The Dark Web Is Too Slow and Annoying for Terrorists

Tunisian police officers take positions as they search for attackers still at large in the outskirts of Ben Guerdane, southern Tunisia, Tuesday, Match 8, 2016.

Feres Najar/AP

AA Font size + Print

Tunisian police officers take positions as they search for attackers still at large in the outskirts of Ben Guerdane, southern Tunisia, Tuesday, Match 8, 2016.

For starters, a site on the dark web doesn’t do what jihadis need it to do: get their message out.

Terrorists are skulking around the dark web, the bit of the internet that can only be accessed by specific software, propagating messages of hate and extremism, right? Not really, according to data gathered by Thomas Rid and Daniel Moore of the Department of War Studies at King’s College London.

“The one thing that was surprising was that there was so little militant, extremist presence. Only a handful of sites,” Rid told Quartz.

The two designed a system to crawl “hidden services” on Tor, the network of computers that obfuscates the identities of those connected to it, to try to categorize the content found on those hidden sites. A Tor hidden-service has an address that ends in .onion, like this one–https://3g2upl4pq6kufc4m.onion–which points to DuckDuckGo’s hidden-service (here’s Facebook’s one). It has to be accessed by the Tor browser, a piece of free software that lets users view hidden services while keeping their identity hidden under multiple layers of encryption. People who run a hidden service can’t be easily identified either.

Here’s what Rid and Moore found:

So why aren’t jihadis taking advantage of running dark web sites? Rid and Moore don’t know for sure, but they guess that it’s for the same reason so few other people publish information on the dark web: It’s just too fiddly. “Hidden services are sometimes slow, and not as stable as you might hope. So ease of use is not as great as it could be. There are better alternatives,” Rid told Quartz.

As a communications platform, a site on the dark web doesn’t do what jihadis need it to do very well. It won’t reach many new people compared to “curious Googling,” as the authors point out, limiting its utility as a propaganda tool. It’s not very good for internal communications either, because it’s slow and requires installing additional software to work on a mobile phone. “So for both propaganda and communications, it’s less useful than some alternatives,” Rid said.

Those alternatives include privacy-preserving mobile chat apps like Telegram, Rid noted. Telegram offers encrypted messaging, a slick, intuitive interface, and a big userbase: it hit 100 million active monthly users in February. Jihadis do, however, use the Tor browser to hide what they’re browsing on the open web from prying eyes, the paper noted.

That doesn’t mean plenty of other groups don’t find the dark web useful. Hidden sites operating as drug marketplaces remain the most common type of content. More than 60% of the active sites the researchers found offer illicit content of some sort.

Close [ x ] More from DefenseOne

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • Military Readiness: Ensuring Readiness with Analytic Insight

    To determine military readiness, decision makers in defense organizations must develop an understanding of complex inter-relationships among readiness variables. For example, how will an anticipated change in a readiness input really impact readiness at the unit level and, equally important, how will it impact readiness outside of the unit? Learn how to form a more sophisticated and accurate understanding of readiness and make decisions in a timely and cost-effective manner.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.


When you download a report, your information may be shared with the underwriters of that document.