The Darkest Web

Uploaded on 2016-04-14 in GOVERNMENT-Law Enforcement, FREE TO VIEW

Warning: This article covers subjects some readers may find distressing. 

The Dark Web has been covered extensively by news media since the seizure of infamous narcotics bazaar The Silk Road in 2013. This seizure combined with the Edward Snowden revelations gave the anonymity software, Tor, which is required to access the largest “Dark Web”, previously unknown popularity. 

Tor has been one of the most interesting and controversial developments of the Web over the last decade. It was first developed by the US Naval Research Laboratory to allow anonymous intelligence communications and is now run by the Tor Project (Torproject.org) “to advance human rights and freedoms”.

It is an essential tool for many of those carrying out investigations in law enforcement. It is also used by human rights activists wishing to avoid surveillance and monitoring by authorities. It is similarly used by criminals to avoid surveillance.

The Tor Dark Web is accessed by connecting to what is known as Tor Hidden Services (THS). The THS obfuscates the website’s IP address making it impossible for authorities to locate and seize the server. This technology was created by the Tor Project primarily to allow human rights activists to create websites anonymously, however, as we will see, this technology has most effectively been used by criminals to avoid the authorities.

The question is; on a balance does the THS do more to protect human rights activists, or does it just allow the worst criminals to continue their activities with impunity?

News media often cover the “exciting” topics on the Dark Web like the narcotics trading websites. Many seem to find the prevalence of these websites more entertaining than shocking. The failed wars on drugs, harm caused by outdated drugs legislation or the fact that 30% of the UK population have used illegal narcotics may be some factors here.

There are many rumours of shocking things on the Dark Web; assassination squads, to-the-death gladiator fights and others but the majority of these have been found to be just that; rumour. Sadly, the only subject not exaggerated is the child abuse content that is prevalent there.

A number of court cases have shone a light on the worst of these activities including what is known as “Hurtcore”. This is the most disturbing child abuse content involving deliberately causing pain and suffering to the victim over and above the sexual abuse taking place. This is content so disturbing even many paedophiles shun it. 22 year old Mathew Graham was convicted of running screen-shot-2015-09-10-at-8-54-44-pm“Hurt2theCore” Dark website that was reportedly getting 15,000 video downloads a day. (For more information on the case and please see allthingsvice blog. Warning: content discussed in these articles may disturb readers).

It is understandable that many news outlets would not want to cover these subjects as being far too distressing but without covering topics like this when discussing the Dark Web means it is underestimated as a force for bad in the world.

A recent study done by Dr Gareth Owen of Portsmouth University looked at traffic to the THS.  The results appear to show that 80 percent of traffic going to the THS were going to those sites hosting Child Abuse content.

These findings have been highly controversial and there has been much discussion in the Tor community about whether they are accurate or not. There are some valid points raised about particular research methods, but given the results, the study should be replicated multiple times and the findings verified.  If the results found by Dr Owen are correct and 80% of traffic to THS are in fact going to websites hosting child abuse content there needs to be an open and honest debate about how much the THS technology is helping protect human rights compared to the harm it may be doing in allowing the distribution of this content.

Here I differentiate between Tor and the Tor Hidden Services (THS). Tor is primarily used to access the surface web anonymously and there have been many documented cases of it being used effectively to protect human rights around the world . I am a supporter of the Tor as an anonymity product for these reasons, however, when it comes to the Tor Hidden Services (THS) the case for good is not so clear.

There are a large number of non-illegal websites on the THS, that range from the weird to the inane (just like the surface web); the dark website Anonymous Cat Facts comes to mind. There are also political, activist and human rights THS websites, for example Wikileaks has a THS version, though they also still have a presence on the surface web.

I have attempted to find case studies where THS have been used to protect human rights activists effectively. Due to the anonymous nature of this work publicising these stories is difficult in itself (if any reader knows of any please comment below). Sadly the Tor Project has so far not made a compelling case for THS being, on balance, a good thing for the world.

There will be people who vehemently oppose the idea of changing the way THS works or becoming involved in censorship of it in anyway. The Tor Project understandably don’t want to get drawn into a debate about censoring certain sites or making white/black lists as this would go against the whole reason THS was created. However, if the statistics above are correct stopping the distribution of child abuse content should be something everyone in the Tor Project and in government should want to work towards.

One argument is that more resources should be spent on investigating child abuse rather than stopping a service that can be used to protect human rights. It is true that in comparison to other areas of government spending like anti-terrorism or the military very little spent combating child abuse online, which should be addressed, but that does not deal with the content currently being distributed via the THS.

Another argument is that if THS were removed the paedophiles would move to another Dark Web service (like I2P or Freenet) and while it is true that some would, crime prevention techniques have shown time and time again if you make crime harder to achieve a percentage of the criminals will actually stop doing it. The ease at which this content can be accessed using Tor and THS means the technological barrier to entry is non-existent.

This is a contentious topic in the Tor community and the very idea of changing or discontinuing the THS is thought as bowing to some form of government censorship. However, if the findings discussed above are accurate (and as mentioned they need to be verified) a reasoned debate about the actual pros and cons of the THS needs to be had by all those involved.

Max Vetter: 

« WhatsApp Implements Encryption
Taliban App Removed From Google Store »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Secunet Security Networks

Secunet Security Networks

Secunet is a leading cyber security company offering a combination of consultancy and products, delivering the highest level of security for data, applications and digital identities.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

Davis Wright Tremaine (DWT)

Davis Wright Tremaine (DWT)

Davis Wright Tremaine is a full-service law firm with offices throughout the US and in Shanghai, China. Practice areas include Technology, Privacy & Security.

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

Gilbert + Tobin

Gilbert + Tobin

Gilbert + Tobin is an Australian corporate law firm serving clients throughout Australia, and around the world, on a broad range of legal issues including cyber security.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

Crypto Valley Association

Crypto Valley Association

Crypto Valley Association is an independent, government-supported association established to build the world’s leading blockchain and cryptographic technologies ecosystem.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

Def-Logix

Def-Logix

Def-Logix was founded in 2008 to help solve cyber threats being experienced by government agencies of the United States.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

Cipher Net Shield

Cipher Net Shield

Cipher Net Shield specializes in secure E-wallet solutions with a strong focus on blockchain and cybersecurity, prioritizing both transaction security and the recovery of lost capital.