European Reseller

Helping bring new products to market

Tuesday, Mar 19th

Last updateFri, 16 Jun 2023 8am

You are here: Home Cloud The Other Side-The Dark Side
Hand Held

The Other Side-The Dark Side

Tor onionLge
Grams-Search-EngineWEB-home-page11-660x338
onionroutingfig1
onionroutingfig2
onionroutingfig3
onionroutingfig4WEB

The Dark Web is the part of the Internet that’s hidden and will not respond to a normal search engine. Using www.google.com , www.bing.com , www.yahoo.com, www.DuckDuckGo.com, www.Dogpile.com to search, there are many more legitimate search engines. But the Dark web is only available to people who have taken the time to implement the Tor anonymity browser (TOR is an abbreviation for The Onion Router.)

I haven’t been to the dark web, but I am told it’s the place people go to if you want someone killed or damaged, you can find assassins, illegal drug, prostitution and other market places such as the famous Silk Road, where you can buy services and products using the Bitcoin currency and engage in other online activities that they would prefer to be hidden from the world.

The Silk Road

Ross Ulbricht will appear in court and is accused of running the billion-dollar online drug bazaar known as the Silk Road. After a year and 3 months, when FBI agents grabbed him in the science fiction section of a San Francisco library, he will answer for the allegations that he is the king pin behind the Silk Road. It will be interesting to see how the authorities can make this stick and a significant day for anyone who cares about crime, punishment and privacy.

A Test of Anonymity and Surveillance Online

The Silk Road pioneered a new kind of online marketplace, one that’s open to the public but whose administrators, buyers, and sellers are anonymous, thanks to tools like the software Tor and the currency bitcoin. The prosecution’s case will need to prove Ulbricht is indeed the masked mastermind of Silk Road known as the Dread Pirate Roberts. For the industry of copycat sites that followed the Silk Road, including popular black markets like Evolution and Agora, that makes this trial a case study in the vulnerabilities law enforcement uses to attack the Dark Web’s hidden contraband bazaars and identify the people who run them.

Apparently at the beginning of 2014 a new search engine styled on Google was launched called “Grams” the address for Grams is: grams7enufi7jmdl.onion 

Although I say this, I haven’t been there but supposedly this fills a niche for anyone seeking quick access to sites selling drugs, guns, stolen credit card numbers, counterfeit cash and fake IDs — sites that previously only could be found by users who knew the exact URL for the site.

GramsSearch engine

Apparently there were questions raised on the forums and reddit, where people were constantly asking ‘where to get product X?’ and ‘which market had product X?’ or ‘who had the best product X and was reliable and not a scam?'”

Kim Zetter of Wired website reports that he wouldn’t provide his real name and asked instead to be referred to by the pseudonym he uses on Reddit, “gramsadmin.”

$1·         Gramsadmin told Kim in a chat session. “I wanted to make it easy for people to find things they wanted on the darknet and figure out who was a trustworthy vendor.” 

At that time Grams was still in beta, when it will be sanctified and by whom we do not know, but apparently it’s already serving up results from eight online markets, thanks to an API the developer made available to site owners to allow his engine to scrape their product listings.

Grams looks just like Google, right down to the “Search” and “I’m Feeling Lucky” buttons. However, instead of searching the public Internet, Grams specifically searches the Dark Web, where drugs, guns and pirate software are typically just a few clicks away.

Now the question has been raised, should MSPs be concerned about this?

It’s quite right for MSPs to wonder whether it’s time to start worrying about the implications of the Dark Web, both for the industry as a whole and for individual customer sites.

The good news is that implementing Tor and accessing the Dark Web is not something a normal user or novice user is going to do by accident. The bad news is that we are told that people with a technical mindset will have no trouble finding a Tor installer or browser bundle if they feel inclined to do so. Given the ability to mask users address and so forth I suppose it is possible.

If you are a MSP here are some hints on making a new revenue stream legally!

If you’ve been looking for the perfect opportunity to sell a Web filtering solution or some security consultancy, then this could prove the ideal time. Help your customers understand the Dark Web and its implications, so they understand more than they’ve learned from basic news reports and shed some light on the dark web.

So, what should you as an MSP do to respond to the possible emerging popularity of the Dark Web? Here are some suggestions:

Take control of applications

As an MSP, you get paid to keep a business efficient and secure, and to be on the lookout for issues and problems—that’s all part of your proactive service. Tor presents a challenge to any organisation and should not be installed by end users. It’s not that Tor is bad, it may be suspicious or even dubious to most of us but it’s a software tool, and the business reason for it needs to be at the centre of the decision to protect against it.

This applies not just to Tor, but to other applications, as well. During your initial launch process, or as part of your service offering, new applications or applications with no business value need to be removed from the environment—the smaller the number of applications, the lower the attack surface, and therefore the more predictable that you can offer a safe cloud environment.

One more point about Tor: I am informed that if the flash application is installed on the same workstation as the Tor browser, your anonymity may be compromised anyway.  There are reports of how the police authorities in various countries are able to bring down web sites that normal law abiding citizens don’t use, whether it be drugs, guns, paedophile websites.

There are business cases for Tor, but no matter how you discuss the need, the use of Tor—as far as lawyers, police and intelligence agencies are concerned it is deemed “suspicious.”

Until recently, the internet privacy tool Tor was scarcely heard of outside the technology, geek and illegal communities. Since revelations about the surveillance strategies of US and UK spies, Tor has become the focus of Hollywood films, portrayed as the tool of the criminal facilitating access to the dark web giving anonymous access to drug dealers, paedophile rings, guns and fake identities.

What is Tor?

Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.

Overview

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Tor uses so-called onion routing to defend against privacy attacks. Onion routing relies on multiple layers of security that are removed (like onion skin) one by one as a message is routed through the Tor network.

Onion Routing images fig 1-4

 

 

Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals use Tor to keep websites from tracking them and their members of their family, or to connect to news sites, instant messaging services, or as a tool to get round their IPS blocked sites. Individuals also use Tor for socially sensitive communication that they wish to keep private chat rooms and web forums for rape and abuse survivors.

The Tor project is a non-profit organisation that conducts research and development into online privacy and anonymity. It is designed to stop people – including government agencies and corporations – learning your location or tracking your browsing habits.

Research on the Tor website claims to offer a technology that bounces internet users' and websites' traffic through "relays" run by thousands of volunteers around the world, making it extremely hard for anyone to identify the source of the information or the location of the user.

Its software package – the Tor browser bundle – can be downloaded and used to take advantage of that technology, with a separate version available for Android smartphones.

Browsing using Tor is slower due to those relays, and it blocks some browser plugins like Flash and QuickTime. YouTube videos don't play by default either, although you can use the "opt-in trial" of YouTube's HTML5 site to bring them back.

When it launched in 2002, the Tor project's emphasis was on protecting internet users' privacy from corporations rather than governments. In the 2000/01 dotcom bubble, everyone was offering free services on the net, this invariable meant we take all your information and sell it as many times as possible.

Who uses Tor?

The Tor project team say its users fall into four main groups: normal people who want to keep their internet activities private from websites and advertisers, those concerned about cyberspying and users evading censorship in certain parts of the world.

Tor notes that its technology is also used by military professionals – the US navy is still a key user – as well as activists and journalists in countries with strict censorship of media and the internet. Campaigning body Reporters Without Borders advises journalists to use Tor, for example.

Tor also cites bloggers, business executives, IT professionals and police or law enforcement officers as key users, needing to mask their IP addresses when working undercover online, or investigating posing as villains or possibly underage children on paedophile web sites or tracking gun running services.

The mainstream users, could be a dad running Tor so that his children's location and identity can remain private when they are online, or could be used by a political activist in Pakistan, China, Russia or Iraq and Syria could protect their identity.

After the NSA surveillance revelations in 2013, a new wave of users joined the service. Between 19 August and 27 August alone the number of people using Tor more than doubled to 2.25 million, according to Tor's own figures, before peaking at nearly 6 million in mid-September. It has since slipped back to just over 4 million.

 

The dark side of Tor

The cloak of anonymity provided by Tor makes it an attractive and powerful tool for criminals, another NSA document stated "Very naughty people use Tor" I will leave to you to define very naughty.

Tor can mask user’s identities, but also host their websites via its "hidden services" capabilities, which mean sites can only be accessed by people on the Tor network. This is the so-called "dark web" element, and it's not unusual to see Tor pop up in stories about a range of criminal sites.

Fortunately or unfortunately there only way for MSP’s resellers, dealers and Hosting companies can monitories the dark web is to protect against it.