The recent hacking of the Ashley Madison website has inevitably caused a vast avalanche of commentary, covering everything from users’ morality to company security. As we concluded in our previous article apart from the fallout on people’s personal lives from the data dump, the hackers’ employment of the so-called ‘dark web’ to communicate their criminal acts needs further exploration.
What do most people know about the dark web, why does it remain such a taboo, and what are the issues facing the authorities?
The information available on the internet can be compared to a vast ocean. Accepted browsers such as Chrome or Explorer enable users to access only a tiny amount of information in well chartered ‘safe’ waters. Despite some areas of risk, the authorities are familiar with and can monitor activity, so that consumers and businesses alike are as secure as possible. To continue the ocean analogy, parts of the deep web are unchartered and shark-infested. A browser such as Tor is a vessel designed to assist exploration, whilst enabling you to be under the radar, leaving no trace of your travels.
Before explaining more about Tor, a brief word is required about the terms ‘dark’ or ‘deep’ web. These terms are used interchangeably by the media but the term ‘dark web’ is suitably sinister. The deep web is anything that cannot be found by conventional means, so even innocent sites such as company intranets, unlinked webpages, are technically included because they can’t be accessed from outside directly.
The ‘dark web’ is a small part of the deep web. It is a subset of the global internet that gives secure and anonymous access to resources which are actually accessed over the same circuits used for the normal web. It’s just that the set up means they can only be accessed by special means. The deeper you go into the sea of information, the more specialised the equipment you require, which is where the Tor browser comes in to play. It lets you access any website anonymously, so it is far more than just a tool to visit hidden web addresses, it’s about hiding where you are from and who you are.
Tor is an acronym for The Onion Routing Network and the browser is just one component of their service. The system was developed with government approval for the U.S. Navy, ‘for the primary purpose of protecting government communications’. Security and privacy was of paramount importance from the outset. Onion routing prevents networks from knowing who is communicating with whom, only that it is taking place and the content of what is being communicated cannot be overheard by potential eavesdroppers.
Tor’s site states
‘Tor software is a program you can run on your computer that helps keep you safe on the Internet [it] protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location’.
Therefore .onion sites are completely anonymous, and if you are careful, no one will be able to trace you without a great deal of technical knowledge and effort.
Anonymity can be advantageous but the proliferation of illegal services in this deep part of the internet is giving Tor a bad reputation. For example, a recent FBI investigation involved a particularly distasteful site. More recently police in Australia seized drugs being trafficked on illegal market places. As the technology becomes more sophisticated, so must law enforcement agencies in their efforts to investigate anonymous sites. Given that the expertise of the people involved in the maintenance and growth of the deep web, it’s likely that partnerships between the hackers and authorities are already in place.
And in the case of Ashley Madison, hacking is illegal no matter what the motive. To release information via the deep web under the veil of anonymity blows any ethical arguments about morality out of the water. However with large rewards on offer, those with technical expertise will be looking in turn to hack The Impact Team. After all, even when you are in murky, unregulated waters, the usual human behaviour regarding rewards and information will apply.
It’s only a matter of time … already the net is closing.
Rhory Robertson is a Partner and Clare Brown Library and Information Manager, working in the Collyer Bristow Cyber Investigations Unit.