+44 (0)20 7877 0060 contact@2-sec.com
Select Page

The Dark Web: Tor and the Takedown of Silk Road 2.0

Certain parts of the internet were crawling with panic last Thursday when it was reported that the Tor  – a search engine, had been hacked by the FBI and they had taken down the Silk Road 2.0 website. They had also made a number of arrests, including six people from Liverpool, Lincolnshire, Cleethorpes and Wales.

What is Tor and what is the connection with the Silk Road arrests?

Tor is free software which lets users browse the web anonymously. (The correct definition for Tor is an anonymising proxy service). Most other search engines (such as Google and Bing) use “online tracking” which saves your browsing history, clicks and webpages, (hence all those irritating ads that follow you round the internet). Your Google search history can also be requested by various Government authorities if you are suspected of committing illegal acts.  You can however download the Tor browser software by visiting the website and clicking on the links.

Tor was created as an “anonymous” web browser to prevent an individual’s internet history being traced back to the user.

The idea of privacy and the internet is a topic that interests more and more people each year. Many individuals have legitimate reasons to want to browse the web without being monitored or leaving a footprint behind.

Tor is also used to search the dark (or deep) web and access illegal websites, that can’t be found by the ordinary “surface” web browsers.

What is the Dark Web?

The dark web is the part of the internet which is not indexed by standard search engines such as Google or Bing. Using Tor enables you to gain access to any website including these deep sites, without having your actions tracked by an interested party.  The deep web addresses tend to be deliberately opaque combinations of numbers and dots, often followed by slashes and strange punctuation marks, and containing the word “onion,” signifying that it can only be reached via the TOR browser.

The law enforcement agencies are concerned about the deep web, because that is where some of the illegal sites can be found. Such sites include child porn websites, narcotic marketplaces, illegal gun and ammunition dealers, plus providers of fake passports, medical records and everything in between.

We could go into great depth about how these deep sites are organised and how to find and access them, but to be honest, if you want to see this stuff, you’re probably best off researching them yourself.

All this dark web content seems quite mysterious.

If you’ve been watching too many episodes of House of Cards, this sort of illegal web activity does seem to exude its own sort of dark glamour.  You could imagine mysterious websites, hidden passwords and the excitement of watching cyber criminals staying one step ahead of the “Feds”.

In real life it’s all a bit grubby and depressing. The individuals that deal in drugs are doing exactly the same as dealers on a street corner, but they hide under usernames that try to give them a sheen of street cred (“Defcon” or “Dread Pirate Robert”).  A lot of the dark web is full of strange individuals broadcasting their own cracked beliefs, dealing in illicit products or getting kicks from their own perverted and damaging fantasies.

Silk Road 2.0 – a “noxious criminal bazaar”

Silk Road is a website located in the dark web, and it enabled more than 100,000 users to buy and sell illegal drugs around the world, whilst generating at least 5 million pounds in revenue per month. The original Silk Road was removed from the web in October 2013, but it wasn’t long before Silk Road 2.0 popped up and continued providing illegal narcotics to the general public.

Last Thursday, however, the FBI, the European Cybercrime Centre and various smaller agencies arrested Blake Benthall, (the infamous “Defcon”) who is said to have secretly owned and operated Silk Road 2.0. He is currently facing charges that could mean he will spend 10 years in prison.

This law enforcement action was

a globally coordinated effort codenamed “Onymous” and involved 17 different countries. In total “Operation Onymous” led to the arrest of 17 creators and administrators of illegal websites and the takedown of approximately a dozen dark markets.

After the arrests, the FBI released a statement confirming the use of Tor to access these markets: “Silk Road 2.0 has operated on the “Tor” network, a special network of computers on the Internet, distributed around the world, designed to conceal the true IP addresses of the computers on the network and thereby the identities of the network’s users”.

The FBI also released a rather fantastic press statement, “Those looking to follow in the footsteps of alleged cyber-criminals should understand that we will return as many times as necessary to shut down noxious online criminal bazaars. We don’t get tired.” How’s that for a definite message?

How did Operation Onymous hack Tor?

We don’t know. And crucially, when questioned about how the dark markets were exposed, TOR Project director Andrew Lewman could also only say “we don’t know.”

There have been many theories as to how the Tor website was hacked. Here are the three top ideas:

  • The Tor “nodes”. Nodes are located on thousands of volunteers’ computers and are used to encrypt Tor users’ signals in order for them to anonymously connect with dark web sites. If the FBI uncovered these nodes and then started to host them themselves, they would be able to identify individual Tor users and exactly where they came from and which sites they frequented. And then it would be only a matter of time until they knocked on the door.
  • The sites weren’t as anonymous as they thought. It has also been reported that many of the dark web services were not taking full advantage of all of Tor’s anonymising powers.  Many illegal websites STILL exist on all levels of the dark web, so maybe Silk Road and the other sites that were removed in Operation Onymous were not as secure as they could have been.
  • Double agents. More simply, Tor could simply have unwittingly hired a double agent…or alternatively a law enforcement agent managed to infiltrate Silk Road 2.0’s support staff.

The Future of Tor…

Since Operation Onymous a lot of worried people have been pointing fingers at the TOR web browser and voicing concerns about its fundamental security. The Tor administration has issued a call for help to the wider IT community.

“Tor is most interested in understanding how these services were located, and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissent…If anyone has more details, please get in contact with us.”

Tor is obviously scrambling to retrieve its reputation and identify its vulnerabilities. The Tor user’s desire for privacy highly valued and so it is in Tor’s best interests to quickly reassure users that it is safe from any future cyber-attacks and to demonstrate its complete invulnerability to further hacking.

Silk Road 3.0 and Beyond

Last week’s takedown of Silk Road 2.0 isn’t the last of this marketplace for narcotics. A new Silk Road 3.0 has already emerged, with a message on its front page reading:

“Welcome to Silk Road Reloaded. We are an anonymous, professional and peaceful marketplace selling all sorts of goods and services, and there is no judgment, censorship or repercussion here. We are truly free.”

On the social networking site Reddit, some jittery users are wondering whether Silk Road 3.0 has actually been created by an international law enforcement agency.

The original Silk Road changed the way in which many users, especially in the younger generation, bought their illegal and prescription drugs, and it is naïve to think that the takedown of the 2.0 website will bring to an end of the illegal online narcotics trade. Alternatives to Silk Road have existed for a long time and include the popular drug market places called Evolution and Agora.

As Robin Wood, Senior Penetration Tester at 2-sec and founder of DigiNinja and SteelCon, comments,

“There will always be illegal marketplaces in one form or another, there is no way you can take them off the net. The market is worth too much money to criminals and so they will always come up with new ways to work and hide.”

As long as human error exists however, mistakes will be made and illegal sites will be vulnerable to law enforcers. And of course, workers in a criminal underworld face a major problem in that they are uncertain about who they can trust.

On Wednesday, Britain’s most senior police chief, Sir Bernard Hogan-Howe, sounded a note of caution, by warning that the internet was at risk of becoming a “dark and ungoverned space” which was “frustrating the efforts of police and intelligence agencies to keep people safe”.

Here at 2-sec, we can only echo Sir Bernard’s words – and we are pretty certain that this will be an ongoing battle between the cyber criminals and the law for a long, long time.