Spooks, Spies and Hogwarts … and the Dark Web

Introduction

We are so happy to receive an acknowledgement that our MSc programme was to be certified by GCGQ, and which validated much of the developments we’ve implemented (virtualised infastrutures, state-of-the-art modules, on-line lectures, and so on) and the standards that we’ve set.

We did, though, have to smile (and grit our teeth at times) when the headlines said things like: “A Masters in James Bond?“, “GCHQ names the Hogwarts for Hackers“, and “MSc … degree courses in spying“. For us nothing could be further from what is implied from the headlines, and generally we are training professionals to work at the highest levels of professionalism, and who will secure systems and investigate intrusions into systems. There roles will be to protect citizens and companies against things like Denial of Service (DoS), Intellectual Property (IP) Theft, and Fraud. Whilst any technology or method can have a flipside, most of our graduates will go into jobs which protect systems, and to build the new architectures for the future. Our graduates will often be the creators, the defenders and the protectors.

bond

For us, we’ve tried not to trivialize computer security by taking about hackers, and often use more professional words like intruders, as hackers often imply guilt, and give a certain perception of maliciousness, before any intent has been proven. A simple ping of one computer to another can be used to find out if the computer is on-line or not, while on the other hand, it might be perceived as a probe of the computer of malicious reasons.

For us, we are technical specialists, and can recommend the course of action of intrusions into systems, and, in criminal acts, it is often up to others on the actual guilt of someone, and our role is to report in a fair and honest way. This involve carefully articulating key technical terms, as the general public often struggles to get past fair simple concepts, such as an IP, and have very little chance of ever understanding complex cryptography methods, and all the security instruments that are integrated into systems.

The Dark Web

So when we read of the Dark Web, and it portrays an Internet that does really exist, were users pass each other messages, and store files in a place that no-one can get to. It’s a scary place full of criminals and people that are out to do bad things. Basically the Dark Web is a network infrastructure which secures that communication between one computer and another, and then uses host computers to create the channel. In itself this is not a bad thing, as the internet was created so that anyone can either create their own network – with an internet which uses private addresses – or connect to the Internet where network packets are routed to globally defined network addresses. There is nothing to say that users cannot secure their own communications, and pick their own routes through the network. Basically the flaw is that the protocols that have been used on the Internet, are flawed in themselves, as they are often clear text, where anyone with sniffing software, and access to the data packets as they flow through the network can see their contents. So all the old protocols such as TELNET (remote access), HTTP (Web), FTP (file transfer), and SMTP (email) are all being moved towards their secure versions: SSH, HTTPS, FTPS and SMTPS, each of which are more secure, and how they should been defined in the first place. The key objective in the creation of the Internet was just to get computers connection, and security was rarely talked about.

RFCs

This lack of concern about security in the initial creation of the Internet is highlighted with RFCs (Request For Comment) documents, which were the way that standards such as for HTTP and email become accepted quickly, and where organisations such as DARPA posted their thoughts for a standard, and received comments back, and revised them. Industry could then go ahead and implement them, without the massive overhead of taking them to international standards agencies like the ISO (International Standard Organisation) or IEEE. With these agencies, a standard would take years to develop, and often involved the tinkering from countries, in order to protect their industries, and thus often stifled innovation. Some classics exist, which have provides the core of the Internet, including RFC 791 which defines the format of IP packets (IPv4) and RFC 793 which defines TCP (Transport Control Protocol), which define the foundation of the virtually all of the traffic that exists on the Internet. Many protocols, although now limited, become de-facto standards, and have moved on little since, including HTTP 1.1 which was initially created as RFC 1945. The lack of thought to security is highlighted by the fact that it took to RFC 1508 before the word “Security” was included in the title (Sept 1993), which was more than 12 years since the IP packet definition (Sept 1981).

The right to remain anonymous

On As we move into an Information Age, there is a continual battle on the Internet between those who would like to track user activities, to those who believe in anonymity. The recent Right to be forgotten debate has shown that very little can be hidden on the Internet, and deleting these traces can be difficult. With the right to be anonymous at its core, the Tor project created a network architecture which anonymized both the source of network and the identity of users.

Its usage has been highlighted over the years, such as when, in June 2013, Edward Snowden, used it to send information on PRISM to the Washington Post and The Guardian. This has prompted many government agencies around the World to prompt their best researchers to target cracking it, such as recently with the Russian government offering $111,000. At the core of Tor is its Onion Routing, which uses subscriber computers to route data packets over the Internet, rather than use publicly available routers.

One persons’ terrorist is another’s freedom fighter

There’s a well known saying that “One person’s terrorist is another’s freedom fighter, and the Tor network falls behind this, with the media painting it as a place where all the bad people go. I once attended a talk from a security consultant related to the Dutch police, and he outlined a slide such as the following, where there are obvious examples of evil actors (such as Adolf Hitler), others have went from terrorists to freedom fighters (such as Mahatma Gandhi and Martin Luther King), as so in the discussion over Tor – aka the Dark Web – there’s two sides, and where the media has latched onto the negative side.

terror

With the Tor network, the routing is done using computers of volunteers around the world to route the traffic around the Internet, and with ever hop the chances to tracing the original source becomes reduces. In fact, it is rather like a pass-the-parcel game, where game players randomly pass to others, but where eventually the destination receiver will eventually receive the parcel. As no-one has marked the parcel on its route, it’s almost impossible to find out the route that the parcel took.

The trace of users access Web servers is thus confused with non-traceable accesses. This has caused a range of defence agencies, including the NCA and GCHQ to invest methods of compromising the infrastructure, especially to uncover the dark web. A strange feature in the history of Tor is that it was originally sponsored by the U.S. Naval Research Laboratory (which had been involved in onion routing), and its first version appeared in 2002, and was presented to the work by Roger Dingledine, Nick Mathewson, and Paul Syverson, who have since been named, in 2012, as one of Top 100 Global Thinkers. It since received funding from Electronic Frontier Foundation, and is now developed by The Tor Project, which is a non-profit making organisation.

Thus, as with the Rights to remain private, there are some fundamental questions that remain, and it a target for many government around the World. In 2011, it was awarded the Free Software Foundation’s 2010 Award for Projects of Social Benefit for:

“Using free software, Tor has enabled roughly 36 million people around the world to experience freedom of access and expression on the Internet while keeping them in control of their privacy and anonymity. Its network has proved pivotal in dissident movements in both Iran and more recently Egypt.”

So what’s so hidden about the Dark Web?

So what is the “Dark Web” … well a computer to be accessible it normally must have a global IP address, which means that it can be accessed by anyone of the Internet (obviously security restrictions stop this in many cases, especially where computers exist within private networks – such as on a home wireless network). Thus the dark web still has computers which are accessible by the whole of the Internet, it’s the route to the destination that is hidden. This is the same as using any site with https at the start of the Web address, where the communications are protected for the whole of the path between the user and the Web site – which is actually what Google does whenever you search for a term. It is also the way that organisations identify themselves (such as PayPal in the example below), and make sure that an intruder does not interfere with the communications.

pay1

Conclusions

So we’re not generally training spies, or spooks, and focused on well grounded professionals who understand who to defend and respond to threats, and investigate in a fair and honest way. In terms of the Dark Web, there’s a bit of a nievity in the general public about this, and more needs to be done about this, as people may be acquosed of crimes by using generalisations.

A typical usage of Tor is to hide the tracks of an operation, and this is a typical defence mechanism for criminal gangs, so the Dark Web actually becomes a Dark Tunnel, where the intruder connects to a computer that is on the Internet, and accessiable by others.

So … at least the media is interested in the subject, but we must watch for generalisation, as they can give the wrong impression, and within criminal investigations we need to watch that the naivety of the general public does not compromise investigations.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s