Author Archives: Brian Schwartz

Have you ever wondered what the Internet would be like if there were no rules, no boundaries, and no way to track users? Some people argue for a completely open Internet like this, but in fact, one already exists and it’s pretty scary!

This anonymous version of the internet has pages full of the exact type of content you might expect in a place that isn’t regulated by any laws – narcotics, arms dealers, pornographers, and hackers. Services are readily available from simple webpages with a few lines of text and an encrypted email address to contact for more information.

What is this system and how does it work?

The system I’m talking about is Tor (The Onion Router), a system created in 2002 and sponsored by the US Naval Research Laboratory.

How does it all work? Who is monitoring it? And just what can you really do once you log in to sites on Tor? When I was being given a tour by security expert Lior Izik (Hacker4Lease.com Lead and CTO), I was shocked at how easy it was to connect and start using this “hidden internet”. You might even call it child’s play – just install the Tor browser from torproject.org and you are half way there.

How does Tor work?

Tor stands for The Onion Router. It acts like a regular web browser, but uses ultra-encrypted anonymous channels, giving access to all the internet has to offer, plus .onion websites that aren’t available to normal internet users.

What can you find on Tor?

I was shown a directory of the onion network sites – here are some of the descriptions of the sites available (brace yourself):

• Research and Writing services for the college student
• Hacked Paypal accounts for cheap, with balances
• Quality Deepnet Supplier of Weed, LSD, and Ecstasy – One of the originals!
• Permanent Solutions to Common Problems! Killer for Hire
• Cheap SWATTING Service – Calls in raids as pranks.
• Contract Killer – Kill your problem (snitch, paparazzo, rich husband, cop, judge, competition, etc).
• Onion-ID Get your 2nd identity from Onion-ID, real passports and professional id card + drivers license replicas.

Each one of these sites offers exactly what you see in the description, with details on how to contact securely, pay securely, and even how to have a safe delivery if you are ordering goods. All of this is going on every day, while the majority of the world is completely oblivious. (These stores are not jokes either – these sellers actually offer the advertised services and are taking their businesses very seriously.)

All of this is made possible because this information is stored in an alternate network that is not directly connected to the main Internet. No governments can take action here, although I wouldn’t doubt that they are monitoring it (or at least attempting to). Onion refers to the layers of security and encryption that makes it very hard to expose the identity of the criminals using this system. As you might suspect, even the most notorious hackers are selling services here – and not for cheap.

Why criminals can’t be tracked in Tor

In regular online communication, when a user accesses a webpage the data packet contains information on where it is coming from and where it goes to. This means law enforcement can typically find out where the buyer and merchant’s computers are located.

In the .onion network, the packet is created in a random way, and sent from one location to its destination via a series of intermediate stops. This allows the data to be sent without unencrypted information on its source and destination.

Part of the security of the network is that it requires the user to spoof their location – just pick one and go. This makes it very difficult to trace users in the real world, since each time a user logs in they do so from a different “location”.

Due to the multiple layers, the speed of the network takes a backseat to security. Load times are still reasonable, but streaming from YouTube wasn’t very practical our tests.

Cyber crime is a huge problem

A report from the United Nations in 2010 notes that one of the biggest challenges in dedicating resources to fight cyber crime is that there are no measurable metrics that outline the volume of users utilizing these methods. The uncertainty of how big the problem is makes it difficult to properly allocate resources, as there are no accurate measurements like there are with other crimes.

Technology is moving so fast that governments can’t keep up. Government bureaucracies move notoriously slowly, and nowhere is this more evident than in fighting cyber crime. Governments need time to establish new departments and plans, but these underground sites progress so quickly that the legal system prevents any actionable results from being accomplished.

On the onion network, without any governing laws, terrorists are free to collaborate. There has been evidence of anonymous congregations that look to overthrow powerful political figures, getting together and discussing. Drug dealers, pedophiles, and arms dealers are all present. You can have narcotics delivered right to your door, disguised as a bouquet of flowers (however they suggest using a “drop” location).

The underground financial system

To help them remain undetected, Tor users can accept a currency called Bitcoins. Unlike typical forms of money, Bitcoins is a peer-to-peer currency that bypasses any government involvement. You can purchase and cash out your Bitcoins as anonymously as you can use the sites, in practically every city in the world. This could be the government’s biggest challenge – not only can they not track the internet traffic, they can’t track the financial transactions!

Legitimate uses for Tor

There are legitimate uses for a secured network such as Tor. One legitimate use is to allow citizens under repressive regimes to disseminate information freely without fear of retribution or censorship. But underneath the legitimate users is a significant criminal underbelly that must be acknowledged and dealt with.