Performance Objective

At the conclusion of the course the student will be able to:

  1. Identify three illicit goods sold on the dark net.
  2. Identify what the dark net is.
  3. Identify what the TLD .onion is.
  4. Identify how to generate a .onion TLD.
{: itemprop="associatedMedia" itemscope itemtype="http://schema.org/VideoObject"}

Introduction

Tor, I2P, and Freenet are three separate methods of communicating with the internet in a private manner. Tor is the largest network and currently has the most number of known users. It is also one of the simpler tools to use and is popular with well known businesses as well as celebrities. Edward Snowden, Facebook, and The Intercept are all well known users of Tor.

Tor is a powerful tool for good and provides the users with the ability to mask their movements online. It is also used to provide ‘hidden services’ or websites that are difficult to locate. Many hidden services are market places like ‘The Silk Road’, which was shut down after an intense investigation that lead to arrests within the criminal community as well as law enforcement members tempted by easy money on the dark net.

Hacking Is A Business

Credit cards, bank accounts, paypal accounts, skrill, and numerous other methods of paying for goods online are being targeted on a daily basis. The question we want to answer is, why? How can a series of logins and passwords become a paycheck for someone? There is a bustling, busy, and multi billion dollar industry based around trading information as well as providing individuals with other vices online. Due to safety concerns, the vast majority of this trade has moved from the ‘open’ or ‘normal’ internet to what is known as the ‘dark net’.

A Cautionary tale

Secret Service Agent Shaun Bridges stole $800,000 worth of bitcoins from the Silk Road. He was arrested, plead guilty, and then laundered and stole the money from an account only he had access to. This is a strong indicator that law enforcement is not yet familiar with the way that bitcoin and other cryptocurrency works. The Secret Service had ordered that the wallet that Shaun Bridges had created be moved out of his possession, a tough task, when he was the original creator of the wallet.

Shaun Bridges was joined by Carl Mark Force IV, a DEA Agent, who was also arrested and sentenced to almost seven years in prison. He too attempted to defraud, threaten, and steal during his investigation of the silk road. The pair were involved in the investigation that led to Ross Ulbricht’s conviction, and were instrumental in the deconstruction of the silk road.

There have been no reports that the money has been recovered and Shaun Bridges was in possession of off shore banking documentation during his arrest. He was also in the process of attempting to change his name, gain access to a birth certificate from a foreign country, as well as move an assortment of bullet proof vests, computers, and guns with him.

Narcotics, Murder, Identification, And Prostitution

Individuals today are purchasing narcotics from around the globe, buying guns, fake identification, and prostitutes all from the comfort of their own home. There is a wide array of markets that are catering to a very wide array of interests. Even with the dismantling of the silk road, business has continued to thrive, and sales are continuing to rise.

Fentanyl

Fentanyl is an opioid. Opioids include codeine, hydrocodone, morphine, oxycodone, and heroin. Fentanyl is extremely dangerous and is capable of causing an overdose with only a very small amount. Carfentanil is an analog of Fentanyl but is prescribed to tranquilize elephants. Even a small dose can be deadly to someone exposed to it. A single kilogram of carfentanil contains enough doses to kill 50 million people if administered to each person individually. It is extremely dangerous to human beings and some are now comparing this narcotic to tools like nerve gas. It could easily be weaponized.

The drug Naloxone is administered to individuals overdosing on Fentanyl. There is no amount of Naloxone that can save an individual overdosing on carfentanil. Carfentanil overdose is almost guaranteed to be fatal.

Costs -

Naloxone

$187.44 for 1g of Naloxone

$22.44 for one dose (1ml injection x2) of Naloxone

$1,500 ( Regularly $4000) for Naloxone HCI auto injector

Carentanil

$250 per 100mg

Fentanyl

$150 for 500mg Furanyl-Fentanyl

Drug Testing Kits For Heroin

$8.00 for a drug testing kit

Hit Man - Not The Game

There are rumors of hit men, guns, and dangerous knowledge available over the dark net. Stolen firearms are readily sold on the dark net. While hiring a killer or the ‘red room’ are both more mythical than real, it is still possible in the correct country to hire someone for murder but is unlikely to be successful over Tor. This is probably one of the top scams on Tor.

Prostitutes & Pornography

Human trafficking, sex trade, and pornography are all powerfully present on the dark net. Drugs and sex are two of the easiest to find vices available over the internet. Individuals are using these underground markets to traffic in slaves as well. Human slavery with a strong emphasis on sexual slavery has returned in force to Europe with the rise of immigration and the flood of men coming into these countries. It is not difficult to find companies selling slaves as young as eight years of age with the majority being of a different ethnicity than the country they are available in.

Threats

The dark web poses very specific risks for the individual attempting to sell illicit goods, materials, and services. While many of these markets provide a simplified method to place buyers and sellers together, all users must remain aware that their actions could lead to arrest or imprisonment at any time.

How do we get around the dark net?

The Hidden WIKI is one tool available for finding websites hosted on the darknet. There are also search engines and URL repositories. The TORCH search engine can be used to help search for websites hosted under TOR as well. Locating information on Tor is more akin to word of mouth than the internet most people are aware of using today. You either must locate a grouping of links provided in trade, be recommended a place, or work to find a site being advertised through search engines.

There are plenty of websites on the dark net including 8CHAN as well as others. It is good sense to provide an onion routed method for access to your web site and I encourage more businesses and individuals to add to the network with this tool set.

Email?

Yes. There are email services that work within Tor. Torbox is one of the services made available in Tor for sending and receiving email messages. There are also services like Anoninbox, vfemail, and sec mail that work within the Tor protocol for delivering messages. It does not matter what secure email service you choose however, as you must still use tools like GPG to encrypt and digitally sign messages for safety and security purposes. It is not safe to believe that any provider of anonymous services is immune from compromise.

Onion Routing

Onion routing is a method by which communication over the internet is layered in encryption. This encrypted data is then transmitted through a series of network nodes called onion routers, where each layer is peeled away in order to reveal the next destination of the data. The final layer is decrypted when the message is delivered to the destination. Anonymous travel of the data is made because the intermediary transfer node will only know the location of the node immediately preceding or following it in the node.

Onion routing was originally developed by the U.S. Naval Research Laboratory to protect United States intelligence communications. It was then transferred to DARPA. Eventually this evolved into Tor after the code for onion routing was made free in license and some of the original developers founded a non-profit organization with the financial support of the EFF.

What is an onion?

.onion is a special use top level domain for reaching hidden services held in the Tor network. The .onion address will generally not be mnemonic (not a word) and is 16 characters long. Some groups can however create semi-readable names with the use of heavy power servers. Due to the ability to strip SSL from sites going out through an exit node, it can provide additional security for a site being accessed inside the tor network to also provide HTTPS. Tools like Shallot, Scallion, and Eschalot can all be used to generate the hash to provide a ‘customized’ .onion URL.

How do I get an onion?

Tor has an incredibly easy to use configuration for creating a hidden service.

Weaknesses in Onions

Timing analysis of the user is one of the weaknesses of the Tor system. While HTTPS may obfuscate what data is being transferred, Tor attempts to obfuscate the connection itself. However, logs can be used to unmask a user as well as provide proof of use. A person could transfer 12 megabytes and this could be recorded by their ISP. A seized server could then demonstrate that 12 megabytes of data were transferred to a Tor user at the exact same time. This could be sufficient enough proof to imply that the user obfuscating their transfers is one and the same.

Timing analysis may be defeated with the use of Garlic Routing, which is a variant on onion routing. Multiple messages are pinned together in order to make it more difficult for an attacker to analyze traffic and reveal that a specific user is linked to specific traffic. Garlic routing is used by the I2P protocol and is very efficient in bundling the reply block of traffic with original messages.

The exit node is also a possible avenue of attack. A compromised exit node is able to monitor and acquire all data being transmitted. They could use the exit node to capture user names, passwords, and other private data. This vulnerability is mitigated with the use of HTTPS or SSL. Tor is not a replacement for end-to-end encryption but is a supplement.

The largest threat to a Tor user is the browser or client machine itself. The vast majority of successful attacks have been conducted by exploiting vulnerabilities found in Firefox or the computer running the Tor browser itself. Javascript, Flash, and compromised files - while traditionally used for normal attacks - are still highly effective against users of Tor. Some users may even believe themselves to be invulnerable to attack due to their use of Tor. This is false and traditional methods of attack are still highly effective.

Answers

  1. Narcotics, Prostitution, and stolen financial data are just three goods sold on the darknet.

  2. The dark net is a computer network with limited mapping by search engines that requires a specific level of technical skill to access.

  3. The top level domain of .onion is a reserved namespace used for web sites located within the TOR routing service.

  4. You can obtain a .onion address by generating the hash yourself. You do not need to pay for it or acquire it from a domain reseller.

Conclusion

The Dark Net is a valuable tool to fight censorship, assemble, and to spread important information. It has a place in the tool chest of any security researcher or individual concerned with freedom of speech. It cannot be emphasized enough that we should each be contributing as we can to the creation of a decentralized and free internet. Every one should contribute in some way to improving the internet by providing websites over Tor, relay nodes, or even exit nodes if they are of sufficient skill to do so.

In addition, members of the community should be working together to develop stronger bonds with the public as well as building and developing a less crime focused dark net. We should be building up the community necessary for individuals to thrive on Tor without the fear of being swept up in an investigation or otherwise attacked for their use.

Final Recommendations

  1. Familiarize yourself with the Tor Project, I2P, and Freenet. RTFM!

  2. Use Linux.

  3. Do not bare back the dark net. Docker or Firejail as appropriate.

  4. Run a tor node, relay, or exit node as appropriate.

  5. Stay out of trouble. Tor is not a magic spell - it is a tool.

Glossary

  1. PGP - Pretty Good Privacy provides cryptograhic privacy and authentication.

  2. FBI - An Agency that can help with human Trafficking and international narcotics rings.

  3. I2P - An anonymous peer-to-peer distributed communications tool.

  4. Freenet - An anonymous peer-to-peer distributed communications tool.