Tor and the Darknet
Tor, short for "The Onion Router," is a network that enables anonymous communication over the internet. It routes users' internet traffic through a series of volunteer-operated servers, concealing their IP addresses and enhancing privacy. The Darknet refers to parts of the internet that are intentionally hidden and inaccessible through standard web browsers. It is often associated with illegal activities, such as the sale of drugs and weapons, but also serves as a platform for free speech in oppressive regimes, allowing activists and whistleblowers to communicate securely.
Accessing the Darknet typically requires special software, such as the Tor browser, which facilitates access to websites with .onion domain names. While the Darknet can pose significant risks, including exposure to illegal content and cyber threats, it also provides a unique space for communities seeking anonymity. Users often have diverse motivations for exploring the Darknet, ranging from privacy concerns to the pursuit of unfiltered information. Understanding both the potential dangers and the positive uses of Tor and the Darknet is essential for navigating this complex digital landscape.
Tor and the Darknet
The term "darknet"also "Dark Web" or "Deep Web"referred to websites whose Internet addresses are encrypted by Tor software. The Tor browser allowed Internet users to remain anonymous by routing message traffic through a maze-like network of computers. The darknet protected political dissent around the world but also facilitates criminal e-commerce. The United States government set up the Tor system to enable secure Internet use in intelligence operations. Other Tor users include pro-democracy activists, libertarians, corporate whistleblowers, computer hackersnotably, the Anonymous collectivecyber spies of foreign governments, and traffickers in drugs, weapons, false documents, and stolen data. Operating like a black-market version of eBay, Silk Road processed $1.2 billion in sales to more than one million customers before being shut down by the Federal Bureau of Investigation (FBI) in 2013. Silk Road 2.0 appeared within weeks, competing against other darknet sites such as Evolution Marketplace, Agora, and Nucleus. Questions about how the FBI identified the individuals behind Silk Road prompted a renewed resolve among civil libertarians to preserve anonymity for Internet users.
Key Figures
- Dread Pirate Roberts (DPR) presided over the first version of Silk Road. Identified by the FBI as Ross Ulbricht, a San Francisco resident, he was sentenced to life in prison for his crimes.
- Defcon, identified as Blake Benthall, operated Silk Road 2.0 from December 2013 to November 2014. He was arrested on charges of drug trafficking, money laundering, and selling false identification documents. In a plea deal with the federal government, he was only charged with tax crimes.
- Cirrus, an FBI informant, had administrator access to the Silk Road 2.0 site and communicated regularly with Defcon.
Key Events
- September 2002-First version of Tor goes online.
- January 2009-Bitcoin, a digital form of cash, makes its debut.
- June 2011-News stories call Silk Road "the amazon.com of crystal meth."
- October 2013-Shortly before his arrest, Dread Pirate Roberts boasts that backups make Silk Road unstoppable.
- July 2014-Tor halts tracking study by Carnegie-Mellon researchers.
- November 2014-FBI shuts down Silk Road 2.0 and other sites, with 16 countries involved in the investigation.
- May 2015-DPR receives a sentence of life in prison without parole.
Status
In December 2014, the advocacy group Digital Citizens Alliance (DCA) reported Silk Road 2.0 had slipped from number one in darknet commerce by the time of its shutdown. The new leaders were Evolution Marketplace, with 26,000 listings, and Agora, with 16,000. Both sites sold products, such as stolen credit card information, that were not allowed on the original Silk Road, which limited offerings to "victimless" merchandise. Evolution excluded listings related to child pornography, murder, prostitution, Ponzi schemes, and lotteries. Both Evolution Marketplace and Agora were shut down in 2015. These sites were replaced by new darknet marketplaces.
In-Depth Description
Tor was developed in the 1990s by the US Naval Research Laboratory. The name was an acronym for The Onion Routerreferring to the layers of encryption that were added and then peeled away as a message passed through the system. In 2004two years after Tor went onlinethe laboratory made the software available for free to any Internet user. In 2006, with funding from the Electronic Freedom Foundation, Tor developers Roger Dingledine, Nick Mathewson, and Paul Syverson established the Tor Project, which maintained a network of 6,000 computers volunteered by system users. Tor has over two million daily users, with about 13 percent in the US. The US State Department and the National Science Foundation support the Tor Project through grants.
How Tor Worked
Tor provided anonymity by directing emails and other Internet communications through a series of network computers known as relays. Relays added or removed layers of encryption and forwarded messages to the next relay so that the sender's address and receiver's address did not appear together as clear text at any middle stage. When a message exited the Tor network, the last relay did not have the information needed to decrypt the original sender's address.
Darknet websitescalled hidden serviceskept their locations secret by using "onion" addresses, accepting traffic only from the Tor system. To view a site like the now-defunct Evolution Marketplace, for example, an Internet user went to the Tor system, looked in a directory of hidden services, and found a list of relays for initiating contact with the service. The parties proceed anonymously to a third location to exchange information.
Penetrating the anonymity provided by Tor was difficult but not impossible. The system relied on computers volunteered by Tor users. If a state-level agency was able to monitor computers that served as entry and exit relays, simulation studies showed that high-powered statistical analysis could yield identifying information for 25 to 50 percent of monitored traffic. Darknet websites were nearly invulnerable to this strategy, since they accepted communications only from Tor. However, the site visitors' computers may have contained identifying information, which could be revealed inadvertently in an error message.
Silk Road Operations
The advent of Bitcoin made e-commerce possible on darknet sites and served as the anonymous medium of exchange between anonymous buyers and sellers. By 2011, Silk Road emerged as the leading darknet marketplace for drug sales, though proprietor Dread Pirate Roberts described the enterprise as an online expression of libertarian principles. At its peak, the site listed 15,000 offers from sellers and collected transaction fees of 2.5 to four percent on sales. Buyers paid in bitcoins, held by a Silk Road escrow service until confirmation of delivery. Authorities seized 174,000 bitcoins when the site was shut down in October 2013. The value of a bitcoin is subjected to extreme fluctuation and fell from $145 to $109 that month.
Silk Road went offline following the arrest of Scott Ulbricht, then twenty-nine and living in San Francisco, and two others who were accused of working as staff for the site. Peter Nasha former prison psychologistwas arrested in Australia and deported on charges that he acted as site administrator. Before the arrests, Dread Pirate Roberts boasted backup code for the site was stored in 500 locations in seventeen countries. Silk Road 2.0 appeared in November 2013, five weeks after Ulbricht's arrest.
The new site operated for one year under the direction of Defconidentified as Blake Benthalla San Francisco resident who was briefly an employee of SpaceX. While shutting down Silk Road 2.0, the FBI worked with law enforcement agencies in sixteen countries and closed as many as 400 other darknet sites, including Pandora, Executive Outcomes, Hydra, and Fake ID. The FBI disclosed that it had the help of an informant known as Cirrus, who worked for Silk Road 2.0 and communicated regularly with Defcon. Locating the host computer of Silk Road 2.0 led investigators to Benthall.
Is Tor Still Safe?
Civil libertarians wondered whether there was more to the Silk Road shutdowns than the FBI revealed. Was their case limited to details known to Cirrus as a Silk Road insider? Or did the FBI find a way to penetrate Tor anonymity and trace Internet addresses of other darknet sites? Experts agreed the greatest threat to anonymity for Tor users was information held unwittingly or recklessly on the user's own computer. Ross Ulbricht's computer had encryption keys for TorChat, the preferred means of communication by Dread Pirate Roberts. Privacy advocates speculated that the FBI leveraged an experimental attack on Tor by Carnegie-Mellon University (CMU) researchers in early 2014.
According to reports, scientists at CMU's CERT Division, which worked with law enforcement as part of the US Computer Emergency Response Team (CERT), began a Tor study in February 2014 that combined a Sybil attack with a tracking confirmation attack. The Sybil attack planted a number of computers in the Tor network, and captured data for statistical analysis. The Sybil computers, acting as Tor relays, also added a marker to messages for tracking confirmation. In this kind of study, it was standard practice for tracking markers to be unreadable except by the researchers. Reportedly, Tor administrators cut the CERT computers out of the network in July 2014 after learning the tracking-confirmation markers in the CERT study were visible to anyone monitoring data from Tor exit relays.
In the aftermath of the Silk Road 2.0 arrests, other darknet sites continued to operate, apparently uncompromised by the FBI investigation. Evolution Marketplace and Agora had already overtaken Silk Road 2.0 in seller listings, offering a wider range of illegal products. In his October 2013 boast that Silk Road was unstoppable, Dread Pirate Roberts claimed police attempts to close the site would result in "a Hydra effect on a massive scale." Replacement sites sprung up around the darknet.
DPR was both incorrect and correct in his assertions. He incorrectly believed he would never be caught for his activities with Silk Road. However, in 2015, a judge handed DPR a life prison sentence without the possibility of parole after his conviction on several crimes. Defcon also faced prison until his decision to make a plea deal that saw his charges reduced to tax crimes. DPR was correct in shutting down Silk Road would cause a proliferation of similar marketplace sites on the darknet. While these are periodically shut down by law enforcement, they were far too numerous to completly eliminate.
By the mid-2020s, darknet websites continued as facilitators of international cybercrime. In addition to proffering illicit materials, many such sites allowed money laundering and other illegal financial services. Another evolution was the involvement of national governmental agencies and personnel in these illegal activities.
In June 2024, the Homeland Security Investigations (HSI) of the Department of Homeland Security announced it had shut down Empire Market, a darkweb marketplace. It also arrested two individuals in connection with the site. Empire Market allegedly enabled purchasers to commit drug trafficking, computer fraud, access device fraud, counterfeiting, and money laundering. Other illegal products that could be traded on the site were controlled substances such as heroin, methamphetamine, cocaine and LSD, and stolen credit card information. This reported criminal enterprise conducted transactions valued at $430 million. Empire Market reportedly utilized specialized anonymizing software. Also, the site’s address, which ended in “onion.” The charges in the indictment were reported to be punishable by a maximum sentence of life in federal prison.
Bibliography
Biesecker, Calvin. "U.S., International Agencies Shut Down Dozens Of Illicit Cyber Markets." Defense Daily, 7 Nov. 2014, p. 4. EBSCOIhost,
Cox, Joseph. "Silk Road 2.0 Admin May Only Be Prosecuted for Tax Crimes after Cooperating with Feds." Vice, 30 May 2019, www.vice.com/en/article/nea4kw/silk-road-2-admin-defcon-blake-benthall-tax-crimes-cooperate. Accessed 30 Sept. 2024.
"Dark Web Marketplace Owners Charged With Facilitating $430M in Illegal Goods Sales Following Joint HSI New York Investigation." Department of Homeland Security, Homeland Security Investigations, 17 June 2024, www.dhs.gov/hsi/news/2024/06/17/dark-web-marketplace-owners-charged-facilitating-430m-illegal-goods-sales. Accessed 30 Sept. 2024.
Gross, Terry. "How the Chinese Mafia Came to Control Much of the Illicit Marijuana Trade in the U.S.." NPR, 21 Mar. 2024, www.npr.org/2024/03/21/1239854106/how-the-chinese-mafia-came-to-control-much-of-the-illicit-marijuana-trade-in-the. Accessed 30 Sept. 2024.
McCormick, Ty. "The Darknet: A Short History." Foreign Policy, January/February 2014, p. 5-10. EBSCOhost,
Peddinti, Sai Teja, and Nitesh Saxena. "Web Search Query Privacy: Evaluating Query Obfuscation and Anonymizing Networks." Journal of Computer Security, vol. 22, no. 1, 2014, p. 155-99. EBSCOhost,
Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure." Cybersecurity and Infrastructure Security Agency, 9 May 2022, www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a. Accessed 30 Sept. 2024.
Ross, Winston. "Robbery on the Silk Road." Newsweek Global, 10 Jan. 2014, p. 29-38, EBSCOhost, search.ebscohost.com/login.aspx?direct=true&db=tsh&AN=93650133&site=ehost-live.
Treasury Takes Coordinated Actions Against Illicit Russian Virtual Currency Exchanges and Cybercrime Facilitator." U.S. Treasury Financial Crimes Enforcement Network, 26 Sept. 2024, www.fincen.gov/news/news-releases/treasury-takes-coordinated-actions-against-illicit-russian-virtual-currency. Accessed 30 Sept. 2024.
Zhioua, Sami. "Tor Traffic Analysis Using Hidden Markov Models." Security & Communication Networks, vol. 6, no. 9, Sept. 2013, p. 1075-86. EBSCOhost,