Dark Web Notebook

Dark Web Notebook

The Dark Web Notebook is the practical guide to the digital underworld used by criminals and terrorists, written specifically for law enforcement, intelligence, and corporate security personnel. The 250-page book is a step-by-step guide to the lawbreakers’ marketplace and communication system.

The book is available now as an instant PDF download for $49 at https://gum.co/darkweb

The author and members of the research team will be at the Techno Security & Digital Forensics Conference in San Antonio in September to present a lecture and a special tutorial about specific methods used by Edward Snowden to acquire classified documents. Information about the conference is available at www.technosecurity.us.

Dark Web Notebook Cover

The Dark Web Notebook gathers information and provides explanations that are often difficult to obtain. In the course of the research for this book, we did not come across any other book, monograph, training course, or publicly-available information which covered the Dark Web for those engaged in investigations and intelligence work.

The author is Stephen E Arnold. For many years he has worked for various government entities. In 2015, he published CyberOSINT: Next Generation Information Access. This study was a handbook to tools and techniques for making sense of open source information. (He also wrote The Google Legacy (2004), Google Version 2 (2007), and Google: The Digital Gutenberg (2009). These are now out of print.) More information about Stephen E Arnold is available at https://www.issworldtraining.com/ISS_WEBINARS/DarkWebTOR2016.html.

What the Dark Web Notebook Covers

Introduction: The Dark Web, Encryption, and Why It Must Be Understood

The text explains how to protect one’s identity. A best-practices section explains how to obtain a laptop not linked to either an agency or the investigator. Also, the reader learns how to acquire untraceable funds so that purchases of Bitcoin or other digital currencies can be made. The chapter explains how to download and make use of Tor to access the Dark Web. References are provided to other “dark” or “encrypted” Internet sites.

Chapter 2: The Dark Web Q&A

This chapter answers the most frequently asked questions posed at law enforcement and intelligence lectures, training sessions, and webinars given by Stephen E Arnold. The Q&A provides a brief summary of many of the key points discussed in the Dark Web Notebook; it explains:

  • The definition of the Dark Web
  • The relationship between Bitcoin and purchasing Dark Web products and services
  • Tools available today to help an investigator get Dark Web information
  • How to use Bing and Google to locate Dark Web sites and information

The chapter includes a brief history of the Dark Web and a compendium of facts important to those responsible for enforcing the law or protecting one’s country from threats.

Chapter 3: A Quick Tour of the Dark Web

This section is a series of Dark Web site profiles and screenshots. Example sites include those offering sex, drugs, weapons, hacking tools, and get-rich schemes. Dark Web communication services, including Dark Web email services that can be used with the false identity’s email address, are presented. Although comprising a small percentage of the Dark Web sites, you will learn about sites that offer weapons and mercenary services in the United States and elsewhere. Financial crime Dark Web sites are identified, as are Dark Web sites offering bogus passports and other identification papers for a range of countries, for example, the US and the UK. Examples of the “consumerization” of the Dark Web are also included. The chapter concludes with Dark Web services offering software and services to hack into mobile phones, tablets, personal computers, and servers.

Chapter 4: Enhanced Security

This chapter explains what Stephen E Arnold calls “the full Snowden.” The tools and methods used by Edward Snowden are referenced. Details of the software, hardware, and procedures required to access the Dark Web and perform other computer breaches are discussed.

Chapter 5: Exploring the Dark Web with Regular Web Search Systems

A surprising amount of Dark Web information is directly accessible from a standard Internet browser and widely-used Internet search engines like Bing, Google, or Yandex. This chapter explains how to use these systems as well as lesser known systems such as DuckDuckGo.com and MillionShort.com, among others. Access to Dark Web forums can be difficult. The publicly-accessible information on social media sites provides insight into what is available on specific Dark Web sites that require specialized software to access. The University of Arizona’s Dark Web Forum Portal, funded by the National Science Foundation, is also discussed. Although the content is necessarily dated, the system provides a snapshot of the types of subjects explored in the Dark Web forums. The chapter also explains how to locate specific forums on the Dark Web, for example, forums frequented by alleged terrorists.

Chapter 6: Dark Web Search Systems

As with the regular Internet, there are individuals and organizations that provide a search system for Dark Web content. None of the no-cost systems are comprehensive; however, these systems can provide a useful list of Dark Web sites focused on a specific topic, for example, illegal substances or weapons. The chapter explains how to use a range of services to locate Dark Web sites. Included in the discussion are Hidden Wiki, Ahima, Grams, and three other services. A brief assessment of each site is included in the chapter.

Chapter 7: Do-It-Yourself Software

One key theme in the Dark Web Notebook is that encryption, despite what the popular media reports, is a difficult hurdle for investigators to get past. The chapter provides a rundown of free and commercial software which can automate certain types of Dark Web investigations. Although the DARPA collection of Dark Web-capable software is no longer publicly available, a brief discussion of some of the tools available to individuals with appropriate clearances is included. In addition, a selected group of mostly free software is presented. These descriptions provide a working understanding of what is necessary to perform certain types of covert activities. Screenshots and links to developers’ Web sites are included in the chapter. Maltego, a widely-used link analysis program, and related tools are explained in non-technical language. The chapter explains that exploits which compromise alleged bad actors’ computing devices are a pragmatic response to encryption. The discussion reminds the reader to obtain inputs from the legal counsel to the agency prior to using the techniques presented in the chapter. The chapter concludes with a checklist of the methods available to an investigator comfortable with software exploits and related methods.

Chapter 8:  Commercial Solutions

This chapter complements the information provided in CyberOSINT: Next Generation Information Access. Profiles of four commercial services make it clear how Dark Web content can be processed and understood. Described are Darktrace, Recorded Future, and two other services. In addition, the reader will learn the mechanism for importing Dark Web data into two widely-used analytics and visualization systems: IBM Analyst’s Notebook and Palantir Gotham. The chapter also details the best practices for using these systems with Dark Web data. Screenshots and non-technical explanations make it easy to grasp the capabilities of these systems.

Chapter 9: Digital Currencies

The chapter explains the basics of Bitcoin and other digital currencies. The focal point, however, is the most popular currency, Bitcoin. The question-and-answer approach provides the basic information required to understand the challenge encrypted, unregulated transactions pose to investigators. The chapter also explains how an investigator can use the false identity described in Chapter 1 to purchase Bitcoin and transfer that Bitcoin to a different account. A pragmatic approach is taken to figuring out who is using a particular Bitcoin account and for what purpose.

Chapter 10: Outlook for 2018

The final chapter of the Dark Web Notebook summarizes the principal findings of the study team’s two-year research into the Dark Web. The chapter includes specific recommendations for those engaged in investigations and intelligence gathering about the steps required to deal with the reality of encrypted and hidden Internet sites and services.


The Dark Web Notebook includes four annexes of supplemental information that the research team concluded would be useful to the reader.

  • A glossary provides plain English definitions of selected terms used in the text. If a more detailed explanation of a concept is available from a public Web site, the author has included that information in a footnote in the chapter in which the term first occurs.
  • A table of “where to learn more” is included. The listing includes brief descriptions of programs and a link to a training organization’s Web site with additional information.
  • A list from a Dark Web source of Dark Web sites operated by a third party as well as the original Web site “owner.” The FBI used this method in order to crack a difficult case.
  • A list of research organizations known to have developed Dark Web software for the US government. The original list of software was removed from DARPA’s public Web site, but we have culled the names of organizations which may be able to assist law enforcement, intelligence, and security professionals in obtaining information pertinent to a particular case. We provide a brief introduction that suggests ways to locate open source software developed by these organizations.

About the Author

Stephen E. Arnold began his work career at Halliburton Nuclear Utility Services in 1973. He then worked at Booz, Allen & Hamilton on a range of projects until 1981. He became a vice president of the Courier Journal & Louisville Times and began work on full text information systems. He and his team developed The Point Internet Service which was sold to Lycos and then in 1999 the Xoom online video service sold to General Electric NBC two years later. In Year 2000 he worked on the initial index of the US government. After 9-11, he and his team built the online system for the Threat Open Intelligence Gateway (TOSIG) for authorized personnel only. He is the author of The Google Legacy (2005), Google Version 2 (2007), and Google: The Digital Gutenberg (2009). In 2015, he published CyberOSINT: Next Generation Information Access. He is a Summa cum laude graduate of Bradley University and he has completed work on his PhD at the University of Illinois. He has worked as an expert witness and has provided advisory services to a wide range of government and commercial organizations over the last 30 years.