silk Road, the illegal drug market-
place which operated on the Dark Web for two years before the Federal Bureau of Investiga-
tion (FBI) shut down this website in 2013 and arrested site founder Ross Ulbricht. He was
subsequently sentenced to life in prison. The Dark Web has been associated with the infa-
mous WikiLeaks, the classified media site, as well as bitcoins, said to be the currency of the
Dark Web. Over its two-year run at the top, Silk Road made over US$1.2 billion in bitcoin.9

Terrorist Migration to the Dark Web

Terrorists have been active on various online platforms since the late 1990s.10 Paradoxically,
the very decentralized network of communication that the U.S. intelligence and defense
agencies created out of fear of the Soviet Union now serves the interests of the greatest foe of
the West’s security services since the end of the Cold War: international terror. Terrorist
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

organizations and their supporters maintain thousands of websites and social networking
platforms, exploiting the unregulated, anonymous, and easily accessible nature of the Inter-
net to convey an array of messages to a variety of targeted audiences. Numerous studies
have identified no fewer than eight different ways in which terrorists are using the Internet
to advance their cause. These range from psychological warfare and propaganda to highly
instrumental uses such as fund-raising, recruitment, data mining, and coordination of
actions.
However, the Surface Web was discovered to be too risky for anonymity-seeking terro-
rists: they could be monitored, traced, and found. The Dark Web and terrorism seem to be
made for each other—terrorists need an anonymous, hidden network that is readily available
yet generally inaccessible and invisible. The Dark Web is very beneficial for terrorist groups:
While they may lose a broad audience that is available on the Surface Web, they can exploit
the obscurity of the Dark Web to further their goals. Many of the terrorist websites and
social media on the Surface Web are monitored by counterterrorism agencies and are often
shut down or hacked. In contrast, on the Dark Web, decentralized and anonymous networks
aid in evading arrest and the closure of these terrorist platforms. Thus, the Dark Web is like a
“treasure trove” that provides terrorists with ideally secretive communication, enabling the
sharing of knowledge and instructions, posting training manuals, online recruitment, plan-
ning and coordination of actions.11 According to the London-based Quilliam Foundation,
this trend should not surprise anyone: “Attempts to block extremist material online will
always fail. …” The position paper by Quiliam about the British government’s attempts to
block extremist activity on the Web, states: “The terrorist material reappears on the Internet
as quickly as it is banished and this policy risks driving fanatics on to the ‘dark web’ where
they are even harder to track.”12 Moreover, “Islamist forums and chat rooms in English and
French are still widely available, but... a large portion of more extremist Islamic discourse
now takes place within the dark web.”13
In the past, terrorists were quick to adopt and apply every emerging online platform. In
the late 1990s, it was the use of websites. Then they added the more interactive forums, chat-
rooms and the video-sharing and picture-sharing platforms of YouTube, Instagram, and the
like. The introduction and fast spread of social media such as Twitter or Facebook were
quickly noted by numerous terrorist groups who started posting messages, videos, manuals,
and propaganda material on the popular social media. Thus, the notion of the Dark Web
 198 G. WEIMANN

with its unique advantages of anonymity, secrecy, and communicator-controlled access is

certainly more than appealing for them. In July 2015, The FBI announced that Islamic State,
or Islamic State of Iraq and Syria (ISIS) (or Islamic State of Iraq and the Levant [ISIL]), is
using the Dark Web to inspire terror attacks across the globe. FBI Director James Comey
warned that ISIS is using new forms of communication and encryption, and his govern-
ment’s current legal and technological capabilities may not be sufficient to keep up. “ISIL’s
activities on the Surface Web are now being monitored closely, and the decision by a number
of governments to take down or filter extremist content has forced the jihadists to look for
new online safe havens,” Beatrice Berton writes in a new report on ISIS’s use of the dark net.
“The Dark Web is a perfect alternative as it is inaccessible to most but navigable for the initi-
ated few—and it is completely anonymous,” Berton noted.14 Tor browser e-mail services
such as Torbox and Sigaint are popular among the jihadists because they hide both their
identities and their location.
In March 2015, jihadists posted online an e-book titled How to Survive in the West: A
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

Mujahid Guide. This is the latest in a series of e-books compiled by supporters of and
recruiters for the Islamic State. This e-book’s chapter titles include: “Hiding the Extremist
Identity,” “Earning Money,” “Internet Privacy,” “Training,” “Bomb-Making,” “Transporting
Weapons,” and “What Happens When You Are Spied On And Get Raided.” One of the
techniques discussed in the guidebook is the use of Tor when searching for and researching
jihadi topics online.15 On 11 June 2015, Virginia resident Ali Shukri Amin, who had been
arrested on 4 March 2015, admitted in court that he had operated several prolific pro-ISIS
accounts. On his sites, he provided privacy information to his followers, and referred to Tor
repeatedly. For example, when asked on 13 July 2014 “Why are people asking about how to
use TOR?” he replied, “To be anonymous online, they don’t want the government seeing
what they do and getting them in trouble.” He also advised his audience “Don’t make these
statements inside US unless you’re operating through TOR and Ghost VPN.”
Following the attacks in Paris (November 2015), ISIS has turned to the Dark Web to
spread news and propaganda in an apparent attempt to protect the identities of the group’s
supporters and safeguard its content from hacktivists. The move comes after hundreds of
websites associated with ISIS were taken down as part of the Operation Paris (OpParis) cam-
paign launched by the amorphous hacker collective Anonymous. ISIS’s media outlet, Al-
Hayat Media Center, posted a link and explanations on how to get to their new Dark Web
site on a forum associated with ISIS. The announcement was also distributed on ISIS’s Tele-
gram channel, the encrypted communication application. The messages shared links (hidden
below) to a Tor service with a “.onion” address, more commonly known as a website on the
Dark Web. The text of the forum message was:
The name of Allah the Merciful given the very narrow on the site # Asaddarat_klavh so that it is
deleting any new domain after its publication announce the launch of the site on the “Dark web”

will work for users of the Tor and users of ordinary users of the Tor link: XXXXXXXXXX link
ordinary users: XXXXXXX and we promise you that we are continuing to try to get a new range
of normal and we will publish, God willing, when you get it next to the scope of the Tor. Glory
be to God, His Prophet and the believers.

The site in the Dark Web contains an archive of ISIS propaganda materials, including its
documentary-style film, The Flames of War. The site also includes a link to the terrorist
group’s private messaging portal on Telegram.
 STUDIES IN CONFLICT & TERRORISM 199

Terrorists are always looking for newer and better applications and platforms in order to
maintain their online presence on as many outlets as possible. Our 18-year-long research
project on monitoring terrorist use of online platforms has yielded a database containing all
terrorist groups’ use of websites, chat rooms, social media, and so on.16 An analysis of the
database reveals new trends in terrorist use of the Web, including, the newest one—the use
of the Dark Web.

The Wiki-Terror Goes Darker

For over two decades, terrorists have used the Internet to provide information to fellow ter-
rorists, including maps, photographs, directions, codes and technical details of how to use
explosives, poisons, weapons, chemicals, and so on.17 The Surface Web is home to hundreds
of sites that provide online manuals on how to build chemical and explosive weapons. Many
of these sites post the Terrorist’s Handbook and The Anarchist Cookbook, two well-known
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

manuals that offer detailed instructions of how to construct a wide range of bombs. Another
manual, The Mujahadeen Poisons Handbook, written by Abdel-Aziz in 1996 and “published”
on the official Hamas website, details in twenty-three pages how to prepare various home-
made poisons, poisonous gases, and other deadly materials for use in terrorist attacks. In
addition to launching their own websites, terrorists can harness the interactive capabilities of
online platforms using chatrooms, instant messengers, blogs, video-sharing websites, and
social media such as Facebook, MySpace, Twitter, Instagram, and YouTube.18 These popular
platforms have been also used for online training and interactive instruction. The impor-
tance of these online libraries of terrorist practical knowhow led jihadists to suggest a Wiki-
pedia for terrorists. According to a SITE report, in January 2014, a jihadist uploaded on
Wikipedia Arabic material for groups including Al Qaeda in the Islamic Maghreb (AQIM)
and the Haqqani Network, and individuals such as Attiya Allah and Abu Musab al-Suri. The
same jihadist even suggested that jihadists create a “Jihadwiki.”19 In fact, the accumulating
terrorist postings of instructions, sermons, lectures, manuals, guidebooks, and so on—cre-
ated in fact a “Wikipedia of Terror.” However, this database is on the Surface Web, open
also to counterterrorism agencies, police, and security services. Not only can they monitor
the material posted, but also attempt to identify the surfers downloading material from these
sites and even “poison the well” by changing and tampering with the contents. This is when
the Dark Web became the new, alternative Wiki-Terror.
The move to the Dark Web requires basic knowledge of the Tor software and similar pro-
grams, but for those who are not familiar with these methods, there are online guidebooks.
The Hackers Handbook, for example, presents the following introduction:
This tutorial will help you access the Deep Web. What is the Deep Web? It’s essentially all of the
websites you can’t find on the internet through a normal browser or search engine. It’s all the
illegal things that aren’t allowed on the internet, such as: drug dealer directories, black market
trades, hackers, hitmen, pedophiles, and anything else you wouldn’t expect to find normally. It
is highly recommended you browse the Deep Web with firewalls on, and your webcam discon-
nected. Be wary of what you download, and browse at your own risk!20

Browsing on the Dark Web is not as simple as on the Surface Web, yet terrorists and their
followers are enjoying the free services of the Hidden Wiki. The Hidden Wiki is the name of
several censorship-resistant Tor hidden services. The main page serves as a directory of links
 200 G. WEIMANN

to other sites. As a service, The Hidden Wiki operates through the Onion pseudo top-level
domain which can be accessed only by using Tor or a Tor gateway. Its main page provides
links to other hidden services, including links to money laundering, contract killing, cyberat-
tacks for hire, drugs, and bomb making. The rest of the wiki is essentially uncensored as well
and also offers links to sites hosting child pornography and abuse images. The original Hid-
den Wiki was changed many times and duplicated to many mirrors sites since it was often
hacked.
Terrorists post on the Dark Web material detailing actions and operations. For example,
in July 2014 five websites of various Austria-based businesses have been defaced by the pro–
Al Qaeda hacking group “Al-Qaeda Electronic.” The group’s media arm, “al-Maarek Media,”
posted the claim for the attack on its social media accounts and on its account on the Deep
Web. The posting included the URLs of the targeted websites and mirrors of the deface-
ments. The content in the defaced web-pages were all identical, and have been previously
used by “Al-Qaeda Electronic” in attacks on a number of French, British, Norwegian, Rus-
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

sian, and Vietnamese websites. Later, in August 2015, a Turkish language Dark Web forum
“Turkish DarkWeb” circulated manuals for building explosives and weapons and discussed
the devices’ efficiency, impact, and suggested use.
On 27 August 2014, Al-Aan TV reported that a laptop belonging to a Tunisian member
of ISIS was captured by “moderate rebels in Syria.” According to the report, the laptop con-
tained, in addition to many jihadi speeches, thousands of jihadi documents that its owner
had published, mostly on the Dark Web. One of them was a detailed 19-page document
about making biological weapons and about spreading “chemical or biological agents in a
way to impact the biggest number of people.” A British report, entitled “ISIS Encyclopedia
of Terror: The secrets behind Islamic State’s ‘information Jihad’ on the West” revealed that a
full-scale terrorism “how-to” guide, compiled by ISIS, is hidden on the Dark Web. It con-
cludes: “British ISIS recruits are taught how use the ‘dark web’ to communicate with a global
network of terrorists.”21

Funding and Buying in the Dark Web

When software developer Satoshi Nakamoto introduced bitcoin in 2008 as an alternative
currency independent of a central authority,22 the funding of international terrorist organi-
zations was certainly not part of the original concept. But that is exactly what is currently
happening. Using the Dark Web, terrorists can raise funds for their organization and their
cause by accepting bitcoin donations that they, in turn, use for purchasing weapons in the
Dark Web black markets. For instance, “Fund the Islamic Struggle without Leaving a Trace”
is a web-page in the Deep Web, which invites donations for jihad through bitcoin transac-
tions to a particular bitcoin address. A portable document format (PDF) document posted
online under the pseudonym of Amreeki Witness, titled Bitcoin wa Sadaqat alJihad (which
translates to “Bitcoin and the Charity of Violent Physical Struggle”), is in fact a guide for
using the Dark Web for online secretive transfer of money.23 The document makes explicit
reference to dark markets like Silk Road and other Dark Net markets explaining how it is
possible to buy weapons for the mujahideen using Bitcoin and the Dark Wallet application
to “send millions of dollars’ worth of Bitcoin instantly from the United States, United King-
dom, South Africa, Ghana, Malaysia, Sri Lanka, or wherever else right to the pockets of the
Mujahideen.” A recent U.S. Treasury Department study reports that bitcoin could possibly
 STUDIES IN CONFLICT & TERRORISM 201

be used to fund terrorism: The National Terrorist Financing Risk Assessment, published 12
June 2015, includes virtual currencies on a list of “potential emerging” risks as a tool for
funding terrorism, stating that bitcoin “may be vulnerable to abuse by terrorist financiers.”24
Indeed, there is growing evidence of terrorist use of Dark Web channels for fund-raising.
The Combating Terrorism Technical Support Office (CTTSO), a division of the U.S. Depart-
ment of Defense that identifies and develops counterterrorism abilities and investigates irregu-
lar warfare and evolving threats has already noted the growing threat. A CTTSO memo from
2 January 2014 warned that “The introduction of virtual currency will likely shape threat
finance by increasing the opaqueness, transactional velocity, and overall efficiencies of terrorist
attacks.”25 In January 2015, S2T, a Singapore-based cyber-intelligence company uncovered
concrete evidence that a terror cell, purporting to be related to Islamic State and operating in
the Americas, is soliciting Bitcoins as part of its fund-raising efforts.26 The online message
from the group’s fund-raiser, a man later identified only as Abu-Mustafa declared:
One cannot send a bank transfer to a mujahid or suspected mujahid without the kafir govern-
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

ments ruling today immediately being aware. … A proposed solution to this is something
known as Bitcoin. … To set up a totally anonymous donation system that could send millions
of dollars’ worth of Bitcoin instantly … right to the pockets of the mujahideen, very little would
be done.

According to Ido Wulkan, a senior Web-intelligence analyst at S2T who has revealed this
ISIS activity: “Due to the increasing efforts of social media websites to close ISIS-related
accounts it was estimated that global jihad activists would seek refuge in the dark web.”27
Jimmy Gurule, the former undersecretary of the Treasury Department, noted that ISIS dif-
fers from other terrorist groups in that it is a self-funding organization by means of money
obtained from the sale of oil on the black market. ISIS also uses ransom and extortion to sup-
port its terrorist activities. These funds from black market oil sales, ransom, and extortion
must be laundered in order for ISIS supporters to remain anonymous and free from
apprehension.28
The Dark Web also provides terrorists with an ideal marketplace for purchasing weapons
and explosives. EuroGuns, for example, is an online dark platform that handles sales of vari-
ous weapons. For example, AK-47s—the type of assault rifle used by the Kouachi brothers
in the Charlie Hebdo attacks—are sold for $550 each on EuroArms. Moreover, several texts
such as the Terrorist’s Handbook and the Explosives Guide can be purchased on AlphaBay.
Other Dark Web services for terrorists include the supply of fake documents and passports:
Fake Documents Service, for instance, offers clients “original high-quality fake passports,
driver’s licenses, ID cards, stamps and other products” for use in the United Kingdom,
United States, Australia, and Belgium, among other countries.29 In April 2015 a 16-year-old
boy who ordered a deadly toxin from the Dark Web was sentenced in Manchester, England.
This followed an investigation by the North West Counter Terrorism Unit (NWCTU), who
had been informed that the teenager was attempting to obtain a highly toxic poison called
Abrin, which is considered 30 times more toxic than ricin.

Communicating in the Dark

Terrorists use online platforms to communicate—among themselves, with their followers,
with the mass media and the public at large. However, their communications may lead, as it
 202 G. WEIMANN

did, to identification and arrest. Thus, they see the Dark Web and other dark channels as the
safest outlets. Recently, ISIS and other jihadist groups have used new online applications
that allow users to broadcast their messages to an unlimited number of members via
encrypted mobile phone apps such as Telegram. ISIS has not had an official presence on
Twitter since July 2014, when its last accounts were shut down. Despite the pressure on its
media operation, ISIS has always proved highly resilient and adaptable: it started experi-
menting with a series of less well-known social media platforms, such as the privacy-focused
Diaspora as well as VKontakte, Russia’s largest social network, whose co-founders the Durov
brothers went on to set up Telegram in 2013. Telegram is an app for sending text and multi-
media messages on Android, iOS, and Windows devices. Telegram is so confident of its
security that it twice offered a $300,000 reward to the first person who could crack its
encryption. Built by independent developers, the Berlin-based Telegram Messenger app was
first launched for iPhone in August 2013 and for Android two months later.
On 26 September 2015, just four days after Telegram announced the launch of its new
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

“Channels” tool, ISIS media operatives on Twitter started advertising the group’s own chan-
nel dubbed Nashir, which translates as “Distributor” in English. Jihadists were attracted by
Telegram’s boast to provide a “secret chat” facility, which heavily encrypts messages user-to-
user with a unique key to avoid interception by hackers or government agencies. Al Qaeda’s
Yemen branch (Al Qaeda in the Arabian Peninsula [AQAP]) launched its own Telegram
“channel” on 25 September 2015 and the Libyan Ansar al-Shari’ah group created its channel
the following day. On 26 September 2015, a Twitter account reported that AQAP now has a
channel on the secure communications app Telegram. The channel, according to the tweet,
will be used to disseminate the group’s news and releases.
Jihadists inspired by ISIS, including a British teenager convicted in October 2015, have
used the app’s secure encrypted messaging to conduct the planning of attack. The 14-year-
old communicated with fellow Islamic State sympathizers over Telegram and exchanged
messages about a plot to attack the Anzac Day parade in Melbourne, Australia. Convinced
his messages would remain secret from the security services, he discussed the logistics of the
atrocity and the possible killing methods. It was only by chance, when the police arrested the
schoolboy over another matter and seized his phone, that the Melbourne terror plot came to
light.30 When asked about it, Telegram’s chief executive officer (CEO) Pavel Durov conceded
that ISIS indeed uses Telegram to ensure the security of its communications, but added: “I
think that privacy, ultimately, and our right for privacy is more important than our fear of
bad things happening, like terrorism.”31

Countering Dark Web Terrorism

Although the Internet has been available to the public since the 1990s, the Dark Web has
only emerged in recent years. The secretive nature of this part of the Web combined with a
lack of useful methodology designed for Dark Web data collection and analysis has limited
the capability to study and fight Dark Web terrorism. When IBM’s security division pub-
lished its security threats report for the third quarter of 2015, it highlighted the threat of
cyberattacks coming from the Dark Web, using Tor networks. Providing clear evidence that
shows that the Dark Web has turned into a major platform for global terrorism and criminal
activities is absolutely crucial in order to provide the impetus for the necessary tools to be
developed to counter it. Indeed, there has been increased interest in developing methods
 STUDIES IN CONFLICT & TERRORISM 203

applicable to this end. Already in 2008, a methodology for studying the Dark Web was sug-
gested and even tested.33 That study incorporated various data and Web mining technolo-
gies to produce the means for both comprehensive Dark Web data collection and analysis.
The University of Arizona-Dark Web project is a long-term scientific research program that
aims to study and understand the phenomenon of international terrorism via a computa-
tional, data-centric approach.33 Over the years this project generated one of the world’s
most extensive archives of extremist websites, forums, multimedia documents (images and
videos), as well as social media postings. However, with the growing sophistication of terro-
rists’ use of the Dark Web, there is a need to develop new methods and measures for tracking
and analyzing terrorist use of the Dark Web. This is the new and challenging task of counter-
terrorism agencies. Thus, for example, the Defense Advanced Research Projects Agency
(DARPA), believes the answer can be found in MEMEX, a software that allows for better
cataloging of Deep Web sites.
In early 2014, DARPA released a statement on their website outlining the preliminary
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

details of the “MEMEX program,” which aims at the development of new search technolo-
gies overcoming some limitations of text-based searches. DARPA hopes that the MEMEX
technology developed through this research will enable search engines to penetrate and
mine the Deep and the Dark Web. Envisioned as an analog computer to supplement human
memory, the MEMEX (a combination of “memory” and “index”) would poke around the
Dark Web and also tune its knowledge to specific domains of interest. As reported in a 2015
Wired article, the search technology being developed by the MEMEX program “aims to
shine a light on the dark web and uncover patterns and relationships in online data to help
law enforcement and others track illegal activity.”34 MEMEX was originally developed for
monitoring human trafficking on the Deep Web, but the same principles can be applied to
almost any illicit Deep Web activity.
In 2014, an investigation of the source code in one National Security Agency (NSA) pro-
gram called XKeyscore (revealed by the Edward Snowden leaks), showed that any user sim-
ply attempting to download Tor was automatically fingerprinted, essentially enabling the
NSA to know the identity of millions of Tor users. According to a report from the German
media outlet Tagesschau, there are nine servers running Tor, including one at the Massachu-
setts Institute of Technology Computer Science and Artificial Intelligence Laboratory. All
are under constant NSA surveillance. The NSA source code also revealed some of the behav-
ior that users exhibit can immediately be tagged or “fingerprinted” for so-called deep packet
inspection, an investigation into the content of data packages sent across the Internet, such
as e-mails, Web searches and browsing history.35
In February 2015, a special report entitled “The Impact of the Dark Web on Internet
Governance and Cyber Security,” authored by Michael Chertoff (former U.S. Homeland
Security Secretary) and Tobby Simon (president of the India-based Synergia Founda-
tion), presented several suggestions regarding the Dark Web.36 In their report, Chertoff
and Simon say “in order to formulate comprehensive strategies and policies for govern-
ing the Internet, it is important to consider insights on its farthest reaches—the deep
Web and, more importantly, the dark Web.” They also note that “”While the dark
Web may lack the broad appeal that is available on the surface Web, the hidden eco-
system is conducive for propaganda, recruitment, financing and planning, which relates
to our original understanding of the dark Web as an unregulated space.” They recom-
mend the following efforts to monitor the Dark Web:
 204 G. WEIMANN

 Mapping the hidden services directory by deploying nodes in the DHT37;

 Customer data monitoring by looking for connections to non-standard domains;
 Social site monitoring to spot message exchanges containing new Dark Web domains;
 Hidden service monitoring of new sites for ongoing or later analysis;
 Semantic analysis to track future illegal activities and malicious actors;
 Marketplace profiling to gather information about sellers, users and the kinds of good
exchanged.
Finally, there is another side to scrutinizing the Dark Web that also has benign uses. While it
can conceal terrorist communications and activities, it also serves journalists, and civil rights
and democracy activists—all of which may be under threat of censorship or imprisonment.
In countries like China, Iran, and Saudi Arabia where the network is censored or controlled,
the Dark Web provides an important outlet and platform. Thus, the alarming infiltration of
Internet-savvy terrorists to the “virtual caves” of the Dark Web should trigger an interna-
tional search for a solution, but one that should not impair legitimate, lawful freedom of
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

expression.

Acknowledgment
The author acknowledges the contribution of Prof. Jonathan Kuhn (NYU-Shanghai, China).

Notes
1. Burgess, Mark. 2007. Euro View: Internet Policing. http://worldanalysis.net/postnuke/html/index.
php?name=News&file=article&sid=656
2. Ibid.
3. Donald Barker and Melissa Barker. Internet Research Illustrated (Independence, KY: Cengage
Learning 2013), p. 4.
4. Bright Planet, Deep Web: A Primer. Available at http://www.brightplanet.com/deep-web-univer
sity-2/deep-web-a-primer/ (accessed 15 October 2015).
5. Cited in a CNN report, “Pentagon Hunts for ISIS on the Secret Internet,” 12 May 2015. Available
at http://edition.cnn.com/2015/05/12/politics/pentagon-isis-dark-web-google-internet/ (accessed
10 October 2015).
6. Gareth Owen, “Tor: Hidden Services and Deanonymisation.” Available at https://www.youtube.
com/watch?vD-oTEoLB-ses (accessed 20 September 2015).
7. Jamie Bartlett, The Dark Net (New York: Random House, 2014).
8. Kristin Finklea, Dark Web, special report for Congressional Research Service, 2015. Available at
http://www.fas.org/sgp/crs/misc/R44101.pdf (accessed 10 October 2015).
9. Evander Smart. “The Dark Web: A Closer Look at one of the World’s Largest Bitcoin Econo-
mies,” The Cointelegraph, 29 September 2015. Available at http://cointelegraph.com/news/
115355/the-dark-web-a-closer-look-at-the-worlds-largest-bitcoin-economy (accessed 10 October
2015).
10. Gabriel Weimann, Terror on the Internet (Washington, DC: United States Institute of Peace,
2006); Gabriel Weimann: Terrorism in Cyberspace: The Next Generation (New York: Columbia
University Press, 2015).
11. E. Dilipraj, “Terror in the Deep and Dark Web,” Air Power Journal 9 (2014), pp. 120–140. Avail-
able at http://www.academia.edu/9622433/TERROR_IN_THE_DEEP_AND_DARK_WEB
(accessed 15 September 2015).
12. Reported by The Telegraph, 24 December 2014. Available at http://www.telegraph.co.uk/
news/uknews/terrorism-in-the-uk/11300881/Terrorist-material-reappears-online-as-quickly-
as-it-is- banished-warns-thinktank.html (accessed 5 October 2015).
 STUDIES IN CONFLICT & TERRORISM 205

13. Ghaffar Hussain and Erin Marie Saltman, “Jihad Trending: A Comprehensive Analysis of Online
Extremism and How to Counter it.” A special report by Quilliam, May 2014. Available at http://
www.quilliamfoundation.org/wp/wp-content/uploads/publications/free/jihad-trending-quilliam
(accessed 1 October 2015).
14. Beatrice Berton, “The Dark Side of the Web: ISIL’s One-Stop Shop?” Report of the European
Union Institute for Security Studies, June 2015. Available at http://www.iss.europa.eu/uploads/
media/Alert_30_The_Dark_Web.pdf (accessed 25 September 2015).
15. See MEMRI JTTM report, “The ‘Dark Web’ and Jihad: A Preliminary Review of Jihadis’ Perspec-
tive on the Underside of the World Wide Web,” 21 May 2014. Available at http://www.mem
rijttm.org/the-dark-web-and-jihad-a-preliminary-review-of-jihadis-perspective-on-the-under
side-of-the-world-wide-web.html (accessed 1 October 2015).
16. Reported in numerous publications, reports, books and papers. See for example, Weimann, Ter-
rorism in Cyberspace: The Next Generation; Weimann, Terror on the Internet; Weimann, “The
Psychology of Mass-Mediated Terrorism,” American Behavioral Scientist 52(1), 69–86, 2008;
Gabriel Weimann and Abraham Kaplan, Freedom and Terror: Reason and Unreason in Politics,
London: Routledge, 2011. Gabriel Weimann, “Virtual training camps: terrorists’ use of the Inter-
net.” Teaching Terror: Strategic and Tactical Learning in the Terrorist World, 110(32), 2006.
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

17. Gabriel Weimann, “Virtual Training Camps: Terrorists’ Use of the Internet,” Teaching Terror:
Strategic and Tactical Learning in the Terrorist World 110(32), 2006.
18. Jonathan Kennedy and Gabriel Weimann, “The Strength of Weak Terrorist Ties,” Terrorism and
Political Violence 23(2) (2011), pp. 201–212; Gabriel Weimann, “Terror on Facebook, Twitter,
and YouTube,” Brown Journal of World Affairs 16 (2009), pp. 45–54; Gabriel Weimann, “New
Terrorism and New Media,” Woodrow Wilson Center Research Report, May 2014. Available at
https://www.wilsoncenter.org/sites/default/files/STIP_140501_new_terrorism_F.pdf (accessed 12
October 2015).
19. SITE Intelligence Group Report, 14 January 2014, “Jihadist Suggests Creating ‘Jihadwiki.’” Avail-
able at https://news.siteintelgroup.com/Jihadist-News/jihadist-suggests-creating-qjihadwikiq.
html (accessed 1 October 2015).
20. Hackers Handbook. Available at http://www.hackershandbook.org/tutorials/deepweb (accessed 1
September 2015).
21. Jasper Hamill, “ISIS Encyclopedia of Terror: The Secrets Behind Islamic State’s ‘Information
Jihad’ on the West Revealed,” Mirror Online, 27 April 2015. Available at http://www.mirror.co.
uk/news/technology-science/technology/ (accessed 15 October 2015).
22. Satoshi Nakamoto is the pseudonymous person or group of people who designed and created the
original Bitcoin software, Bitcoin Core. Nakamoto published a whitepaper describing Bitcoin on
The Cryptography Mailing List in 2008, and released a working implementation in 2009. See
Joshua Davis, “The Crypto-Currency: Bitcoin and its mysterious inventor.” The New Yorker, 10
October 2011. Available at http://www.newyorker.com/reporting/2011/10/10/111010fa_fact_da
vis (accessed 14 September 2015).
23. For English translation see: http://www.scribd.com/doc/240561686/Bitcoin-wa-Sadaqat-al-Jihad
24. The report notes that “Given the attractiveness of virtual currency to conduct illicit financial
transactions, the possibility exists that terrorist groups may use these new payment systems to
transfer funds collected in the United States to terrorist groups and their supporters located out-
side of the United States.” The full report, “National Terrorist Financing Risk Assessment 06-12-
2015,” is available at http://de.scribd.com/doc/268508302/National-Terrorist-Financing-Risk-
Assessment-06-12-2015
25. Mark Rees, “Bitcoin for Bad Guys: Virtual Currency as an Anti-Terrorism Tool,” Bitcoin Maga-
zine, 14 May 2014. Available at https://bitcoinmagazine.com/13089/bitcoin-bad-guys-virtual-cur
rency-999333anti-terrorism-tool/ (accessed 14 October 2015).
26. Reported by the Israeli daily Haaretz, 29 January 2015. Available at http://www.haaretz.com/
news/middle-east/.premium-1.639542 (accessed 14 October 2015).
27. Ibid.
 206 G. WEIMANN

28. Quoted in Josh Fischer, “The Bitcoin ISIS Connection,” Virtual Currency Today, 6 February 2015.
Available at http://www.virtualcurrencytoday.com/articles/the-bitcoinisis-connection/ (accessed
14 October 2015).
29. Beatrice Berton, “The Dark Side of the Web: ISIL’s One-Stop Shop?” Alert, 30, 26 June 2015.
Available at http://www.iss.europa.eu/publications/detail/article/the-dark-side-of-the-web-isils-
one-stop-shop/ (accessed 15 October 2015).
30. Stephen Wright, “Fears over Secret Text Apps Used by Terrorists: Encrypted Application
Exposed by the Mail was Used by Schoolboy Terrorist,” Daily Mail 23 July 2015. Available at
https://www.google.com.hk/?gfe_rdDcr&eiDkRcbVtiRL8PU8AfWtLzQBw&gws_rdDssl#qD ter
roristCtelegram (accessed 14 October 2015).
31. John Devon, “Telegram Reaches 12bn Messages a Day, Acknowledges Terrorists Use the
Encrypted Service,” Neowin, 23 September 2015. Available at http://www.neowin.net/news/tele
gram-reaches-12bn-messages-a-day-acknowledges-terrorists-use-the-encrypted-service (accessed
1 October 2015).
33. Hsinchun Chen, Wingyan Chung, Jialun Qin, Edna Reid, Marc Sageman, and Gabriel Weimann,
“Uncovering the Dark Web: A Case Study of Jihad on the Web,” Journal of the American Society
for Information Science and Technology 59(8) (2008), pp. 1347–1359.
Downloaded by [Uniwersytet Jagiellonski] at 12:46 17 July 2016

33. Hsinchun Chen, Dark Web: Exploring and Data Mining the Dark Side of the Web (New York:
Springer, 2012).
34. Kim Zetter, “Darpa Is Developing a Search Engine for the Dark Web,” Wired, 2 February 2015.
Available at http://www.wired.com/2015/02/darpa-memex-dark-web/ (accessed 10 October
2015).
35. Patrick Tucker, “If You Do This, the NSA Will Spy on You,” Defense One, 7 July 2014. Available
at http://www.defenseone.com/technology/2014/07/if-you-do-nsa-will-spy-you/88054/ (accessed
10 October 2015).
36. The report is available online at www.cigionline.org/sites/default/files/gcig_paper_no6.pdf
37. A Distributed Hash Table (DHT) is a class of a decentralized distributed system that provides
sharing contact information, so people downloading the same file can discover each other. Both
Tor and I2P use DHT. Due to the distributed nature of the hidden services domain resolution, it
is possible to deploy nodes in the DHT to monitor requests coming from a given domain.