Closing in on the dark net

screen of binary code

It would be hard to argue that the invention of the internet has not been a good thing', but there are genuine concerns over the use of this revolutionary technology forillegitimate and seriously disturbing deeds.

The global nature of the online world, and its breadth of content, makes it very hard to regulate if indeed that is desirable anyway.

Taking a scattergun approach can mean lots of innocent people get caught in the crossfire.

After all, who wants the government or the police reading through their communications or following their activity online, even if they don't have anything to hide?

The majority of people using the web are doing so innocently, but the same can't be said of everyone. So what can be done to stop those who are engaging in illegal activities without destroying the liberty and anonymity the internet provides?

Dark net disclosures

Most people, particularly those living in Western democracies, may not have heard of the dark net or technologies like Tor that are used to access it. This is because it is made up of hidden services web pages that cannot be accessed through standard browsers or found by search engines.

While many pages featured on the dark net are legitimate and legal, there are others that are not, including sites that host child pornography.

Clamping down on this content poses a significant challenge to law enforcement agencies across the world, because how do you stop people distributing this material when you can't see the servers, can't search for the sites and all visitors are almost totally anonymous?

Well, the FBI has allegedly found a way by employing the use of a Mozilla Firefox JavaScript exploit, according to reports this week.

It is claimed the exploit allowed the agency to compromise Freedom Hosting, one of the most popular hosting services on the Tor network.

Freedom Hosting was reportedly used to host more or less anything customers wanted, from legitimate services like TorMail to what has been described as the largest child pornography ring in the world.

Following the sting, alleged Freedom Hosting founder Eric Eoin Marques, a 28-year-old with dual Irish and American citizenship, was arrested in the Irish Republic on an FBI extradition warrant.

It reportedly described him as the "largest facilitator of child porn on the planet", and accuses him of distributing graphic images "depicting the rape and torture of pre-pubescent children".

At the time of writing, his was the only arrest associated with the operation.

However, the FBI's (alleged) methods have alarmed some, amid claims it was not just sites facilitating illegal activity that were compromised by this JavaScript exploit, but all Freedom Hosting sites.

According to Tor, the attack collected the hostname and MAC address of the user's computer, as well as their ISP, and sent the identifying information to a remote web server over a nonTor connection, then crashed or exited.

Because of the way the Tor network operates, it would be nigh on impossible to find out which Freedom Hosting sites users visited and, therefore, determine whether or not they had committed a crime.

Which raises the question: is this kind of dragnet operation ethical? In cases where the alleged crimes are as serious as what Marques is supposed to have been involved with, can the ends justify the means?

The problem is, we've been here before and last time, it didn't end well.

In 1999, the US presented British police with a list of over 7,000 names collected from the databases of Landslide Productions a Texan online porn portal housing child pornography.

Those listed were alleged to have paid to access child pornography, after their credit card details were lifted during a raid on Landslide.

More than 4,000 homes were searched, 3,744 arrests were made, 1,848 people were charged, 1,451 of them were convicted and a further 493 were cautioned. Furthermore, 140 children were removed from suspected dangerous situations and 39 people killed themselves.

However, investigations by our sister publication PC Pro revealed that many of those caught up in the Landslide case were victims of credit card fraud, or had used their credit card to access other Landslide offerings unrelated to child pornography.

And this is the problem with such a scattergun approach lots of innocent people can get caught in the crossfire.

Online privacy issues

Aside from the implications for innocent people who may have had their data harvested, this is yet another blow to online security, anonymity and privacy.

From PRISM to Tempora to ROEM, online privacy has taken hit after hit over the past several months.

Those who want to remain anonymous online, because they live under an oppressive regime, value their privacy or are outright paranoid, will no doubt be worried by these revelations.

However, Professor Tom Chen, an academic specialising in internet security and network traffic control, claims "for the most part...users can trust Tor for what it was designed for. It was not designed to protect users against malicious web servers [but it] is still the most powerful way to ensure an anonymous connection using multiple layers of encryption and relays to hide a user's IP address".

Nevertheless, he adds "they still need to be aware of web security and malware, and good security practices. There is no such thing as perfect security, without overhauling the entire design of the internet."

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.