Security / October 25, 2016

The Internet Umbra

There’s a shadowy, dark side to the Internet. Home to pedophiles, organized crime syndicates, nation-state spies, content pirates, drug dealers. But is that all? What if I were to tell you your computer could easily be connected to this seedy network?  Would you believe me?

It’s been called many different things: “darknet,” “deepweb(s),” “Internet underground,” “TOR” . . . but for simplicity’s sake, let’s settle on the “darkweb,” whose technical underpinning is based upon a software program called “The Onion Router,” or “Tor” for short.  Tor was initially developed in the early 2000s, but only caught on a few years ago.

How Does It Work?

The darkweb has two critical features:

First, Tor creates an encrypted virtual network that acts like an overlay on top of the actual Internet. This means that anyone can download the Tor client and jump on the darkweb, as long as their computer is connected to the regular Internet.  All network communication across the Tor network is encrypted, ensuring that no eavesdropping can happen.

Second, and maybe the most important feature of Tor, is that it anonymizes user traffic by bouncing traffic off other users. This makes it impossible to track a user’s browsing activity through the darkweb.

Websites can be hosted on the darkweb just as easily as a normal, legitimate Internet site.  The only difference is that the website must be hosted on a Tor node (a server that has the Tor client software installed, the same software that an end user has).

Who Uses the Darkweb and Why?

Many criminal organizations are moving their operations to the darkweb.  You’ve probably heard about Silk Road, the largest Tor website to date that’s been busted.  Run by Ross William Ulbricht, aka Dread Pirate Roberts, Silk Road was an underground website marketplace devoted to the buying and selling of illicit drugs.  It was theorized that the FBI was able to determine the server’s location by tricking the website into giving authorities the real, non-Tor IP address.  With the actual IP address in hand, law enforcement seized the server and arrested and sentenced the owner, Mr. Ulbricht, to life in prison.

While criminal storefronts are still being operated, they’re not as easy to find as one would think.  Because these marketplaces are highly illegal and require private invitations to join, they’re not indexed by the rudimentary Tor search engines. There is no Google for the darkweb.  However, whether it be a virtual storefront for new malware threats or an underground firearm swap & shop, these operations are present.

Because Tor can mask a user’s location, cybercriminals have been using it extensively to communicate with their victims.  Case in point, consider ransomware.  When infected by ransomware, a victim’s hard drive is encrypted and unless they pay the attacker in Bitcoins, they can’t recover their data. Once the victim pays, they receive the key to decrypt their hard drive via an email, which was sent from the attacker residing on the darkweb in order to mask his location.

There are very few legitimate uses for Tor, but they do exist.  According to their website, they include:

  • Protecting your online privacy from irresponsible corporations, marketers, and identity thieves: In the past, Internet Service Providers (ISPs) have sold browsing history of their users to ad agencies for targeted marketing purposes.
  • Protecting your children’s location: There are freely available databases that map IP addresses to physical locations. Sometimes this can be at such a granular level as to pinpoint your location to the street and house number.
  • Researching sensitive topics: Some sensitive searches, such as for AIDS or birth control methods, are prohibited or frowned upon by national law. Tor would allow citizens to freely use Google or other websites to find out more information without fear of being located.
  • Skirting surveillance and circumventing censorship: Certain countries track your Web browsing habits and some even seek to censor their citizens.

Closing Advice

While there may be a few limited situations where Tor can be useful, more often than not, it’s safer to avoid it altogether for the average user.  If you’re looking for a privacy solution, you may want to look into a personal Virtual Private Network (VPN). These VPNs run anywhere from $1-$3 a month, are great at masking your physical location, and provide much better network speeds than Tor.

In other words, resist the pull toward the shadowy, dark side.

If you’d like to learn more, join Gigamon on Thursday, October 27, at the NYC Cybersecurity Summit for a panel discussion with cybersecurity experts from DTCC, UCI Cybersecurity Research Institute, Area 1 Security, and The New York Times that covers the privacy and TLS 1.3 issues. And Kevin Mitnick, the world’s most famous hacker, will be delivering a compelling keynote guaranteed to generate further debate.

Back to top