/ 15 July 2016

Beware of the web’s dark side

Beware Of The Web’s Dark Side

Never let it be said that customer service is dead: great July promotions on heroin and cocaine; specials on counterfeit money (buy 20 notes and get two free); helpful tips on avoiding getting caught (for customers looking to have someone assassinated); South African credit cards for sale for between $12 and $21.60 (on MilkRoad).

This is business on the dark web.

But this hidden cyber realm does not only host places for terrorists, child pornographers and arms dealers to sell their wares, it is also where activists in oppressive regimes go to get around government spying and censorship, whistle-blowers can leak material in relative safety, and ethical hackers gather to share know-ledge and campaign.

Nevertheless, the cybersecurity risks that can stem from the dark web have government agencies and private companies around the world sweating about the security of their networks, their data and their bank accounts.

Earlier this week Armscor, the state’s arms procurement firm, had its servers hacked and the data dumped on the dark web, the latest evidence that local government agencies are not immune to attack. (See “The key to remaining anonymous”, below)

Testing the waters
To better understand the dark web, this week I put my big toe into its murky waters.

It is by design not an easy place to navigate, given the need for secrecy. Websites don’t pop up with ease in your browser and URLs are typically just a random assortment of letters and numbers, ending with the suffix .onion.

The many guidelines, articles and forums offering help are replete with warnings about the risks of compromising your identity. They do little to ease fears that you might inadvertently offend a hitman for hire or draw the attention of a bored, malignant hacker.

A visit to just one of the market-places on the dark web, Alpha-Bay, puts weapons, drugs, credit card details and malware at my fingertips.

Vendors are given trust ratings and customers can leave their feedback. Aside from the product categories, the site has the look and feel of any e-commerce platform.

“Smooth to the end,” says one customer of the services received from a credit card vendor, and a dealer gets rated 11/10 for his product.

In the dark web, cryptocurrency Bitcoin is the payment method of choice.

On BitPharma, a market for drugs, just under BTC2.3, or roughly €1 375, will get you 25g of cocaine. If you pass on a referral to your friends, you can earn 1% on each purchase they make.

Other sites offer you whole new identities with passports, ID cards and driver’s licences made to order for countries such as Australia, Finland, the United States and Canada.

But buried here too are the pages claimed by the likes of WikiLeaks, where submissions can be uploaded by whistle-blowers, in defiance of censorship and oppression.

What the dark web is, and isn’t
The dark web forms part of, but should not be confused with, the deep web, according to Manuel Corregedor, the operations manager of Wolfpack Information Risk. The deep web is the part of the internet that cannot be accessed by ordinary search engines such as Google.

For the most part, it consists of different, specialised databases that typically require that users have a login account to access the information, for example, research databases. By some estimates, the deep web makes up about 96% of content on the worldwide web, compared with the 4% we know as the “surface web”.

The dark web is a smaller part of the deep web that is intentionally hidden from standard web browsers, according to Brightplanet, a firm that specialises in harvesting data from the deep web. Much of what has become famous on the dark web resides in the Tor network.

The Tor network is part of the internet but special software is required to access it, Corregedor says.

All user traffic goes through at least three servers or relays in an effort to disguise a user’s IP address – the publicly known identifier that each device participating in a computer network has. (See “The key to remaining anonymous”, below).

Although the Tor network is often associated with the dark web, it is legal and aimed at allowing all internet users worried about privacy to maintain their anonymity online.

“We need to remember that Tor was created for a good purpose but, unfortunately, it is also being used by criminals, terrorists [and others] in order to conceal their malicious behaviours,” Corregedor says.

The dark web is invaluable to activists and whistle-blowers because it allows them to use Tor anonymously to report abuses such as human rights violations from regions where this could compromise their safety, he says.

The dark web can be a bleak place though.

In a tour of the dark web, hosted by law firm Norton Rose Fulbright, sites such as Ender Vida were revealed, where supposed former soldiers offer their contract killing services.

The validity of these assassin sites is the source of some speculation, however, and are believed, in some cases, to be scammers out to catch people bent on murder.

But sites showing real rapes, or that traffic in child pornography or women, can also be found.

It is difficult to determine the extent of dark web activity in South Africa because of its anonymity, according to Rohan Isaacs, a technology lawyer and director of Norton Rose Fulbright.

Nevertheless, the number of dark web sites and their use appears to be growing, he says, in part driven by increasing concerns worldwide about privacy.

Some of the sites are no doubt scams, Isaacs says, but, given the number of sites and associated vendors, many are legitimate.

A large part of the dark web is also devoted to what he calls “plain weirdness”. These are sites that are not necessarily illegal but rather reflect the strangeness of people, such as confession sites, where bizarre if not illegal acts are confessed, or the dark web’s equivalent of Facebook, Blackbook, where users have no hope of knowing who their “friends” are.

The dark web is not just being used by individuals. According to Corregedor, private organisations and governments are increasingly using it as a source of threat intelligence.

With the threat of cybercrime comes the threat of cyberwarfare, and state-sponsored attacks on multinational corporations or other countries.

South Africa, as with any other country, is equally at risk from this kind of threat, Corredegor says, because it is difficult to monitor the dark web for national threat intelligence.

The key to remaining anonymous

Manuel Corregedor, the operations manager of Wolfpack Information Risk, gives a simplified example of how the Tor network works:

A web user, let’s call him Joe, wants to access Google, using a conventional internet connection. Joe would typically connect directly to Google and Google would reply. This is possible because Google has a unique public IP address, as does Joe’s computer, through his internet connection, which is linked back to Joe.

If Joe uses Tor, his request for the Google page would go to a Tor server or relay first, known as an entry node. It would then be forwarded to a second Tor relay, which would then forward it to the third Tor relay, or exit node, which would then forward it on to Google.

In this way, there are three additional servers between Joe and Google rather than a direct connection, helping to keep Joe anonymous and conceal his unique public IP address.

Law enforcement and government agencies have been known to target Tor to catch users. But it is difficult to do so, according to Corregedor, without compromising the user or their machine; compromising the Tor browser by identifing a weakness in the Tor software itself and using that to track the user; or compromising the Tor relays, in particular the entry and exit nodes.

Meanwhile, hactivism is on the rise. The hacktivist group known as OpAfrica, reportedly affiliated to the global network Anonymous, has recently targeted the South African government and other African states to expose corruption and human rights abuses. This week OpAfrica reportedly claimed responsibility for hacking Armscor, the state’s arms procurement firm.

According to website HackRead, the data leaked on the dark web includes transaction details of high-profile clients such as Airbus, the Thales Group, and the European Aeronautic Defence and Space Company.

Armscor released a statement to say that, “at this stage, that information accessed does not contain sensitive and classified content” and that it had convened a “team of cyberexperts” to conduct a forensic analysis to determine the full extent of the incident.

The websites of other South African entities such as the SABC and companies owned by the Gupta family, all of which have garnered controversy recently, have also been targeted.

The hacktivist group AnonymousAfrica, which has disassociated itself from OpAfrica, claimed responsibility, but more recently it has turned its sights on Zimbabwe.

As the government cracked down on citizen movements such as #ThisFlag, the group brought down the websites of state ministeries and the ruling Zanu-PF. – Lynley Donnelly