Centre for Internet & Society

Blend anonymity and bitcoins for a ‘guaranteed safe’ cocktail of terrifying potential.

The article was published in the Hindu on October 7, 2017.

It’s hardly a secret that marijuana’s quite easy to get nowadays. Cigarette shop owners, paanwaalas, and otherwise innocuous dealers of innocuous goods hide their stash just out of sight of the unaware. Rustom Juneja is just another marijuana-smoking adult in one of India’s biggest cities. He used to get his ‘stuff’ from local dealers. Till he “got bored of Indian produce,” as he says. So, in 2015, he decided to go to the dark web.

“I brought strains of marijuana from the U.S. and Canada, from a marketplace on the dark web,” Juneja says. The packages were shipped from their respective countries, they traversed borders, bypassed stringent security and checks, crossed continents, and landed at Juneja’s doorstep.

That is the dark web for you. Completely unpoliced, willing users can find anything, from the aforementioned marijuana, to “hard” drugs, to military grade-weaponry and even sex workers. All delivered to your doorstep just like books or designer watches from Amazon, Flipkart, or Snapdeal. And yes, some even offer cash-on-delivery. Returns might not be as simple, though.

Earlier this year, a group of students were arrested in Hyderabad on charges of purchasing LSD (also called ‘acid’) on the dark web. But they weren’t arrested because they had made the transaction on the dark web; they were arrested because the purchase and/ or use of LSD is illegal under Indian law (Narcotic Drugs and Psychotropic Substances Act, 1985).

In India, transactions on the dark web belong to a legal grey area. More importantly, the transactions here are mostly untraceable.

So, just what is the dark web?

Shadow world

The world wide web is a Brobdingnagian mass of data, parts of which are ‘indexed’ so that they may be found by users through search engines (Google, Bing, etc). The parts of the web that aren’t indexed, and therefore available for public access, are known as the ‘deep web’. This was the part initially known as the dark web, with the ‘dark’ being more an allusion to being kept away from the light of regular access than its now more nefarious association. While it’s near impossible to put a number to it, unofficial estimates mostly concur that the vast majority of the web is unindexed.

Then, in the early 2000s, programmers began developing techniques that would be able to offer anonymous access to these hidden bits of the web. In 2002, the U.S. Naval Laboratory released one of the earliest versions of The Onion Router (TOR), a software that would allow anonymous communication between American intelligence agents and operatives on foreign soil.

This didn’t go quite according to plan, though. Tor was soon appropriated by cyberpunks, who began using the protocol to give access to websites that would host, share, and trade illicit goods. Today, the dark web is a sub-section of the deep web, accessed using specialised software like Tor that ensures absolute anonymity.

The onion protocol

“If you want to track anything on the Internet, it can happen at three levels — the level of the person who sends a request, at the level of the person responding to this request, or it can happen in between these two ends,” says Udbhav Tiwari, Policy Officer at the Centre for Internet and Society.

“Because of this structure, it is easy to track actions and resources across the Internet, using the same terminology that makes it so easy to index and search. So, people began thinking this might become a problem.”

Most of us have heard of the Hyper Text Transfer Protocol Secure or HTTPS, a protocol that ensures that information is encrypted and secure the moment it leaves a computer till the time it reaches a destination computer. But this protocol only protects one of the three levels on which information might be tracked. The dark web is built to ensure that the remaining levels are also protected and kept anonymous.

“The reason it’s called the ‘onion’ protocol is because there are bits of information that are encrypted over and over again. So, when something leaves one computer, it is encrypted with a layer, then it hits another computer and is encrypted with another layer, and it hits another computer, where it is encrypted yet again. When this information returns, each layer is peeled off, so that you get the information you requested, with none of the encryption,” Tiwari says.

This kind of encryption makes it borderline impossible to figure out who is communicating with who and what they are talking about, unless the physical machines at either end are compromised, or a vulnerability on these machines is exploited by setting up a fake website on the Internet — a technique the FBI uses to track child pornography.

And what does it all mean? A level of guaranteed secrecy with terrifying potential. A 2015 study found that light drugs were the most traded commodity on the dark web, and that as much as 26% of its content could be classified as ‘child exploitation’.

A 2016 study found that almost 57% of live websites on the dark web hosted illicit material. The ease of access and the minimal chances of being caught has meant a steady rise in the use of the dark web and the murk it peddles.

It’s a market where both buyer and vendor are rated, like Uber. This establishes trust, and authenticates the veracity of a potential transaction. Thus, for instance, buyers are obviously more inclined to buy an assault rifle from a highly-rated seller. And you will be sold grenades only if your ratings assure the vendor you’ll fulfil your end of the transaction.

Once a transaction is finalised, the payment is held ‘in escrow’ — a third party arbitration system which ensures the buyer is paid only after they have met their end of the bargain. The third parties also arbitrate in the event of a dispute.

As easy as pie

Juneja bought marijuana three times, all from the same vendor, but only two shipments reached him. The third time, the parcel never landed, but the arbiters decided in favour of the vendor because he had a much better rating and Juneja lost his money.

With no proper method to find out whether the vendor has shipped a product or the buyer has received it, this adjudication is seen as the best stop-gap arrangement. For Juneja, as for many others, the loss was a deal breaker, and he didn’t go back to the dark web.

When the first two shipments did arrive though, they came with absolute swagger and nonchalance. “The product was sealed and flattened out, as if it were a magazine or postcard.” It does say something of international security that it can’t differentiate between a shipment of The New Yorker and marijuana.

Dark web transactions were initially carried out using legal state-issued currencies. However, the simplicity of tracking online transactions made with property monitored by the government led to the rise of cryptocurrencies — digital or virtual currency that uses cryptographic techniques for security and which would be beyond state control. Besides the need to go underground, there was a political angle.

“These people see money as a state incursion into private affairs,” says Jyotirmoy Bhattacharya, economics professor at Delhi’s Ambedkar University.

The first, and still most popular, cryptocurrency was released in 2009 — bitcoin. Created by an unknown person or group of people, going only by the pseudonym Satashi Nakamoto, bitcoin was intended as a ‘peer-to-peer electronic cash system’, which would be completely decentralised, with no central server or state authority. This meant that the value and proliferation of bitcoin would be determined by its creators and users.

The idea of a virtual currency has been around since before Nakamoto, but a large problem was in limiting creation and supply. Bitcoin was the first to solve this problem. “Bitcoin uses a technique known as the ‘proof-of-work’ (POW). So, to create a new set of this currency, you have to spend some amount of computational resources. This limits how much currency you can generate, thus ensuring that the currency has a value,” says Bhattacharya.

What is bitcoin?

“A bitcoin is simply a solution to a puzzle. If there are a set of puzzles that are a part of the bitcoin protocol, one bitcoin is simply one of the solved puzzles of that set, along with a digital signature of who solved the puzzle,” says Bhattacharya. A public ledger tracks the ownership of bitcoins, which ensures that the same one is not used again by the same person.

“Since there is no central authority, your transaction has to match the globally agreed ledger.” To ensure that ownership of bitcoin is legitimate, every transaction is published in the ledger, thus creating a ‘chain of transactions’ known as a blockchain.

Over the past few years, the value of bitcoin has skyrocketed, so much so that people have begun investing in it, as an asset. When bitcoin was first used as tender in early 2010, it was valued at around $0.003. For a brief while in August, one bitcoin was valued at $4,500, a record high.

In the everyday world of eggs and bread, though, bitcoin has limited use. It is still unrecognised by several nations, and deemed illegal in many others. It’s in the dark web that it finds its most votaries. While it would be flippant to suggest that bitcoin is used on the dark web solely for illicit uses, it is difficult to deny its origins for that purpose, and its continuing use there.

Bedavyasa Mohanty, an Associate Fellow at Observer Research Foundation Cyber Initiative, says that there are Indian users transacting on the dark web using bitcoin and claims that this number is only likely to increase as accessibility increases. “Bitcoin cannot be tracked,” says Mohanty. “With the ledger and the blockchain, you can trace the trail of a certain bitcoin, but it is anonymised. You can’t point out who owns that bitcoin.”

This, in effect, means an entirely anonymous transaction may be made on the dark web for any number of illegal goods or services using a currency that leaves a trail which goes nowhere and leaves no fingerprints. This, in a nutshell, is the danger when bitcoin combines with the dark web.

Several users I spoke to either claimed that fears about the dark web were mostly unfounded, or that the freedom it offered was an essential facet of the Internet. But it can’t be denied that the sheer possibility that somebody can deal in child porn or hard drugs or deadly weapons right under the nose of the law is a terrifying one.

From the perspective of Indian law enforcement, given the technical knowhow they have to track down owners and users of bitcoins, the chances of discovery are minimal, says Mohanty. The currency uses a system of public and private ‘keys’, ensuring that an intercepted bitcoin transmission is useless without those keys. To top it, India does not have any clear laws to regulate cryptocurrencies.

“For India to regulate cryptocurrencies, it would need to legally recognise their existence,” says Mohanty. “And if you do recognise them, what do you treat them as? As a security? Or as a currency that can be traded openly, and so on. That’s part of the reason why the Reserve Bank hasn’t formally recognised cryptocurrencies.”

Flagging illegal trades

Bitcoin exchanges in India insist that they follow strict guidelines and e-KYC (Know Your Customer) rules, ensuring that the identity of every customer on the exchange is verified. “If somebody tries to use a bitcoin from Zebpay or any other recognised exchange, they will definitely be tracked down,” says Saurabh Agrawal, co-founder of Zebpay, one of India’s largest bitcoin exchanges.

“We use strong software; if any of our users use bitcoins for illegal purposes, we close their accounts. We’ve done this in the past and will do so in future as well.” He claims their software maintains a list of web addresses deemed ‘red alert’ sites, and the moment a bitcoin is sent to such a site, the transaction is flagged.

Others are less positive. “While we can track whether a transaction is made through illegal routes, to some extent it’s true that we cannot track all transactions in real time as this takes a large amount of data,” says Sathvik Vishwanath, CEO, Unocoin.

“But if someone is trying to buy or sell from illegal marketplaces, we have a mechanism where we can — and do — stop it.” Given that customers are KYC-verified, “they don’t try to indulge in malicious activities,” he says.

Pan to Rustom Juneja. Juneja made three transactions in 2015, using bitcoins purchased entirely legally from an exchange. “You have to create an account on any of the markets online, and transfer your bitcoins to that account,” Juneja informs me. His account too was KYC-verified, and they had all his details — PAN number, Aadhar, and so on. He had no clue then that the exchanges had tracking methods. “Look, if these actually worked, there’s no way we wouldn’t have been caught,” he says.

Part of the problem, of course, is that Indian law does not recognise the dark web as a separate entity from the ‘surface’ web; there are no special laws for it. Yet, even if laws were put in place, there are few ways in which states can monitor or block the use of the dark web owing to a host of technical and legal reasons.

“A sense of urgency [regarding the dark web], especially relating to the use of bitcoin for illicit activities, hasn’t been instilled in the government yet,” says Mohanty. “What they are worried about is terrorism, and the use of anonymous technologies and chatrooms for radicalisation, terror planning, or buying and selling weapons.”

Juneja is one of a few thousand active Indian users on the dark web. Nothing stops them from buying a strain of marijuana from Canada. But nothing stops them from buying a Kalashnikov either.

Sunny side up

The dark web isn’t necessarily only a marketplace for all of the world’s nefarious practices. The very anonymity and shrouds that the dark web offers can be used for general practices by users looking merely for privacy.

Aritra Ghosh, a Ph.D student of Computational Astrophysics at Yale University says, “(The dark web is) possibly the only way to do something in “secret” away from any kind of surveillance. Onion routing still hasn’t been broken. So, it can play a substantial role in movements against companies, governments and so on.”

And this is a quality that many frequenters of the dark web swear by. Even the ability to use anonymous messenger service with a near-complete guarantee of not being ‘watched’ drives a lot of people here.

Akarsh Pandit, 24, says unrestricted access to many resources including books and documents is an area of huge potential. “Another significant pro is the avoidance of national firewalls that exist in some countries. Moreover, you gain access to unindexed search results,” he says.

Filed under: