COVID-19 Infects the Dark Internet

Series: “Strategies for Dealing with Confinement”

By: Gabriel E. Levy B.

Miracle vaccines, masks, respirators, PPE suits, and even Covid-19-infected blood are among the thousands of offerings that have appeared in the Internet’s back rooms since the emergence of the coronavirus pandemic. Although the dark Internet has always been a den of underground offerings, evidence seems to show that the pandemic has catapulted it [1].

What is happening on the Dark Internet in times of pandemic?

In order to better understand what is happening on the Dark Internet in times of pandemic, it is important to remember some key concepts about the visibility ratings of content that exist on the Internet and that we discussed earlier in the article entitled The Hidden Threat of the Internet [2].

Clearnet, Deep Web, Dark Web and Darknet [3]

The most common concept and, therefore, the easiest to understand is Clearnet[4]: the Internet as we know it; all the web pages found in Google and other search engines, and which can be directly accessed through a conventional browser such as Chrome, Edge or Firefox.

The Deep Web[5] or deep Internet constitutes about 90% of the total content of the network and its main characteristic is that it cannot be accessed through conventional search engines nor is it assigned a URL, that is, all the information hosted in the cloud is not indexed and therefore cannot be publicly identified. These can be common pages protected by a paywall or websites that have not been indexed, but also files stored on servers such as Drive or Dropbox, emails in digital messaging systems and administrative, technical and financial data that can only be consulted through encrypted systems, such as banking information.

Dark Web [6] is the part of the Internet that can only be accessed by specific applications and is part of the Deep Web. It occupies between 0.1% and 0.3% of the latter, according to figures from the Xataka portal [7], which defined the Dark Web in a specialized article as “the portion of the Internet that is intentionally hidden from search engines, uses masked IP addresses and is accessible only with a special web browser” [8]

The Dark Web is composed mainly of pages that have proprietary domains such as those used by the TOR system, whose extension is .onion, or i2p of I2P eepsites. In both cases, navigation systems and exclusive owners are required, being generally TOR the most used.

Darknet is a term that was coined and defined in 2002 by Peter Biddle, Paul England, Marcus Peinado and Bryan Willman (Microsoft researchers) in a document they called “The Darknet and the Future of Content Distribution [9] stating that the Darknet is “A collection of networks and technologies that might revolutionize the sharing of digital content“.

While there is only one compilation system for Clearnet: the World Wide Web. In the case of the Darknet, there are many variants and technologies, the best known being friend-to-friend, Freenet, I2P or Invisible Internet Project (eepsites with an .i2p extension or ZeroNet with its multiple services). But the most popular of all the dark networks is TOR, a highly encrypted and capillarized network, which has developed its own Darknet environment and is the most referenced when the dark network is mentioned.

Coronavirus and Darknet

Whether they are simple conspiracy portals or complex black market structures, tens of thousands of offers, platforms and content have emerged in the last few months in the DarkNet, becoming an ecosystem where not only has a communication platform been formed among people around the world, and is hidden from the track of governments, but a whole new black market has emerged around the pandemic.

An investigation by the journalist Sarah Romero, published by the Muy Interesante media [10], highlighted the multiple and complex networks that have been clandestinely built around the Dark Internet, making it a real challenge and a virtually untraceable platform for the authorities.

“As organizations and consumers try to acquire protective products, medical equipment and multiple studies are developed to find a vaccine for the coronavirus, scammers have begun to promote precisely fake vaccines, mask sales and even respirators in the dark net, that hidden and anonymous network that overlaps the Internet and can only be accessed through special clients such as the TOR browser. The latest product to enter this dangerous black market is COVID-19 infected blood” [11]. Sarah Romero

And the article does not exaggerate when it claims that blood infected with Covid-19 is being sold, since a recent report presented by the cryptanalysis company Chainanalysis [12] about this illegal product [13] claimed that the blood was taken from a hospitalized father, although the report does not check whether the seller is actually selling infected blood or simply trying to defraud victims of bitcoins. We can assume that the targeted customers are those who believe they can be immunized by injecting contaminated blood, a dangerous action that could even be fatal, although it could also be a more sinister end, such as having a biological weapon.

As we stated, infected blood is not the only bizarre or unusual product derived from the coronavirus pandemic being sold on the Internet, as recent reports from two Threat Intelligence firms, Sixgill [14] and DarkOwl [15], have revealed a shocking catalog of products being offered on the DarkWeb, including fake vaccines, an Israeli miracle drug that eliminates Covid-19, low-cost artificial respirators, hydroxychloroquine (proven ineffective for this disease and quite dangerous) or the retroviral Remdesivir, as well as personal protective equipment, disinfectants, masks, helmets to avoid 5G radiation and even MP3 files that supposedly kill the coronavirus.

One of the main reasons why the Dark Internet became a black-market propagation niche in times of pandemic is most likely mediated by the large number of alerts and controls that social media platforms, civil organizations and governments have undertaken to pursue Fake News and online scams. The greed of the unscrupulous and the criminals has led to an underground market that feeds on the fear, uncertainty and ignorance of humans around the world, germinating a breeding ground for conspiracy theories, false hopes and, of course, scams.

The strategy to avoid falling into the clutches of scammers, conspirators and criminals consists of activating common sense, not falling into false promises, not buying miraculous products that serve only to feed the treasuries of the scammers and, above all, not trying to navigate in the clandestine world of the DarkWeb without having computer knowledge, because not only can you get ripped off but even your computers may be infected by viruses or Trojans that may steal your personal information.

 [1] Report published by the IT security consulting firm: Sixgill

[2] Andinalink article: The Hidden Threat of the Internet

[3] Xataca’s article about the classification of the Dark Internet

[4] Encyclopedic definition of Clearnet

[5] Encyclopedic Definition of Deep Web

[6] Dark Web encyclopedic article

[7] Xataca’s article about the classification of the Dark Internet

[8] Xataca’s article about the classification of the Dark Internet

[9] Article published by Microsoft Researchers “The Darknet and the Future of Content Distribution”

[10] Book: Digital Transformation by Mark Baker – ISBN 1500469998, 9781500469993

[11] Article by Sarah Romero published in Muy Interesante in Spanish

[12] Article by Sarah Romero published in Muy Interesante in Spanish

[13] Chainalysis Official Website

[14] Report published by the IT security consulting firm: Sixgill

[15] Link to the report published by the consulting firm Darkowll