Darknet technologies have legitimate security uses, says researcher
Darket technologies have legitimate security applications for business, says security investigator
The so-called “darknet” technologies that layer invisible, private networks on top of the internet have legitimate security applications for business, according to Greg Jones, director of Digital Assurance.
While grabbing media attention because of criminal use in “dark markets” for illegal goods and services, darknet technologies can protect business executives too, he told an NEDForum summit in London.
“They are free and resilient, and can be used to enable travelling business executives to connect to corporate systems, unseen by state-backed surveillance or espionage systems,” said Jones.
Even Microsoft’s Outlook Web App (OWA), which allows Exchange Server users to connect to their email accounts via a web browser, can run as a hidden service, he said.
This could be used to provide a “reasonable degree of protection and anonymity” for commercial information and other sensitive data for services such as counselling and medical or legal advice.
Tor hidden services and clouds
“Virtual private networks [VPNs] work well over darknet technologies like [internet traffic anonymisation service] Tor because it is difficult for outsiders to see what is going on,” said Jones.
“Even Facebook is now directly available to users as a Tor hidden service, having registered a .onion site towards the end of 2014,” he said.
The Facebook Tor hidden service marks the first time a certificate authority has issued a legitimate SSL certificate for a .onion site.
Jones said he expected other online services to take the same route, perhaps using the Tor-like open-source project MaidSafe, which he described as “commercial Tor”.
The network is made up by individual users who contribute storage, computing power and bandwidth to form a worldwide autonomous system.
READ MORE ON DARKNET AND DARK MARKETS
- Dark markets downed in international anti-cyber crime operation
- PM says dark web can be policed
- Dark web key enabler for cyber criminals, say McAfee researchers
- DarkMarket credit card fraudster jailed for five years
- DarkMarket had Anglo-Russian ancestors, says Soca
- Cyber crime trading site DarkMarket was FBI honey trap
- Does Tor usage pose a security risk for enterprises?
- Tor Project claims spy leaks help maintain anonymity
- Tor networks: Stop employees from touring the deep web
- Legitimate users of Tor need not worry, says NCA
Jones said businesses seeking anonymity were likely to embrace the 802.11s standard that will provide a supplier-neutral way to build wireless mesh networks over a wireless local area network.
“This standard will provide a robust meshed wireless network. Think ad hoc routing. This could be the future of machine to machine (M2M) communications. Definitely something to watch,” he said.
In the more immediate future, Jones predicted organisations will look to private Tor clouds as a way of providing security without needing to run a Tor hidden service.
“This means corporate clients can be configured to connect to a private Tor cloud rather than a Tor network, and will look like a connection to an ordinary website,” he said.
Dark market activity
While some researchers have suggested there are around 100,000 hidden services running on the darknet, Jones said the real figure is between 10,000 and 15,000.
The bulk of those hidden services are person-to-person torrent tracking or “chat” services that do not carry any actual content.
However, research carried out by Jones revealed around 12 “significant” dark markets and hundreds of smaller ones conducting business transactions worth around £20m a month, mainly using bitcoins.
A live demonstration revealed that the top items on offer include illicit and prescription drugs, stolen credit card details, PayPal credentials, Netflix accounts, fake passports and identity documents, a wide range of firearms, and kits for generating fake bank statements and utility bills.
Jones has logged around 4,000 dark market sellers in the past three years, but estimated that only around 2,500 sellers are active at any given time.
Big target for hackers
Although many of the goods on offer have been stolen by hackers, hacking itself is rife on the darknet. Jones reported an “insane” level of hacking in the past 18 months.
“Dark markets are a massive target for hackers because sellers are extremely unlikely to report attacks to authorities and many sites contain large stores of bitcoins in ‘hot wallets’,” he said.
Darknet technologies are free and resilient, and can be used to enable travelling business executives to connect to corporate systems, unseen by state-backed surveillance or espionage systemsGreg Jones, Digital Assurance
In some cases, millions of dollars worth of bitcoins have been stolen, such as the theft that forced the closure of Sheep Marketplace in December 2013. Estimates range from $6m to $120m.
Another motive is to knock out competitors. In one case, a dark market operator undermined confidence in a competitor’s security by publishing a list of users, forcing the competitor to close within three weeks.
Risk of losing anonymity
“De-anonymisation is one cyber threat that legitimate websites do not face, but for dark markets it is probably the biggest risk,” said Jones.
Dark markets are extremely vulnerable to cyber attack, he said, due to “hideous vulnerabilities” caused by poor coding containing basic security errors.
Speculation over how the international law enforcement operation Onymous was able to take down around 27 websites linked to more than 400 hidden services URLs in November 2014 has highlighted a number of potential Tor weaknesses that may have been exploited by cyber cops.
However, Jones observes that like security vulnerabilities in the world of legitimate online business, technology is likely to have been only one element of the operation’s success.
“Although the details of what enabled the take-down are still unknown, it probably involved a mix of technical and human manipulation or infiltration,” he said.