Hidden Internet becoming a haven for drug dealers, terrorists?

posted at 3:21 pm on July 2, 2013 by Ed Morrissey

What if Internet users could access a “hidden Internet” where they could surf without fear of detection or identification?  That would certainly have a lot of appeal to some users who detest the government’s snooping in general, but it would also tend to attract those who have more concrete reasons to avoid being identified and/or tracked in their on-line activities.  Why hassle with slower speeds and excess infrastructure unless security is absolutely critical to your activities, after all?  That is exactly what has happened with Tor, according to an article by the Pittsburgh Tribune-Review from almost two weeks ago but which has gotten more traction today after Drudge picked it up:

Now after revelations about widespread U.S. government surveillance of social media and cellphone records, Egyptians are able to lecture Americans about Internet privacy. What once seemed unnecessary to most Americans might make sense, even to people not doing anything illegal or even embarrassing.

More than 80,000 people in the United States log onto the Tor network to access the Web each day, according to its metrics . Edward Snowden, a former employee of a U.S. government contractor who leaked information about U.S. intelligence agency snooping, had a Tor sticker on his laptop.

Tor protects users by encrypting their Internet traffic and routing it through servers around the world, making the information appear to come from somewhere else. About a half-million people a day use the network worldwide, with the United States and Italy topping the list. But it has been popular in Iran, Syria and other places where governments try censoring the Web.

Because it provides anonymity, Tor also has become a haven for computer criminals dealing in drugs, child pornography, illegal guns and even murder, if advertisements for hit men can be believed. Anarchists, skinheads and hackers use the network for discussion and recruitment.

Officials at the Massachusetts nonprofit that runs Tor said it plays an important role in places where governments seek to control the Web. “Tor continues to defeat censorship and allow citizens access to the open Internet,” executive director Andrew Lewman told the Tribune-Review.

Who created this government-free haven of communication?  Three guesses:

Tor started out as a project of the Naval Research Laboratory in the early 2000s for military communications and command and control even in hostile areas. Originally known as The Onion Router, the name derives from the metaphor of peeling away layers of encryption at each server so that no one eavesdropping on the communication can identify the user, the content and the end destination.

Anyone can download the Tor software for free and surf the web anonymously from a computer or a cellphone. Service providers can create hidden websites that end in .onion — rather than .com or .org. Users can access them only on the network. Because Tor sends information through other nodes, traffic on it moves slower than on the rest of the Web.

There are other programs that allow users to hide an email address, encrypt messages or operate through proxy servers to hide their identity, but none is as sophisticated or widely used as Tor, cyber experts told the Trib.

Ahem.  I don’t mean to get too conspiratorial, but it’s just a little difficult to believe that the government created an Internet network it can’t surveil, especially after finding out about the NSA programs and the lengths the agency goes to track potential terrorist activity on line.  After all, the “early 2000s” was a time when organized terrorism and its on-line communication was very much on the mind of the US government.  It’s also when Congress passed the PATRIOT Act (October 2001, to be exact) allowing for much more broad surveillance on communications. This sounds a little like …

… and if it’s not — what were we thinking in allowing it to get out into the open?  The Trib-Review notes that it is now used by freedom activists in Egypt who want to avoid detection by the Morsi government, which should tell us something about the nature of post-Mubarak conditions. But if this is truly impenetrable by the government that created it, it raises a lot of questions about why we provided this platform and then started snooping on open communications instead.

Criminals don’t entirely get a carte blanche on Tor, though.  Old-fashioned undercover police work can succeed on the hidden Internet, too:

Michael Evron was visiting Bogota, Colombia, last year when he was arrested and charged with running an illegal drug network across 50 states and 34 countries.

U.S. prosecutors say Evron, 43, of Argentina was the computer whiz behind The Farmer’s Market, a website on the hidden Tor network that specialized in marijuana, psychedelic mushrooms and other illegal drugs. The site, they say, raked in more than $1 million over a 22-month period. …

Evron, a computer programmer, graduated from New York University and once worked for Wall Street financial titan Goldman Sachs. After his arrest, Evron helped authorities shut down the website and allowed his extradition to Los Angeles, where he awaits trial.

He was one of 15 people arrested, including one in the Netherlands, whom authorities allege were tied to the website. One unidentified person in Pittsburgh was arrested in the raid but released without being charged, a Drug Enforcement Administration spokeswoman said.

An undercover DEA agent bought more than 30 grams of LSD online for $2,160 on The Farmer’s Market, posing as one of the site’s 3,000 customers.

“Traffickers of illegal drugs may attempt to operate online in secrecy, utilizing special networks, anonymizers and covert currency transactions,” DEA spokeswoman Barbara Carreno said. “But none of that is beyond our reach. … DEA is very proactive in keeping abreast of ever-evolving technological advancements.”

Yes, I suspect that more than a few people may make the mistake of thinking that “untraceable” communications means absolute security. Someone has to collect the cash and deliver the goods, and just as in real life, those are vulnerabilities for hidden criminal enterprises.

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

The NSA will probably monitor that one too…

Khun Joe on July 2, 2013 at 3:25 PM

Yes, I suspect that more than a few people may make the mistake of thinking that “untraceable” communications means absolute security. Someone has to collect the cash and deliver the goods, and just as in real life, those are vulnerabilities for hidden criminal enterprises.

Yeah.

Give a man a rope…Teach him to hang himself?

workingclass artist on July 2, 2013 at 3:26 PM

what were we thinking in allowing it to get out into the open?

This is just the one that people glommed on to. The idea of a darknet or packet anonymizing is not new, nor is it some sort of black magic that only .gov or .mil coders can implement.

Once something becomes too popular or well-known, the real clandestine folks will go elsewhere and create something new. Tor has been known for a long time, is trivially easy to set up and use, and has probably been the tool of choice for intelligent terrorists for a decade.

So less hyperventilating, please. There are many, many ways to keep secrets. They are mostly ignored for reasons of convenience.

Prufrock on July 2, 2013 at 3:34 PM

Fishy. It’s like investment tips — when you hear about them, it’s already way too late.

John the Libertarian on July 2, 2013 at 3:34 PM

What if Internet users could access a “hidden Internet” where they could surf without fear of detection or identification? That would certainly have a lot of appeal to some users who detest the government’s snooping in general, but it would also tend to attract those who have more concrete reasons to avoid being identified and/or tracked in their on-line activities.

The things people do to get ahold of porn…

nobar on July 2, 2013 at 3:35 PM

http://xkcd.com/538/

CableDude on July 2, 2013 at 3:39 PM

So when is HotAir moving over to Tor?

My collie says:

After all, it’s only a matter of time before the Obama administration declares this web-site a “criminal enterprise”.

CyberCipher on July 2, 2013 at 3:39 PM

The islamic terrorist forums have dedicated sections to instruct their members how to hide their identities and avoid being traced by using TOR program… This has been going on for many years…

mnjg on July 2, 2013 at 3:40 PM

Messed up the previous link.
http://xkcd.com/538/

CableDude on July 2, 2013 at 3:41 PM

I’m always reminded that no more than one person can keep a secret.

Mini-14 on July 2, 2013 at 3:41 PM

Because it provides anonymity, Tor also has become a haven for computer criminals dealing in drugs, child pornography, illegal guns and even murder, if advertisements for hit men can be believed.

Well, obviously we need a ban on Assault Software, and a national background check system for anyone purchasing an internet capable device. There wont be…well, there will kind of be a national registry, but the government obviously respects your First Amendment rights. So don’t start with the paranoia over imaginary tyrannies.

RadClown on July 2, 2013 at 3:41 PM

Duh, messed it up again. Could not possibly be my own incompetence. The NSA must be messing with me.
This

CableDude on July 2, 2013 at 3:45 PM

Someone has to collect the cash and deliver the goods, and just as in real life, those are vulnerabilities for hidden criminal enterprises.

So, how exactly are these “hidden internet criminals” any different from the ones in government, various banks and companies, labor unions, political parties, the U.N. and on and on.

We’re still living in a La La Land where criminals are only scruffy “little people” living in tenements and frequenting dark alleys.

The “acceptable” criminal classes are stealing billions from us, degrading our societies and corrupting our souls.

Dr. ZhivBlago on July 2, 2013 at 3:46 PM

TOR has been around for years, I’m surprised the news is just barely catching onto it.

And the drug dealers and hitmen have already moved on to hidden wiki. Don’t google what that is or you’ll have some FBI agents at your door within minutes.

Eschelon on July 2, 2013 at 3:46 PM

darpa may have sponsored the research in early 2k but it split away in 2002 or so.
EFF and unix security groups pretty heavy into it at that time (2002 to 2005) IIRC.
although with 80% of their budget coming from us gov I have always taken its claims with grain of salt.
its useful, no doubt, nothing is perfect though.

dmacleo on July 2, 2013 at 3:47 PM

If you want a good primer on TOR, read this.

BacaDog on July 2, 2013 at 3:47 PM

Its been a haven for the more adept drug dealers & terrorists for over a decade.

As I said when the NSA scandal broke out, this will just push the general public to use the encryption & anonymization tools that have been freely available for years.

taznar on July 2, 2013 at 3:48 PM

What if Internet users could access a “hidden Internet” where they could surf without fear of detection or identification?

I could look at Bollywood trailers on YouTube from behind the Great Firewall?

DarkCurrent on July 2, 2013 at 3:51 PM

Well, obviously we need a ban on Assault Software…

RadClown on July 2, 2013 at 3:41 PM

Some forms of cryptographic software has been on the U.S. Munitions List since 1992, making its export illegal. There were several 1st amendment cases surrounding not only its export but its use within the U.S.

taznar on July 2, 2013 at 3:52 PM

A story about Deep Web on HotAir – now I’ve seen just about everything. I wonder who will be the first HotAir reader to lose all their bitcoins on a silk road scam?

King B on July 2, 2013 at 3:52 PM

Tor specifically may have been developed by the military, but could have been designed by any undergraduate computer science student who had taken a few courses in cryptography. And by design, it is unlikely that Tor can be surveilled unless the encryption at its core is broken.

ATG on July 2, 2013 at 3:53 PM

Heck,
The problem with this is that people will think they are “safe” and not realize it is all about the endpoint.
In particular THEIR endpoint (PC,etc) that receives the completed file/transaction.

That TOR doesn’t “protect” since it has to be human compatible at that point. Even encrypted…just an add-on to a browser and we can suck down whatever shows. Or other application.

USE TOR or INFA and you’ll be safe as long as your device isn’t pooched. Otherwise not so much.

Not saying it is a bad thing…but that it isn’t as “secure” as people would like to believe.

ProfShadow on July 2, 2013 at 3:54 PM

Let me get this straight…

I’m a bad guy, I use TOR, and all my communications are funneled through a single point at TOR?

Please raise your hand if you think that’s secure.

faraway on July 2, 2013 at 4:00 PM

Clearly, we need a new government program and laws to make Tor illegal.

Oh, and funding!! Lots and lots of government funding!!

There Goes the Neighborhood on July 2, 2013 at 4:03 PM

Ahem. I don’t mean to get too conspiratorial, but it’s just a little difficult to believe that the government created an Internet network it can’t surveil, especially after finding out about the NSA programs and the lengths the agency goes to track potential terrorist activity on line.

Welcome to the tin hat club Ed. I’ve been paranoid about all these putative ‘privacy’ schemes since the ‘gummint’ forced PGP to give them a ‘backdoor’ into their encryption program years ago.

Even if they aren’t ‘gummint’ sponsored false fronts for spying operations or ‘gummint’ trojans the mere fact that anyone uses them would be a red flag for Butch Napolitano and Co.

LegendHasIt on July 2, 2013 at 4:11 PM

CyberCipher on July 2, 2013 at 3:39 PM

Where have you been CyberCipher? I missed your collie…..

Barred on July 2, 2013 at 4:14 PM

Hidden Internet becoming a haven for drug dealers, terrorists?

They had to do something after public telephone booths disappeared …

ThePrimordialOrderedPair on July 2, 2013 at 4:17 PM

Ahem. I don’t mean to get too conspiratorial, but it’s just a little difficult to believe that the government created an Internet network it can’t surveil, especially after finding out about the NSA programs and the lengths the agency goes to track potential terrorist activity on line.

Since it’s open source software, it can’t very well have any back doors. That’s one big reason why all good encryption is open source. The government would like to control encryption, but it’s simply not possible.

And while you are in effect creating or joining an encrypted network, it’s only in the sense of encrypting connections between sites already on the internet. Once the software is out there, the government has no role in the network.

With that said, Tor is not completely bulletproof. It makes online tracking of people much harder, but there will always be other ways to track them.

There Goes the Neighborhood on July 2, 2013 at 4:22 PM

Ahem. I don’t mean to get too conspiratorial, but it’s just a little difficult to believe that the government created an Internet network it can’t surveil,

TOR isn’t an “internet network”. It’s just a virtual network that rides on internet TCP/IP. No big deal, really. It uses so extra encryption and washes end-to-end communications in that virtual net but that’s not really anything outrageously tough. Anyone can build their own (though it is a decent amount of work). The problem is that you need enough people always on the virtual network to keep it alive.

But, you can just have you and your buddies on your own virtual network, with decent encryption, and no one will know what you’re doing. The only problem is that most communication is identifiable end-to-end in that case and you can’t access anything interesting from anyone you don’t know. But, if all you want is to communicate securely with people you know, you don’t need TOR.

ThePrimordialOrderedPair on July 2, 2013 at 4:24 PM

Where have you been CyberCipher? I missed your collie…..

Barred on July 2, 2013 at 4:14 PM

My wife is 25 years younger than me. We have a 4 year old boy. It keeps me n’ collie pretty busy.

My collie says:

Why don’t you just admit it, CC? You want to “drop out” just like Sarah Palin.

Well, yeah, there’s THAT too.

CyberCipher on July 2, 2013 at 4:40 PM

Having gone to the link and read the “If you want Tor to really work” FAQ, I call BS.

If you do anything you would normally do on the net, like download a file (photo, whatever), open a file (i.e., read an article online), or anything else, Tor does not prevent the ISP of that file’s provider from knowing where it was accessed from. The only way it works at all is if you adopt a stealth mode of web browsing, which means most websites will lock you out. (See “NoScript” and “JavaScript”.)

Frankly, the “Do Not Track” checkmark on Mozilla Firefox (you can find it in “Tools”) does a better job, and you already have it, and probably just don’t have it turned on.

If the bad actors on the Net want to use something like this to give themselves a false sense of security, I’m OK with that. As the old saying goes, “If something sounds too good to be true, it usually is”.

Tor is no exception.

clear ether

eon

eon on July 2, 2013 at 4:45 PM

No mater what, you have to gain access via a legit service like Comcast. They could easily tag all traffic going to TOR servers. They may not be able to see what you do or who you are talking to but they will see you go in. That may be all that is needed as probable cause if the authorities want you. We had this happen at work and were able to trace right to the system. We didn’t know what was being sent, said or received but we were able to shut it down. The user of the computer whined that he didn’t do it but, eventually resigned when allegations of embezzlement surfaced.

Dr. Frank Enstine on July 2, 2013 at 5:04 PM

If I were the Government, the only IP packets I’d be concerned about would be those connecting with known bad sites, including the TOR network.

unclesmrgol on June 13, 2013 at 10:35 AM

It’s even better if they invented it.

unclesmrgol on July 2, 2013 at 5:06 PM

The Drudge link advised: if you want to know more, click here…is that article still on Drudge? Is the NSA fishing?

In Tor, packets pass thru volunteer nodes. Each server only knows the prior. The last server decrypts. You have to trust the chain. The gov could pretend to be an enthusiast and become a volunteer node for fishing. From the TOR site:

As Tor’s usability increases, it will attract more users, which will increase the possible sources and destinations of each communication, thus increasing security for everyone. We’re making progress, but we need your help. Please consider running a relay or volunteering as a developer.

It is useful to use something like TOR to hide your IP address so sites can’t come back and bite you
Traps:

Anyone can configure an exit node to only permit certain types of traffic. Some exit nodes only accept traffic on ports that correspond to unencrypted protocols or change SSL certificates. This is downright fishy, and an experienced Tor user would blacklist these exit nodes. Nonetheless, this only catches the most flagrant exit nodes.

You may draw suspicion on yourself:

If an enthusiastic user does decide to run an exit node, he/she will face problems as a result. Although the user is unlikely to face problems from the authorities, an exit node will rapidly have its IP address banned from a wide range of websites that enable user discussion or user generated content. This is a substantial inconvenience.

They can fish you at the last node

Exit nodes have in the past recorded the data passing through them. Anything that isn’t end-to-end encrypted can and will be read. One researcher has even published the data he sniffed from his exit node. His research demonstrated that many Tor users don’t understand the extent that Tor protects them. Tor therefore forces users to make the bizarre choice between non-anonymous Internet use with only their ISP logging traffic or somewhat anonymous Internet use with a complete stranger logging their traffic.

heh who planted the next link? is the gov looking for malcontents?

Proxies arent all bad. startpage.com gives you a search engine that allows you to go to most sites via proxy. Because it searches google via a proxy, google doesnt have your history to trim the results for the merchants and send you only vegetarian mail order stores when you asked for ‘mad cow’. You get superior search result if you have no name. Proxies rock. Are they trusted? What is trust?

I assume this thread will be data mined and flagged

entagor on July 2, 2013 at 5:20 PM

Edward Snowden, a former employee of a U.S. government contractor who leaked information about U.S. intelligence agency snooping, had a Tor sticker on his laptop.

Wow, that’s quite an indictment there. WTF ?!

deadrody on July 2, 2013 at 5:20 PM

If I were the Government, the only IP packets I’d be concerned about would be those connecting with known bad sites, including the TOR network.

unclesmrgol on June 13, 2013 at 10:35 AM

Which can, I hope you realize, access the entire internet. In an anonymous, encrypted fashion. There are sites that only connect over Tor, but you can get to the entire internet over Tor.

Assuming you are doing something untoward AT WORK, well you don’t have any presumption of innocence or privacy, but at home you most certainly do. Hiding what you are doing is not in and of itself probable cause for any crime.

deadrody on July 2, 2013 at 5:24 PM

Yes, I suspect that more than a few people may make the mistake of thinking that “untraceable” communications means absolute security. Someone has to collect the cash and deliver the goods, and just as in real life, those are vulnerabilities for hidden criminal enterprises.

You have to know where the cash is going to and coming from, first. Over Tor you don’t. Works the same way if I use an untraceable burner phone. Just because you hypothetically know that somewhere, someone is paying money for contraband doesn’t mean you know who, where, or when.

deadrody on July 2, 2013 at 5:26 PM

Wondering about who is who

Check out the emergence of Mark Monitor

entagor on July 2, 2013 at 6:15 PM

this blows away the NSA’s response about why it needs to spy on everyone. The terrorists are already using otr means. They knew the internet was being spied on and they evolved another way. the NSA program is basically a gun control program. Neither works and neither is needed.

unseen on July 2, 2013 at 6:30 PM

when your government becomes the criminals what do you call it when you avoid the laws passed by the criminals?

oh that’s right: freedom

unseen on July 2, 2013 at 6:31 PM

Let me get this straight…

I’m a bad guy, I use TOR, and all my communications are funneled through a single point at TOR?

Please raise your hand if you think that’s secure.

faraway on July 2, 2013 at 4:00 PM

Not a single point at TOR…the single point is your PC/device. It splits its requests up and sends them to different nodes on the TOR network…that is, anyone who is running TOR and agrees to share the burden, so to speak.

So you make a request. It gets split into many parts. Each part goes through a different person’s PC (for simplicity’s sake, let’s say) and then gets sent back to you and reassembled on your PC.

That’s the “weak point” in TOR. Your PC.

ProfShadow on July 2, 2013 at 7:32 PM