Analytics

9/16/2015
08:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Darknet Is Full Of Criminals & Governments Giving TOR A Bad Name

Human traffickers, crowd-sourcing murderers, child pornographers, and governments in the market for juicy zero-days are flooding the Dark Web -- making it hard for the good guys to defend it.

It can take 30 seconds to load just one webpage on the Darknet. There are only between 200,000 and 400,000 sites in it, but good luck finding the one you want when the only things that remotely resemble search engines are full of phony or out-of-date links. Who would use something so frustrating?

Researchers at Bat Blue Networks today released a report outlining the main actors and activities on the Darknet (or Dark Web) -- a subset of the Internet where the sites are unindexed and accessible only through the onion router (TOR) network.

First and foremost, they found a wide assortment of criminal marketplaces -- for human trafficking, child pornography, and murder.

Babak Pasdar, ethical hacker and CEO of Bat Blue, says that one of the most surprising findings in the research is "how innovative folks have gotten in gamifying certain acts, such as murder." He describes how some sites offer prizes for proof of kills.

From the report: "The Darknet is also a platform for new and innovative ways to commit crime. Empowered by the Darknet’s global reach and emboldened by the anonymity it offers, gamification and crowdfunding of crimes like murder and human trafficking represent an increasingly grim aspect of the Darknet."

As Gillian Ibach, Bat Blue lead cyber intelligence analyst explains, there is no honor among thieves. The lawlessness of the Darknet is so pervasive, that the criminals are scamming each other. She points to the example of human trafficking site Black Death requiring buyers to submit Bitcoin deposits in order to bid on "Nicole" -- an 18-year-old American girl whom the Bat Blue researchers believe didn't actually exist. The report cites other examples of sites that shut down suddenly, and made off with all the Bitcoins left in their customers' escrow accounts. 

In addition to the traditional crimes, of course, there were marketplaces for cybercrime -- and government agencies were among the buyers.

"What's most surprising is how engaged and involved governments are in supporting and growing the Darknet," says Pasdar. As he explains, although the FBI and other government agencies are often shutting these sites down, they're also keen to be a part of the marketplace where some of the juiciest zero-day exploits will be bought and sold. "They want to be first to have dibs on it."

Of course, the Darknet is not just a place where illicit goods are bought and sold.

"It's also a platform for people who are desperate," says Pasdar, explaining the necessity of the Darknet's anonymity for individuals who live in oppressive governments. "They need a means and a method to communicate."

As the report states: "The United States government has a complex relationship with the Darknet. ... the U.S. Naval Research Laboratory originally created and released TOR browser. The U.S. government continues to research ways to anonymously browse the Internet and release new technology. The United States also releases new technology to foreign populations to promote dissidence against authoritarian regimes. At the same time, intelligence agencies monitor activity and attempt to trace TOR users for their own strategic purposes."

Although the U.S. may actively release TOR technology to foreign populations, there was some mild unrest recently when an American library decided to host a TOR relay node, to allow its visitors to surf the web anonymously, and access the Darknet. After Ars Technica ran a story about the Kilton Public Library in Lebanon, N.H. becoming the first library on the TOR network, the U.S. Department of Homeland Security reached out to the library's local police department to notify them about the dangers related to child exploitation on the dark web. (According to a report released in June by Trend Micro's Forward-Looking Threat Research Team, a startling 26 percent of the sites on the Darknet are child exploitation sites.)

The library volunteered to take down the TOR node until the library trustees could vote on it. Tuesday, the library trustees voted to restore TOR service, citing its usefulness not only to people in oppressive government regimes, but also to those suffering from domestic abuse. As the Concord Monitor reported:

"With any freedom there is risk,' library board Chairman Francis Oscadal said. 'It came to me that I could vote in favor of the good . . . or I could vote against the bad.

“I’d rather vote for the good because there is value to this.”

Pasdar is suspicious of the DHS's motivations for alerting the local police about the library's TOR node. "My concern is that government has other motives for doing what they're doing," he says. As he explains, government agencies might publicly discourage others to use onion routing -- because it inhibits intelligence agencies' ability to conduct surveillance -- and yet they may be happy to use the Darknet themselves, to shop on the marketplace for cyberweaponry. "I don't think they're as kind-hearted as they seem."

See the full report at batblue.com/the-darknet.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Dante1984
50%
50%
Dante1984,
User Rank: Apprentice
10/10/2015 | 11:50:18 PM
Re: Readable Image
It os offeed on the link. You need a business domain to obtain it.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/23/2015 | 9:42:34 PM
TOR vs. Darknet
Alas, government officials and other fearmongerers have taken to giving public statements that TOR users are all criminals, without demonstrating or appreciating the difference between a TOR user (for TOR can be used to anonymously browse the "regular" WWW) and illicit Darknet customers.

tl;dr: TOR and Darknet are not the same.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/17/2015 | 5:35:43 PM
Re: Readable Image
You can probably find it in the full report http://www.batblue.com/the-darknet/ but you will need to register to download it... 
george_cupp
50%
50%
george_cupp,
User Rank: Apprentice
9/17/2015 | 4:54:19 PM
Readable Image
Is there a link somewhere to the info graphic that is actually readable?
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7682
PUBLISHED: 2018-06-22
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
CVE-2018-12689
PUBLISHED: 2018-06-22
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVE-2018-12538
PUBLISHED: 2018-06-22
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage...
CVE-2018-12684
PUBLISHED: 2018-06-22
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
CVE-2018-12687
PUBLISHED: 2018-06-22
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.