Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

9/16/2015
08:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Darknet Is Full Of Criminals & Governments Giving TOR A Bad Name

Human traffickers, crowd-sourcing murderers, child pornographers, and governments in the market for juicy zero-days are flooding the Dark Web -- making it hard for the good guys to defend it.

It can take 30 seconds to load just one webpage on the Darknet. There are only between 200,000 and 400,000 sites in it, but good luck finding the one you want when the only things that remotely resemble search engines are full of phony or out-of-date links. Who would use something so frustrating?

Researchers at Bat Blue Networks today released a report outlining the main actors and activities on the Darknet (or Dark Web) -- a subset of the Internet where the sites are unindexed and accessible only through the onion router (TOR) network.

First and foremost, they found a wide assortment of criminal marketplaces -- for human trafficking, child pornography, and murder.

Babak Pasdar, ethical hacker and CEO of Bat Blue, says that one of the most surprising findings in the research is "how innovative folks have gotten in gamifying certain acts, such as murder." He describes how some sites offer prizes for proof of kills.

From the report: "The Darknet is also a platform for new and innovative ways to commit crime. Empowered by the Darknet’s global reach and emboldened by the anonymity it offers, gamification and crowdfunding of crimes like murder and human trafficking represent an increasingly grim aspect of the Darknet."

As Gillian Ibach, Bat Blue lead cyber intelligence analyst explains, there is no honor among thieves. The lawlessness of the Darknet is so pervasive, that the criminals are scamming each other. She points to the example of human trafficking site Black Death requiring buyers to submit Bitcoin deposits in order to bid on "Nicole" -- an 18-year-old American girl whom the Bat Blue researchers believe didn't actually exist. The report cites other examples of sites that shut down suddenly, and made off with all the Bitcoins left in their customers' escrow accounts. 

In addition to the traditional crimes, of course, there were marketplaces for cybercrime -- and government agencies were among the buyers.

"What's most surprising is how engaged and involved governments are in supporting and growing the Darknet," says Pasdar. As he explains, although the FBI and other government agencies are often shutting these sites down, they're also keen to be a part of the marketplace where some of the juiciest zero-day exploits will be bought and sold. "They want to be first to have dibs on it."

Of course, the Darknet is not just a place where illicit goods are bought and sold.

"It's also a platform for people who are desperate," says Pasdar, explaining the necessity of the Darknet's anonymity for individuals who live in oppressive governments. "They need a means and a method to communicate."

As the report states: "The United States government has a complex relationship with the Darknet. ... the U.S. Naval Research Laboratory originally created and released TOR browser. The U.S. government continues to research ways to anonymously browse the Internet and release new technology. The United States also releases new technology to foreign populations to promote dissidence against authoritarian regimes. At the same time, intelligence agencies monitor activity and attempt to trace TOR users for their own strategic purposes."

Although the U.S. may actively release TOR technology to foreign populations, there was some mild unrest recently when an American library decided to host a TOR relay node, to allow its visitors to surf the web anonymously, and access the Darknet. After Ars Technica ran a story about the Kilton Public Library in Lebanon, N.H. becoming the first library on the TOR network, the U.S. Department of Homeland Security reached out to the library's local police department to notify them about the dangers related to child exploitation on the dark web. (According to a report released in June by Trend Micro's Forward-Looking Threat Research Team, a startling 26 percent of the sites on the Darknet are child exploitation sites.)

The library volunteered to take down the TOR node until the library trustees could vote on it. Tuesday, the library trustees voted to restore TOR service, citing its usefulness not only to people in oppressive government regimes, but also to those suffering from domestic abuse. As the Concord Monitor reported:

"With any freedom there is risk,' library board Chairman Francis Oscadal said. 'It came to me that I could vote in favor of the good . . . or I could vote against the bad.

“I’d rather vote for the good because there is value to this.”

Pasdar is suspicious of the DHS's motivations for alerting the local police about the library's TOR node. "My concern is that government has other motives for doing what they're doing," he says. As he explains, government agencies might publicly discourage others to use onion routing -- because it inhibits intelligence agencies' ability to conduct surveillance -- and yet they may be happy to use the Darknet themselves, to shop on the marketplace for cyberweaponry. "I don't think they're as kind-hearted as they seem."

See the full report at batblue.com/the-darknet.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Dante1984
50%
50%
Dante1984,
User Rank: Apprentice
10/10/2015 | 11:50:18 PM
Re: Readable Image
It os offeed on the link. You need a business domain to obtain it.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/23/2015 | 9:42:34 PM
TOR vs. Darknet
Alas, government officials and other fearmongerers have taken to giving public statements that TOR users are all criminals, without demonstrating or appreciating the difference between a TOR user (for TOR can be used to anonymously browse the "regular" WWW) and illicit Darknet customers.

tl;dr: TOR and Darknet are not the same.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/17/2015 | 5:35:43 PM
Re: Readable Image
You can probably find it in the full report http://www.batblue.com/the-darknet/ but you will need to register to download it... 
george_cupp
50%
50%
george_cupp,
User Rank: Apprentice
9/17/2015 | 4:54:19 PM
Readable Image
Is there a link somewhere to the info graphic that is actually readable?
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jim, stop pretending you're drowning in tickets."
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3571
PUBLISHED: 2019-07-16
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.
CVE-2019-6160
PUBLISHED: 2019-07-16
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
CVE-2019-9700
PUBLISHED: 2019-07-16
Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.
CVE-2019-12990
PUBLISHED: 2019-07-16
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
CVE-2019-12991
PUBLISHED: 2019-07-16
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).