tag:theconversation.com,2011:/au/topics/tor-7466/articlesTor – The Conversation2023-09-19T12:15:41Ztag:theconversation.com,2011:article/2108452023-09-19T12:15:41Z2023-09-19T12:15:41ZWhat are ‘mule addresses’? Criminologists explain how vacant properties serve as depots for illegal online purchases<figure><img src="https://images.theconversation.com/files/547613/original/file-20230911-20491-xdqy4.jpg?ixlib=rb-1.1.0&rect=261%2C186%2C8044%2C4794&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Nobody's home, just as the sender intended.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/delivery-of-parcel-boxes-at-doorstep-royalty-free-image/1173054988?adppopup=true">AndreyPopov/ iStock via Getty Images Plus</a></span></figcaption></figure><p>Online shopping isn’t just a convenient way to buy batteries, diapers, computers and other stuff without going to a brick-and-mortar store.</p>
<p>Many Americans also use the internet to quietly acquire illegal, fake and <a href="https://www.linkedin.com/posts/evidence-based-cybersecurity_appleproducts-darkweb-applemacbookpro-activity-7103440509360099329-8xZh?utm_source=share&utm_medium=member_desktop">stolen items</a>. <a href="https://www.linkedin.com/posts/simon-botton-754952208_cybersecurity-digitalsafety-onlinesecurity-ugcPost-7103370581508587520-1gdL?utm_source=share&utm_medium=member_desktop">Guns</a>, prescription drugs no doctor has ordered and <a href="https://theconversation.com/heists-worth-billions-an-investigation-found-criminal-gangs-using-sham-bank-accounts-and-secret-online-marketplaces-to-steal-from-almost-anyone-and-little-being-done-to-combat-the-fraud-206893">checks</a> are on this long list, as well as <a href="https://www.investopedia.com/terms/c/cloning.asp">cloned credit cards</a>, counterfeit passports and phony <a href="https://www.cbp.gov/newsroom/local-media-release/2-shipments-containing-4420-counterfeit-driver-s-licenses-seized-cbp">driver’s licenses</a>. </p>
<p>Because buyers and sellers alike realize that the authorities can detect illegal online transactions, criminals and their customers prefer covert online platforms that protect user anonymity, such as <a href="https://www.torproject.org/">Tor</a>, or encrypted messaging applications like <a href="https://scholarworks.gsu.edu/ebcs_articles/20/">Telegram and WhatsApp</a>. Buyers and sellers also use <a href="https://www.cognyte.com/blog/digital-wallet-cybercrime/">digital wallets</a> and <a href="https://knowledgehub.transparency.org/helpdesk/cryptocurrencies-corruption-and-organised-crime-implications-of-the-growing-use-of-cryptocurrencies-in-enabling-illicit-finance-and-corruption">cryptocurrencies to further conceal</a> their identities. </p>
<p>As <a href="https://ebcs.gsu.edu/">scholars of</a> <a href="https://scholar.google.com/citations?user=GqggT9MAAAAJ&hl=en&oi=sra">high-tech crime</a>, <a href="https://ebcs.gsu.edu/profile/saba-aslanzadeh/">we were eager</a> to solve a riddle. Having these items shipped to the buyers’ homes or offices would make it easy for authorities to catch them. So how do people who buy these illegal items maintain their anonymity when they take possession of items they purchased on the <a href="https://theconversation.com/illuminating-the-dark-web-105542">dark web</a>?</p>
<p>They mostly use <a href="https://www.reddit.com/r/scambait/comments/163ssd0/report_package_mule_address/">vacant residential properties, called “mule addresses</a>” or “<a href="https://seon.io/resources/dictionary/drop-address">drop addresses</a>.” Once the illegal goods or phony documents get delivered – presumably without the owners’ knowledge – to the doorstep of the uninhabited home, the buyer or a middleman picks it up. This practice makes it very hard to trace these transactions.</p>
<h2>Penchant for sharing</h2>
<p>To discover where these items change hands, we took advantage of the inclination of some of the criminal vendors to share images on Telegram of the parcels they send, along with the illicit items.</p>
<p>They use this strategy to build their reputations, earn the trust of buyers and market their services.</p>
<p>Not all users of online underground markets do this, but we still spotted thousands of packages delivered this way over a period of two years.</p>
<p>In one case, we found a photo of a forged or stolen check alongside the mailed envelope used for its delivery on a Telegram channel dedicated to trading stolen and counterfeit checks.</p>
<p>The label on the envelope bears not only the shipping date but also the Wyoming address where it was sent. Armed with this information, anyone can retrieve related details by searching online. We found an apartment complex at that address with several units for rent.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A mailed envelope and a check with names obscured" src="https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=640&fit=crop&dpr=1 600w, https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=640&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=640&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=805&fit=crop&dpr=1 754w, https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=805&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=805&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A forged or stolen check alongside the envelope used to mail it to the person who bought it on the dark web.</span>
<span class="attribution"><span class="source">Screen capture by David Maimon</span>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span>
</figcaption>
</figure>
<h2>Guns, drugs and rentals</h2>
<p>We also found that criminal vendors use mule addresses as their sender address. In one example, we found a video, uploaded in April 2023, of an assault rifle shipped from an Arizona address. At the time, that property was for sale.</p>
<p>The video displays an assault rifle apparently shipped from that address after being purchased online on an underground gun market. At the time, that property was for sale.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="An assault rifle and an address label" src="https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=339&fit=crop&dpr=1 600w, https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=339&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=339&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=425&fit=crop&dpr=1 754w, https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=425&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=425&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">An illegal firearm vendor uploaded a video of an assault rifle being shipped to a customer.</span>
<span class="attribution"><span class="source">Screen capture by David Maimon, CC BY-NC-ND</span>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span>
</figcaption>
</figure>
<p>We found a similar video documenting the punctual delivery of what we believe to be illegal drugs. Considering that the video has been circulating in illegal drugs markets that we monitor, it’s reasonable to assume that the package contains narcotics or prescription drugs.</p>
<p>The footage portrays a satisfied customer who has just gotten the drugs. We looked up the recipient’s address, which is discernible in the video.</p>
<p>It’s a property in North Las Vegas, Nevada, which was listed for sale at the time of delivery – although it seems to have later been sold. The anticipated delivery date, March 28, 2023, coincided with the day the package in the video was received. </p>
<p>One of the illegal digital marketplaces we identified is a hub for prescription sales of OxyContin, Viagra, Adderall and Valium. It’s linked to an administrator who presides over several Telegram channels. </p>
<p>The administrator has shared photos on those channels that allowed us to see tracking numbers associated with packages they’d mailed. By collating the tracking numbers from April 20 to May 23, 2023, we compiled a comprehensive database of those addresses and the statuses of those properties when the packages were delivered.</p>
<p>We found that 72% of the 650 deliveries in this database were to properties listed for sale, and the rest were to properties unoccupied for other reasons. The average time that elapsed between a property listing and an illicit package being delivered there was nine days.</p>
<h2>Be on guard</h2>
<p>We haven’t yet learned of any criminals who were convicted of criminally using mule addresses to deliver illegal packages. </p>
<p>Because criminals take advantage of vacant residential properties listed for sale or rent by unsuspecting homeowners to protect their anonymity, we believe that it’s important for landlords and people who are selling or renting homes to protect themselves from these crimes of commerce.</p>
<p>Some of the same strategies that enhance safety in other regards can help, such as installing surveillance cameras and employing property managers.</p><img src="https://counter.theconversation.com/content/210845/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Maimon receives funding from Department of Homeland Security and other private organizations. </span></em></p><p class="fine-print"><em><span>Saba Aslanzadeh does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Buyers and sellers alike use this system to not get caught.David Maimon, Professor of Criminal Justice and Criminology, Georgia State UniversitySaba Aslanzadeh, PhD Student in in Computer Science, Georgia State UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1916582022-10-05T00:01:43Z2022-10-05T00:01:43ZThe dark web down under: what’s driving the rise and rise of NZ’s ‘Tor Market’ for illegal drugs?<figure><img src="https://images.theconversation.com/files/487679/original/file-20221003-24-gf1j44.jpg?ixlib=rb-1.1.0&rect=7%2C0%2C5100%2C3660&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Getty Images</span></span></figcaption></figure><p>New Zealand is generally proud of being a world leader, but there’s one claim that might not be universally admired: being home to the longest running English-language market for illegal drugs on the so-called “darknet”.</p>
<p>Known as “Tor Market”, it has been active since March 2018 and has outlived several larger and better known operations such as “Dream Market”, “Hydra Market” and “Empire”. The longevity of Tor Market is surprising, given so many darknet drug markets have only lasted relatively briefly.</p>
<p>That doesn’t mean you’ll be able to find it easily. The darknet is an encrypted portion of the internet not indexed by search engines. It requires specific anonymising browser software to access, typically I2P or Tor software – hence the local market’s name.</p>
<p>Many darknets sell illegal drugs anonymously, with delivery by traditional post or courier, and resemble legal e-commerce sites such as Amazon. </p>
<p>An <a href="https://www.emcdda.europa.eu/system/files/publications/6585/TD0417834ENN.pdf">analysis of over 100 darknet markets</a> between 2010 and 2017 found sites were active for an average of just over eight months. Of the more than 110 darknet drug markets active from 2010 to 2019, just <a href="https://www.emcdda.europa.eu/system/files/publications/12078/20192630_TD0319332ENN_PDF.pdf">ten remained fully operational</a> by 2019.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=425&fit=crop&dpr=1 600w, https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=425&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=425&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=533&fit=crop&dpr=1 754w, https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=533&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=533&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">US authorities announce the arrest of 179 people and seizure of more than US$6.5 million in a worldwide crackdown on darknet opioid trafficking in 2020.</span>
<span class="attribution"><span class="source">Getty Images</span></span>
</figcaption>
</figure>
<h2>The fragmented darknet ecosystem</h2>
<p>Darknet marketplaces have disappeared as a result of increasingly sophisticated and successful law enforcement operations, including clandestinely taking over sites for extended periods to gather evidence on vendors and buyers. </p>
<p>Alternatively, site administrators pull off opportunistic exit scams and abscond with cryptocurrency held in accounts. </p>
<p>No dominant international darknet market has emerged since the “voluntary shut down” of Dream Market in 2019. And there appears to be a general loss of confidence in darknet drug supply due to those enforcement shutdowns and exit scams.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-darknet-is-not-a-hellhole-its-an-answer-to-internet-privacy-101420">The darknet is not a hellhole, it's an answer to internet privacy</a>
</strong>
</em>
</p>
<hr>
<p>While total sales on all darknet markets increased in 2020, and again in the first quarter of 2021, data for the fourth quarter of 2021 suggest <a href="https://www.unodc.org/res/wdr2022/MS/WDR22_Booklet_2.pdf">sales declined</a> by as much as 50%.</p>
<p>This makes Tor Market’s performance over the same period even more remarkable. Its listings grew from fewer than ten products in the months prior to Dream Market’s closure in early 2019 to over 100 products by July that year. </p>
<p>After a steady period where there were, on average, 255 listings across 2020 and 379 across 2021, another period of growth happened in early 2022. This saw over a thousand products being listed on Tor Market by mid-2022 (see graph below).</p>
<p>This expansion was driven by a steady increase in international sales, which grew to outnumber domestic New Zealand sales by early 2022.</p>
<hr>
<iframe src="https://flo.uri.sh/visualisation/11329272/embed" title="Interactive or visual content" class="flourish-embed-iframe" frameborder="0" scrolling="no" style="width:100%;height:600px;" sandbox="allow-same-origin allow-forms allow-scripts allow-downloads allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation" width="100%" height="400"></iframe>
<div style="width:100%!;margin-top:4px!important;text-align:right!important;"><a class="flourish-credit" href="https://public.flourish.studio/visualisation/11329272/?utm_source=embed&utm_campaign=visualisation/11329272" target="_top"><img alt="Made with Flourish" src="https://public.flourish.studio/resources/made_with_flourish.svg"> </a></div>
<hr>
<h2>Filling a market gap</h2>
<p>On the face of it, New Zealand may seem an unlikely location for a rising international darknet drug market. Its geographical isolation from large European and US drug markets, small population, and historical absence of any substantial cocaine and heroin supply should all work against it.</p>
<p>Yet these factors may be exactly what has driven this market innovation.</p>
<p>Darknets provide anonymous and direct access to international drug sellers who have MDMA, cocaine and opioids for sale – drug types not easily accessed in physical drug markets in New Zealand. These international sellers are otherwise unlikely to have any interest in supplying such a small, distant market.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/inside-a-ransomware-attack-how-dark-webs-of-cybercriminals-collaborate-to-pull-them-off-163015">Inside a ransomware attack: how dark webs of cybercriminals collaborate to pull them off</a>
</strong>
</em>
</p>
<hr>
<p>By providing offerings from dozens of international drug sellers and a centralised forum for buyers, Tor Market solves the very real economic problem of “thin markets” in the New Zealand drug scene, where there are simply not enough buyers to sustain sellers for some drug types. </p>
<p>Usually, buyers and sellers would have trouble connecting and hence justifying large-scale international trafficking. Darknets solve this problem by offering retail quantities of drug types that are traditionally difficult to source, such as MDMA, directly to buyers. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-the-worlds-biggest-dark-web-platform-spreads-millions-of-items-of-child-sex-abuse-material-and-why-its-hard-to-stop-167107">How the world's biggest dark web platform spreads millions of items of child sex abuse material — and why it's hard to stop</a>
</strong>
</em>
</p>
<hr>
<h2>Size and scrutiny</h2>
<p>New Zealanders have a history of innovative solutions to the so-called “tyranny of distance”. They also have a relatively <a href="https://datareportal.com/reports/digital-2021-new-zealand">high level</a> of digital engagement and online shopping habits by international standards. Perhaps darknets offer a familiar online shopping experience. </p>
<p>For their part, the Tor Market administrators claim (based on their own site’s help manual) to offer a range of design innovations and features that ensure the security of Tor Market. </p>
<p>This kind of boasting is not uncommon among darknet operators as a marketing strategy to attract new vendors to a site. And it’s not clear whether Tor Market is really offering any superior security features or coding infrastructure compared to other sites. </p>
<p>More credible is Tor Market’s purported business strategy of purposely seeking to maintain a low profile compared to larger international sites. Indeed, many of the vendors on Tor Market in the early days were New Zealand-based and who only sold to local buyers. </p>
<p>The rising international listings on Tor Market may reflect wider problems in the darknet ecosystem, including the closure of previously dominant darknet markets and the unreliability of many sites due to denial-of-service attacks. </p>
<p>In the end, Tor Market’s success may be its undoing. It remains to be seen whether it can sustain its international growth and operate with a higher international profile, given the related risk of international law enforcement looking its way.</p><img src="https://counter.theconversation.com/content/191658/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Chris Wilkins and Marta Rychert receive funding from the New Zealand Royal Society Te Apārangi Marsden Fund Grant MAU1812. </span></em></p><p class="fine-print"><em><span>Marta Rychert receives funding from the New Zealand Royal Society Te Apārangi and NZ Health Research Council.</span></em></p>Tor Market is now the longest-running English-language market for illegal drugs on the dark web. But its success and profile may contain the seeds of its own downfall.Chris Wilkins, Associate Professor of illegal drug research, Massey UniversityMarta Rychert, Senior Researcher in Drug Policy, Massey UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1671072021-09-02T20:09:31Z2021-09-02T20:09:31ZHow the world’s biggest dark web platform spreads millions of items of child sex abuse material — and why it’s hard to stop<figure><img src="https://images.theconversation.com/files/419032/original/file-20210902-14-1a4z44w.jpeg?ixlib=rb-1.1.0&rect=80%2C0%2C4808%2C3254&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Child sexual abuse material is rampant online, despite <a href="https://www.blog.google/around-the-globe/google-europe/using-ai-help-organizations-detect-and-report-child-sexual-abuse-material-online/">considerable efforts by</a> big tech companies and governments to curb it. And according to reports, it has only become <a href="https://www.weprotect.org/library/impact-of-covid-19-on-child-sexual-exploitation-online/">more prevalent</a> during the COVID-19 pandemic.</p>
<p>This material is largely hosted on the anonymous part of the internet — the “darknet” - where perpetrators can share it with little fear of prosecution. There are currently a few platforms offering anonymous internet access, including <a href="https://geti2p.net/en/">i2p</a>, <a href="https://freenetproject.org/index.html">FreeNet</a> and <a href="https://www.torproject.org/">Tor</a>. </p>
<p>Tor is by far the largest and presents the biggest conundrum. The open-source network and browser grants users anonymity by encrypting their information and letting them escape tracking by internet service providers. </p>
<p><a href="https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/">Online privacy advocates</a> including Edward Snowden have championed the benefits of such platforms, claiming they protect free speech, freedom of thought and civil rights. But they have a dark side, too.</p>
<h2>Tor’s perverted underworld</h2>
<p>The <a href="https://support.torproject.org/">Tor Project</a> was initially developed by the US Navy to protect online intelligence communications, before its code was publicly released in 2002. The Tor Project’s developers have acknowledged the potential to misuse the service which, when combined with technologies such as <a href="https://www.getmonero.org/">untraceable cryptocurrency</a>, can help hide criminals. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/explainer-what-is-the-dark-web-46070">Explainer: what is the dark web?</a>
</strong>
</em>
</p>
<hr>
<p>Tor is an overlay network that exists “on top” of the internet and merges two technologies. The first is the onion service software. These are the websites, or “onion services”, hosted on the Tor network. These sites require an onion address and their servers’ physical locations are hidden from users. </p>
<p>The second is Tor’s privacy-maximising browser. It enables users to browse the internet anonymously by hiding their identity and location. While the Tor browser is needed to access onion services, it can also be used to browse the “surface” internet. </p>
<p>Accessing the Tor network is simple. And while search engine options are limited (there’s no Google), discovering onion services is simple, too. The <a href="https://www.bbc.com/news/technology-50150981">BBC</a>, New York Times, ProPublica, Facebook, the CIA and Pornhub all have a verified presence on Tor, to name a few.</p>
<p>Service dictionaries such as “The Hidden Wiki” list addresses on the network, allowing users to discover other (often illicit) services.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Hidden Wiki main page screenshot." src="https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=834&fit=crop&dpr=1 600w, https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=834&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=834&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1048&fit=crop&dpr=1 754w, https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1048&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1048&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">The Hidden Wiki main page.</span>
<span class="attribution"><span class="source">Wikimedia Commons</span></span>
</figcaption>
</figure>
<h2>Child sex abuse material and abuse porn is prevalent</h2>
<p>The number of onion services active on the Tor network is unknown, although the Tor Project estimates about 170,000 active addresses. The architecture of the network allows partial monitoring of the network traffic and a summary of which services are visited. Among the visited services, child sex abuse material is common. </p>
<p>Of the <a href="https://metrics.torproject.org/userstats-relay-country.html">estimated</a> 2.6 million users that use the Tor network daily, <a href="https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/iet-ifs.2015.0121">one study</a> reported only 2% (52,000) of users accessed onion services. This suggests most users access the network to <a href="https://www.pnas.org/content/pnas/117/50/31716.full.pdf">retain their online privacy</a>, rather than use anonymous onion services. </p>
<p>That said, the same study found from a single data capture that about 80% of traffic to onion services was directed to services which did offer illegal porn, abuse images and/or child sex abuse material.</p>
<p>Another <a href="https://dsimg.ubm-us.net/envelope/385643/510233/The%20Truth%20About%20The%20Dark%20Web.pdf">study</a> estimated 53.4% of the 170,000 or so active onion domains contained legal content, suggesting 46.6% of services had content which was either illegal, or in a grey area. </p>
<p>Although scams make up a significant proportion of these services, cryptocurrency services, drug deals, malware, weapons, stolen credentials, counterfeit products and child sex abuse material also feature in this dark part of the internet.</p>
<p>Only about 7.5% of the child sex abuse material on the Tor network is <a href="https://cj.msu.edu/_assets/pdfs/cina/CINA-White_Papers-Liggett_Commercial_Child_Sexual_Abuse_Markets_Dark_Web.pdf">estimated to be</a> sold for a profit. The majority of those involved aren’t in it for money, so most of this material is simply swapped. That said, <a href="https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2020">some services have started</a> charging fees for content. </p>
<p>Several high-profile onion services hosting child sex abuse material have been <a href="https://www.vice.com/en/article/4xezgg/australian-dark-web-hacking-campaign-unmasked-hundreds-globally">shut down</a> following extensive cross-jurisdictional law enforcement operations, including The Love Zone website in 2014, PlaypEn in 2015 and Child’s Play in 2017.</p>
<p>A recent effort led by German police, and involving others including Australian Federal Police, Europol and the FBI, resulted in the shutdown of the illegal website <a href="https://en.wikipedia.org/wiki/Boystown_(website)">Boystown</a> in May. </p>
<p>But one of the largest child sex abuse material forums on the internet (not just Tor) has evaded law enforcement (and activist) takedown attempts for a decade. As of last month it had 508,721 registered users. And since 2013 it has hosted over a million pictures and videos of child sex abuse material and abuse porn.</p>
<p>The paedophile (eroticisation of pre-pubescent children), haebephile (pubescent children) and ephebophile (adolescents) communities are among the early adopters of anonymous discussion forums on Tor. Forum members distribute media, support each other and exchange tips to avoid police detection and scams targeting them.</p>
<p>The <a href="https://www.weprotect.org/">WeProtect Alliance</a>’s 2019 <a href="https://www.end-violence.org/sites/default/files/paragraphs/download/Global%20Threat%20Assessment%202019.pdf">Global Threat Assessment report</a> estimated there were more than 2.88 million users on ten forums dedicated to paedophilia and paraphilia interests operating via onion services. </p>
<h2>Countermeasures</h2>
<p>There are huge challenges for law enforcement trying to prosecute those who produce and/or distribute child sex abuse material online. Such criminal activity typically falls across multiple jurisdictions, making detection and prosecution difficult.</p>
<p>Undercover operations and novel online investigative techniques are essential. One example is targeted “hacks” which offer law enforcement back-door access to sites or forums hosting child sex abuse material.</p>
<p>Such operations are facilitated by <a href="https://www.coe.int/en/web/cybercrime/the-budapest-convention">cybercrime</a> and <a href="https://www.unodc.org/unodc/en/organized-crime/intro/UNTOC.htmll">transnational organised crime</a> treaties which address child sex abuse material and the trafficking of women and children.</p>
<p>Given the volatile nature of many onion services, a focus on onion directories and forums may help with harm reduction. Little is known about child sex abuse material forums on Tor, or the extent to which they influence onion services hosting this material.</p>
<p>Apart from coordinating to avoid detection, forum users can also share information about police activity, rate onion service vendors, share sites and expose scams targeting them.</p>
<p>The monitoring of forums by outsiders can lead to actionable interventions, such as the successful profiling of active offenders. Some agencies have explored using undercover law enforcement officers, civil society, or NGO experts (such as from the <a href="https://www.weprotect.org">WeProtect Global Alliance</a> or <a href="https://www.ecpat.org">ECPAT International</a>) to promote self-regulation within these groups.</p>
<p>While there is a lack of research on this, reformed or recovering offenders can also provide counsel to others. Some sub-forums seek to offer education, encourage treatment and reduce harm — usually by focusing on the legal and health issues associated with consuming child sex abuse material, and ways to control urges and avoid stimuli. </p>
<p>Other contraband services also play a role. For instance, onion services dedicated to drug, malware or other illicit trading usually ban child sex abuse material that creeps in. </p>
<p>Why does the Tor network allow such abhorrent material to remain, despite extensive opposition — sometimes even from those within these groups? Surely those representing Tor have read complaints in the media, if not <a href="https://www.protectchildren.ca/pdfs/C3P_SurvivorsSurveyFullReport2017.pdf">survivor</a> reports about child sex abuse material.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-darknet-a-wild-west-for-fake-coronavirus-cures-the-reality-is-more-complicated-and-regulated-137608">The darknet – a wild west for fake coronavirus 'cures'? The reality is more complicated (and regulated)</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/167107/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Roderic Broadhurst has received funding for a variety of research projects on cybercrime and darknet markets from the Australian Research Council, Australian Institute of Criminology, Korean institute of Criminology and, the Australian Criminology Research Council. Since April 2019 he has served on the Australian Centre to Counter Child Exploitation Research Working Group. </span></em></p><p class="fine-print"><em><span>Matthew Ball does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>One study found 80% of darknet traffic on Tor went to sites hosting unmoderated porn and child sex abuse material.Roderic Broadhurst, Emeritus Professor, Australian National UniversityMatthew Ball, Laboratory Coordinator at the Australian National University's Cybercrime Observatory, Australian National UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1048422018-10-21T19:17:45Z2018-10-21T19:17:45ZSome cybersecurity apps could be worse for privacy than nothing at all<figure><img src="https://images.theconversation.com/files/241158/original/file-20181018-41135-1yx7mqq.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Apple has removed several security tools from the Mac app store after they were found to be collecting unnecessary personal data.</span> <span class="attribution"><a class="source" href="http://www.shutterstock.com">Shutterstock</a></span></figcaption></figure><p>It’s been a busy few weeks for cybersecurity researchers and reporters. There was the <a href="https://theconversation.com/facebook-hack-reveals-the-perils-of-using-a-single-account-to-log-in-to-other-services-104227">Facebook hack</a>, the <a href="https://www.theverge.com/2018/10/8/17951914/google-plus-data-breach-exposed-user-profile-information-privacy-not-disclosed">Google plus data breach</a>, and <a href="https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies">allegations</a> that the Chinese government implanted spying chips in hardware components. </p>
<p>In the midst of all this, some other important news was overlooked. In early September, <a href="https://www.bbc.com/news/technology-45482819">Apple removed several Trend Micro anti-malware</a> tools from the Mac app store after they were found to be collecting unnecessary personal information from users, such as browser history. Trend Micro has now removed this function from the apps.</p>
<p>It’s a good reminder that not all security apps will make your online movements more secure – and, in some cases, they could be worse than doing nothing at all. It’s wise to do your due diligence before you download that ad-blocker or VPN – read on for some tips.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/encrypted-smartphones-secure-your-identity-not-just-your-data-91715">Encrypted smartphones secure your identity, not just your data</a>
</strong>
</em>
</p>
<hr>
<h2>Security apps</h2>
<p>There are range of tools people use to protect themselves from cyber threats:</p>
<ul>
<li><p><strong>Virtual private networks (VPNs)</strong> allow you to establish a secure connection with a remote server and route all your traffic through it so it can’t be tracked by your internet service provider. VPNs are commonly used to access geo-blocked content, and for additional privacy.</p></li>
<li><p><strong>Ad-blockers</strong> prevent advertisements from appearing on the websites you visit.</p></li>
<li><p><strong>App-lockers</strong> allow you to set passwords for individual apps. For example, if somebody borrowed your phone to make a call, and then tried to access your Facebook app. </p></li>
<li><p><strong>Tor</strong> hides your identity while you browse the internet, by encrypting and moving your traffic across multiple Tor nodes.</p></li>
</ul>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374">As more vulnerabilities are discovered. Is it time to uninstall antivirus software?</a>
</strong>
</em>
</p>
<hr>
<h2>Know the risks</h2>
<p>There are multiple dangers in using these kinds of security software, especially without the proper background knowledge. The risks include:</p>
<h3>Accessing unnecessary data</h3>
<p>Many security tools request access to your personal information. In many cases, they need to do this to protect your device. For example, <a href="http://www.av-comparatives.org/wp-content/uploads/2016/12/avc_datasending_2014_en.pdf">antivirus software</a> requires information such as browser history, personal files, and unique identifiers to function. But in some cases, tools request more access than they need for functionality. This was the case with the <a href="https://blog.trendmicro.com/answers-to-your-questions-on-our-mac-apps-store/">Trend Micro apps</a>. </p>
<h3>Creating a false sense of security</h3>
<p>It makes sense that if you download a security app, you believe your online data is more secure. But sometimes mobile security tools don’t provide security at the expected levels, or don’t provide the claimed services at all. If you think you can install a state-of-the-art mobile malware detection tool and then take risks online, you are mistaken. </p>
<p>For example, a 2017 <a href="https://taesoo.kim/pubs/2017/jung:avpass-slides.pdf">study</a> showed it was not hard to create malware that can bypass 95% of commercial Android antivirus tools. Another <a href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">study</a> showed that 18% of mobile VPN apps did not encrypt user traffic at all. And if you are using Tor, there are many mistakes you can make that will compromise your anonymity and privacy – especially if you are not familiar with the Tor setup and <a href="https://www.howtogeek.com/142380/htg-explains-is-tor-really-anonymous-and-secure/">try to modify its configurations</a>. </p>
<p>Lately, there have been reports of fake antivirus software, which <a href="https://www.zdnet.com/article/can-you-trust-your-mobile-antivirus-software-malicious-fake-protection-apps-flood-google-play-store/">open backdoors for spyware, ransomware and adware</a>, occupying the top spots on the app charts. Earlier this year it was reported that 20 million Google Chrome users had <a href="https://thehackernews.com/2018/04/adblocker-chrome-extention.html">downloaded fake ad-blocker extensions</a>.</p>
<h3>Software going rogue</h3>
<p>Numerous free – or paid – security software is available in app stores created by enthusiastic individual developers or small companies. While this software can provide handy features, they can be poorly maintained. More importantly, they can be hijacked or bought by attackers, and then used to harvest personal information or propagate malware. This mainly happens in the case of <a href="https://www.forbes.com/sites/leemathews/2017/07/31/hackers-hijacked-a-chrome-extension-and-forced-ads-on-over-30000-users/#13fd147464e0">browser extensions</a>.</p>
<h2>Know what you’re giving away</h2>
<p>The table below shows what sort of personal data are being requested by the top-10 antivirus, app-locker and ad-blocking apps in the Android app store. As you can see, antivirus tools have access to almost all the data stored in the mobile phone. </p>
<iframe src="https://datawrapper.dwcdn.net/HIId8/4/" scrolling="no" frameborder="0" allowtransparency="true" width="100%" height="545"></iframe>
<p>That doesn’t necessarily mean any of these apps are doing anything bad, but it’s worth noting just how much personal information we are entrusting to these apps without knowing much about them.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/explainer-how-malware-gets-inside-your-apps-79485">Explainer: how malware gets inside your apps</a>
</strong>
</em>
</p>
<hr>
<h2>How to be safer</h2>
<p>Follow these pointers to do a better job of keeping your smart devices secure:</p>
<h3>Consider whether you need a security app</h3>
<p>If you stick to the official apps stores, install few apps, and browse only a routine set of websites, you probably <a href="https://www.smh.com.au/technology/mobile-antivirus-not-needed-google-20140702-zsthl.html">don’t need extra security software</a>. Instead, simply stick to the security guidelines provided by the manufacturer, be diligent about updating your operating system, and don’t click links from untrusted sources. </p>
<h3>If you do, use antivirus software</h3>
<p>But before you select one, read product descriptions and online reviews. Stick to solutions from well-known vendors. Find out what it does, and most importantly what it doesn’t do. Then read the permissions it requests and see whether they make sense. Once installed, update the software as required. </p>
<h3>Be careful with other security tools</h3>
<p>Only install other security tools, such as ad-blockers, app-lockers and VPN clients, if it is absolutely necessary and you trust the developer. The returns from such software can be minimal when compared with the associated risks.</p><img src="https://counter.theconversation.com/content/104842/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Suranga Seneviratne does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Before you download antivirus and ad-blocker apps, do your due diligence on what personal information they want to access. Here are some tips on what to look out for.Suranga Seneviratne, Lecturer - Security, University of SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1014202018-08-16T13:38:08Z2018-08-16T13:38:08ZThe darknet is not a hellhole, it’s an answer to internet privacy<figure><img src="https://images.theconversation.com/files/231892/original/file-20180814-2924-1pkzdbk.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-illustration/cyber-security-metallic-combination-lock-inbuilt-1068036806?src=N4xggQRHvPKnQ6BlwvUQRw-2-67">Sergey Tarasov</a></span></figcaption></figure><p>On the back of scandals such as those that engulfed the <a href="https://theconversation.com/privacy-2013-from-snowden-to-facebook-to-amazons-drones-20353">NSA</a> and <a href="https://theconversation.com/cambridge-analyticas-closure-is-a-pyrrhic-victory-for-data-privacy-96034">Cambridge Analytica</a>, online privacy and data protection have become major political concerns. Many of us <a href="http://time.com/4673602/terms-service-privacy-security/">worry that</a> private companies and governments know more about us than our closest friends and relatives. </p>
<p>One alternative is to switch to the darknet, which offers anonymity and protection from those who keep track of what people do online. Yet it is controversial, to say the least. The darknet has been associated with everything from drug and weapons dealers to child porn, hitmen and identity thieves. Even the name suggests a dark, sinister space. Yet when you actually investigate this encrypted network, the reality is a bit more complicated. And it’s time to call the darknet’s sleazy reputation into question. </p>
<p>The darknet is a worldwide decentralised network of hundreds of computers, whose owners configure them and contribute internet bandwidth to create a series of routing points or nodes. These nodes feature a form of layered encryption, that often <a href="https://www.geeksforgeeks.org/onion-routing/">gets compared</a> to an onion – hence the collective name <a href="https://www.torproject.org">The Onion Routing network</a>, or Tor for short. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/231893/original/file-20180814-2891-1096aqs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/231893/original/file-20180814-2891-1096aqs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/231893/original/file-20180814-2891-1096aqs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/231893/original/file-20180814-2891-1096aqs.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/231893/original/file-20180814-2891-1096aqs.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/231893/original/file-20180814-2891-1096aqs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/231893/original/file-20180814-2891-1096aqs.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/231893/original/file-20180814-2891-1096aqs.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Onion ring.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/bratislava-slovakia-july-3-2018-tor-1126165718?src=Nc6LIKgz1pro6QADBCDmtw-1-8">Pe3k</a></span>
</figcaption>
</figure>
<p>Onion routing was originally developed in the 1990s by the US Naval Research Laboratory to protect US intelligence communications online. Free Tor software was first made publicly available in 2002, and the not-for-profit <a href="https://www.torproject.org">Tor project</a> was set up in 2006 to maintain the system. It has received funding over the years from governments, NGOs, foundations and companies, as well as thousands of personal donations. </p>
<p>Since April, <a href="https://metrics.torproject.org">between</a> 2m to 2.5m people use Tor worldwide every day. The number fluctuates greatly over time; there was a short-term peak in the fourth quarter of 2013, for instance. This was perhaps related to the emerging popularity of so-called cryptomarkets like <a href="https://www.wired.com/2015/04/silk-road-1/">Silk Road</a>, when global traffic reached almost 6m. In the UK at that time, the user base rose to 157,000 – now it’s more like 70,000. </p>
<h2>The darknet goes dark</h2>
<p>The launch of Silk Road in 2011 has much to do with the controversy around the darknet. The first of its kind, Silk Road <a href="https://www.forbes.com/sites/niallmccarthy/2018/03/22/where-guns-are-sold-through-the-darknet-infographic/#6fb4627e647a">was a market space</a> for everything from firearms to illegal drugs. By the <a href="https://theconversation.com/end-of-the-silk-road-how-did-dread-pirate-roberts-get-busted-18886">time</a> it was <a href="https://www.forbes.com/sites/andygreenberg/2013/10/02/end-of-the-silk-road-fbi-busts-the-webs-biggest-anonymous-drug-black-market/">busted</a> by the FBI in October 2013, the media was essentially equating it with the entire darknet. <a href="https://www.richardvanhooijdonk.com/en/blog/complex-dangerous-disturbing-underworld-darknet/">Subsequent reports</a> about drug crime, child porn and hitman services only strengthened the association. </p>
<p>Few would <a href="https://www.cyberscoop.com/tor-dark-web-andrew-lewman-securedrop/">disagree today</a> that the darknet attracts a lot of criminal activity, so what’s the case for the defence? For one thing, the network offers safe space to many activities that require anonymity. Socially sensitive communications are a <a href="https://www.jstor.org/stable/j.ctt13x07xx">good example</a> – such as forums for people who have survived rape or child abuse. Journalists use Tor to interact more safely <a href="https://darkwebnews.com/dark-web/how-whistleblowers-use-the-darknet-for-good/">with whistleblowers</a>, while it enables activists in repressive regimes to communicate politically sensitive information – the likes of Human Rights Watch actually <a href="https://openscholarship.wustl.edu/law_globalstudies/vol11/iss3/6/">encourage</a> this. </p>
<p>When my colleague at the University of Aberdeen, Hanifi Baris, was <a href="https://www.pressandjournal.co.uk/fp/news/aberdeen/1514218/outspoken-aberdeen-university-academic-has-been-arrested/">recently arrested</a> by the Turkish authorities for sharing anti-Erdoğan information on Facebook and Twitter, it underlined the importance of the darknet as an outlet for protest. There was a rather telling <a href="https://metrics.torproject.org">sharp peak</a> in Tor users in Turkey during the last presidential elections in June. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/231894/original/file-20180814-2906-118b3aw.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/231894/original/file-20180814-2906-118b3aw.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/231894/original/file-20180814-2906-118b3aw.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=298&fit=crop&dpr=1 600w, https://images.theconversation.com/files/231894/original/file-20180814-2906-118b3aw.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=298&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/231894/original/file-20180814-2906-118b3aw.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=298&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/231894/original/file-20180814-2906-118b3aw.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=375&fit=crop&dpr=1 754w, https://images.theconversation.com/files/231894/original/file-20180814-2906-118b3aw.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=375&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/231894/original/file-20180814-2906-118b3aw.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=375&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">The Twitter campaign.</span>
</figcaption>
</figure>
<p>When it comes to illicit drugs, darknet services can be a safer option for people who would take drugs anyway. Buyers avoid the risk of physical violence that comes with scoring on the street. Buyer reviews put pressure on darknet dealers to sell drugs of decent <a href="https://serval.unil.ch/resource/serval:BIB_670B021B4620.P001/REF">quality</a> – <a href="https://www.sciencedirect.com/science/article/pii/S0955395915003503">albeit</a> some reviewers <a href="https://www.sciencedirect.com/science/article/pii/S095539591630130X?via%3Dihub">will have</a> more expertise than others and experiences are always going to be somewhat subjective. </p>
<p>At any rate, the darknet has amassed a collectively built database of knowledge and shared experiences about drug consumption in cryptomarkets that can offer guidance and support for anyone who wants to use them. Given that drugs always vary in strength and purity depending on the seller and the batch, this information can be incredibly important – and often much more helpful than a generic forum or drug info website. </p>
<p>As for some of the other illegal activities on the darknet, child pornography is banned in most cryptomarkets, for example, while hitman services <a href="https://darkwebnews.com/scams/sicilian-hitmen-scam/">have usually</a> turned out to be scams. Additionally, the darknet does not turn people into drug addicts, arms dealers, assassins or paedophiles. The decision to engage in such activities usually happens outwith that space.</p>
<h2>Darknet/clearnet</h2>
<p>The conventional internet is not merely a platform for us to communicate, game, shop, download and so on. These activities all feed valuable data to governments and companies. </p>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/231895/original/file-20180814-2894-1p1eqyh.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/231895/original/file-20180814-2894-1p1eqyh.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/231895/original/file-20180814-2894-1p1eqyh.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=683&fit=crop&dpr=1 600w, https://images.theconversation.com/files/231895/original/file-20180814-2894-1p1eqyh.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=683&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/231895/original/file-20180814-2894-1p1eqyh.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=683&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/231895/original/file-20180814-2894-1p1eqyh.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=858&fit=crop&dpr=1 754w, https://images.theconversation.com/files/231895/original/file-20180814-2894-1p1eqyh.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=858&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/231895/original/file-20180814-2894-1p1eqyh.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=858&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Eye cloud.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/bratislava-slovakia-july-3-2018-tor-1126165718?src=Nc6LIKgz1pro6QADBCDmtw-1-8">Lightspring</a></span>
</figcaption>
</figure>
<p>Most of us are surrounded by personal devices that are almost always online, and we’ve made ourselves open to massive marketisation, exploitation, monitoring, control and repression. It’s the hefty price we pay for internet freedom – and new legal frameworks like the General Data Protection Regulation (GDPR) <a href="https://theconversation.com/gdpr-isnt-enough-to-protect-us-in-an-age-of-smart-algorithms-97389">will not</a> significantly change this. </p>
<p>The darknet is hardly a panacea in this regard, but it does allow people to <a href="https://www.rollingstone.com/politics/politics-news/the-darknet-is-the-government-destroying-the-wild-west-of-the-internet-198271/">reclaim privacy</a> and protect their identities online. Admittedly there are limits to this: Tor enables users to hide their geographical location, but any data you provide once you are inside a website is accessible to whoever is running it, plus any organisations they may collaborate with. Log in to gmail from Tor and your emails are not private (try ProtonMail or Snapchat instead). Every Twitter search via Tor is logged like it is for any user – just like it is for Amazon and so on. </p>
<p>Another major problem is the speed of Tor, which depends on the number of nodes on the available bandwidth. Everything is slowed down by the secure encryption and user anonymity built into the structure. Although Tor has gained markedly in speed and security since its inception, it is still slower than the conventional internet. </p>
<p>This compromise between speed and exposure/protection will probably continue for the foreseeable future. If you want to help, however, you might consider running a relay. Everyone is invited to collaborate – here’s <a href="https://blog.torproject.org/new-guide-running-tor-relay">a guide</a> explaining what to do. Instead of shunning the darknet as a badland for bad people, it’s time more of us saw its potential as a force for good.</p><img src="https://counter.theconversation.com/content/101420/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Andreas Zaunseder does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The case for all things Tor.Andreas Zaunseder, Doctoral Fellow, Centre for Citizenship, Civil Society and Rule of Law, University of AberdeenLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/828332017-09-06T20:10:28Z2017-09-06T20:10:28ZPoisoned water holes: the legal dangers of dark web policing<p><em>This article is part of a series on how law enforcement is fighting crime across digital borders. You can read the rest <a href="https://theconversation.com/au/topics/fighting-crime-across-digital-borders-42662">here</a>.</em></p>
<hr>
<p>Australian police are using <a href="http://www.csoonline.com/article/2614643/security/watch-out-for-waterhole-attacks----hackers--latest-stealth-weapon.html">“poisoned watering holes”</a> to investigate crime on the dark web. By taking over illegal marketplaces that traffic in child pornography or drugs, law enforcement are collecting information about criminals all over the world.</p>
<p>Of course, crimes that occur on the internet often cross international borders, but this situation is creating troubling new standards in transnational policing. </p>
<p>Research, <a href="https://eprints.qut.edu.au/102299/">including our own</a>, indicates that as police operations move into online environments, new rules for digital evidence collection and exchange must be developed to assist prosecutions while preserving due process and <a href="https://necessaryandproportionate.org/">human rights</a>. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/spyware-merchants-the-risks-of-outsourcing-government-hacking-80891">Spyware merchants: the risks of outsourcing government hacking</a>
</strong>
</em>
</p>
<hr>
<p>Investigations on the <a href="https://theconversation.com/explainer-what-is-the-dark-web-46070">dark web</a> readily transcend geographic demarcations fundamental to the use of search warrants and the admissibility of evidence.</p>
<p>Some enforcement agencies have <a href="https://www.eff.org/deeplinks/2016/08/illegal-playpen-story-rule-41-and-global-hacking-warrants">conducted online investigations</a> and attempted to <a href="http://epublications.bond.edu.au/law_pubs/761/">access or transfer information</a> outside existing domestic and transnational legal frameworks. This is common <a href="https://motherboard.vice.com/en_us/article/mg79nb/australian-authorities-hacked-computers-in-the-us">in cases</a> involving dark web sites that distribute child exploitation material (CEM). </p>
<p>Without proper checks, police could have significantly expanded scope to search homes and computers around the world, even in cases not involving CEM.</p>
<h2>Watering holes and network investigative techniques</h2>
<p>The techniques used in online investigations can have potentially problematic legal standing.</p>
<p><a href="https://arstechnica.com/tech-policy/2017/05/creator-of-infamous-playpen-website-sentenced-to-30-years-in-prison/">Playpen</a> was a dark web site used to distribute CEM. The FBI seized the site in 2015, and obtained a warrant to continue its operation on a government server. </p>
<p>The FBI used a Network Investigative Technique (NIT), also known as <a href="https://policyreview.info/articles/analysis/computer-network-operations-and-rule-law-australia">Computer Network Exploitation</a>, to identify Playpen users. This distributed <a href="https://theconversation.com/after-wannacrypt-should-governments-stockpile-software-vulnerabilities-experts-respond-77717">malware</a> onto any computer used to log into the site. </p>
<p>The NIT enabled the FBI to identify the IP addresses, log-in times, and operating systems of around 150 computers located in the United States and more than 8,000 computers <a href="https://motherboard.vice.com/en_us/article/53d4n8/fbi-hacked-over-8000-computers-in-120-countries-based-on-one-warrant">located in 120 countries</a>. Up to <a href="https://www.casemine.com/judgement/us/5914abd5add7b049347399fb">215,000 registered Playpen users globally</a> could be affected.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/oqqIdRFeu24?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">A Fast Explainer Of The Dark Web.</span></figcaption>
</figure>
<p>According to the Electronic Frontier Foundation, Playpen is the largest known <a href="https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-unprecedented-and-illegal-hacking-operation">US government hacking operation</a>. But it was authorised by a single warrant issued in Eastern Virginia. </p>
<p>Specialist online units in Australia, such as <a href="https://www.theguardian.com/society/2016/jul/13/shining-a-light-on-the-dark-web-how-the-police-ended-up-running-a-paedophile-site">Task Force Argos</a> in the Queensland Police Service, have also used “poisoned watering hole” tactics. </p>
<p>Australian convicted child sex offender <a href="http://www.abc.net.au/news/2016-02-26/paedophile-shannon-mccoole-gives-evidence-at-royal-commission/7203970">Shannon Grant McCoole</a>, who administered “The Love Zone” site, was apprehended after a tip from Danish police. Task Force Argos investigators then <a href="https://www.cdpp.gov.au/news/record-sentence-head-administrator-paedophile-site">effectively ran the site</a> “while feeding information to international law enforcement colleagues”.</p>
<p>The investigation identified many users located in other countries, including several who were <a href="https://motherboard.vice.com/en_us/article/mg79nb/australian-authorities-hacked-computers-in-the-us">prosecuted in the United States</a>.</p>
<p>Details of the warrant used in this investigation are unclear, which is common in cases involving CEM that result in guilty pleas.</p>
<h2>Darkweb investigations and the law</h2>
<p>There are some established methods for law enforcement sharing information across borders.</p>
<p><a href="https://mlat.info/">Mutual Legal Assistance Treaties (MLATs)</a> are similar to extradition treaties. States seeking access to digital evidence located offshore must first issue a formal request.</p>
<p>MLATs aim to protect the legal rights of people suspected of transnational or offshore offending. However, available US cases <a href="https://motherboard.vice.com/en_us/article/mg79nb/australian-authorities-hacked-computers-in-the-us">involving The Love Zone</a> do not appear to mention MLAT procedures. </p>
<p>This has troubling implications for the right to a fair trial.</p>
<p>It’s possible Task Force Argos informally communicated the IP addresses of US-based site users directly to US authorities. Queensland Police declined to comment on the warrant.</p>
<p>The geographic scope of the Playpen NIT warrant, on the other hand, is extremely unclear. <a href="https://www.aclu.org/report/challenging-government-hacking-criminal-cases?redirect=malware-report">Some US courts</a> have declared the NIT warrant to be valid only within Eastern Virginia. </p>
<p>At least one US court has ruled that warrants to search homes and seize computers outside of this district produced evidence viewed as the <a href="https://assets.documentcloud.org/documents/3533838/2017-03-23-44-US-v-Carlson-DMN.pdf">“fruit of the poisonous tree”</a>.</p>
<p>In other words, because the dark web’s infrastructure could only enable law enforcement to uncover the locations and identities of suspects through the defective NIT warrant, any physical evidence seized from a subsequent warrant to search a home was inadmissible.</p>
<p>However, some US courts seem willing to admit evidence from the Playpen NIT because the FBI is regarded by the courts as acting in <a href="https://www.ca10.uscourts.gov/opinions/16/16-1401.pdf">good faith</a> in both seeking and executing it. </p>
<h2>Legal geographies of online investigations</h2>
<p>Law enforcement agencies are keen to maintain secrecy of dark web CEM investigations. But there is concern from legal experts that informal police networks routinely operate outside of established MLAT procedures.</p>
<p>The MLAT process is slow, technical <a href="https://www.accessnow.org/whats-wrong-system-cross-border-access-data/">and cumbersome</a>. This may fuel the acceptance of questionable NITs and exchange of data between police to streamline transnational dark web investigations. But it could also undermine complex cyber-prosecutions and the fairness of criminal trials that rely on electronic evidence.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/inside-the-fight-against-malware-attacks-81433">Inside the fight against malware attacks</a>
</strong>
</em>
</p>
<hr>
<p>The informal exchange of criminal intelligence and use of malware is understandable where child welfare is at stake. But these investigative methods <a href="https://publicpolicy.googleblog.com/2015/02/a-small-rule-change-that-could-give-us.html">undercut current attempts</a> to preserve due process and digital security standards.</p>
<p>Success in these types of investigations cannot solely be measured by prosecution and conviction rates. It should also be measured by the legality, ethics and transparency of transnational investigative procedures and the rules that underpin them.</p>
<p><em><strong>Read other stories in this series:</strong></em></p>
<ul>
<li><em><a href="https://theconversation.com/police-want-to-read-encrypted-messages-but-they-already-have-significant-power-to-access-our-data-82891">Police want to read encrypted messages, but they already have significant power to access our data</a></em></li>
<li><em><a href="https://theconversation.com/its-too-hard-to-get-the-data-of-australian-criminals-when-its-stored-overseas-82828">It’s too hard to get the data of Australian criminals when it’s stored overseas</a></em></li>
<li><em><a href="https://theconversation.com/virtual-child-pornography-could-both-help-and-hinder-law-enforcement-82746">Virtual child pornography could both help and hinder law enforcement</a></em></li>
</ul><img src="https://counter.theconversation.com/content/82833/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Ian Warren is affiliated with the Australian Privacy Foundation.</span></em></p><p class="fine-print"><em><span>Adam Molnar is a Board Member of the Australian Privacy Foundation and is on the Advisory Council of Digital Rights Watch Australia.</span></em></p><p class="fine-print"><em><span>Monique Mann is a Board Member of the Australian Privacy Foundation and is on the Advisory Council of Digital Rights Watch Australia. While at the Australian Institute of Criminology, she consulted for the Australian Criminal Intelligence Commission on information systems and cybercrime. The views expressed here are those of the author and do not represent the views of any Commonwealth agency.</span></em></p>Without proper checks, police could have significantly expanded scope to search homes and computers around the world.Ian Warren, Senior Lecturer, Criminology, Deakin UniversityAdam Molnar, Lecturer, Criminology, Deakin UniversityMonique Mann, Lecturer, School of Justice, Researcher at the Crime and Justice Research Centre and Intellectual Property and Innovation Law Research Group, Faculty of Law, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/781982017-05-25T03:29:46Z2017-05-25T03:29:46ZFrom live streaming to TOR: new technologies are worsening online child exploitation<figure><img src="https://images.theconversation.com/files/170897/original/file-20170525-13199-1c8rmty.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Australia must develop an effective national response to the sharing and creation of child exploitation material online.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/russian-hacker-hacking-server-dark-532748287?src=lV9GWh3o4dqE3EEQROArZQ-1-0">www.shutterstock.com</a></span></figcaption></figure><p><em>This story contains detail of child abuse some readers may find disturbing.</em></p>
<p>Ease of access to technologies such as live streaming is increasing the production and spread of child exploitation material online.</p>
<p>Our report, <a href="http://www.antislavery.org.au/newsflash/286-new-report-launching-soon-behind-the-screen-online-child-exploitation-in-australia.html">Behind the Screen: Online Child Exploitation in Australia</a>, brings together cases and data from international and Australian law enforcement agencies, as well as interviews with government, police and non-governmental organisations, to provide an alarming snapshot of the challenge we face.</p>
<p>Tens of thousands of images and video are already available online, and the problem is likely to worsen without comprehensive action.</p>
<h2>New technologies and child exploitation</h2>
<p>In Australia and around the world, rates of live-streamed child abuse via webcam, video footage and image capture are growing.</p>
<p>Figures from the Internet Watch Foundation support this trend, showing that reports of child sexual abuse imagery rose by <a href="http://www.antislavery.org.au/images/behind%20the%20screen%20-%20report.pdf">417% between 2013 and 2015</a>. The Australian Federal Police <a href="http://www.antislavery.org.au/images/behind%20the%20screen%20-%20report.pdf">received 11,000</a> online child exploitation reports in 2015. </p>
<p>Technological advancements including anonymising programs <a href="https://www.torproject.org/">such as TOR</a>, peer to peer networking technology and the capacity for increased online file storage and sharing, has facilitated the widespread sharing and storing of harmful material.</p>
<p>This view was shared by a senior officer from the Queensland Police Project “Argos”, which investigates online child exploitation. He told us,</p>
<blockquote>
<p>Back in the early 2000s we were dealing with kilobytes and megabytes. Now we are dealing with petabytes, mainly terabytes when we do our seizures… [T]he cheaper cost of storage whether it be cloud based or hard disk based is creating obviously, larger seizures on our front.</p>
</blockquote>
<p>Responding to new technology is challenging. Online child exploitation crimes are difficult to track and measure, given the spread of more secure technologies, such as streaming services, the anonymity provided by <a href="https://theconversation.com/what-is-the-dark-web-and-how-does-it-work-63613">the “dark web”</a> and less traceable payment systems <a href="https://theconversation.com/what-is-bitcoin-it-is-not-that-complicated-if-you-ignore-the-geek-speak-46512">such as Bitcoin</a>. </p>
<p>In the words of a senior officer with Argos,</p>
<blockquote>
<p>How difficult is it? Look, if they are using TOR and they are set up and don’t make mistakes, it’s impossible. We’re reliant on some fairly innovative law enforcement techniques and them making errors… if they’re using proxies or anonymising services using encryptions and using the so-called Darknet or TOR, it would be very tough… the hidden web is very, very challenging, but you know that doesn’t mean we give up. We keep trying. </p>
</blockquote>
<h2>The cases of Shannon McCoole and Matthew Graham</h2>
<p>The production and sharing of child exploitation online was key to two recent Australian criminal cases.</p>
<p>In 2016, Matthew Graham <a href="https://www.cdpp.gov.au/sites/g/files/net391/f/MR-20160317-Child%20Exp-Graham-FINAL.pdf">was sentenced</a> to 15 years imprisonment for distributing child exploitation material.</p>
<p>Graham administered online websites and forums between 2012 and 2014. He shared hundreds of thousands of images, including videos of the torture and rape of a young child in the Philippines, and in one instance, encouraged the rape and murder of a child in Russia. </p>
<p>The United States Federal Bureau of Investigations described Graham’s network as “one of the largest and most extreme in the world”. </p>
<p>In 2015, Shannon McCoole <a href="http://www.abc.net.au/news/2016-02-26/convicted-paedophile-shannon-mccoole-to-give-evidence/7193462">was sentenced</a> to 35 years imprisonment with charges related to his role as head administrator of a global online network with 45,000 members. </p>
<p>The sentencing judge in the McCoole case drew attention to the challenges posed by secretive computer networks and websites created for the specific purpose of distributing exploitative material.</p>
<blockquote>
<p>The network allowed communication between individuals in a secure fashion that enabled them to contact each other and share data without necessarily identifying themselves. It was highly sophisticated, elaborate, organised and controlled.</p>
</blockquote>
<p>The McCoole case also showed that Australian law has not kept pace with the scale and nature of the crimes. While McCoole was based in Australia and operated the network here, our research found there are no federal legislative provisions dealing with the administration of online child exploitation material networks where the administrator is based in Australia. </p>
<p>In contrast, a few state jurisdictions have introduced provisions, although the effectiveness of these new laws has not been tested.</p>
<h2>What Australia should do</h2>
<p>Australia must confront the rapid increase of gravely exploitative material online.</p>
<p>We need to review the effectiveness of our existing regulatory frameworks, including those governing internet service providers, search engines and social media services. </p>
<p>We recommend the following steps be taken, among others:</p>
<ul>
<li>Outdated industry codes must be changed. Particularly, there is a lack of clarity relating to the legal obligations of internet service providers to report child exploitation material that is hosted on their networks.</li>
<li>A peak national body with representatives from government, law enforcement agencies and other key stakeholders at state, territory and commonwealth levels should be established to review all relevant legislation. </li>
<li>The Broadcasting Services Act must be amended so instances of online child exploitation material on servers hosted in Australia are identified and investigated. </li>
<li>Sentencing outcomes for online exploitation offences should be researched to further explore the relationship between human trafficking and online child exploitation. </li>
</ul>
<p>Offenders are routinely caught with thousands of images. A coordinated and powerful response is necessary if we are to protect children.</p>
<p><em>Anyone can report abuse or illegal activity online to the Australian Federal Police using a form <a href="https://www.afp.gov.au/what-we-do/services/child-protection/online-child-sex-exploitation#report-suspicious-behaviour-online">available here</a>. To report emergencies, such as a child who is in immediate danger or risk, call 000, Crimestoppers on 1800 333 000 or your local police station.</em></p>
<p><em><strong>Correction:</strong> The Internet Watch Foundation <a href="https://www.iwf.org.uk/news/iwf-announce-record-reports-of-child-sexual-abuse-online">has found</a> that reports of child sexual abuse imagery rose by 417% between 2013 and 2015. This figure was originally incorrectly credited to the Australian Federal Police.</em></p><img src="https://counter.theconversation.com/content/78198/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The research received funding from the Rainbow Fish Foundation. </span></em></p>The Behind the Screen: Online Child Exploitation in Australia report provides an alarming snapshot of a growing crime.Jennifer Burn, Professor, Faculty of Law and Director of Anti-Slavery Australia, University of Technology SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/736412017-03-20T01:32:32Z2017-03-20T01:32:32ZTor upgrades to make anonymous publishing safer<figure><img src="https://images.theconversation.com/files/160793/original/image-20170314-10759-385iv.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Tor's improvements can help users stay private and anonymous online.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-illustration/anonymous-browsing-flat-illustration-concept-laptop-326161724">Anonymous online via shutterstock.com</a></span></figcaption></figure><p>In the coming months, the Seattle-based nonprofit <a href="https://www.torproject.org">The Tor Project</a> will be making some changes to improve how the Tor network protects users’ privacy and security. The free network lets users browse the internet anonymously. For example, using Tor can reduce the risk of being identified when dissidents speak out against their governments, whistleblowers communicate with journalists and victims of domestic abuse seek help.</p>
<p>In its most common, and best-known, function, a person using the free <a href="https://www.torproject.org/download/download-easy.html.en">Tor Browser</a> – essentially a privacy-enhanced version of Firefox – uses the internet mostly normally. Behind the scenes, the browser and the network handle the web traffic by bouncing the communications through a chain of three randomly chosen computers from all over the world, called “relays.” As of March 2017, the Tor network <a href="https://metrics.torproject.org/networksize.html?start=2016-12-13&end=2017-03-13">counts almost 7,000 of these relays</a>. The goal of leveraging these relays is to decouple a user’s identity from her activity.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/158813/original/image-20170228-13104-ylxylj.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/158813/original/image-20170228-13104-ylxylj.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=318&fit=crop&dpr=1 600w, https://images.theconversation.com/files/158813/original/image-20170228-13104-ylxylj.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=318&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/158813/original/image-20170228-13104-ylxylj.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=318&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/158813/original/image-20170228-13104-ylxylj.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=400&fit=crop&dpr=1 754w, https://images.theconversation.com/files/158813/original/image-20170228-13104-ylxylj.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=400&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/158813/original/image-20170228-13104-ylxylj.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=400&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Tor bounces web traffic over three randomly selected Tor relays out of a total of around 7,000 relays.</span>
</figcaption>
</figure>
<p>But those users are still, generally speaking, using others’ websites, which can be <a href="https://www.theatlantic.com/technology/archive/2016/02/the-research-pirates-of-the-dark-web/461829/">shut down</a> or <a href="http://www.bbc.com/news/technology-11928899">pressured into censoring online activity</a>. My own work as a scholar and volunteer member of The Tor Project also looks at the network’s way of allowing people to host websites privately and anonymously, which is where most of the upgrades to the system will come. </p>
<p>Called “onion services,” this element of the Tor network makes it possible for a person to run a website (or filesharing site, or chat service or even video calling system) from a dedicated server or even her own computer without exposing where in the world it is. That makes it much harder for authorities or opponents to take down. <a href="https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt">The upcoming changes</a> will fix flaws in the system’s original design, and employ modern-day cryptography to make the system future-proof. They will improve security and anonymity for existing Tor users and perhaps draw additional users who were concerned the prior protections were not enough when communicating and expressing themselves online.</p>
<h2>Understanding onion services</h2>
<p>As of March 2017, an estimated <a href="https://metrics.torproject.org/hidserv-dir-onions-seen.html?start=2016-12-15&end=2017-03-15">50,000 onion services</a> are operating on the Tor network. Onion services continuously come online and offline, though, so it is difficult to obtain exact numbers. Their name comes from the fact that, like Tor users, their identities and activities are protected by multiple layers of encryption, like those of an onion.</p>
<p>While <a href="https://doi.org/10.1109/ISI.2016.7745452">criminals are frequently early adopters</a> of anonymity
technology, as more people use the system, legal and ethical uses become far more common than illegal ones. Many onion services host websites, chat sites and video calling services. We don’t know all of what they’re doing because The Tor Project <a href="https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf">designs privacy into its technology</a>, so it does not and cannot keep track. In addition, when new onion services are set up, their very existence is private by default; an operator must choose to broadcast a service’s existence publicly.</p>
<p>Many owners do announce their sites’ existence, however, and the <a href="https://ahmia.fi">Ahmia search engine</a> provides a convenient way to find all publicly known onion services. They are as diverse as the internet itself, including a <a href="http://3g2upl4pq6kufc4m.onion">search engine</a>, a <a href="http://toristinkirir4xj.onion">literary journal</a> and an <a href="http://n3q7l52nfpm77vnf.onion">archive of Marxist and related writing</a>. <a href="https://facebookcorewwwi.onion">Facebook</a> even has a way for Tor users to <a href="https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237/">connect directly to its social media service</a>.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/158350/original/image-20170224-22978-rchc2h.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/158350/original/image-20170224-22978-rchc2h.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/158350/original/image-20170224-22978-rchc2h.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=417&fit=crop&dpr=1 600w, https://images.theconversation.com/files/158350/original/image-20170224-22978-rchc2h.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=417&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/158350/original/image-20170224-22978-rchc2h.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=417&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/158350/original/image-20170224-22978-rchc2h.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=524&fit=crop&dpr=1 754w, https://images.theconversation.com/files/158350/original/image-20170224-22978-rchc2h.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=524&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/158350/original/image-20170224-22978-rchc2h.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=524&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Facebook’s onion service, facebookcorewwwi.onion, when accessed through the Tor Browser.</span>
</figcaption>
</figure>
<h2>Creating an onion site</h2>
<p>When a privacy-conscious user sets up an onion service (either <a href="https://www.torproject.org/docs/tor-manual.html.en">manually</a> or with a third-party tool such as <a href="https://onionshare.org">onionshare</a>), people who want to connect to it must use the Tor Browser or other Tor-enabled software; normal browsers such as Chrome and Firefox cannot connect to domains whose names end in “.onion.” (People who want to peek at onion sites without all of the network’s anonymity protections can visit <a href="https://tor2web.org">Tor2web</a>, which acts as a bridge between the open web and the Tor network.)</p>
<p>Originally, a new onion service was supposed to be known only to its creator, who could choose whether and how to tell others of its existence. Of course, some, like Facebook, want to spread the word as widely as possible. But not everyone wants to open their Tor site or service to the public, the way search and social media sites do.</p>
<p>However, a design flaw made it possible for an adversary to learn about the creation of a new onion service. This happened because each day, onion services announce their existence to several Tor relays. As happened in 2014, an <a href="https://motherboard.vice.com/en_us/article/carnegie-mellon-university-attacked-tor-was-subpoenaed-by-feds">attacker could potentially control enough relays</a> to keep track of new service registrations and slowly build up a list of onion sites – both secret and public – over time.</p>
<p>The same design flaw also made it possible for an attacker to predict what relays a particular service would contact the following day, allowing the adversary to become these very relays, and render the onion service unreachable. Not only could someone wanting to operate a private, secret onion service be unmasked under certain circumstances, but their site could effectively be taken offline.</p>
<p>The updates to the system <a href="https://gitweb.torproject.org/torspec.git/tree/proposals/250-commit-reveal-consensus.txt">fix both of these problems</a>. First, the relays each service contacts for its daily check-in will be randomly assigned. And second, the check-in message itself will be encrypted, so a relay can follow its instructions, but the human operator won’t be able to read it.</p>
<h2>Naming domains more securely</h2>
<p>Another form of security causes the names of onion services to be harder to remember. Onion domains are not named like regular websites are: <a href="http://www.facebook.com">facebook.com</a>, <a href="http://www.theconversation.com">theconversation.com</a> and so on. Instead, their names are derived from randomly generated cryptographic data, and often appear like <a href="http://expyuzz4wqqyqhjn.onion">expyuzz4wqqyqhjn.onion</a>, which is the website of The Tor Project. (It is possible to repeatedly generate onion domains until a user arrives at one that’s a bit easier to recognize. Facebook did that and – with a combination of luck and raw computational power – managed to create <a href="http://facebookcorewwwi.onion">facebookcorewwwi.onion</a>.)</p>
<p>Older onion services had names made up of 16 random characters. The new ones will use 56 characters, making their domain names look like this: l5satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad.onion.</p>
<p>While the exact effects on users’ ability to enter onion services’ addresses haven’t been studied, lengthening their names shouldn’t affect things much. Because onion domain names have always been hard to remember, most users take advantage of the Tor Browser’s bookmarks, or copy and paste domain names into address fields.</p>
<h2>Protecting onion sites</h2>
<p>All this new design makes it significantly harder to discover an onion service whose operator wants it to remain hidden. But what if an adversary still manages to find out about it? The Tor Project has solved that problem by allowing onion services to challenge would-be users to enter a password before using it.</p>
<p>In addition, The Tor Project is updating the cryptography that onion services employ. Older versions of Tor used a <a href="https://people.csail.mit.edu/rivest/Rsapaper.pdf">cryptosystem called RSA</a>, which could be broken by calculating the two prime factors of very large numbers. While RSA is not considered insecure yet, researchers have devised <a href="http://www.ams.org/notices/199902/boneh.pdf">several attacks</a>, so The Tor Project is replacing it with what is called <a href="https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/">elliptic-curve cryptography</a>, which uses keys that are shorter, more efficient and understood to be at least as secure.</p>
<p>The developers are also updating other basic elements of the encryption standards used in Tor. The hash function, which Tor uses to derive short and constant-length text strings from arbitrarily long data, will change from the troubled – and <a href="https://shattered.io/">partially broken</a> – SHA-1 to the modern <a href="https://www.nist.gov/news-events/news/2015/08/nist-releases-sha-3-cryptographic-hash-standard">SHA-3</a>. In addition, secret keys for the <a href="https://doi.org/10.6028/NIST.FIPS.197">Advanced Encryption Standard</a> cryptosystem will be twice as long as before – and therefore significantly harder to break. These don’t address specific immediate threats, but protect against future improvements in attacking encryption.</p>
<p>With these improvements to the software that runs Tor, we’re expecting to be able to prevent future attacks and protect Tor users around the world. However, better anonymity is only one aspect in the bigger picture. More experimentation and research are necessary to make onion services easier to use.</p><img src="https://counter.theconversation.com/content/73641/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Philipp Winter is a member of The Tor Project.</span></em></p>The Tor Project is upgrading its protections for internet users’ privacy and anonymity. A scholar and volunteer member of the nonprofit effort explains what’s changing and why.Philipp Winter, Postdoctoral Research Associate in Computer Science, Princeton UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/584722017-01-09T01:33:11Z2017-01-09T01:33:11ZSearching deep and dark: Building a Google for the less visible parts of the web<figure><img src="https://images.theconversation.com/files/147632/original/image-20161126-32063-1fvvbsm.png?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">A geographical map depicting hotbeds of dark web activity related to illegal products. Larger circles indicate more activity.</span> <span class="attribution"><span class="source">Christian Mattmann</span>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p>In today’s data-rich world, companies, governments and individuals want to analyze anything and everything they can get their hands on – and the World Wide Web has loads of information. At present, the most easily indexed material from the web is text. But <a href="http://www.popsci.com/dark-web-revealed">as much as 89</a> to <a href="https://www.quora.com/How-big-is-the-deep-web/answer/Joseph-Hirschhorn-Howard">96 percent</a> of the content on the internet is actually something else – images, video, audio, <a href="http://www.iana.org/assignments/media-types/media-types.xhtml">in all thousands of different kinds of nontextual data types</a>. </p>
<p>Further, the vast majority of online content isn’t available in a form that’s easily indexed by electronic archiving systems like Google’s. Rather, it requires a user to log in, or it is provided dynamically by a program running when a user visits the page. If we’re going to catalog online human knowledge, we need to be sure we can get to and recognize all of it, and that we can do so automatically. </p>
<p>How can we teach computers to recognize, index and search all the different types of material that’s available online? Thanks to federal efforts in the global fight against human trafficking and weapons dealing, my research forms the basis for a new tool that can help with this effort.</p>
<h2>Understanding what’s deep</h2>
<p>The “deep web” and the “dark web” are often discussed in the context of scary news or films like “<a href="http://www.deepwebthemovie.com/">Deep Web</a>,” in which young and intelligent criminals are getting away with illicit activities such as drug dealing and human trafficking – or even worse. But what do these terms mean?</p>
<p>The “deep web” has existed ever since businesses and organizations, including universities, put large databases online in ways people could not directly view. Rather than allowing anyone to get students’ phone numbers and email addresses, for example, many universities require people to log in as members of the campus community before searching online directories for contact information. Online services such as <a href="http://dropbox.com/">Dropbox</a> and <a href="http://gmail.com/">Gmail</a> are publicly accessible and part of the World Wide Web – but indexing a user’s files and emails on these sites does require an individual login, which our project does not get involved with.</p>
<p>The “surface web” is the online world we can see – shopping sites, businesses’ information pages, news organizations and so on. The “deep web” is closely related, but less visible, to human users and – in some ways more importantly – to search engines exploring the web to catalog it. I tend to describe the “deep web” as those parts of the public internet that:</p>
<ol>
<li>Require a user to first fill out a login form,</li>
<li>Involve dynamic content like AJAX or Javascript, or</li>
<li>Present images, video and other information in ways that aren’t typically indexed properly by search services.</li>
</ol>
<h2>What’s dark?</h2>
<p>The “dark web,” by contrast, are pages – some of which may also have “deep web” elements – that are hosted by web servers using the anonymous web protocol called <a href="https://theconversation.com/securing-web-browsing-protecting-the-tor-network-56840">Tor</a>. Originally <a href="https://doi.org/10.1109/49.668972">developed by U.S. Defense Department researchers</a> to secure sensitive information, Tor was <a href="https://pando.com/2014/07/16/tor-spooks/">released into the public domain in 2004</a>.</p>
<p>Like many secure systems such as <a href="http://www.hindustantimes.com/bhopal/mp-pimps-criminals-take-to-whatsapp-to-network/story-doMhO07QgHgldgYXH9c0OO.html">the WhatsApp messaging app</a>, its original purpose was for good, but has also been used by criminals hiding behind the system’s anonymity. Some people run Tor sites handling <a href="https://video.vice.com/en_us/video/darknet-buying-drugs-and-guns-on-the-deep-web/563a243f8e1a5def252970ff">illicit activity</a>, such as <a href="http://www.businessinsider.com/silk-road-wasnt-even-close-to-the-biggest-drug-market-on-the-internet-2015-6">drug trafficking</a>, <a href="http://www.npr.org/sections/alltechconsidered/2016/06/17/482483537/semi-automatic-weapons-without-a-background-check-can-be-just-a-click-away">weapons</a> and <a href="http://motherboard.vice.com/read/my-brief-encounter-with-a-dark-web-human-trafficking-site">human trafficking</a> and even <a href="http://www.ibtimes.co.uk/hitman-hire-how-dark-web-contract-killer-site-besamafia-was-exposed-by-hacker-1560001">murder for hire</a>. </p>
<p>The U.S. government has been interested in trying to find ways to use modern information technology and computer science to combat these criminal activities. In 2014, the <a href="http://www.darpa.mil/">Defense Advanced Research Projects Agency</a> (more commonly known as DARPA), a part of the Defense Department, launched a program called <a href="http://www.darpa.mil/program/memex">Memex</a> to fight human trafficking with these tools. </p>
<p>Specifically, Memex wanted to create a search index that would help law enforcement identify human trafficking operations online – in particular by mining the deep and dark web. One of the key systems used by the project’s teams of scholars, government workers and industry experts was one I helped develop, called <a href="https://tika.apache.org/">Apache Tika</a>.</p>
<h2>The ‘digital Babel fish’</h2>
<p>Tika is often referred to as the “<a href="http://blog.lingo24.com/next-steps-digital-babel-fish/">digital Babel fish</a>,” a play on a creature called the “<a href="https://en.wikipedia.org/wiki/List_of_races_and_species_in_The_Hitchhiker%27s_Guide_to_the_Galaxy#Babel_fish">Babel fish</a>” in the “<a href="http://www.douglasadams.com/creations/hhgg.html">Hitchhiker’s Guide to the Galaxy</a>” book series. Once inserted into a person’s ear, the Babel fish allowed her to understand any language spoken. Tika lets users understand any file and the information contained within it.</p>
<p>When Tika examines a file, it automatically identifies what kind of file it is – such as a photo, video or audio. It does this with a curated taxonomy of information about files: their name, their extension, a sort of “digital fingerprint. When it encounters a file whose name ends in ”.MP4,“ for example, Tika assumes it’s a video file stored in the <a href="http://mpeg.chiariglione.org/standards/mpeg-4">MPEG-4 format</a>. By directly analyzing the data in the file, Tika can confirm or refute that assumption – all video, audio, image and other files must begin with specific codes saying what format their data is stored in.</p>
<p>Once a file’s type is identified, Tika uses specific tools to extract its content such as <a href="http://pdfbox.apache.org/">Apache PDFBox</a> for PDF files, or <a href="https://en.wikipedia.org/wiki/Tesseract">Tesseract</a> for capturing text from images. In addition to content, other forensic information or "metadata” is captured including the file’s creation date, who edited it last, and what language the file is authored in. </p>
<p>From there, Tika uses advanced techniques like <a href="https://en.wikipedia.org/wiki/Named-entity_recognition">Named Entity Recognition (NER)</a> to further analyze the text. NER identifies proper nouns and sentence structure, and then fits this information to databases of people, places and things, identifying not just whom the text is talking about, but where, and why they are doing it. This technique helped Tika to automatically identify offshore shell corporations (the things); where they were located; and who (people) was storing their money in them as part of the <a href="https://en.wikipedia.org/wiki/Panama_Papers">Panama Papers</a> scandal that exposed financial corruption among global political, societal and technical leaders. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/147631/original/image-20161126-32026-1fmvr2r.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/147631/original/image-20161126-32026-1fmvr2r.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/147631/original/image-20161126-32026-1fmvr2r.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=357&fit=crop&dpr=1 600w, https://images.theconversation.com/files/147631/original/image-20161126-32026-1fmvr2r.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=357&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/147631/original/image-20161126-32026-1fmvr2r.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=357&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/147631/original/image-20161126-32026-1fmvr2r.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=448&fit=crop&dpr=1 754w, https://images.theconversation.com/files/147631/original/image-20161126-32026-1fmvr2r.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=448&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/147631/original/image-20161126-32026-1fmvr2r.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=448&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Tika extracting information from images of weapons curated from the deep and dark web. Stolen weapons are classified automatically for further follow-up.</span>
</figcaption>
</figure>
<h2>Identifying illegal activity</h2>
<p>Improvements to Tika during the Memex project made it even better at handling multimedia and other content found on the deep and dark web. Now Tika can process and identify images with common human trafficking themes. For example, it can automatically process and analyze text in images – a victim alias or an indication about how to contact them – and certain types of image properties – such as camera lighting. In some images and videos, Tika can identify the people, places and things that appear.</p>
<p>Additional software can help Tika find automatic weapons and <a href="https://github.com/memex-explorer/image_space">identify a weapon’s serial number</a>. That can help to track down whether it is stolen or not.</p>
<p>Employing Tika to monitor the deep and dark web continuously could help identify human- and weapons-trafficking situations shortly after the photos are posted online. That could stop a crime from occurring and save lives.</p>
<p>Memex is not yet powerful enough to handle all of the content that’s out there, nor to comprehensively assist law enforcement, contribute to humanitarian efforts to stop human trafficking and even interact with commercial search engines. </p>
<p>It will take more work, but we’re making it easier to achieve those goals. Tika and related software packages are part of an open source software library available on DARPA’s <a href="http://opencatalog.darpa.mil/MEMEX.html">Open Catalog</a> to anyone – in law enforcement, the intelligence community or the public at large – who wants to shine a light into the deep and the dark.</p><img src="https://counter.theconversation.com/content/58472/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Christian Mattmann is affiliated with Jet Propulsion Laboratory, California Institute of Technology (NASA JPL).</span></em></p>The deep and dark web can be a scary place, but modern open-source technologies funded by the Defense Department can help explore it.Christian Mattmann, Director, Information Retrieval and Data Science Group and Adjunct Associate Professor, USC and Principal Data Scientist, NASALicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/572582016-05-23T10:12:08Z2016-05-23T10:12:08ZIt’s easier to defend against ransomware than you might think<figure><img src="https://images.theconversation.com/files/123417/original/image-20160520-4478-rhdazf.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Try to make this the only time you see a ransomware warning notice. </span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/132889348@N07/20012126873">Christiaan Colen/flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p>Ransomware – malicious software that sneaks onto your computer, encrypts your data so you can’t access it and demands payment for unlocking the information – has become an emerging cyberthreat. Several reports in the past few years document the <a href="https://www.symantec.com/security-center/threat-report">diversity of ransomware attacks</a> and their <a href="https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/SophosRansomwareFakeAntivirus.pdf">increasingly sophisticated methods</a>. Recently, high-profile ransomware attacks on <a href="http://www.healthcareitnews.com/news/two-more-hospitals-struck-ransomware-california-and-indiana">large enterprises such as hospitals</a> and <a href="http://www.darkreading.com/attacks-breaches/police-pay-off-ransomware-operators-again/d/d-id/1319918">police departments</a> have demonstrated that large organizations of all types are at risk of significant real-world consequences if they don’t protect themselves properly against this type of cyberthreat.</p>
<p>The development of strong encryption technology has made it easier to encode data so that it cannot be read without the decryption key. The emergence of anonymity services such as the <a href="http://www.torproject.com">Tor network</a> and <a href="https://coinmarketcap.com/">bitcoin and other cryptocurrencies</a> has eased worries about whether people who receive payments might be identified through financial tracking. These trends are likely driving factors in the recent surge of ransomware development and attacks.</p>
<p>Like other <a href="http://arstechnica.com/security/2013/02/viruses-trojans-and-worms-oh-my-the-basics-on-malware/">classes of malicious software</a> – often called “malware” – ransomware uses a fairly wide range of techniques to sneak into people’s computers. These include attachments or links in unsolicited email messages, or phony advertisements on websites. However, when it comes to the core part of the attack – encrypting victims’ files to make them inaccessible – most ransomware attacks use very similar methods. This commonality provides an opportunity for ransomware attacks to be detected before they are carried out.</p>
<p>My recent research discovered that <a href="http://dx.doi.org/10.1007/978-3-319-20550-2_1">ransomware programs’ attempts to request access and encrypt files</a> on hard drives are very different from benign operating system processes. We also found that diverse types of ransomware, even ones that vary widely in terms of sophistication, interact with computer file systems similarly.</p>
<h2>Moving fast and hitting hard</h2>
<p>One reason for this similarity amid apparent diversity is the commonality of attackers’ mindsets: the most successful attack is one that encrypts a user’s data very quickly, makes the computer files inaccessible and requests money from the victim. The more slowly that sequence happens, the more likely the ransomware is to be detected and shut down by antivirus software.</p>
<p>What attackers are trying to do is not simple. First, they need to reliably encrypt the victim’s files. Early ransomware used very basic techniques to do this. For example, it used to be that a ransomware application would use a single decryption key no matter where it spread to. This meant that if someone were able to detect the attack and discover the key, they could share the key with other victims, who could then decode the encrypted data without paying.</p>
<p>Today’s ransomware attackers use advanced cryptographic systems and Internet connectivity to minimize the chance that a victim could find a way to get her files back on her own. Once the program makes its way into a new computer, it sends a message back over the internet to a computer the attacker is using to control the ransomware. A unique key pair for encryption and decryption is generated for that compromised computer. The decryption key is saved in the attacker’s computer, while the encryption key is sent to the malicious program in the compromised computer to perform the file encryption. The decryption key, which is required to decrypt the files only on that computer, is what the victim receives when he pays the ransom fee.</p>
<p>The second part of a “successful” ransomware attack – from the perspective of the attacker – depends on finding reliable ways to get paid without being caught. Ransomware operators continuously strive to make payments harder to trace and easier to convert into their preferred currency. Attackers attempt to avoid <a href="http://www.scmagazine.com/kaspersky-lab-and-dutch-police-collaborate-to-arrest-malware-writers/article/439090/">being identified and arrested</a> by communicating via the anonymous Tor network and exchanging money in difficult-to-trace cryptocurrencies like bitcoins.</p>
<h2>Defending against a ransomware attack</h2>
<p>Unfortunately, the use of advanced cryptosystems in modern ransomware families has made recovering victims’ files almost impossible without paying the ransom. However, it is easier to defend against ransomware than to fight off other types of cyberthreats, such as hackers gaining unauthorized entry to company data and stealing secret information.</p>
<figure class="align-left ">
<img alt="" src="https://images.theconversation.com/files/123419/original/image-20160520-4484-7xl0ad.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/123419/original/image-20160520-4484-7xl0ad.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=691&fit=crop&dpr=1 600w, https://images.theconversation.com/files/123419/original/image-20160520-4484-7xl0ad.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=691&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/123419/original/image-20160520-4484-7xl0ad.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=691&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/123419/original/image-20160520-4484-7xl0ad.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=868&fit=crop&dpr=1 754w, https://images.theconversation.com/files/123419/original/image-20160520-4484-7xl0ad.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=868&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/123419/original/image-20160520-4484-7xl0ad.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=868&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Back up your data!</span>
<span class="attribution"><a class="source" href="https://pixabay.com/en/business-client-cloud-communication-17686/">Pixabay</a></span>
</figcaption>
</figure>
<p>The easiest way to protect against ransomware attacks is to have, and follow, a reliable data-backup policy. Companies that do not want to end up as paying victims of ransomware should have their workers conduct real-time incremental backups (which back up file changes every few minutes). In addition, in case their own backup servers get infected with ransomware, these companies should have offsite cloud backup storage that is protected from ransomware. Companies that are attacked can then restore their data from these backups instead of paying the ransom. </p>
<p>Users should also download and install regular updates to software, including third-party plug-ins for web browsers and other systems. These often plug security vulnerabilities that, if left open, provide attackers an easy way in.</p>
<p>Generally, being infected with ransomware has two important messages for an organization. First, it’s a sign of vulnerability in a company’s entire computer system, which also means that the organization is vulnerable to other types of attacks. It is always better to learn of an intrusion earlier, rather than being compromised for several months. </p>
<p>Second, being infected with ransomware also suggests users are engaging in risky online behavior, such as clicking on unidentified email attachments from unknown senders, and following links on disreputable websites. Teaching people about safe internet browsing can dramatically reduce an organization’s vulnerability to a ransomware attack.</p><img src="https://counter.theconversation.com/content/57258/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Amin Kharraz is affiliated with Northeastern University</span></em></p>Ransomware – which encrypts your files and offers to sell you the key – operates differently from other malicious software. Those differences turn out to give potential victims a fighting chance.Amin Kharraz, Research Assistant, Systems Security Lab, Northeastern UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/568402016-05-18T00:50:12Z2016-05-18T00:50:12ZSecuring web browsing: protecting the Tor network<figure><img src="https://images.theconversation.com/files/122189/original/image-20160511-18123-9sup22.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">An Internet of the future, where every network connection could be secure.</span> <span class="attribution"><a class="source" href="http://www.shutterstock.com/pic-194040659/stock-photo-abstract-secure-network-concept-on-dark-background.html?src=NPyTtJtfcYFb67gObitXmg-1-7">Padlock network via shutterstock.com</a></span></figcaption></figure><p><a href="https://cyber.law.harvard.edu/publications/2016/encryption_survey">There are more than 865 encryption tools</a> in use worldwide, all addressing different aspects of a common problem. People want to protect information: hard drives from oppressive governments, physical location from stalkers, browsing history from overly curious corporations or phone conversations from nosy neighbors. They all rely on cryptography, a delicate craft that when done properly enables secure communication despite snoopers’ efforts.</p>
<p>However, bad cryptography can open gaping security holes, a fate that has befallen <a href="https://arstechnica.com/security/2015/08/researchers-reveal-electronic-car-lock-hack-after-2-year-injunction-by-volkswagen/">many</a> <a href="https://www.economist.com/node/17043440">popular</a> <a href="https://blog.torproject.org/blog/ultrasurf-definitive-review">systems</a>. But without technical knowledge and experience, users can’t know the difference between good and bad tools until it’s too late.</p>
<p>One of the most popular cryptographic tools – with <a href="https://metrics.torproject.org/userstats-relay-country.html">two million daily users</a> – is <a href="https://www.torproject.org/">Tor</a>, a network for browsing the Internet anonymously. It relies on a large group of volunteers, some of whom are anonymous, which can raise questions about trusting the system. If expert users and developers had tools to detect suspicious behavior, they could root out problems, improving reliability – and trustworthiness – for everyone.</p>
<h2>Understanding Tor</h2>
<p>People use Tor for a wide variety of reasons: to research diseases, protect themselves from domestic abuse, prevent companies from profiling them or circumvent countrywide censorship, just to name a few. Tor does this by decoupling a user’s identity from his or her online activity. For example, when Tor is used, websites such as Facebook cannot learn where a user is physically located, and Internet service provider companies cannot learn what sites a customer is visiting.</p>
<p>The system works by connecting a user to the intended website over a sequence of encrypted connections through computers that sign up to participate in the network. The first computer in the relay sequence, called an “entry guard,” knows the user’s network address, because it accepts the incoming traffic. But because the content is encrypted, that computer doesn’t know what the user is doing online. </p>
<p>The second computer in the chain doesn’t know where the user is, and merely passes along the traffic to what is called the “exit relay.” That computer decrypts the user’s Internet activity and exchanges data with the unencrypted Internet. The exit relay knows what the user is doing online, but cannot easily identify who is doing it. </p>
<p>Once the exit relay gets the information from the Internet, it encrypts it and sends it back to the previous link in the chain. Each link does the same, until the original computer receives and decrypts the data, displaying it for the user.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/121643/original/image-20160508-2544-1pfrpgv.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/121643/original/image-20160508-2544-1pfrpgv.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=320&fit=crop&dpr=1 600w, https://images.theconversation.com/files/121643/original/image-20160508-2544-1pfrpgv.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=320&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/121643/original/image-20160508-2544-1pfrpgv.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=320&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/121643/original/image-20160508-2544-1pfrpgv.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=403&fit=crop&dpr=1 754w, https://images.theconversation.com/files/121643/original/image-20160508-2544-1pfrpgv.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=403&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/121643/original/image-20160508-2544-1pfrpgv.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=403&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">The structure of the Tor network. Tor clients randomly select three relays that forward network traffic between the client and a server – for example, Facebook. While Tor internally encrypts network traffic (see the solid green line), it is important to understand that Tor can no longer encrypt network traffic once it leaves the Tor network (see the dotted red line).</span>
<span class="attribution"><a class="source" href="http://www.cs.princeton.edu/~pwinter/pdf/winter2014b.pdf">Philipp Winter</a></span>
</figcaption>
</figure>
<p>Most people use the Tor network through the <a href="https://www.torproject.org/projects/torbrowser.html.en">Tor Browser</a>. It is a modified version of the popular Firefox web browser, with extra features to protect users’ privacy. These include configurable security levels and add-ons such as <a href="https://www.eff.org/https-everywhere">HTTPS-Everywhere</a> (to use secure web connections whenever possible) and <a href="https://noscript.net/">NoScript</a> (to mitigate some weaknesses of JavaScript, among other things). On top of that, Tor Browser implements <a href="https://www.torproject.org/projects/torbrowser/design/">techniques to make it harder to track people online</a>. For example, it disables Flash and uses only a few fonts, preventing websites from <a href="http://dx.doi.org/10.1007/978-3-662-47854-7_7">identifying users based on the fonts they have installed</a>.</p>
<h2>Trusting the code</h2>
<p>The Tor software is developed and distributed by a nonprofit called <a href="https://www.torproject.org">the Tor Project</a>. People use Tor for free; funding comes from supporters such as <a href="https://www.torproject.org/about/sponsors.html.en">individuals, companies, nonprofits and governments</a>. Sensitive to concerns that big funders might cause the public to worry about who is really at the controls, the organization is working to improve its financial independence: recently its first <a href="https://blog.torproject.org/blog/tors-first-crowdfunding-campaign">crowdfunding campaign</a> raised more than US$200,000.</p>
<p>In addition, the Tor Project has been outspoken about its dedication to privacy, including supporting Apple’s decision not to help the FBI access an encrypted iPhone by building an intentional weakness into the encryption software – which is often called a “backdoor.” The Tor Project declared, “<a href="https://blog.torproject.org/blog/statement-tor-project-software-integrity-and-apple">We will never backdoor our software</a>.”</p>
<p>Technically speaking, users can decide whether to trust the Tor system by verifying it independently. The source code is <a href="https://gitweb.torproject.org/tor.git/">freely available</a>, and the Tor Project encourages people to inspect all ~200,000 lines. A <a href="https://motherboard.vice.com/read/the-tor-project-is-starting-a-bug-bounty-program">recently created bug bounty program</a> should encourage developers and researchers to identify security problems and tell project programmers about them.</p>
<p>However, most people don’t build their own executable programs from source code. Rather, they use programs provided by developers. How can we evaluate their trustworthiness? Tor’s software releases are signed with official cryptographic signatures, and can be downloaded via encrypted and authenticated connections to assure users they have downloaded genuine Tor software that wasn’t modified by attackers.</p>
<p>In addition, Tor recently made “<a href="https://reproducible-builds.org/">reproducible builds</a>” possible, which allows volunteers to verify that the executable programs distributed by Tor have not been tampered with. This can assure users that, for example, the Tor Project’s computers that build executable programs are not compromised.</p>
<h2>Trusting the network</h2>
<p>While the software is developed by the Tor Project, the network is run by volunteers around the world, together operating <a href="https://metrics.torproject.org/networksize.html?start=2016-02-08&end=2016-05-08">7,000 relay computers as of May 2016</a>. </p>
<p><a href="https://www.dfri.se/projekt/tor/?lang=en">Some</a> <a href="https://blog.mozilla.org/it/2015/01/28/deploying-tor-relays/">organizations</a> publicize the fact that they operate one or more relays, but many are run by individual operators who don’t announce their participation. As of May 2016, more than one-third of Tor relays offer no way to get in touch with the operator.</p>
<p>It’s hard to trust a network with so many unknown participants. Just like at coffee shops with open Wi-Fi spots, attackers can intercept network traffic over the air or by <a href="http://www.cs.kau.se/philwint/spoiled_onions/">running exit relays and snooping on Tor users</a>.</p>
<h2>Finding and removing bad actors</h2>
<p>To protect Tor users from these problems, my team and I are developing two free software tools – called <a href="https://github.com/NullHypothesis/exitmap">exitmap</a> and <a href="https://github.com/NullHypothesis/sybilhunter">sybilhunter</a> – that allow the Tor Project to identify and block “bad” relays. Such bad relays could, for example, use outdated Tor relay software, forward network traffic incorrectly or maliciously try to steal Tor users’ passwords. </p>
<p>Exitmap tests exit relays, the thousand or so computers that bridge the gap between the Tor network and the rest of the Internet. It does this by comparing the operations of all the relays. For example, a tester could access Facebook directly – without Tor – and record the digital signature the site uses to assure users they are actually talking to Facebook. Then, running exitmap, the tester would contact Facebook through each of the thousand Tor exit relays, again recording the digital signature. For any Tor relays that deliver a signature different from the one sent directly from Facebook, exitmap raises an alert.</p>
<p>Our other tool, sybilhunter, seeks out sets of relays that could be under the control of a single person, such as a person who might use her relays to launch an attack. Among other things, sybilhunter can create images that illustrate when Tor relays join and leave the network. Relays that join and leave at the same times might be controlled by a single person. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/121767/original/image-20160509-20590-1b73kn2.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/121767/original/image-20160509-20590-1b73kn2.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=290&fit=crop&dpr=1 600w, https://images.theconversation.com/files/121767/original/image-20160509-20590-1b73kn2.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=290&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/121767/original/image-20160509-20590-1b73kn2.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=290&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/121767/original/image-20160509-20590-1b73kn2.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=364&fit=crop&dpr=1 754w, https://images.theconversation.com/files/121767/original/image-20160509-20590-1b73kn2.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=364&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/121767/original/image-20160509-20590-1b73kn2.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=364&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">A visualization of the uptime of some Tor relays for part of January 2014. Each row of pixels represents one hour, while each column of pixels represents one relay. A black pixel denotes that a relay was online, and a white pixel denotes that a relay was offline. Red blocks highlight highly correlated relays, which could be operated by the same person.</span>
<span class="attribution"><span class="source">Philipp Winter</span></span>
</figcaption>
</figure>
<p>Our research has identified a wide variety of misbehaving relays. Some tried to steal users’ login information for popular sites such as Facebook. Equally common were relays that were subject to countrywide censorship systems, blocking access to certain types of websites, such as pornography. Though the relay operators themselves are not altering the results, it does go against the Tor network philosophy that its use should not involve content filtering. We discovered a few exit relays that tried to steal Tor users’ money by interfering with Bitcoin virtual currency transactions.</p>
<p>It is important to view these results in proper perspective. While some attacks did appear concerning, misbehaving relays are in the clear minority, and not frequently encountered by Tor users. Even if a user’s randomly selected exit relay turns out to be malicious, other security features in the Tor Browser, such as the previously mentioned HTTPS-Everywhere, act as safeguards to minimize harm.</p><img src="https://counter.theconversation.com/content/56840/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Philipp Winter is a member of the Tor Project.</span></em></p>Developing tools to weed out would-be attackers from the world’s most-used privacy and anonymity system.Philipp Winter, Postdoctoral Research Associate in Computer Science, Princeton UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/586932016-05-09T00:49:48Z2016-05-09T00:49:48ZDon’t let cybercriminals hide from the FBI<figure><img src="https://images.theconversation.com/files/121432/original/image-20160505-25085-5n028h.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Criminals who hide their computers shouldn't go free.</span> <span class="attribution"><a class="source" href="http://www.shutterstock.com/pic-390209794/stock-photo-hacker-in-the-office.html">Computer criminal via shutterstock.com</a></span></figcaption></figure><p>Imagine that a criminal investigator has identified one or more computers that are part of ongoing criminal activity. Unfortunately, the people operating these computers are hiding them. The machines could be anywhere in the world, using anonymous email or <a href="https://www.torproject.org/">tools like Tor</a> to conceal their location. </p>
<p>The investigator also has a tool, a carefully engineered piece of software, which she calls a “Network Investigatory Technique,” or NIT, that will cause a targeted computer to reveal itself. Once she sends the software to the computer she’s investigating, it will reply with a message saying, “I am at this location.” The rest of the security world calls the NIT “malicious code” (“malcode” for short) and deploying it “hacking,” because the software exploits a vulnerability in the target’s computer, the same way a criminal would.</p>
<p>Federal court rules currently say she can use this tool only if she gets an electronic search warrant from a judge. But the computer could be anywhere: to which court should she go to get the warrant?</p>
<p>This is not a hypothetical problem. Online investigations face this problem all the time, when tracking down fraudsters or those <a href="http://thehill.com/policy/technology/222048-fbi-made-fake-newspaper-website-to-trick-suspect">issuing threats using anonymous emails</a>, botmasters who have compromised thousands of computers around the planet or purveyors of <a href="http://www.nytimes.com/2015/02/05/nyregion/man-behind-silk-road-website-is-convicted-on-all-counts.html">drugs</a> or <a href="https://motherboard.vice.com/read/the-fbis-unprecedented-hacking-campaign-targeted-over-a-thousand-computers">child pornography</a>. The current federal rules of criminal evidence (in particular a section known as <a href="https://www.law.cornell.edu/rules/frcrmp/rule_41">Rule 41</a>) require investigators to seek warrants from a magistrate judge in the federal court district where the target computer is located. </p>
<p>But if investigators don’t know where in the country, or indeed the world, the computer is, the existing rules effectively dictate that there is no judge who could approve a warrant to actually find out its specific location. In essence, the rule is, “The investigator can get a warrant to hack these computers to reveal their location only when she knows where they already are.” That rule might have made sense before the digital age, but in today’s digital world it forces an end to promising investigations.</p>
<h2>Making an improvement to the rule</h2>
<p>At the request of the FBI, the U.S. Supreme Court has <a href="https://www.documentcloud.org/documents/2819194-frcr16-8mad.html#document/p9/a291884">proposed changing the rule</a> to allow any magistrate judge in the country to approve an electronic search warrant under one of two conditions: either the targets are using technological tricks to conceal their location, or the crime being investigated involves a mass break-in, compromising computers in at least five separate federal judicial districts. Congress has until December to review the changes.</p>
<p>The Electronic Frontier Foundation has an <a href="https://www.eff.org/deeplinks/2016/04/rule-41-little-known-committee-proposes-grant-new-hacking-powers-government">excellent summary of the civil liberties objections</a>. They include the potential for the government to seek warrants from sympathetic judges, who might not closely scrutinize requests, or who might accept more spurious definitions of concealment by “technological means,” thereby undermining the law’s protections. They also fear that the FBI may seek to hack computers outside the U.S., and that searches could reach beyond criminals’ equipment and involve innocent people’s computers that had been taken over by wrongdoers.</p>
<p>I am in the minority among my civil liberties colleagues, but I believe this change is necessary, reasonable and proportional. If a computer search would qualify for a warrant if its whereabouts were known, why should simply hiding its location make it legally unsearchable?</p>
<p>The need for these types of searches is not theoretical. The “<a href="http://www.engadget.com/2015/02/08/silk-road-trial-lessons/">Silk Road</a>” case is a prime example. This website, <a href="https://www.torproject.org/docs/hidden-services.html.en">hidden through Tor</a> to make it supposedly impossible to locate, acted as an online eBay for drugs. Until the FBI obtained the server’s location, investigators were stumped, unable to identify the person, called “Dread Pirate Roberts,” who was operating the site. </p>
<p>Once agents identified the computer, all the pieces fell into place, quickly leading to the arrest and subsequent conviction of Ross Ulbricht. The FBI almost certainly hacked the server but <a href="http://arstechnica.com/tech-policy/2015/02/op-ed-ross-ulbricht-got-a-fair-trial-but-not-a-fair-investigation/">never bothered to get a warrant</a> to do so. This was a decision which, but for a bizarre tactical choice by the defense, might have lost the case. Under the revised Rule 41, it would be straightforward to obtain a warrant to hack the server: there was certainly enough probable cause.</p>
<h2>When the FBI takes over a criminal site</h2>
<p>Another large set of cases involve child porn distributed through Tor. The FBI routinely takes over websites that do this, and may for a few days or even a couple of weeks deliver surreptitious software to visitors, software that tracks their location, before taking the site down for good. In cases involving notorious sites like PedoBook and Playpen, the <a href="https://www.lawfareblog.com/examining-fbi-hacking-warrant">FBI may hack hundreds or thousands of computers</a> with a single warrant. </p>
<p>The FBI’s experience in taking over the <a href="https://motherboard.vice.com/read/the-fbis-unprecedented-hacking-campaign-targeted-over-a-thousand-computers">Playpen server</a> is a particularly good example of the need for a revision to Rule 41. The warrant request established probable cause for each computer to be hacked; the malcode identified individual visitors for prosecution (and associated their identities with their user names on the site). </p>
<p>The FBI’s malcode itself was almost certainly reasonable, doing the minimum necessary to identify the target computer to authorities and no more. Even defense experts in a previous case <a href="https://assets.documentcloud.org/documents/2124281/fbi-tor-busting-227-1.pdf">acknowledged that the FBI’s malcode</a> both operated as advertised and did not exceed the scope of the warrant. However, almost all of the targeted computers were outside the federal court district where the FBI ran the captured Playpen server. As a result, this critical violation of the current Rule 41 may very well result in <a href="https://regmedia.co.uk/2016/04/20/nitcasemotiontosuppress.pdf">hundreds of pedophiles going free</a>. </p>
<h2>Measured changes are appropriate</h2>
<p>Hence the need for the measured changes proposed to Rule 41. It doesn’t enable the FBI to get a warrant that lets the agency hack just anywhere. It applies only when the FBI can’t determine where the targets are or when there are simply too many known targets that getting a warrant in every district would result in an explosion of paperwork without actually protecting anybody’s rights. Because if people accept that the FBI should have the right to hack with a warrant and probable cause, extending this authority to enable hacking a computer in an unknown location represents only a small expansion in authority, not some vast overreach.</p>
<p><a href="https://www.cs.columbia.edu/%7Esmb/papers/rsearch.pdf">Despite some people raising concerns</a>, it is also highly unlikely to affect U.S. diplomatic relationships. It’s true that it the rule change could result in the FBI hacking systems outside the United States if the computer’s location is hidden. But no matter their location, target computers aren’t hacked until the FBI has shown probable cause they’re involved in criminal activity in the United States. When this happens the FBI will do what it has done in previous cases like the Playpen case: notify local law enforcement of the evidence collected, and let that country’s authorities take over.</p>
<p>Overall, the change to Rule 41 seems reasonable. It addresses a real-world problem, it comes into play only when a computer’s location is unknown or the targets are too numerous, and does not reduce the key protection and oversight that already limits such hacking: the need for probable cause presented for a judge’s approval and search warrant which specify with particularity what the hacking should search for (with the ability to enforce these restrictions in the code).</p><img src="https://counter.theconversation.com/content/58693/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Nicholas Weaver receives or has received research funding from the National Science Foundation, Department of Homeland Security office of Science and Technology, and the Naval Research Office. All opinions are his own and not those of his funders.</span></em></p>If a computer search would qualify for a warrant if its whereabouts were known, why should simply hiding its location make it legally unsearchable?Nicholas Weaver, Senior Researcher, Networking and Security, International Computer Science Institute, University of California, BerkeleyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/582082016-04-21T04:32:58Z2016-04-21T04:32:58ZThe Cyber Security Strategy is only a small step in the right direction<figure><img src="https://images.theconversation.com/files/119580/original/image-20160421-8026-149i5q7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Cyber crime costs the Australian economy millions of dollars a year.</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Prime Minister Malcolm Turnbull today released the government’s <a href="https://cybersecuritystrategy.dpmc.gov.au/assets/img/PMC-Cyber-Strategy.pdf">Cyber Security Strategy</a>. A total of A$230 million will be spent over the next four years to “enhance Australia’s cyber security capability and deliver new initiatives”. </p>
<p>The initiatives generally involve improving Australia’s general awareness and capabilities to defend against cybersecurity attacks, and potentially launch its own cyberattacks.</p>
<p>More specifically, they involve partnering with the private sector in setting the “strategic agenda through annual Cyber Security meetings”. </p>
<p>This partnership will extend to participation in the <a href="https://www.acsc.gov.au/">Australian Cyber Security Centre</a>, which will be moved to a new facility. It will also involve sharing more information between security agencies and the private sector.</p>
<p>There will be increased funding of research into the economic costs of cyberattacks in order to allow organisations to manage investment in cybersecurity defences. </p>
<p>The Computer Emergency Response Team (<a href="https://www.cert.gov.au/">CERT</a>) will be bolstered, along with extra funding for the Australian Signals Directorate (<a href="http://www.asd.gov.au/">ASD</a>), Australian Crime Commission (<a href="https://crimecommission.gov.au/">ACC</a>) and Australian Federal Police (<a href="http://www.afp.gov.au/">AFP</a>) for increased expertise and improved ability to detect and defend against cybersecurity vulnerabilities. </p>
<p>Another element of the strategy is to expand Australia’s ability to grow its own cybersecurity industry through increased funding for research and development in this area. A <a href="http://www.innovation.gov.au/page/cyber-security-growth-centre">Cyber Security Growth Centre</a> will be established to add to the existing <a href="http://www.business.gov.au/advice-and-support/IndustryGrowthCentres/Pages/default.aspx">Industry Growth Centres</a>.</p>
<p><a href="http://www.csiro.au/en/Research/D61">Data61</a> will receive more funding to focus on cybersecurity innovation, and universities will also receive funding for training, research and education of undergraduate and postgraduates in the area of cybersecurity. </p>
<h2>Reading between the lines</h2>
<p>Although this new investment in cybersecurity will be generally welcomed, there are <a href="http://www.itnews.com.au/news/revealed-australias-new-cyber-security-strategy-418000">already</a> questions about whether it is going to be enough to do the job. </p>
<p>The US this year announced a <a href="http://www.reuters.com/article/us-obama-budget-cyber-idUSKCN0VI0R1">US$5 billion increase in funding for cybersecurity</a> to US$19 billion, and the UK last year pledged <a href="https://www.gov.uk/government/speeches/chancellors-speech-to-gchq-on-cyber-security">£1.9 billion</a> to the same cause.</p>
<p>Another question in response to the strategy is what exactly is meant by championing an “open, free and secure internet”. The definition of “open and free” likely depends on your particular point of view. </p>
<p>The government’s strategy calls for an “Australian Cyber Ambassador” to lead national efforts to ensure the internet is free from censorship, but also to support privacy and the rule of law. </p>
<p>But would upholding privacy extend to stopping the government from surveillance activities on its own citizens? Clearly, this would be at odds with the government’s <a href="https://www.ag.gov.au/dataretention">metadata retention legislation</a>. </p>
<p>“Open and free” may also not extend to any radical changes in the application of shutting down access to pirate sites distributing <a href="https://theconversation.com/from-convicts-to-pirates-australias-dubious-legacy-of-illegal-downloading-39912">illegal or pirated content</a>. </p>
<h2>Safe havens</h2>
<p>Another interesting question is what’s meant by the desire to shut down cyber criminal “safe havens”. </p>
<p>The report mentions that attacks often originate from overseas, but it is not clear how a country would go about shutting down attacks originating from China, for example. </p>
<p>One intriguing possibility is that an anonymised network like [Tor](<a href="https://theconversation.com/au/topics/tor">https://www.torproject.org/</a> could potentially be shut down. Tor has long been recognised as a haven for cybercriminals and, increasingly, the starting point for <a href="https://blog.cloudflare.com/the-trouble-with-tor/">cyberattacks</a>. </p>
<p>Security researchers have already <a href="http://www.itnews.com.au/news/close-door-on-tor-or-face-liability-for-threats-researchers-408435">stepped</a> up calls for businesses to block Tor traffic as a protective measure. </p>
<p>The cybersecurity strategy also hints at the fact that Australia has, or is in the process of developing, a cyber offensive capability. This is the first time this capability has been publicly alluded to. </p>
<p>The increased focus on cybersecurity is a much needed initiative. The threat of cyberattacks affects individuals and organisations alike. And, like other threats to our environment, if left unchecked, they could significantly hinder society’s ability to function normally and to continue growing. </p>
<p>Our reliance on technology is now a given and cybersecurity is as important a consideration as protecting our health, food and water sources and general environment. From that perspective, the cybersecurity strategy is a welcome but very small step in the right direction.</p><img src="https://counter.theconversation.com/content/58208/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Glance does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cyber security is now a priority for the government, with $230 million committed to its new Cyber Security Strategy. But is it enough?David Glance, Director of UWA Centre for Software Practice, The University of Western AustraliaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/534192016-01-26T14:49:36Z2016-01-26T14:49:36ZCould encryption ‘backdoors’ safeguard privacy and fight terror online?<figure><img src="https://images.theconversation.com/files/109159/original/image-20160125-19660-4m44dj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Hack attack</span> <span class="attribution"><a class="source" href="https://upload.wikimedia.org/wikipedia/commons/thumb/3/31/Hacker_-_Hacking_-_Symbol.jpg/1280px-Hacker_-_Hacking_-_Symbol.jpg">Wikipedia</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p>Since so much of life has moved online, a clash has emerged between the opposing values of internet freedom, and internet control. Should the internet be a public arena free of all interference and influence from the authorities? Or does too much freedom result in anarchy, turning the internet into a safe haven for criminals and terrorists?</p>
<p>The tension between these two opposing extremes, the “crypto wars”, is a battle that has been raging for 30 years – an approach that would reconcile these two attitudes would offer a way forward. Long-term privacy advocate and cryptographer David Chaum <a href="http://www.wired.com/2016/01/david-chaum-father-of-online-anonymity-plan-to-end-the-crypto-wars/">recently put forward one such idea</a> that involves building a special “backdoor” that could only be accessed on agreement by multiple parties across different countries and cultures – an idea that combines the protections of encryption while meeting the need for transparency that law enforcement wants. But will it work?</p>
<h2>Freedom vs control</h2>
<p>The internet is built as an open system, with unique IP addresses that identify computers online and logs of connections from one to another. So for supporters of a free internet the big challenge is maintaining anonymity, so that the web can be used and sites visited without leaving behind a digital trace that could identify users. </p>
<p>Anonymising software such as Tor has been developed in response, and hides the link between a browser and the website it visits. But while Tor makes it harder to determine who has been visiting websites, <a href="https://theconversation.com/how-tors-privacy-was-momentarily-broken-and-the-questions-it-raises-52048">it is not infallible</a>. The fact remains that guaranteeing absolute anonymity on the internet is very difficult.</p>
<p>Opponents of a free internet face a different conundrum. Internet users have a genuine need for cyber-security controls that are strong enough to protect their data from cyber-criminals. This is provided by cryptography, mathematically-based encryption tools that prevent unauthorised eyes from seeing data, whether en route through the internet or at rest on a hard disk or phone. Cryptography protects our banking systems, our mobile phone calls, and is the core of anonymity technologies such as Tor.</p>
<p>The problem with cryptography is that it works too well. In the light of terrorist attacks some voices from law enforcement and government security agencies have criticised <a href="http://www.bbc.co.uk/news/technology-35251429">cryptography’s power</a> to prevent them from accessing communications others would rather they didn’t. They claim that encryption and Tor hide information that they need. Some officials have even suggested that <a href="http://www.theguardian.com/commentisfree/2015/jan/13/cameron-ban-encryption-digital-britain-online-shopping-banking-messaging-terror">cryptography should be outlawed</a>.</p>
<h2>Bringing the two together</h2>
<p>The history of the crypto wars includes several attempts at compromise, all unfit for today. In the 1980s governments used export controls to restrict movement of cryptographic hardware. In the 1990s the US and UK infamously attempted to impose “<a href="http://blogs.lse.ac.uk/mediapolicyproject/2014/11/12/we-actually-lost-the-crypto-wars/">key escrow</a>”, which handed the ability to reverse encryption to government agencies.</p>
<p>Supporters of cryptography subsequently believed that attempts to control cryptography had failed. But the documents revealed by Edward Snowden since 2013 have shown that governments have been developing a <a href="http://money.cnn.com/2015/12/22/technology/apple-parliament/">barrage of techniques to circumvent cryptography</a> behind a cloak of secrecy. In response companies such as Apple promised stronger cryptography on user devices.</p>
<p>The heart of the problem is simply this. How can we offer secure and, if required, anonymous communication technologies to “good” people, while allowing this protection to be removed if “bad” people also use them? One idea that keeps resurfacing is to deploy some sort of “backdoor” which, under exceptional circumstances, creates a hole in the encryption’s protection. This is Chaum’s suggestion, only with a twist.</p>
<p>The problem with backdoors is not how to build them, but how to govern them. Who do we trust with our keys? And if someone – the police, say – has the ability to use a backdoor then how can we prevent that knowledge from being discovered by someone undesirable – perhaps the very criminals the police are pursuing?</p>
<p>Chaum’s proposal is his new anonymity software, <a href="http://www.chaum.com/projects/privategrity/privategrity.html">PrivaTegrity</a>, whose cryptographic protections are built with a deliberate backdoor. PrivaTegrity’s backdoor can only be activated by co-operation between nine different server administrators located in nine different countries. By distributing the governance of the keys across countries, cultures and continents, the argument is that there would be less chance for misuse. Only if all of them agree can the anonymity protection be removed to allow investigators to access details of the communication.</p>
<p>It’s a nice idea, but hard to imagine it working in practice. In particular it’s unlikely national security agencies in the UK and US will be keen to rely on the judgement of others about what information can be accessed, and when.</p>
<p>However, we should welcome all ideas on balancing data privacy and control and the UK parliament is currently debating the draft <a href="http://www.bbc.co.uk/news/technology-35263503">Investigatory Powers bill</a>, known as the snooper’s charter. Ultimately, it is likely to propose some sort of new trade-off between privacy and legal access. Whatever the final terms of this bill are, it’s inevitable that it won’t keep everyone happy. Despite Chaum’s interesting ideas, the fact remains that the two opposing views on internet freedom would seem to be fundamentally irreconcilable. In whichever state of compromise we proceed, the crypto wars will inevitably rage on.</p><img src="https://counter.theconversation.com/content/53419/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Keith Martin receives funding from the EPSRC and the European Commission. </span></em></p>The battle between personal privacy and national security online continues.Keith Martin, Professor, Information Security Group, Royal Holloway University of LondonLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/523952016-01-04T15:09:01Z2016-01-04T15:09:01ZThe genie is out of the bottle – it’s foolish to think encryption can now be banned<figure><img src="https://images.theconversation.com/files/106276/original/image-20151216-25624-1fs98ng.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption"></span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/111692634@N04/11406965436">www.perspecsys.com</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p>Politicians have turned their sights on encryption once more following terrorist outrages <a href="https://theconversation.com/uk/topics/paris-attacks-2015">in Paris</a> and San Bernardino, California.</p>
<p>A country that once <a href="http://www.theregister.co.uk/1999/01/15/france_to_end_severe_encryption/">welcomed encryption</a>, France is now considering <a href="http://www.lemonde.fr/attaques-a-paris/article/2015/12/05/la-liste-musclee-des-envies-des-policiers_4825245_4809495.html#meter_toaster">outlawing it</a> in the wake of the massacre in its capital. In the US, <a href="https://theintercept.com/2015/12/07/obama-hints-at-renewed-pressure-on-encryption-clinton-waves-off-first-amendment/">politicians</a> and <a href="http://uk.businessinsider.com/john-mccain-calls-anti-encryption-legislation-paris-attacks-isis-back-doors-2015-11">law enforcement</a> have made similar demands, as has the British prime minister, <a href="http://www.theguardian.com/technology/2015/jan/15/david-cameron-encryption-anti-terror-laws">David Cameron</a>.</p>
<p>Encryption creates trust. It is the underpinning of the internet, ensuring the privacy of mail, commerce, and transactions of all kinds. <a href="http://www.wired.com/2014/11/hacker-lexicon-end-to-end-encryption/">End-to-end encryption</a>, where data such as texts, emails, or other messages are encrypted in transit and in storage, and where no third party other than those communicating have the keys to decrypt it, has come under particular criticism.</p>
<p>Certainly it is difficult if not impossible to crack, and poses a serious problem for investigators. But the Paris attacks were not aided by encryption – the attacker’s <a href="http://www.lemonde.fr/attaques-a-paris/article/2015/11/18/le-telephone-portable-d-un-membre-du-commando-trouve-pres-du-bataclan-a-permis-de-remonter-a-alfortville_4812515_4809495.html">unencrypted mobile phone</a>, which was found in a bin, led police to their safe house. Abdelhamid Abaaoud, the Belgian-Moroccan ringleader, <a href="https://theintercept.com/2015/11/18/signs-point-to-unencrypted-communications-between-terror-suspects/">communicated without encryption</a>.</p>
<p>When in San Bernardino police claimed to have found that the terrorists used “<a href="https://twitter.com/CBSNews/status/675455571697516545">levels of built-in encryption</a>”, Christopher Soghoian, principal technologist at the American Civil Liberties Union, dismissed this as nothing more than the standard encryption built into the 2G/3G/4G communications protocols that carry data between the <a href="https://twitter.com/csoghoian/status/675465109905477633">phone handset and network transmitter masts</a>. In other words, an unremarkable part of how mobile phones work.</p>
<p>It is clear that the Islamic State is aware of and uses encrypted communications, however. The US Army claims IS uses up to 120 different online platforms for communication, including messaging services such as WhatsApp or the encrypted Telegram service to organise, socialise, recruit, and for use as a <a href="http://www.reuters.com/article/france-shooting-telegram-idUSL1N13C2YG20151118">press outlet</a>. Telegram was used by IS to claim responsibility for the Paris attacks and the <a href="http://www.reuters.com/article/france-shooting-telegram-idUSL1N13C2YG20151118#cKixiKBpqHmtQuxq.99">bombing of a Russian airliner over Egypt</a>.</p>
<h2>No safety in backdoors</h2>
<p>So with this in mind, Western leaders want powers to decrypt communications. Particular ire has been directed at tech companies such as Apple, Google and Facebook which, by providing encryption in their popular products, have made investigators’ work harder. FBI director Jim Comey urged them to prevent terrorist communications from “<a href="https://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course">going dark</a>”. Even just using encryption <a href="https://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml">makes you a suspect</a> in the eyes of the law. </p>
<p>Governments want “backdoors” written into encryption schemes to <a href="http://www.foxnews.com/politics/2015/12/13/feds-silicon-valley-headed-for-collision-over-encryption-issue-post-san-bernardino-wave-terror-attacks.html">provide privileged access</a> to law enforcement and secret services. But tech companies are generally <a href="http://techcrunch.com/2015/06/02/apples-tim-cook-delivers-blistering-speech-on-encryption-privacy/">moving in the opposite direction</a>, with Apple CEO Tim Cook calling backdoors “incredibly dangerous”. Other smaller companies like Signal, Silent Circle, Wickr, Protonmail and Mega also offer encrypted communication platforms.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/106471/original/image-20151217-8068-197ufiv.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/106471/original/image-20151217-8068-197ufiv.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/106471/original/image-20151217-8068-197ufiv.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/106471/original/image-20151217-8068-197ufiv.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/106471/original/image-20151217-8068-197ufiv.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/106471/original/image-20151217-8068-197ufiv.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/106471/original/image-20151217-8068-197ufiv.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Wanting to keep out prying eyes is only natural.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/yusamoilov/13334048894">yusamoilov</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<h2>The principles of privacy</h2>
<p>On the other hand, Germany <a href="http://www.zdnet.com/article/while-us-and-uk-govts-oppose-encryption-germany-promotes-it-why/">promotes the use of encryption by its citizens</a>. However, the EU has no overarching policy on encryption. While the forthcoming General Data Protection Regulation specifies that data must be encrypted when in storage, it doesn’t address end-to-end encryption and <a href="http://www.computerweekly.com/opinion/EU-General-Data-Protection-Regulation-comes-into-sharper-focus">data in transit</a>.</p>
<p>The UN, in both principle and practice, rejects efforts to criminalise or restrict encryption. Article 12 of the <a href="http://www.un.org/en/documents/udhr/">UN Universal Declaration of Human Rights</a> argues that “no citizen should be subjected to arbitrary interference of their privacy, family, home or <a href="http://www.wired.co.uk/news/archive/2015-02/16/nico-sell-wickr-uk-privacy-problems">correspondence</a>.” UN special rapporteur on freedom of expression David Kaye <a href="https://www.accessnow.org/un-report-encryption-and-anonymity-online-necessary-to-advance-human-rights">has argued</a>: </p>
<blockquote>
<p>States should avoid all measures that weaken the security individuals may enjoy online, such as through backdoors, weak encryption standards and key escrows [where encryption keys are held by third parties to be handed over to police on demand].</p>
</blockquote>
<p>If civil society groups had their way encryption would be protected. Rainey Reitman of the Electronic Frontier Foundation has argued that <a href="https://www.eff.org/deeplinks/2015/12/save-crypto-tell-white-house-we-cant-sacrifice-security">weakening encryption makes us all less secure</a>, and that any backdoor can and will be exploited by malicious hackers or foreign powers.</p>
<h2>The powers they need already exist</h2>
<p>Are laws banning strong encryption even necessary when the NSA, GCHQ or police can just hack our communications? Developers of Tor, software used for anonymous online communication, claim the FBI paid Carnegie Mellon University researchers to <a href="http://www.wired.com/2015/11/tor-says-feds-paid-carnegie-mellon-1m-to-help-unmask-users/">hack Tor</a>, something both parties have denied. Controversial Italian security firm Hacking Team were found to have <a href="https://theintercept.com/2015/09/28/hacking/">monitored Tor for the FBI</a>, and Edward Snowden’s leaked files revealed NSA efforts to <a href="https://theintercept.com/2014/03/12/nsa-plans-infect-millions-computers-malware/">monitor millions of computers</a> by infecting them with malware.</p>
<p>Considering how widely used and important encryption is, and how little it is employed by terrorists, it’s arguable that government hacking is preferable to <a href="https://theintercept.com/2015/09/28/hacking/">enforcing backdoors that make us all less safe</a>.</p>
<p>In truth, encryption is so pervasive and so easy to build into new software that it’s practically impossible to ban. Phil Zimmermann, who invented free encryption software PGP, <a href="http://www.theguardian.com/technology/2015/feb/02/pgp-phil-zimmermann-intelligence-agencies-encryption">said</a> any proposal to ban encryption was “absurd”:</p>
<blockquote>
<p>End-to-end encryption is everywhere now. If you have strong encryption between your web browser and your bank, you can’t have a man in the middle from the government wiretapping that.</p>
</blockquote>
<p>Melvin Kranzberg, a professor in the history of technology at Georgia Tech, famously said: “<a href="http://www.jstor.org/stable/3105385">Technology is neither good nor bad; nor is it neutral</a>.” Proponents of banning encryption fail to recognise how encryption helps journalists, whistleblowers, and those who face oppression under authoritarian regimes, while civil rights activists must recognise that encryption could be a powerful tool for those who would do society harm (government or otherwise). But while expectations of privacy fluctuate around the world and over the years, the value of privacy is constant. </p>
<p>We will make no progress by blaming the technology – whatever technology of the day that may be – instead of addressing the root causes of the antagonism that drives people to use it.</p><img src="https://counter.theconversation.com/content/52395/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Adam Fish does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Banning encryption won’t help, and probably isn’t possible anyway.Adam Fish, Lecturer in Sociology and Media Studies, Lancaster UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/521062015-12-18T10:15:04Z2015-12-18T10:15:04ZVuvuzela, a next-generation anonymity tool that protects users by adding NOISE<figure><img src="https://images.theconversation.com/files/105303/original/image-20151210-7447-xvx237.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Communicating by Vuvuzela, for when anonymity could be a matter of life and death.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/e3000/4712469214">e3000</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p>Cryptography is the science of keeping secrets, with <a href="http://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard">encryption algorithms</a> and methods such as public key encryption the gold standard. Despite widespread usage and heavy scrutiny, these ciphers remain unbroken. But while encryption can keep messages secret, it cannot protect the identities of the sender and receiver.</p>
<p>Details such as the IP addresses of computers communicating on the internet and other metadata can reveal more than just the identities of those communicating. Companies use metadata to infer sexual orientation, approximate age, gender and interests for targeted advertising, while intelligence and law enforcement agencies collect and analyse it for their own uses. As a former director of the NSA puts it pithily: “<a href="https://www.youtube.com/watch?v=UdQiz0Vavmc">We kill people based on metadata</a>.”</p>
<p>So anonymity is required as well as secrecy, for which the most polished tool is Tor. Tor allows users to browse the web anonymously, but has come under sustained attack – and cracks <a href="https://theconversation.com/how-tors-privacy-was-momentarily-broken-and-the-questions-it-raises-52048">have begun to show</a>. Is it time for a replacement? Vuvuzela, a <a href="https://people.csail.mit.edu/nickolai/papers/vandenhooff-vuvuzela.pdf">prototype anonymising software</a> designed by MIT researchers, is one attempt.</p>
<p>Tor achieves anonymity by partially encrypting as much metadata as possible, revealing only small amounts and only as late on in the communication as possible. It sends messages via the encrypted Tor network, where it’s difficult for attackers that snoop on network traffic to detect where <a href="https://theconversation.com/tor-the-last-bastion-of-online-anonymity-but-is-it-still-secure-after-silk-road-35395">a message comes from and where it is going</a>. That an NSA presentation leaked by Edward Snowden included the statement “<a href="http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document">Tor Stinks</a>” suggests that even the NSA found it difficult to crack. </p>
<p>Yet when the FBI shut down the Silk Road and Silk Road 2.0 illegal online marketplaces, their prosecutions seemingly relied on <a href="https://theconversation.com/how-tors-privacy-was-momentarily-broken-and-the-questions-it-raises-52048">evidence collected despite Tor’s privacy measures</a>. Tor has well-known security weaknesses which are <a href="https://blog.torproject.org/blog/one-cell-enough">explicitly stated</a> by the developers. One is that Tor cannot withstand traffic analysis by an attacker who can monitor global internet traffic in real time: whenever user A sends a message to Tor and almost immediately afterwards Tor sends a message to website B, then it is likely that A uses Tor to browse B. This attack is out of reach for individuals, but some nation states have the capacity to do so.</p>
<p>As MIT associate professor Nickolai Zeldovich, whose group created Vuvuzela, said: “Tor operates under the assumption that there’s not a global adversary that’s paying attention to every single link in the world. Maybe these days this is not a good assumption.”</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/106473/original/image-20151217-8073-1ih7a2h.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/106473/original/image-20151217-8073-1ih7a2h.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=410&fit=crop&dpr=1 600w, https://images.theconversation.com/files/106473/original/image-20151217-8073-1ih7a2h.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=410&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/106473/original/image-20151217-8073-1ih7a2h.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=410&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/106473/original/image-20151217-8073-1ih7a2h.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=515&fit=crop&dpr=1 754w, https://images.theconversation.com/files/106473/original/image-20151217-8073-1ih7a2h.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=515&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/106473/original/image-20151217-8073-1ih7a2h.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=515&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Anonymity through obscurity.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/10422334@N08/6619734997/">Guy Mayer</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span>
</figcaption>
</figure>
<h2>Hiding activity as well as metadata</h2>
<p>To overcome Tor’s shortcomings, other anonymising software approaches have been proposed, such as <a href="http://arxiv.org/abs/1503.06115">Riposte</a> from Stanford University and <a href="http://dedis.cs.yale.edu/dissent">Dissent</a> from Yale. While they fix Tor’s flaws, they are not able to support the sort of usage and number of concurrent users that Tor can, which limits their usefulness.</p>
<p>Vuvuzela is both immune to traffic analysis and other forms of attack, and can support a large number of simultaneous active users. Like Tor, Vuvuzela works by encrypting as much metadata as possible, but (<a href="https://www.youtube.com/watch?v=YpXN8BvGp_o">like its namesake)</a> it also adds a lot of noise – fake messages with which to confuse attackers. As they are indistinguishable from genuine messages, this drowns out patterns of genuine communication that might otherwise compromise a user’s anonymity. </p>
<p>Unlike Tor, Vuvuzela sends its communication in fixed rounds. Clients cannot send and receive messages at any time, instead on each round a user can only send and receive one message. This obscures the precise timing of messages between sender and receiver, keeping this detail from attackers.</p>
<p>Another difference is how the messages travel. Tor messages pass from sender to receiver in a sequence of hops, while Vuvuzela uses a dead-drop system, where the sender leaves the message at a randomly chosen memory location on one of the Vuvuzela servers, and during a later round the recipient picks up the message.</p>
<p>All messages sent by Vuvuzela messages are the same size, achieved by splitting messages that are too large and padding messages that are too small. This prevents attackers from using message size to compromise anonymity by giving away clues as to what sort of communication is being sent.</p>
<p>As a result, Vuvuzela is the first anonymising privacy system that is resistant to large-scale network traffic analysis attacks, and which can also sustain millions of active users sending tens of thousands of messages per second.</p>
<p>MIT’s software is brand new and still experimental, and cannot yet be considered as a replacement for Tor. It hasn’t yet undergone extensive testing through attacks aimed at its theoretical design, and implementation. Crucially, unlike Tor Vuvuzela cannot yet be used for convenient web browsing, nor is it suitable for real-time chat as it is currently quite slow. However, it holds a lot of promise, and may evolve into a viable Tor successor in the future.</p><img src="https://counter.theconversation.com/content/52106/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Martin Berger receives funding from EPSRC and the European Union.</span></em></p>With attacks against Tor increasing, prototype anonymising software Vuvuzela takes a different approach.Martin Berger, Lecturer in Foundations Of Computation (Informatics), University of SussexLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/520482015-12-10T11:10:18Z2015-12-10T11:10:18ZHow Tor’s privacy was (momentarily) broken, and the questions it raises<figure><img src="https://images.theconversation.com/files/105095/original/image-20151209-15552-1ewqm4o.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Will Tor's chopped onions lead to tears?</span> </figcaption></figure><p>Just how secure is <a href="https://www.torproject.org/">Tor</a>, one of the most widely used internet privacy tools? Court documents <a href="http://motherboard.vice.com/read/court-docs-show-a-university-helped-fbi-bust-silk-road-2-child-porn-suspects">released</a> from the Silk Road 2.0 trial suggest that a “<a href="https://www.documentcloud.org/documents/2511925-farrell-nov-2015-motion.html#document/p2/a260739">university-based research institute</a>” provided information that broke Tor’s privacy protections, helping identify the operator of the illicit online marketplace. </p>
<p>Silk Road and its successor Silk Road 2.0 were run as a Tor hidden service, an anonymised website accessible only over the Tor network which protects the identity of those running the site and those using it. The same technology is used to protect the privacy of visitors to other websites including <a href="https://www.mafialeaks.org/en/">journalists reporting on mafia activity</a>, <a href="https://duckduckgo.com/">search engines</a> and <a href="https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237">social networks</a>, so the security of Tor is of critical importance to many. </p>
<h2>How Tor’s privacy shield works</h2>
<p>Almost <a href="https://blog.torproject.org/blog/some-statistics-about-onions">97% of Tor traffic</a> is from those using Tor to anonymise their use of standard websites outside the network. To do so a path is created through the Tor network via three computers (nodes) selected at random: a first node entering the network, a middle node (or nodes), and a final node from which the communication exits the Tor network and passes to the destination website. The first node knows the user’s address, the last node knows the site being accessed, but no node knows both.</p>
<p>The remaining 3% of Tor traffic is to hidden services. These websites use “.onion” addresses stored in a hidden service directory. The user first requests information on how to contact the hidden service website, then both the user and the website make the three-hop path through the Tor network to a rendezvous point which joins the two connections and allows both parties to communicate. </p>
<p>In both cases, if a malicious operator simultaneously controls both the first and last nodes to the Tor network then it is possible to link the incoming and outgoing traffic and potentially identify the user. To prevent this, the Tor network is designed from the outset to have sufficient diversity in terms of who runs nodes and where they are located – and the way that nodes are selected will avoid choosing closely related nodes, so as to reduce the likelihood of a user’s privacy being compromised.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/71202/original/image-20150205-28618-1pf3ee.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/71202/original/image-20150205-28618-1pf3ee.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/71202/original/image-20150205-28618-1pf3ee.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=384&fit=crop&dpr=1 600w, https://images.theconversation.com/files/71202/original/image-20150205-28618-1pf3ee.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=384&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/71202/original/image-20150205-28618-1pf3ee.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=384&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/71202/original/image-20150205-28618-1pf3ee.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=482&fit=crop&dpr=1 754w, https://images.theconversation.com/files/71202/original/image-20150205-28618-1pf3ee.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=482&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/71202/original/image-20150205-28618-1pf3ee.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=482&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">How Tor works.</span>
<span class="attribution"><a class="source" href="https://privacycanada.net">Tor Project/EFF</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<p>This type of design is known as <a href="https://www.cs.columbia.edu/%7Eangelos/Papers/2004/tmreview.pdf">distributed trust</a>: compromising any single computer should not be enough to break the security the system offers (although compromising a large proportion of the network is still a problem). Distributed trust systems protect not only the users, but also the operators; because the operators cannot break the users’ anonymity – they do not have the “keys” themselves – they are less likely to be targeted by attackers.</p>
<h2>Unpeeling the onion skin</h2>
<p>With about <a href="https://metrics.torproject.org/userstats-relay-country.html">2m daily users</a> Tor is by far the most widely used privacy system and is considered one of the most secure, so research that demonstrates the existence of a vulnerability is important. Most research examines how to increase the likelihood of an attacker <a href="http://sec.cs.ucl.ac.uk/users/smurdoch/papers/pets08metrics.pdf">controlling both the first and last node</a> in a connection, or how to <a href="http://sec.cs.ucl.ac.uk/users/smurdoch/papers/pet07ixanalysis.pdf">link incoming traffic to outgoing</a>.</p>
<p>When the 2014 programme for the annual <a href="https://www.blackhat.com/">BlackHat conference</a> was announced, it included <a href="https://web.archive.org/web/20140705114447/http://blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget">a talk by a team of researchers from CERT</a>, a Carnegie Mellon University research institute, claiming to have found a means to compromise Tor. But the talk <a href="http://www.theguardian.com/technology/2014/jul/22/is-tor-truly-anonymising-conference-cancelled">was cancelled</a> and, unusually, the researchers did not give advance notice of the vulnerability to the Tor Project in order for them to examine and fix it where necessary. </p>
<p>This decision was particularly strange given that CERT is worldwide coordinator for <a href="http://www.cert.org/vulnerability-analysis/research/coordination.cfm">ensuring software vendors are notified</a> of vulnerabilities in their products so they can fix them before criminals can exploit them. However, the CERT researchers gave enough hints that Tor developers were able to investigate what had happened. When they examined the network they found someone was <a href="https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack">indeed attacking Tor users</a> using a technique that matched CERT’s description.</p>
<h1>The multiple node attack</h1>
<p>The attack turned on a means to tamper with a user’s traffic as they looked up the .onion address in the hidden service directory, or in the hidden service’s traffic as it uploaded the information to the directory. </p>
<p>When traffic bound for a hidden service directory enters the Tor network, the .onion address of the hidden service is visible. This traffic was tampered with in a way that wouldn’t disrupt the request, but would leave a trace, different for each .onion address, which could be detected when the traffic left the network. If both the first and last node selected by the Tor software for communicating with the hidden service directory were run by the attacker, the .onion address could be linked via the pattern to the identity of the user’s computer, or to the computer where the hidden service is hosted.</p>
<p>While this technique is unreliable because it requires the attacker to control both the first and last hop, given enough time it will eventually succeed – and part of the attack was to register many new nodes to the Tor network to make it more likely they’d control both first and last node. Because hidden services are always available it’s a case of repeatedly connecting to the target until the attack succeeds. This brute force attack only works with hidden services and is why they’re less secure than using Tor to anonymise access to standard websites.</p>
<h2>A lesson for the future</h2>
<p>Carnegie Mellon has <a href="http://motherboard.vice.com/read/court-docs-show-a-university-helped-fbi-bust-silk-road-2-child-porn-suspects">refused to answer questions</a> over whether its researchers were involved in any attack or had any contact with the FBI. No evidence has been revealed of such contact, but the timing and technique of the attack has prompted some to ask questions about their involvement in the FBI’s pursuit of Silk Road 2.0. It might be that the researchers were legally compelled to assist the FBI under some kind of warrant, although the <a href="http://arstechnica.com/tech-policy/2015/11/fbi-the-allegation-that-we-paid-cmu-1m-to-hack-into-tor-is-inaccurate/">FBI has denied</a> it paid the researchers US$1m for the attack. The university has stated only that it “<a href="https://www.cmu.edu/news/stories/archives/2015/november/media-statement.html">abides by the rule of law</a>”. </p>
<p>The vulnerability was <a href="https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack/">fixed in July 2014</a>, but protecting Tor hidden services remains an inherently difficult problem.</p>
<p>The affair also raises <a href="http://motherboard.vice.com/read/academics-livid-concerned-over-allegations-that-cmu-helped-fbi-attack-tor">questions about research ethics</a> and the control of surveillance by government agencies. CERT, an autonomous, federally funded research institute, may not be <a href="http://www.hhs.gov/ohrp/humansubjects/commonrule/">subject to the ethics review requirements</a> in the same way that university researchers are, for example. And the attack went further than just the normal practice of proof of concept: rather than taking steps to protect innocent users, the attack on Tor potentially exposed every user and hidden service operator at the time. </p>
<p>Research, when carried out ethically is key to improving internet privacy, and the Tor Project has always assisted researchers and <a href="https://blog.torproject.org/blog/ethical-tor-research-guidelines">given them the benefit of the doubt</a> when experiments show up as unusual network activity, but given these events, suspicious behaviour may now be blocked when detected. </p>
<p>To help avoid situations that may put people at risk we need to be able to <a href="https://shadow.github.io/">validate experimental results without involving real people</a>, and where that’s impossible to have better procedures for <a href="http://sec.cs.ucl.ac.uk/users/smurdoch/papers/wecsr10measuring.pdf">protecting network users</a>.</p><img src="https://counter.theconversation.com/content/52048/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Steven J. Murdoch works for VASCO Data Security and is a member of the Tor Project.</span></em></p>University researchers broke Tor, briefly, to bring down Silk Road 2.0, and this matters.Steven J. Murdoch, Royal Society University Research Fellow, UCLLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/460702015-08-13T05:28:20Z2015-08-13T05:28:20ZExplainer: what is the dark web?<figure><img src="https://images.theconversation.com/files/91704/original/image-20150813-25325-g9emlk.jpg?ixlib=rb-1.1.0&rect=229%2C0%2C1818%2C1020&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">There's a dark side to the internet.</span> <span class="attribution"><span class="source">powtac/Flickr</span>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span></figcaption></figure><p>The “dark web” is a part of the world wide web that requires special software to access. Once inside, web sites and other services can be accessed through a browser in much the same way as the normal web.</p>
<p>However, some sites are effectively “hidden”, in that they have not been indexed by a search engine and can only be accessed if you know the address of the site. Special markets also operate within the dark web called “darknet markets”, which mainly sell illegal products like drugs and firearms, paid for in the cryptocurrency Bitcoin.</p>
<p>The dark web has been host to crowdfunded “assassination markets”, where users can pay towards having someone assassinated. A <a href="http://www.newsweek.com/dark-web-site-fundraises-donald-trump-assassination-529566">site</a> was reportedly created to crowdfund the assassination of US President Donald Trump and Vice-President Mike Pence, but most of these platforms are <a href="http://www.mirror.co.uk/tech/dark-web-hitmen-hire-service-7988693">likely</a> to be scams.</p>
<p>More recently, a journalist <a href="https://www.theguardian.com/australia-news/2017/jul/04/the-medicare-machine-patient-details-of-any-australian-for-sale-on-darknet">was able to</a> purchase his Medicare details on a Tor website. The dark net vendor claimed they could sell the Medicare patient details of any Australian.</p>
<p>Because of the the dark web’s almost total anonymity, it has been the place of choice for groups wanting to stay hidden online from governments and law enforcement agencies. </p>
<p>Whistle blowers have used the dark web to communicate with journalists, but more frequently, it has been used by paedophile groups, terrorists and criminals to keep their dealings secret.</p>
<h2>Going dark</h2>
<p>There are a number of ways to access the dark web, including the use of <a href="https://www.torproject.org/">Tor</a>, <a href="https://freenetproject.org/">Freenet</a> and <a href="https://geti2p.net/en/">I2P</a>. Of these, the most popular is Tor (originally called The Onion Router), partly because it is one of the easiest software packages to use. Tor downloads as a bundle of software that includes a version of Firefox configured specifically to use Tor. </p>
<p><a href="https://theconversation.com/au/topics/tor-network">Tor</a> provides <a href="https://www.torproject.org/about/overview">secrecy and anonymity</a> by passing messages through a network of connected Tor relays, which are specially configured computers. As the message hops from one node to another, it is encrypted in a way that each relay only knows about the machine that sent the message and the machine it is being sent to. </p>
<p>Rather than conventional web addresses, Tor uses “<a href="https://en.wikipedia.org/wiki/Onion_routing">onion</a>” addresses, which further obscure the content. There are even special versions of search engines like Bing and Duck Duck Go that will return onion addresses for Tor services. </p>
<p>It is a mistake to think that Tor is entirely anonymous. If a web site is accessed, it can still potentially find out information about whoever is accessing the site because of information that is shared, such as usernames and email addresses. Those wanting to stay completely anonymous have to use special anonymity services to hide their identity in these cases. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/91706/original/image-20150813-25319-rgxop5.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/91706/original/image-20150813-25319-rgxop5.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/91706/original/image-20150813-25319-rgxop5.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=401&fit=crop&dpr=1 600w, https://images.theconversation.com/files/91706/original/image-20150813-25319-rgxop5.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=401&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/91706/original/image-20150813-25319-rgxop5.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=401&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/91706/original/image-20150813-25319-rgxop5.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/91706/original/image-20150813-25319-rgxop5.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/91706/original/image-20150813-25319-rgxop5.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">The real deal is only virtual.</span>
<span class="attribution"><span class="source">Antana/Flickr</span>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<p>Services on the dark web would not have become as popular without a means of paying for them. This is something that Bitcoin has made possible. Drug sales on the dark net were <a href="https://www.economist.com/news/international/21702176-drug-trade-moving-street-online-cryptomarkets-forced-compete">estimated</a> to be between US$150 and $180 million a year in 2015. Most, if not all, were paid for in Bitcoin.</p>
<p>Bitcoin is made even more difficult to track on the dark web through the use of “mixing services” like <a href="https://en.bitcoin.it/wiki/Bitcoin_Laundry">Bitcoin Laundry</a>, which enables Bitcoin transactions to be effectively hidden completely. </p>
<p>Even when law enforcement has <a href="http://www.sciencedirect.com/science/article/pii/S0376871617300741">succeeded</a> in shutting down drug markets, the effect on overall illegal drug sales has been minimal </p>
<h2>How ‘dark’ is the dark web?</h2>
<p>The developers of Tor and organisations like the Electronic Frontier Foundation (<a href="https://www.eff.org/deeplinks/2014/07/7-things-you-should-know-about-tor">EFF</a>) argue that the principal users of Tor are activists and people simply concerned with maintaining their privacy. Certainly, Tor has been used in the past for journalists to talk to whistleblowers and activists, or in making submissions through sites like <a href="https://securedrop.org">SecureDrop</a> to a variety of news <a href="https://securedrop.org/directory">organisations</a>.</p>
<p>However, even a cursory glance at the Hidden Wiki – the main index of dark websites – reveals that the majority of sites listed are concerned with illegal activities. Some of these sites are scams, and so it is not clear how easy it is to buy guns, fake passports and hire hackers from the services listed. But there are likely sites on the dark web where these things are entirely possible. </p>
<p>Former executive director of the Tor project, Andrew Leman has <a href="https://www.cyberscoop.com/tor-dark-web-andrew-lewman-securedrop/">conceded</a> that the use of Tor for illicit purposes has overwhelmed any legitimate use.</p>
<p>Although the dark web makes law enforcement agencies’ jobs much more difficult, they have had a great deal of success in bringing down sites and arresting their users and the people behind them. The most famous of these was the arrest of Ross Ulbricht, the person behind the most well known of the drug markets, Silk Road.</p>
<p>In another infamous case, the administrator of the dark web-based <a href="http://www.abc.net.au/news/2017-05-06/playpen-child-porn-site-creator-steven-chase-sentenced/8502626">Playpen</a> child pornography site was sentenced to more than 30 years in jail. Steven Chase was caught by the FBI after inadvertently revealing the real internet address of the site. A further 870 people were reportedly arrested in relation to the site.</p>
<p><em>This story was updated to reflect more recent dark web cases</em></p><img src="https://counter.theconversation.com/content/46070/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Glance does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>There’s a dark side of the internet, where almost anything goes, or can be bought for the right price.David Glance, Director of UWA Centre for Software Practice, The University of Western AustraliaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/196932013-11-03T23:13:18Z2013-11-03T23:13:18ZUS tech companies could go ‘dark’ to regain trust<figure><img src="https://images.theconversation.com/files/34211/original/dyd986r7-1383275516.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">With more internet users going dark, will tech companies follow them?</span> <span class="attribution"><span class="source">Owen's/Flickr</span></span></figcaption></figure><p>With each new revelation of the scope of the American National Security Agency’s spying, perceptions of the importance of privacy are hardening around the world. </p>
<p>Systematic monitoring of the world’s communications can possibly be justified when terrorism is the driver, but it’s clear the spying has not been limited to terrorist targets. </p>
<p>Brazil’s largest oil company Petrobas has been <a href="http://www.theguardian.com/world/2013/sep/09/nsa-spying-brazil-oil-petrobras">spied on</a> along with the <a href="http://uk.reuters.com/article/2013/10/29/uk-usa-security-un-idUKBRE99S14420131029">United Nations</a> and possibly the most shocking of all, the <a href="http://www.telegraph.co.uk/news/worldnews/europe/germany/10407282/Barack-Obama-approved-tapping-Angela-Merkels-phone-3-years-ago.html">phone calls</a> of German Chancellor Angela Merkel.</p>
<p>There could be no justification for spying on Angela Merkel on the basis of protecting the US or anyone else against terrorism. This was plain political espionage using the massive technological monitoring capabilities at the NSA’s disposal. </p>
<figure class="align-right ">
<img alt="" src="https://images.theconversation.com/files/34212/original/449hnkx6-1383275659.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/34212/original/449hnkx6-1383275659.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=786&fit=crop&dpr=1 600w, https://images.theconversation.com/files/34212/original/449hnkx6-1383275659.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=786&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/34212/original/449hnkx6-1383275659.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=786&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/34212/original/449hnkx6-1383275659.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=988&fit=crop&dpr=1 754w, https://images.theconversation.com/files/34212/original/449hnkx6-1383275659.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=988&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/34212/original/449hnkx6-1383275659.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=988&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">German Chancellor Angela Merkel has been the subject of spying.</span>
<span class="attribution"><span class="source">EPA/Wolfgang Kumm/AAP</span></span>
</figcaption>
</figure>
<p>Nobody could be left in any doubt that the US’s interests extend beyond terrorism and for that reason corporations and civilians worldwide are always going to be “subjects of interest”.</p>
<p>After discovering that it has been subjected to NSA spying, Brazil has initiated calls for internet infrastructure and governance that bypasses the US. Brazilian President Dilma Rousseff is trying to <a href="http://rt.com/news/brazil-brics-internet-nsa-895/">legislate</a> that internet companies like Google and Facebook store all data relating to Brazilian users locally, a move being opposed by these companies. </p>
<p>Brazil is also building a “BRICS Cable” that connects Brazil, Russia, India, China and South Africa in order to bypass the the current cable that is routed through Miami. </p>
<p>At the same time, internet users are revisiting their use of encryption and anonymisation technologies. Although the move to try and protect privacy might have started because of concerns over the NSA, there is now general acceptance that it’s not simply the US that is engaging in systematic monitoring. This has been a worldwide phenomenon with the only distinction being whether the spying was done simply in the individual country’s interests or on behalf of another like the US.</p>
<p>Security analyst Bruce Schneier has <a href="https://www.schneier.com/blog/archives/2013/09/how_to_remain_s.html">outlined</a> 5 pieces of advice for those wishing to remain secure from the NSA and other agencies. </p>
<h2>Going dark</h2>
<p>The first recommendation he makes is to “hide in the network”. In essence, this means becoming part of the “dark web” provided by technologies such as <a href="https://www.torproject.org/">Tor</a>. This advice has been heeded by many people, with the <a href="https://metrics.torproject.org/users.html">number of users</a> of the Tor network surging in August from 1 million to 5 million daily users. Users rated by country reflect those most affected by the NSA spying, namely; US, Brazil, Germany, France and Spain.</p>
<p>Using Tor is relatively straightforward involving the download of a Tor browser bundle that handles the connection to the network along with providing a browser that is set up to maintain anonymity.</p>
<p>Tor does restrict what you can do on the web and involves the user understanding that Tor hides the details of the internet address you are using, not what you then subsequently do on the internet. There is no point using Tor, for example, if you are then going to log on to Facebook. Secure applications that encrypt all communications do exist however. One such application, <a href="https://crypto.cat/">Cryptocat</a>, can be used to provide secure encrypted internet messaging.</p>
<p>Schneier also argues users should be suspicious of commercial encryption software from large vendors. Here the question of who you trust becomes more challenging. </p>
<p>Apple has claimed it is not able to read user’s iMessage messages, but this has <a href="http://www.infosecurity-magazine.com/view/35160/imessage-is-not-as-secure-as-apple-claims/">now been demonstrated</a> to be false and certainly within the NSA’s capabilities even without Apple’s assistance. </p>
<p>Instead of using commercial software, Schneier recommends using public-domain and open source encryption.</p>
<h2>If you can’t beat them, join them?</h2>
<p>All of this has left companies like Google, Yahoo, Apple and others in a quandary. It is one thing for individual users to decide to protect themselves and to implement encryption technologies on top of their services but it would become quite catastrophic for their businesses if governments started moving against them, following the lead of China, Iran and other countries. </p>
<p>There is definitely a motivation for major technology companies to provide a verifiably secure means of allowing users to communicate securely without an ability for them to provide access to security agencies, even if requested to.
Two companies, Silent Circle and Lavabit, have come together to form the Dark Mail <a href="http://www.darkmail.info/">alliance</a> in an attempt to do exactly this. </p>
<p>The Dark Mail alliance will attempt to create open source protocols that allow for end-to-end encrypted email without the possibility of back doors. Both companies do have the advantage of some credibility. Lavabit was the service that Edward Snowden used when communicating with journalists and was forced to <a href="http://readwrite.com/2013/10/03/lavabit-shutdown-snowden-encryption">shut down</a> when the FBI demanded it hand over keys to access encrypted communication from Snowden. </p>
<p><a href="https://silentcircle.com/web/founders-leadership/">Silent Circle</a> was formed by Phil Zimmerman, the inventor of the open source PGP encryption software which is still one of the most secure and trusted ways of encrypting email and other data available today.</p>
<p>The question is whether companies like Google would be equally trusted if they were to implement Dark Mail or even their own version of Tor. But this is just what they may have to do to retain the trust of users and avoid countries legislating against their use or moving to create their own national versions of Dark Mail.</p><img src="https://counter.theconversation.com/content/19693/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Glance does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>With each new revelation of the scope of the American National Security Agency’s spying, perceptions of the importance of privacy are hardening around the world. Systematic monitoring of the world’s communications…David Glance, Director, Centre for Software Practice, The University of Western AustraliaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/189742013-10-08T13:50:51Z2013-10-08T13:50:51ZSilk Road bust unmasks our misconceptions on anonymity<figure><img src="https://images.theconversation.com/files/32653/original/wp8krrg2-1381234528.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">You're going to have to try a bit harder if you want to be really anonymous.</span> <span class="attribution"><span class="source">moirabot</span></span></figcaption></figure><p>The US National Security Agency and the UK’s GCHQ have upped the stakes in the battle for internet privacy by targeting users of Tor.</p>
<p>Not only have the NSA documents leaked by Edward Snowden up until this point given us a window into secretive US and UK government activities but they have raised some serious concerns for everyday internet users. Widespread surveillance of internet and phone use, including email, video, and voice-over-IP systems has led to a <a href="https://metrics.torproject.org/users.html?graph=direct-users&start=2013-07-09&end=2013-10-07&country=all&events=off#direct-users">remarkable increase</a> in the number people turning to the open-source Tor Project, an anonymising network service that has been used to enable private internet use for over a decade.</p>
<h2>How Tor works</h2>
<p>Tor is most popularly used through its packaged Tor Browser Bundle, which runs a customised version of Mozilla Firefox along with its own software that sets up the Tor connections for the user. Users are then able to reasonably easily anonymise their internet use – though there are some drawbacks, including slow speeds.</p>
<p>Tor works by bouncing a connection through several routers in the network, obfuscating the origin of the connection along the way. The net result is that the end server doesn’t know where a request is coming from and the message is encrypted until it leaves the Tor network. Theoretically, that means that adversaries are not able to monitor the connection. The user is technically anonymised by the software, with only a minimal amount of information (the fact the user is using the Tor Browser) “leaked” along the way for snoopers to pick up. </p>
<p>Within the Tor network alternatives to public internet services exist. These “hidden services” include email, forums and chat channels and can be used without requiring the user to reveal any information about themselves. The flip side of the hidden services capability of Tor is that it can allow for some less than savoury activities to be carried out anonymously. One such example was the Silk Road – a forum which was used to buy and sell drugs.</p>
<p>Silk Road has been called the <a href="http://techcrunch.com/2013/10/02/court-docs-reveal-alleged-silk-road-founders-murder-plot/">worst-kept secret</a> in hidden services. It’s probably not surprising, then, that worldwide law enforcement were interested in, at the very least, breaking it up, if not also arresting those responsible for aiding drug sales. And last week, that’s precisely what happened.</p>
<h2>Two types of anonymity</h2>
<p>Alleged founder Ross Ulbricht was arrested and charged with carrying out various conspiracies under the Princess Bride-inspired pseudonym The Dread Pirate Roberts. The charges levelled against him range from narcotics trafficking, computer hacking and money laundering to soliciting murder. It is probably no surprise, either, that the FBI has also gained access to the content of the Silk Road database, including mailing addresses and other potentially identifying information about those involved in the system.</p>
<p>How the FBI located the Silk Road servers is still uncertain. But what has become clear is that Ulbricht had become complacent about his identity anonymity – the very type of anonymity that Tor does not protect. Even the most secure anonymising service cannot prevent a user saying precisely who they are through it. And you don’t even have to be this obvious – profiles can be built of users who leak out tiny pieces of information about themselves over a long period of time, or correlated with public internet use. Ulbricht, for example, posted to public internet websites using an email address linked to his real name. Another user has been charged after apparently being traced through return addresses when <a href="http://www.komonews.com/news/local/Federal-drug-charges-for-Bellevue-man-involved-in-Silk-Road-226387671.html">posting drugs</a>.</p>
<p>The important message in all of these revelations is that all the technical wizardry in the world can’t save you from yourself. The Silk Road bust and subsequent arrests; the taking down of various other hidden services through a major malware attack perpetrated by the FBI that <a href="http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/">occurred last month</a> taking with it Freedom Hosting and its child abuse image sites: it all shows that despite the superior technical anonymity provided by the Tor Project (zero-day vulnerabilities aside), nothing technical can prevent complacent users from giving their own information away.</p>
<p>If you want to remain truly anonymous, you must constantly assume that someone is watching exactly what (and when) you’re writing, and take appropriate measures. As we saw with <a href="http://www.theverge.com/2013/8/10/4608664/lavabit-founder-closed-his-secure-email-service-to-protect-the">Lavabit</a>, governments have the ability to pressure companies to provide them with “back doors” into their otherwise secure environments. This is where identity anonymity comes in. It is not enough to simply use a secure service – you have to assume that the information you send through it may eventually be traced through some means back to oneself. </p>
<p>This scenario has implications not just for those small minorities of users wishing to trade drugs or child abuse images, but has huge implications for whistleblowers like Edward Snowden (who used Lavabit), journalists, people in oppressed countries wishing to speak out or organise against their governments, and many other legitimate uses of such technologies – and even for those who just wish to carry out everyday activities with proper privacy from snooping government agencies. </p>
<p>The increase in use of Tor after the NSA revelations shows that these everyday users are on the rise – it’s important for them to be educated in both technical and identity anonymity so they know the risks. Perhaps this is impossible though - humans are naturally social creatures who enjoy sharing information about themselves to feel part of a community. Our very nature makes being truly anonymous a monumental task.</p><img src="https://counter.theconversation.com/content/18974/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Catherine Flick does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The US National Security Agency and the UK’s GCHQ have upped the stakes in the battle for internet privacy by targeting users of Tor. Not only have the NSA documents leaked by Edward Snowden up until this…Catherine Flick, Lecturer in Computing & Social Responsibility, De Montfort UniversityLicensed as Creative Commons – attribution, no derivatives.