Cyberterrorism On The Dark Web
February 15, 2024

Countering Dark Web terrorism

Introduction to Cyberterrorism 

Many people worry that cyberterrorism poses a serious threat to the economies of nations and that an assault may perhaps trigger another Great Depression. Since the late 1990s, terrorists can be found on several online sites. However, it was discovered that terrorists seeking the ultimate anonymity would find the Surface Web to be too perilous because they could be watched, tracked, and located. Many of the social media platforms and websites used by terrorists on the Surface Web are watched by anti-terrorism organisations, and they are frequently taken down or compromised.

On the Dark Web, however, decentralized and anonymous networks help terrorist sites avoid capture and closure. Beatrice Berton of the European Union Institute for Security Studies wrote in her report on ISIS’s use of the Dark Web: “ISIS’s activities on the Surface Web are now being monitored closely, and the decision by several governments to take down or filter extremist content has forced the jihadists to look for new online safe havens.” The unrestricted, anonymous, and easily available character of the Dark Web is exploited by terrorist organizations and those who support them to spread a variety of messages to a variety of targeted audiences through their dozens of websites and social networking sites.

More than ever before, terrorists are using the Dark Web to communicate. The Dark Web is widely utilized by terrorists, according to Bernard Cazeneuve, France’s former prime minister, who made this claim in March 2016. He claimed during a National Assembly meeting that individuals responsible for the recent terrorist attacks in Europe used the Dark Web and encrypted platforms to communicate.ISIS started using the Dark Web to disseminate news and propaganda after the attacks in Paris in November 2015, ostensibly to conceal the names of the organization’s supporters and defend its information from hacktivists. The claim was made following the removal of hundreds of websites linked to ISIS as part of the Operation Paris campaign.

Terrorists are continually looking for newer and more sophisticated applications and platforms to maintain their online presence on as many platforms as possible. Terrorists and their sympathisers still make use of the Hidden Wiki’s free services, which is a list of several censorship-resistant TOR hidden services, even though browsing on the Dark Web is more challenging than it is on the Surface Web. On the Hidden Wiki’s home page, there is a list of links to other websites. The Onion pseudo-top-level domain, which can only be accessed through TOR, is used by the service known as the Hidden Wiki. On its home page, there are links to a variety of clandestine services, such as links for money laundering, hired cyberattacks, contract killing, drugs, and bomb-making. The remainder of the wiki provides links to websites that include child pornography and abuse photographs.

Additionally, terrorists post material on the Dark Web explaining how they conduct their operations. For instance, the pro-Al Qaeda hacking group Al-Qaeda Electronic compromised five websites of major Austrian companies in July 2014. Al-Maarek Media, the organization’s media arm, made a claim regarding the attack on its Dark Web account and social media profiles. Mirrors of the defacements and the URLs of the targeted websites were also included in the post. The same content that Al-Qaeda Electronic had previously used in attacks on several French, British, Norwegian, Russian, and Vietnamese websites was present on all of the compromised web pages. Later, in August 2015, a Dark Web forum known as the Turkish Dark Web included instructions in Turkish for constructing explosives and weapons and discussed the outcomes, potential applications, and usefulness of the tools.

Countering Dark Web Terrorism

The ability to research and combat Dark Web terrorism has been hampered by the secrecy of this area of the web and the absence of practical methodology built for data collecting and analysis on the Dark Web. The possibility of cyberattacks from the Dark Web employing TOR networks was emphasised in IBM’s security division’s report on security threats for the third quarter of 2015. It is extremely essential to offer proof that the Dark Web has evolved into a significant hub for international terrorism and criminal activity to inspire the creation of the tools required to combat it. Based on the characteristics of cyberterrorism, it is possible to reconstruct the criminological dimensions of terrorist attacks on the Dark Web. But first, the following questions must be analyzed:

  • Who are the offenders of cyberterrorism (whether the state discards them, whether they are supported by a state, whether they are quasi-public formations, people, or hacker groups in power who are engaged in espionage)?
  • Which techniques and tools will be used when planning and executing an attack?
  • How to apply the procedures, tactics, and techniques for performing cyberattacks (a method of social engineering, creation, and distribution of malware and viruses into a computer system)?
  • Where is the attack carried out (banking and finance, information and communication networks, vital services of a country)?
  • What is the motivation for carrying out the cyberattack, what do the terrorists want to achieve, and what are the advantages and disadvantages of such an action?
  • When is the attack carried out?

One study used a variety of data and web mining technologies to provide the tools for thorough data collecting and analysis from the Dark Web. A long-term scientific research initiative called the University of Arizona-Dark Web project, seeks to investigate and comprehend the phenomena of global terrorism using a computational, data-centric methodology. This project produced one of the largest libraries of extremist websites, forums, and multimedia files (images and videos), as well as social media postings worldwide over the years. However, new techniques and tactics for monitoring and assessing terrorist usage of the Dark Web are required given the increased sophistication of terrorists' use of the platform. The counterterrorism agencies’ new and difficult mission is this.

Scientists from all around the world have been working on ways to combat terrorist activity on the Dark Web and in cyberspace for the past few years. Experts can locate, categorize, and examine online extremist activity using cutting-edge techniques including web crawling, link analysis, content analysis, authorship analysis, sentiment analysis, and multimedia analysis. One of the tools created by professionals on the Dark Web is the Writeprint technique (Figure below), which automatically extracts thousands of linguistic and semantic data to ascertain who is authoring anonymous content online. The professionals also search conversation threads and other content using sophisticated tracking tools called web spiders to look for online forums where terrorist activity is occurring:

The former US Homeland Security Secretary Michael Chertoff and the head of the Synergia Foundation in India Tobby Simon published a special report in February 2015 titled The Impact of the Dark Webon Internet Governance and Cyber Security that offered various recommendations addressing the Dark Web. In their study, Chertoff and Simon state that “To formulate comprehensive strategies and policies for governing the Internet, it is important to consider insights on its farthest reaches — the Deep Web and, more importantly, the Dark Web”. They add that while the Dark Web may not have the same level of attractiveness as the Surface Web, this hidden part of the internet is conducive to planning, fundraising, and propaganda, which corresponds to the initial perception of the Dark Web as an unregulated marketplace. The report recommends the following efforts to monitor the Dark Web:

  • Mapping the hidden services directory
  • Hidden-service tracking of new sites for ongoing or later analysis
  • Social site monitoring to find communication containing new Dark Web domains
  • Semantic analysis to track future illicit activities and malicious actors
  • Marketplace profiling to gather data about sellers, users, and the kinds of goods exchanged

The United Nations Office on Drugs and Crime (UNODC) concluded in its Annual Report that nations should take into consideration a universal agreement requiring countries to cooperate with each other during Dark Web cyberterrorism investigations. The UNODC stated that the absence of an international agreement on cybercrime and terrorism is impeding efforts to bring terrorists to justice. By putting into reality several suggestions, the report (UNODC Annual Report, 2015) urged national legislation to establish methods for combating cyber terrorists and for the successful prosecution of such instances:

  • To gather essential evidence in Dark Web cyberterrorism investigations, law enforcement agencies should collaborate with ISPs.
  • Wi-Fi network and cybercafé operators should think about forcing users to sign up and identify themselves.
  • Because terrorists have access to the public internet, including airport and library Wi-Fi hotspots, national governments should criminalize terrorist conduct online by regulating ISP addresses to uphold human rights protections. The Use of the Internet for terrorist purposes is a new technical assistance tool that UNODC created and released in October 2012 in cooperation with the UN Counter-Terrorism Implementation Task Force (CTITF). The technical help tool intends to give policymakers, investigators, and prosecutors useful advice on how to handle cases involving the use of the Internet for terrorist goals in the criminal justice system.

By implementing the right controls and informing your friends and family when known hazards exist, you can improve your chances of avoiding cyberterrorism. The following list shows ways in which individuals and businesses can defend against cyberterrorism:

  1. Use strong passwords. Since software exists that can quickly guess thousands of passwords, a difficult password is likely to be secure. Observe recommended practices for passwords by changing them frequently and avoiding using the same one for multiple logins.
  2. Follow cybersecurity news to stay current on industry developments and government alerts. Knowing the most recent threats might help you get ready for potential terrorist activities.
  3. Create a culture of cyber awareness by requiring all staff members to participate in ongoing training on cybersecurity. Emphasize the need to be watchful and alert to any suspicious activity.
  4. Check out every third-party vendor because a company’s third-party vendors ultimately determine how secure the company is online. Before entering into any agreements or conducting any business, companies should require vendor openness regarding their cybersecurity policies.

The ongoing efforts to educate professionals and internet users, to raise the culture of safety in cyberspace, and to implement deftly designed and continuously adaptive technological, organizational, and regulatory measures may have an impact on the prevention of cyberterrorism, the reduction of risks to an acceptable level, and ultimately maintain the progress of civilization in cyberspace, not its destruction.


In the age of information technology, terrorism can be divided into three categories: conventional terrorism, where traditional weapons (such as explosives and guns) are used to physically harm resources and people; techno terrorism, where traditional weapons are used to harm infrastructure and cause damage online; and cyberterrorism, where new weapons (such as malicious software, electromagnetic and microwave weapons) are used. Security agencies that are in charge of looking into terrorism, including cyberterrorism, must be on guard due to the prevalence of cyberterrorism and its phenomenon. This includes making sure that there is enough funding for staffing, tools, and training, as well as urging people to be alert and report any suspicious activity.

Nearchos Nearchou

Nearchos Nearchou is a determined person and 1st Class BSc (Hons) Computer Science and MSc Cyber Security graduate. He is a big tech-lover and spent several years exploring new innovations in the IT field. Driven by his passion for learning, he is pursuing a career in the Cyber Security world. Passionate about learning new skills and information that can be used for further personal and career development. Finally, he is the author of the book   “Combating Crime On The Dark Web”.


Leave a comment

Please note, comments need to be approved before they are published.