Tor (The Onion Router)
November 4, 2018
Tor (The Onion Router)
The Onion Router also known as Tor uses a network of servers to create privacy and security amongst users of the internet; the system was first established on September 20, 2002. The uses of Tor are many; it can be used to keep websites from tracking users and their family members, or to gain new site connections, instant messaging services, or if an Internet provider happens to block the user from any of the previous, Tor is a work around (Tor Project, n.d.). When a user wants to publish a website, or any other service online Tor helps with keeping the site location private. There are people that use Tor for rape and other abuse survivors in chat rooms and web forums (Tor Project, n.d.).
Greenburg 2014 states that, “the dark Web is the portion of the deep Web that has been intentionally hidden and is inaccessible through standard Web browsers.” Dark Web sites usually include encryption to prevent monitoring and serve as a platform for Internet users who prefer or require anonymity (Greenburg, 2014). IP addresses are usually hidden in tools like Tor for anonymity purposes on the Dark Web, which consists of thousands of websites (Greenburg, 2014). The Dark Web is not only used by criminals with malicious intent, but is also used to protect the users from surveillance and anonymous whistleblowers. (Greenburg, 2014). Tor was designed by the US Naval Research Laboratory, it was a method for communicating online anonymously. Chertoff and Simon 2014 state that, “The ability to traverse the Internet with complete anonymity nurtures a platform ripe for what are considered illegal activities in some countries, including:
• controlled substance marketplaces;
• credit card fraud and identity theft; and
• leaks of sensitive information.”
This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points (Dingledine et al., 2004). Tor can be used by anyone and does not require special privileges for usage, it can be pulled up directly from your Internet; it and provides a reasonable tradeoff between anonymity, usability, and efficiency (Dingledine et al., 2004). Tor has now been mostly used by criminals to contain their information from detection.
This paper will argue that not only can Tor be used to by criminals to commit malicious acts, but that the system can also be used by government agencies in conducting investigations and solving crimes.
The U.S. Navy uses Tor to openly gather intelligence data, and one of its teams used Tor while deployed in the Middle East recently (Tor Project, n.d.). Tor allows law enforcement surveillance to stay hidden so that there will be no traces of a government IP address that can be found in the web logs, and enables security during secret operations (Tor Project, n.d.). Greenburg 2014 states:
“Silk Road was an online marketplace that dealt with contraband drugs, narcotics and weapons.” In 2013, the US Federal Bureau of Investigation (FBI) shut down the website (Greenburg, 2014). Shortly after the FBI shut down the operation a Silk Road 2.0 appeared, and it took 2 years for Europol and the FBI to take them down.
There are three main ways that law enforcement can use Tor to their benefit:
Online surveillance: Officials can search and look for questionable web site pages and services and don’t leave any signs of ever being there. If the system administrator of an illegal gambling site, for example, were to see multiple connections from government or law enforcement IP addresses in usage logs, investigations may be hampered (Tor Target, n.d.).
Sting operations: Law officers are allowed anonymity to operate online and stay undercover during their operations (Tor Target, n.d.). If a single IP address is recognized as one of the police’s range of addresses, an undercover officer can have his cover blown (Tor Target, n.d.).
Truly anonymous tip lines: Anonymous tip lines become useless without having the anonymity software but are the most popular. Service logs can very quickly and easily be identified if someone is familiar with computer software even though there is no direct personal data linked. (Tor Target, n.d.).
The military also has three main uses for Tor:
Field agents: While military field agents are deployed they have to maintain and protect themselves, their operation and their location; Tor provides the security that they need. (Tor Target, n.d.).
Onion services: Detection and facilitating large amounts of data in regards to local strikes; was the initial purpose and design by DARPA for the Internet (Tor Target, n.d.). An Internet protocol (IP) is created to reveal the geographic location of any server that can be reached online. Tor’s allows the military to hide under the radar without detection for any type of take down.
Intelligence gathering: If Tor is run by military personnel it keeps the hidden surveillance of insurgents that are being monitored.
The FBI achieved its second success in countering a cybercriminal .onion server in July 2013 when they seized the Freedom Hosting servers in France that had been associated with a known child pornography distribution ring; however, the techniques used by the FBI in the Freedom Hosting case differed significantly from the tactics used in conjunction with the Silk Road takedown (Yetter, 2015). The FBI was able to successfully take down the Freedom Hosting servers with the help of international personnel. Much vulnerability exist within systems, and this was the way that the FBI was able to implement a program to remote machines which flagged IP addresses to Washington, DC (Yetter, 2015). Yetter continues by stating that, “on November 7, 2014, predictions in the RAND corporation report seemed to come to fruition when 16 European countries and the United States coordinated an extensive sting operation that took down 414 illicit Tor darknet domains. Just because the IP addresses of those sites are kept hidden, however, doesn’t mean they’re necessarily secret. (Greenburg, 2014). Law enforcement and intelligence organizations must develop comprehensive counter-anonymity cybercrime strategies that are effective without attacking the integrity of the underlying privacy system itself (Yetter, 2015).
It is not just criminals who wish to remain completely anonymous when online; the U.S. military and other government agencies use Tor so that they are able to remain anonymous as well. Tor disguises IP addresses so that the original address cannot be determined, this helps the military so that when the internet is used their location is not compromised. Tor helps by letting the military surveil the enemy through Internet capabilities. Law enforcement can surveil groups and websites which can help them gather evidence for a case and prepare for a take down. Law enforcement can also help individuals that are calling in to report criminal activity remain truly anonymous throughout Tor. Tor has been used in criminal take downs of some popular dark web websites; like Silk Road, Silk Road 2.0 and Freedom Hosting. These were sites that contained illegal drug trade and child pornography. The methods and tactics used took years and help from other international government agencies. The negative is that once a web site is dismantled and taken down another one is created to replace it, and a new case starts. Security researchers must remain vigilant and find new ways to spot upcoming malicious services to deal with new phenomena as quickly as possible (Chertoff & Simon, 2014). These types of cases are difficult because there is no set IP address to find out who is creating the criminal sites and who is visiting them when using Tor. The uses of Tor are endless for government agencies, it lets them conduct their day to day business without compromises and keeping the privacy of the public. The Tor system does exactly what it was intended to do, create security and privacy for those who want to surf the web or create web pages; although it was not created for criminal use it has still been utilized to help stop criminals.
Tor was created with good intentions, but like the saying goes once pandora’s box is open it cannot be closed. The opening of Tor to the public opened the Dark Web even more to malicious activity that helps users go unknown. Government agencies are getting better with detection and continue to try and keep up with the cyber world. The focus should be on the need for law enforcement organizations to develop comprehensive technical counter-anonymity cybercrime strategies (Yetter, 2015). This needs to be done so government agencies can effectively apprehend those that continue to use the Dark Web and the Internet as their playground for criminal acts. The key to using the Tor system is being able to have a happy median when using it for reasons to catch criminals and surveil.
Chertoff, M. & Simon, T. (2014). Global Commission on Internet Governance: Cyber Security in a Volatile World. Vol. 5. Chapter Two: The Impact of the Dar Web on Internet Governance and Cyber Security. Retrieved from https://www.cigionline.org/sites/default/files/documents/GCIG%20Volume%20%235WEB_0.pdf
Dingledine, R., Mathewson, N. & Syverson, P. (2004). Tor: The Second-Generation Onion Router Retrieved from https://www.usenix.org/legacy/event/sec04/tech/full_papers/dingledine/dingledine_html/Greenburg, Por Andy. (Nov. 19, 2014). Hacker Lexicon: What Is the Dark Web? Retrieved from http://cronicasinfin.com/noticias/Hacker_Lexicon_What_Is_the_Dark_Web.pdfTor Project. (n.d.). Tor. Retrieved from https://www.torproject.org/about/overview.html.en
Yetter, R. B. (May, 2015). Darknets, Cybercrime & the Onion Router: Anonymity & Security in Cyberspace. Utica College, ProQuest Dissertations Publishing. Retrieved from https://search.proquest.com/openview/376ea22b97714afcd76859eeec9e6ed9/1?pq-origsite=gscholar&cbl=18750&diss=y