Cyber cops probe the deep web


In the past few weeks, the glare of news-media scrutiny has shone on the murky, mysterious world of the darknet, that online territory estimated to be many times bigger than the ordinary internet most of us access daily from the comfort of our computers and smartphones using web browsers such as Google, Yahoo! and Safari.

The darknet, where drug dealers, pornographers and terrorists have long been able to do business with impunity, has been made to appear less inviolate by international policing efforts.

Although its sobriquet makes it sound separate, the so-called darknet is the same as the ordinary internet – linked routers and servers whose content is available through web browsers. One of the best-known darknet access tools is Tor, aka The Onion Router, free browser and network software designed to provide users with an online presence away from surveillance.

The darknet isn’t a separate network, but a layer in a much bigger collection of networks called the deep web, which has been estimated to be more than 500 times bigger than the common world wide web.

Tor still does its job but how long that will last is uncertain, with the US National Security Agency and other law-enforcement units making highly publicised inroads into the network’s ingenious security system.

Most Tor users – including businesses, journalists and the police themselves – enjoy the online anonymity it provides for legitimate purposes, but Tor’s trouble stems from its co-opting by cyber-criminals into a portal to the notorious darknet.

There’s nothing illegal about using Tor – anyone can download its free software – and users are not suddenly confronted by the internet’s hidden horrors.

Tor search results appear much as they do on Google, although you might need to click the language over to English.

Tor works by concealing the user’s internet protocol address, which prevents personal data from being collected. But to find one of the darknet’s secret websites, users must already know its exact URL web address, and that often changes because of the way the system works. The network disguises users’ identities by randomly bouncing traffic between different Tor servers, or nodes.

Messages are encrypted in a way that ensures each link in the chain only knows about the links immediately before and after it.

As a result, when a message emerges from the network, no one can work out who sent it.

As it now stands, unless you use Tor to visit a hidden terrorist site, deal in pornography or contact some other criminal enterprise, you will remain anonymous and free from intrusion into your privacy. The only downside is that being bounced from node to node makes browser operation sluggish.

The system is so effective that it makes the mass surveillance of ordinary individuals impossible, even if the NSA or local police wanted to try. Instead, recent law-enforcement successes have relied on penetrating individual criminal websites.

The recent smashing of a vast international paedophile ring followed the FBI’s seizing control of the operator’s darknet server, Freedom Hosting. And the demise of the notorious Silk Road’s hidden marketplace for illegal drugs and other goods involved almost routine detective work. Silk Road’s owner was arrested after making postings on the open internet in his own name, and the aftermath showed that even the darknet’s most infamous website had innocent users. Right-to-die campaigner Philip Nitschke has lamented that people suffering a terminal illness can no longer buy euthanasia drugs from Silk Road.

The executive chairman of the Internet Fraud Watchdog and head of the Australian chapter of the International Association of Cybercrime Prevention, Ken Gamble, says law enforcement has a long way to go before it can effectively police Tor users.

”It’s the new Wild West, a completely invisible world with no police and no laws,” he says. ”Billions of dollars are being extorted from companies and individuals who are being targeted by the countless threats and scams emanating from the darknet. Victims range from companies threatened with cyber attacks that will shut down their operations unless they pay exorbitant sums, to ordinary browsers being targeted with viral software that freezes their computer and demands a $100 release fee.”

Gamble says alternative sites to Silk Road are already offering drugs, weaponry and killers for hire on the darknet, and that rogue networks exist as gigantic tools capable of denial-of-service attacks against corporations and even governments.

”In the physical world, it’s like millions of people trying to phone your mobile at the same time, so it’s constantly engaged,” he says.

Gamble describes such attacks as terrorism, and has been involved in protecting clients from them in several cases, even turning the same denial-of-service weapon back on the criminals involved.

Asked if law-enforcement bodies are making progress in tracking down the false IP addresses generated by Tor, Gamble replies with an emphatic ”no”. He says the only answer is for darknet law enforcement to be privatised. ”Law-enforcement bodies can only operate within their own jurisdictions and enforce the laws that apply within their own countries. They will never win the battle against international cyber crime without bringing in private agencies to help.”

One of Tor’s many paradoxes is that it was created by the US Navy and is funded with millions of dollars from US government agencies, while other branches of the same government are presumably spending millions of dollars trying to bring it down.

The NSA’s work to undermine the anonymity of Tor users was revealed last month, in 2007 documents leaked by former NSA contractor Edward Snowden.

The NSA campaign included searching for vulnerabilities in versions of Firefox, but the agency’s efforts involved hacking the popular internet browser, not Tor, to unmask individual users. Mass surveillance still was not possible.

Australian Institute of Criminology senior research analyst Dr Alice Hutchings says there are weaknesses in the Tor network for police to target.

”For instance, the text in messages is not encrypted as it leaves one Tor node for the next,” she says. ”Those messages can be read and searched for possible identifying details, and the person operating the exit nodes can be anyone. It could be a civil libertarian, it could be government or it could be the police.”