The Dark Web was always a source of cybersecurity threats for Xplore Corp. Before Destroyer’s takeover, we had teams of security analysts - red teams, blue teams, purple teams — and probably other teams I don’t even know about — focused on identifying weaknesses and remediating our vulnerabilities. But after Destroyer took over, they noticed something very peculiar: the bad guys stopped using the Dark Web, preferring now to use the easier public channels...and the “good” guys started using the Dark Web to communicate and organize. The world had been turned upside down.
But soon after small pockets of resistance began organizing on the Dark Web, they quickly became targets of Destroyer and his Overwatch. Clearly, the Dark Web wasn’t as anonymous as anticipated.
After months of tinkering with the idea, I was finally able to understand the problem. Though the Dark Web was anonymous, connections to the internet (bandwidth and bandwidth usage) weren’t. Destroyer’s tech cronies had taken over the internet service providers and were identifying the location of dissidents through their connection points (encrypted high-bandwidth usage) triangulated with the timing of Dark Web posts and the number of route/hops it took through the internet. In this way, even using TOR, the good guys were being tracked to their physical locations by timestamps and usage data.
Then it clicked. If I can create a device that adds internet route/hops — unnecessarily, to the posts of select individuals, then it will be impossible to track the users, unless they happen to figure out the algorithm that creates the number of extra hops each message takes once routed through one of my devices. In this way, even the path the messages take through the internet is hashed and couldn’t be reverse traced.
If the Dark Web is for the good guys now, then we’ll need to be a little darker than they expected. We are building a RESISTANCE. This will be the Darker Web. “R”, for resistance. The DarkR Web...that sounds good.
The type of algorithm would require heavy processing and could only handle a small region at maximum. Geographically, if I can get the devices planted at internet hub sites around Millennium City, then make it so that only authorized devices get routed through the device, then the extra traffic would not be noticeable.
I tried out the approach with my homes network (multiple homes connected together), placing the devices at various lengths...and after a few tries, the routing looked “normal” but would never properly triangulate to an origination point. It worked.
With the devices built and the concept proven, it would be necessary to take another risk - going to the internet hub sites and placing the devices physically on the internet backbone. I had planned for four device locations (north, south, east, and west), but one night while testing the devices on my homes network, this encrypted message came across all of the device consoles:
[Site Location #1 GPS ##.##.##]
[Site Location #2 GPS ##.##.##]
[Site Location #3 GPS ##.##.##]
[Site Location #4 GPS ##.##.##]
[Site Location #5 GPS ##.##.##]
Then three other GPS locations followed. But with timestamps included afterward.
Every day, the same message appeared. The five Site Location GPS details were always the same, but the other GPS locations and timestamps were different every time.
The first four locations were the sites I had previously chosen as “ideal” for the DarkR Web Pillars. But the fifth location was a heavily guarded area — a hydro power plant — much more difficult to access alone. It was a location I didn’t know of previously but assumed its significance as the main pillar of this whole thing. I had been testing the devices from my own network, but maybe the devices would need a central hub site to function; maybe they need more power from the hydro plant? I don’t want to take any chances, so I built another device and will try to plant it at the fifth GPS location.
Last week, the device repeated the GPS locations and times, but with an additional message: “Deliver device to”
Again, it clicked. I didn’t know who these people where, but I knew that these people would help me implant the devices at each location. And maybe even help me get the fifth pillar installed — if that is even what the final location is intended for??
I asked Jamie to deliver the packages to the coordinates at that specified time. There was only one person at that moment and place. Then I waited. As each opened their package they were presented with biometric data scanners and instructions to id themselves to continue. Luckily they did, and as the data came in, I ran every background check, query and lookup I could to figure out why these people were singled out. Then I fed that data back to the tablets so they could be referred to by their names, etc.
I wrote them each this note:
——
Welcome Faust/Field Effect/Isobar. [It read uniquely for each of them]. My name is Aaron Sharpe and I am sharing this device with you at great personal risk. You are holding one of the pillars of the new DarkR web - a secure network that I hope will safely unite superheroes again.
[GPS location provided]
If you are also willing to take a risk, I need your help to covertly access the GPS location provided above and place this device along the main physical internet backbone of the network grid station located there. I have already placed the first device, which has created enough strength to send only a stored message via this device without being tracked by the Overwatch. But once the device you have is planted - and with the ones planted by others, I trust that we’ll be able to communicate in real-time soon, safely.
This device is tough, but it is not indestructible. If you must test it or examine it, please do so with care.
Note: Once you implant the device, you can enter your cell phone # in it and your phone will be covered by the DarkR web encryption - it will be untraceable. If you don’t want to trust me that much yet, then you can use this small key fob to access the secure network. [a small token protrudes from the device]. This key fob will self-destruct after an unsuccessful voiceprint, just in case you are captured and/or lose the device.
I hope you can trust me in this moment. I am trusting you.
P.S. after you get this device physical implanted, there is one more we will need to install together. But that conversation deserves the encryption strength of this and the other two devices being in place.
——