View attachment 40401 LOS ANGELES - On Friday, August 13 2004, three unassuming computer experts ascended the stage at the San Diego Town and Country Hotel and Convention Centre in California. It was blisteringly hot outside, and the complex was filled with holidaymakers strolling to and from the pool. But inside the *darkened auditorium, everybody was wearing business clothes, and the air conditioning made it chilly.
This was the last session of the Usenix Security Symposium, a five-day conference for digital security *professionals. Already people had started to go home. But the audience that remained – a mixture of researchers, *systems administrators and policy wonks – greeted the speakers with polite applause.
Roger Dingledine and Nick Mathewson were members of Free Haven, a Massachusetts Institute of Technology research project that looked for ways to use data so that it could resist “attempts by powerful adversaries to find and destroy [it]."
Their colleague, Paul Sylverson, a mathematician with a PhD in philosophy from Indiana University, had been working for the US Navy to find a way to use the internet anonymously. That had been his goal since 1995. An alpha version of his solution had been running since 2002; now, in 2004, they were going to present the updated version that was to make history.
As modest as they appeared, these three men have become known as the people who – in that darkened conference room in 2004 – unleashed the Tor anonymity network, one of the most controversial phenomena in the history of the internet. An acronym for The Onion Router, Tor bounces data and messages through as many as 5,000 other computers, known as “nodes” or “relays”, adding layers of encryption to the data like skins on an onion, until it is virtually impossible to discern the original user’s location and identity.
And although it has positive applications, especially in repressive regimes such as Iran and China, where pro-democracy activists use it to publicise human rights abuses and foment dissent, it is also used by many thousands of people to trade guns, drugs, stolen goods and child *pornography. It has been implicated in hundreds of cases of fraud, identity theft and paedophilia. Remarkably, though, the US Navy continues to provide most of its funding.
“When we started working on Tor, we didn’t sit back and think too much about the implications of privacy, security and anonymity,” says Sylverson, on the phone from the US Naval Research Laboratory in Washington, DC. “The reason for our research was to allow US government employees to go to public websites to gather information, without anybody knowing that there was somebody from the Navy looking for this stuff.” To guarantee anonymity, Tor had to have mass appeal and so the software was designed to be “open-source”, meaning that the source code could be *distributed and developed by anybody. “It had to be picked up by the public and used. This was fundamental,” says Sylverson. “If we created an anonymous network that was only being used by the Navy, then it would be obvious that anything popping out or going in was going to and from the Navy.”
Every additional ordinary user, he says, enhances the security and protection that the network is designed to offer to Navy employees, and is, in a way, their “payment." Fast-forward to 2014, and that attitude seems at best naive, at worst willfully negligent. Sites that are blocked by most internet service providers, including those peddling hardcore child pornography, are accessible using Tor and available to browse following some simple steps well within the grasp of most computer-users.
Each page can take up to 30 seconds to load, but that aside, when I log on to the network on a Monday afternoon after downloading the Tor browser, I find it easy to access a wealth of illegal goods and services, ranging from the appalling to the ridiculous.
Gun Grave, for instance, offers a selection of weapons including a “mint condition” M4 semi-automatic rifle that can be “shipped worldwide”. “Chances are if you are looking for it we can find it,” the vendor writes. Evidently, there is a history here. Further down the listing, he elaborates: "We have had 2 orders for 3 items seized recently and rather then work with us according to our partial refund policy the buyers decided to leave negative feedback and try to extort us with threats of negative forum comments.... WE WILL NOT BE EXTORTED!!!!!! Thank you."
The same site also offers a "knuckle blaster stun gun", described as "a 950,000-volt stun gun designed to give you a punch with power. Just touch your attacker to instantly repel them and it will give you time to get away. Longer contact will cause further disorientation and after some seconds may drop them to their knees. Uses 2 Lithium batteries, included. Comes with a free nylon belt holster."
On another site, a user calling himself “The Facebook Hacker from Belgium” offers to hack into any social media account for 0.86 Bitcoin (the internet-only currency favoured by the dark net), or about £250. Business is obviously brisk – he has accumulated 23 positive reviews, with satisfied customers leaving messages like “the perfect vendor”, “totally impressed”, and “legit seller."
And this is only the tip of the iceberg. On a retail site called Evolution, a vendor called Cat, based in China, sells illegal rhinoceros horns, someone from India offers morphine tablets and “Science Guy”, another Chinese seller, offers testosterone and steroid pills. User “Amazon Gold” is selling “1000s of credit card details” for one Bitcoin, or about £290, along with a guide to credit card hacking for “noobs”, or newcomers. There is also a host of even more disturbing material, including a plethora of upsetting pornographic sites, sinister suicide forums telling vulnerable users how to kill themselves, and sites offering the services of hit men and corrupt government officials. A search engine called Grams makes it as easy to find these things as Google does to find conventional websites. In fact, Grams, with its multicoloured lettering and white background, appears, at first glance, to be part of Google. But the slogan on the homepage gives it away: “The only way to deal with an unfree world is to become so absolutely free that your very existence is an act of rebellion.”
There can be little doubt: this is not just the Wild West, this is the modern-day Sodom and Gomorrah. As well as the obvious human cost of those being exploited by online paedophiles, it is estimated that electronic fraud, which relies heavily on Tor, costs the British economy tens of billions of pounds a year. In July, security researchers at Kaspersky Lab, the world’s largest private software security company, announced that a new strain of ransomware – malicious software that encrypts users’ data and demands hundreds of pounds for its release – had appeared, which used Tor “to hide its malicious nature” and made those responsible “hard to track”." Ransomware is so sophisticated that it has even made *victims of the police. Last year, a police force in Massachusetts was forced to pay $1,338 (£795) to unlock data that had been infected with Cryptolocker, a forerunner of the new Tor-based programme.
Above all, perhaps, Tor has become a hugely popular means of buying drugs online without getting caught. Users can visit websites on the dark net, browse a selection of thousands of drugs, pay for them using Bitcoin, and have them delivered to their door. “I started using it two years ago. It made life a lot easier,” says Alistair Roberts (not his real name), who buys drugs regularly using Tor. “It cut out a lot of the danger involved in drug buying. No one can rob you or stab you, and the police can’t get involved.” Another benefit of buying drugs online, he says, is that you are given access to a vast range at the click of a mouse. “Normally you can only buy drugs if you know the dealers. But this opens up the whole market. It’s a totally free market that regulates itself.”
The drugs arrive in a variety of ways. Some are in *Amazon-style envelopes, vacuum packed to prevent odour. Others are hidden in CD cases, or inside food *packaging. “I once bought some MDMA pills, and they arrived in a sports supplement tub,” says Roberts. “The company was selling nutrition supplements legitimately through a *normal website, and illegal drugs on the dark web using the same packaging.”
In his recent book on web subcultures The Dark Net, Jamie Bartlett admits to being impressed by the ingenuity and effeciency of these sites, while fearing that they will lead to “higher levels of use, and drugs use - legal or illegal - creates misery.”
By Jake Wallace Simmons - The Telegraph/September 17, 2013
Photo: The Times. Col UK