Potential Corporate Monitoring Concerns Tor Users
April 7, 2016
The Dark Web has been seen as a haven by anyone interested in untraceable internet activity. However, a recent article from Beta News, Tor Project says Google, CloudFlare and others are involved in dark web surveillance and disruption, brings to light the potential issue of Tor traffic being monitored. A CDN and DDoS protection service called CloudFlare has introduced CAPTCHAs and cookies to Tor for monitoring purpose and accusations about Google and Yahoo have also been made. The author writes,
“There are no denials that the Tor network — thanks largely to the anonymity it offers — is used as a platform for launching attacks, hence the need for tools such as CloudFlare. As well as the privacy concerns associated with CloudFlare’s traffic interception, Tor fans and administrators are also disappointed that this fact is being used as a reason for introducing measures that affect all users. Ideas are currently being bounced around about how best to deal with what is happening, and one of the simpler suggestions that has been put forward is adding a warning that reads “Warning this site is under surveillance by CloudFlare” to sites that could compromise privacy.”
Will a simple communications solution appease Tor users? Likely not, as such a move would essentially market Tor as providing the opposite service of what users expect. This will be a fascinating story to see unfold as it could be the beginning of the end of the Dark Web as it is known, or perhaps the concerns over loss of anonymity will fuel further innovation.
Megan Feil, April 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Secure Email on the Dark Web
April 1, 2016
Venturing safely onto the Dark Web can require some planning. To that end, FreedomHacker shares a “List of Secure Dark Web Email Providers in 2016.” The danger with Tor-accessible email providers, explains reporter Brandon Stosh, lies in shady third parties. He writes:
“It’s not that finding secure communications on Tor is a struggle, but it’s hard to find private lines not run by a rogue entity. Below we have organized a list of secure dark web email providers. Please remember that no email provider should ever be deemed secure, meaning always use encryption and keep your opsec to its highest level….
“Below we have listed emails that are not only secure but utilize no type of third-party services, including any type of hidden Google scripts, fonts or trackers. In the list below we have gone ahead and pasted the full .onion domain for verification and added a link to any services who also offer a clearweb portal. However, all communications sent through clearweb domains should be presumed insecure unless properly encrypted, then still it’s questionable.”
The list of providers includes 10 entries, and Stosh supplies a description of each of the top five: Sigaint, Rugged Inbox, Torbox, Bitmessage, and Mail2Tor; see the article for these details, and to view the other five contenders. Stosh wraps up by emphasizing how important email security is, considering all the sensitive stuff most of us have in our inboxes. Good point.
Cynthia Murrell, April 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google Reveals Personal Data in Search Results
March 30, 2016
Our lives are already all over the Internet, but Google recently unleashed a new feature that takes it to a new level. Search Engine Watch tells us about, “Google Shows Personal Data Within Search Results, Tests ‘Recent Purchases’ Feature” and the new way to see your Internet purchases.
Google pulls the purchase information most likely from Gmail or Chrome. The official explanation is that Google search is now more personalized, because it does pull information from Google apps:
“You can search for information from other Google products you use, like Gmail, Google Calendar, and Google+. For example, you can search for information about your upcoming flights, restaurant reservations, or appointments.”
Personalized Google search can display results now only from purchases but also bills, flights, reservations, packages, events, and Google Photos. It is part of Google’s mission to not only organize the world, but also be a personal assistant, part of the new Google Now.
While it is a useful tool to understand your personal habits, organize information, and interact with data like in a science-fiction show, at the same time it is creepy being able to search your life with Google. Some will relish in the idea of having their lives organized at their fingertips, but others will feel like the NSA or even Dark Web predators will hack into their lives.
Whitney Grace, March 30, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Predictive Analytics on a Budget
March 30, 2016
Here is a helpful list from Street Fight that could help small and mid-sized businesses find a data analysis platform that is right for them—“5 Self-Service Predictive Analytics Platforms.” Writer Stephanie Miles notes that, with nearly a quarter of small and mid-sized organizations reporting plans to adopt predictive analytics, vendors are rolling out platforms for companies with smaller pockets than those of multinational corporations. She writes:
“A 2015 survey by Dresner Advisory Services found that predictive analytics is still in the early stages of deployment, with just 27% of organizations currently using these techniques. In a separate survey by IDG Enterprise, 24% of small and mid-size organizations said they planned to invest in predictive analytics to gain more value from their data in the next 12 months. In an effort to encourage this growth and expand their base of users, vendors with business intelligence software are introducing more self-service platforms. Many of these platforms include predictive analytics capabilities that business owners can utilize to make smarter marketing and operations decisions. Here are five of the options available right now.”
Here are the five platforms listed in the write-up: Versium’s Datafinder; IBM’s Watson Analytics; Predixion, which can run within Excel; Canopy Labs; and Spotfire from TIBCO. See the article for Miles’ description of each of these options.
Cynthia Murrell, March 30, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Surfing Safely on the Dark Web
March 29, 2016
The folks at Alphr want us to be safe if we venture onto the Dark Web, so they offer guidance in their article, “Is the Dark Web Safe?” The short answer, of course, is “parts of it.” Writer Thomas McMullan notes that, while the very act of accessing hidden sites through Tor is completely legal, it is easy to wander into illegal territory. He writes:
“‘Safe’ is a bit of a vague term. There is much of worth to be found on the dark web, but by its nature it is not as safe as the surface-level internet. You can only access pages by having a direct link (normally with a .onion suffix) and while that makes it harder to accidentally stumble across illegal content, you’re only a click away from some pretty horrible stuff. What’s more, the government is cracking down on illegal material on the dark web. In November 2015, it was announced that GCHQ and the National Crime Agency (NCA) would be joining forces to tackle serious crimes and child pornography on the dark web. Director of GCHQ Robert Hannigan said that the new Joint Operations Cell (JOC) will be ‘committed to ensuring no part of the internet, including the dark web, can be used with impunity by criminals to conduct their illegal acts’.”
The article goes on to note that plugins which can present a false IP address, like Ghostery, exist. However, McMullan advises that it is best to stay away from anything that seems questionable. You have been warned.
Cynthia Murrell, March 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Reputable News Site Now on the Dark Web
March 28, 2016
Does the presence of a major news site lend an air of legitimacy to the Dark Web? Wired announces, “ProPublica Launches the Dark Web’s First Major News Site.” Reporter Andy Greenberg tells us that ProPublica recently introduced a version of their site running on the Tor network. To understand why anyone would need such a high level of privacy just to read the news, imagine living under a censorship-happy government; ProPublica was inspired to launch the site while working on a report about Chinese online censorship.
Why not just navigate to ProPublica’s site through Tor? Greenberg explains the danger of malicious exit nodes:
“Of course, any privacy-conscious user can achieve a very similar level of anonymity by simply visiting ProPublica’s regular site through their Tor Browser. But as Tigas points out, that approach does leave the reader open to the risk of a malicious ‘exit node,’ the computer in Tor’s network of volunteer proxies that makes the final connection to the destination site. If the anonymous user connects to a part of ProPublica that isn’t SSL-encrypted—most of the site runs SSL, but not yet every page—then the malicious relay could read what the user is viewing. Or even on SSL-encrypted pages, the exit node could simply see that the user was visiting ProPublica. When a Tor user visits ProPublica’s Tor hidden service, by contrast—and the hidden service can only be accessed when the visitor runs Tor—the traffic stays under the cloak of Tor’s anonymity all the way to ProPublica’s server.”
The article does acknowledge that Deep Dot Web has been serving up news on the Dark Web for some time now. However, some believe this move from a reputable publisher is a game changer. ProPublica developer Mike Tigas stated:
“Personally I hope other people see that there are uses for hidden services that aren’t just hosting illegal sites. Having good examples of sites like ProPublica and Securedrop using hidden services shows that these things aren’t just for criminals.”
Will law-abiding, but privacy-loving, citizens soon flood the shadowy landscape of the Dark Web.
Cynthia Murrell, March 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Bigger Picture Regarding Illegal Content Needed
March 25, 2016
Every once in awhile an article on the Dark Web comes along that takes a step back from the latest action on Tor and offers a deep-dive on the topic at large. Delving into the World of the Dark Web was recently published on Raconteur, for example. In this article, we learned the definition of darknets: networks only accessible through particular software, such as Tor, and trusted peer authorization. The article continues,
“The best known, and by far the most popular, darknet is the Onion Router (Tor), which was created by the US Naval Research Labs in the 90s as an enabler of secure communication and funded by the US Department of Defense. To navigate it you use the Tor browser, similar to Google Chrome or Internet Explorer apart from keeping the identity of the person doing the browsing a secret. Importantly, this secrecy also applies to what the user is looking at. It is because servers hosting websites on the Tor network, denoted by their .onion (dot onion) designation, are able to mask their location.”
Today, the Dark Web is publicly available to be used anonymously by anyone with darknet software and home to a fair amount of criminal activity. Researchers at King’s College London scraped the .onion sites and results suggested about 57 percent of Tor sites host illegal content. We wonder about the larger context; for example, what percent of sites viewed on mainstream internet browsers host illegal content?
Megan Feil, March 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
VPN Disables Right to Be Forgotten for Users in European Union
March 24, 2016
Individuals in the European Union have been granted legal protection to request unwanted information about themselves be removed from search engines. An article from Wired, In Europe,You’ll Need a VPN to See Real Google Search Results, explains the latest on the European Union’s “right to be forgotten” laws. Formerly, privacy requests would only scrub sites with European country extensions like .fr, but now Google.com will filter results for privacy for those with a European IP address. However, European users can rely on a VPN to enable their location to appear as if it were from elsewhere. The article offers context and insight,
“China has long had its “Great Firewall,” and countries like Russia and Brazil have tried to build their own barriers to the outside ‘net in recent years. These walls have always been quite porous thanks to VPNs. The only way to stop it would be for Google to simply stop allowing people to access its search engine via a VPN. That seems unlikely. But with Netflix leading the way in blocking access via VPNs, the Internet may yet fracture and localize.”
The demand for browsing the web using surreptitious methods, VPN or otherwise, only seems to be increasing. Whether motivations are to uncover personal information about certain individuals, watch Netflix content available in other countries or use forums on the Dark Web, the landscape of search appears to be changing in a major way.
Megan Feil, March 24, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Dark Web Cuts the Violence
March 23, 2016
Drug dealing is a shady business that takes place in a nefarious underground and runs discreetly under our noses. Along with drug dealing comes a variety of violence involving guns, criminal offenses, and often death. Countless people have lost their lives related to drug dealing, and that does not even include the people who overdosed. Would you believe that the drug dealing violence is being curbed by the Dark Web? TechDirt reveals, “How The Dark Net Is Making Drug Purchases Safer By Eliminating Associated Violence And Improving Quality.”
The Dark Web is the Internet’s underbelly, where stolen information and sex trafficking victims are sold, terrorists mingle, and, of course, drugs are peddled. Who would have thought that the Dark Web would actually provide a beneficial service to society by sending drug dealers online and taking them off the streets? With the drug dealers goes the associated violence. There also appears to be a system of checks and balances, where drug users can leave feedback a la eBay. It pushes the drug quality up as well, but is that a good or bad thing?
“The new report comes from the European Monitoring Centre for Drugs and Drug Addiction, which is funded by the European Union, and, as usual, is accompanied by an official comment from the relevant EU commissioner. Unfortunately, Dimitris Avramopoulos, the European Commissioner for Migration, Home Affairs and Citizenship, trots out the usual unthinking reaction to drug sales that has made the long-running and totally futile “war on drugs” one of the most destructive and counterproductive policies ever devised:
‘We should stop the abuse of the Internet by those wanting to turn it into a drug market. Technology is offering fresh opportunities for law enforcement to tackle online drug markets and reduce threats to public health. Let us seize these opportunities to attack the problem head-on and reduce drug supply online.’”
The war on drugs is a futile fight, but illegal substances do not benefit anyone. While it is a boon to society for the crime to be taken off the streets, take into consideration that the Dark Web is also a breeding ground for crimes arguably worse than drug dealing.
Whitney Grace, March 23, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
For Sale: Your Bank Information
March 21, 2016
One of the common commodities for sale on the Dark Web is bank, credit card, social security numbers, and other personal information. This information can sell for a few bucks to hundreds of dollars depending on the quality and quantity of the information. In order to buy personal information, usually the interested parties must journey to the Dark Web, but the International Business Times tells us that “Confidential Bank Details Available For Sale On Easily Found Web Site” is for sale on the general Web and the information is being sold for as little as a couple pounds (or dollars for the US folks). The Web site had a pretty simple set up, interested parties register, and then they have access to the stolen information for sale.
Keith Vaz, chairman of the home affairs select committee, wants the National Crime Agency (NCA) to use its power and fulfill its purpose to shut the Web site down.
“A statement from the NCA said: “We do not routinely confirm or deny investigations nor comment on individual sites. The NCA, alongside UK and international law enforcement partners and the private sector, are working to identify and as appropriate disrupt websites selling compromised card data. We will work closely with partners of the newly established Home Office Joint Fraud Task Force to strengthen the response.”
Online scams are getting worse and more powerful in stealing people’s information. Overall, British citizens lost a total of 670 million pounds (or $972 million). The government, however, believes the total losses are more in the range of 27 billion pounds (or $39.17 billion).
Scams are getting worse, because the criminals behind them are getting smarter and know how to get around security defenses. Users need to wise up and learn about the Dark Web, take better steps to protect their information, and educate themselves on how to recognize scams.
Whitney Grace, March 21, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
