When the United States Naval Research Laboratory began development of The Onion Router (TOR) in the mid-1990’s they meant well.
The goal was to create a portal where dissidents of oppressive regimes can communicate their strife to the US government anonymously, which is all very well and good, until the portal became a hotbed of criminal activity known as The Dark Web. The Dark Web is a network of underground websites which are not readily accessible to your average internet visitor.
The great majority of these are hosted in The Onion Router (TOR).
How the Onion Router Works
The name of The Onion Router aptly describes how the network works and how it offers (partial) anonymity to its users.
When using The Onion Router to browse the Web all actions and requests filter through three different nodes; the passing of messages, from one node to the next, works similar to runners passing a baton during a relay race.
In a relay race each runner passes the baton to the next runner, but has no interaction with the subsequent runner after that. Similarly, the three nodes interact with one another in a similar fashion, so the first and third node never interact, and never know of the other.
The three nodes used are computers which have been volunteered by their operators to route requests through The Onion Router. Each request is encrypted in a way that resembles the layers of an onion- so each node is only visibile to the computer that provided the request and the computer where the request will subsequently be forwarded to.
In this way, the “node” that speaks to the server cannot find out where the request originated. The node that speaks to the user’s machine – the one that sent the request – does not know (and will never know) where the request is heading – it only knows to which “node” it should relay that request to.
Thus users in the router remain anonymous, at least partially.
From Haven of the Oppressed to Criminal Wonderland
Once the TOR framework was created one problem still remained. While users of the network could remain hidden, those who wanted to share content had to do so through regular servers, potentially exposing their identities to their tyrannical governments.
To correct this vulnerability TOR added another feature – Web servers which could only be accessed through The Onion Router network itself.
Theoretically speaking, when both client and server remain anonymous they cannot be tracked; now dissenters of oppressive governments had a way to communicate with the outside world.
A New Problem
Once The Onion Router made it possible for anyone with internet access to communicate incognito, a new problem arose: criminals that could not be tracked.
Cybercriminals were stoked. Finally a realm devoid of law enforcement. No more website takedowns, and no more fear of arrest.
At least that’s how it seemed at the time.
Vulnerabilities in The Onion Router
Law enforcement agencies (and presumably intelligence agencies) have invested heavily in researching potential vulnerabilities in the TOR system with the goal of tracking down criminals – and they’ve been relatively successful at doing so.
Here are a few of the methods and vulnerabilities which have been used by law enforcement agencies to search for these nearly invisible criminals.
- The most recent weakness discovered in TOR, allows law enforcers to identify the location of the hosting server. This vulnerability has one criminal site so concerned it’s been taken offline.
- Other weaknesses can potentially leak the real IP address of both users and servers. The FBI was able, for example, to uncover the real IP of the famous Silk Road.
- Another method implemented by law enforcement is the use of malware. Wired’s Kevin Poulsen reported that in 2012 FBI agents found a website hosting child pornography on the TOR network. To uncover the site’s visitors’ real locations, they’ve issued a warrant allowing them to inject malware into the website. Any visitor whose computer was vulnerable was infected with the malware, enabling the feds to uncover the real locations of at least 25 users.
Precursors to The Onion Router
Believe it or not, before The Onion Router came on the scene cybercrime did exist. Cybercriminals had a number of instruments of corruption at their disposal, but none were foolproof.
- Bullet Proof Hosting providers, unlike The Onion Router, can be tracked. Law enforcement agencies can locate exactly where Bullet Proof websites are hosted, but they can’t do much about it. These providers, are generally operated from within the boundaries of countries not exactly friendly to Western law enforcement, and habitually ignore the requests to shut down underground websites issued by western law enforcement agencies and cybersecurity companies.
- Proxies and VPN allow fraudsters to conceal their location. And although proxies and VPN are legitimate – fraudsters regularly obtain them in illegal manners.
- Malware Botnets enable cybercriminals to identify computers infected with malware and stealthily invade them. Then the cybercriminal hijacks the victim’s computer, turns it into a proxy, and syphons their own illegitimate Web-dealings through it. As a result, when law-enforcers track the criminal’s activities the trail leads back to the victim’s computer.
Each of the predecessors of The Onion Router had security weaknesses, so when it became available, much of the cyber-underground migrated. But even The Onion Router itself is not completely infallible.
Publicity and Public Perception
In the past few years The Dark Web has captured media attention in cyber security publications and in the mainstream media as well, and just as you would expect, the mainstream media over-sensationalized it.
Journalists and screenwriters portrayed The Onion Router as a complete novelty- a cybercriminal wonderland of illegal child pornography, adulterous hookups, hard-core drug dealing, and contract killers which would never have happened if not for The Onion Router.
But The Dark Web is not as revolutionary as Hollywood would have you believe.
It is not as much a revolution, as it is an evolution.
Killers for Hire… Debunked
What about these exotic killers for hire? In a network where two communicating parties have complete anonymity, and where anyone can say whatever they want, “Send me money and I’ll kill someone you don’t like” is more likely a rip-off attempt to separate suckers from their Bitcoins than anything else.
How the Dark Web Levels the Playing Field
Although The Onion Router is not revolutionary in the nefarious way that popular media outlets sensationalize it to be; it did mark one noteworthy change in cybercrime equality.
The former anonymity channels were not accessible to the layman. The Onion Router enabled, for the first time, technically unsophisticated users access to anonymizing technology. Now any Tom, Dick, or Jane could go completely incognito online.
Superiority of TOR
The Onion Router is in many ways superior to proxies, VPNs and other anonymity solutions. It is perhaps more accessible to users and website administrators alike, not to mention cheaper, but it doesn’t provide anything that is truly new to the underground.
The underground markets which are found in TOR have existed long before it became available and will likely still remain after cybercriminals shift their focus to something better, more secure and more user-friendly.
And that is what technological evolution is all about – taking a product that fulfills a purpose to another level.
The Future of TOR
If TOR is indeed only an evolution and not a revolution, what does the future hold?
Cyber-fraudsters, being who they are, will continue to seek newer, sleeker, faster, and more secure anonymizing technologies than the current TOR network. In fact, researchers have recently claimed that they’ve developed exactly that.
So it is only a matter of time, it seems, before TOR, and the already second-rate cybercrime technologies, take a back seat to the next phase of this evolution. But, just as was the case when TOR came on the scene and Bullet Proof Hosting, Proxies, VPN’s, and Malware continued to be used; the future cybercrime technology will not completely replace TOR.
Just as there are large segments of the underground which have not moved to TOR yet despite its superiority; the cybercriminal communities on TOR will most likely continue to flourish well after the next phase of cybercrime arrives.
This article was written by Yoav Vilner from The Next Web and was legally licensed through the NewsCred publisher network.