Shiver Me Timbers! Is this the End of Pirate Bay?
March 1, 2018
Admit it! You, like millions of other people, have downloaded an illegal movie, music, book, or other media from Pirate Bay. Is it illegal? Yes. Are you going to be charged? Probably not. Downloading illegal movies, music, books, and other media is not law enforcement’s top priority because they are more preoccupied with more dangerous crimes. Online piracy has been dealt a serious blow and torrent sites like Pirate Bay may sink into the Internet’s briny deep. Read the details in Express’ article, “End Of Pirate Bay? Torrent Sites Left Fearing 2018 Will ‘Kill’ Off Online Piracy.”
Pirate Bay has haunted the Internet ocean for over fifteen years and is a reliable staple for downloading the illegal content of all kind. Law enforcement has tried to sink Pirate Bay and other torrent sites for years, but when one Web site is destroyed another pops up in its place. A non-law enforcement entity will deal a blow to torrent sites: Google. In 2018, Google will launch its new Chrome browser that features an ad-blocker. The ad-blocker automatically blocks autoplay videos and other annoying pop-ups. Why is this bad for torrent sites?
Torrent websites rely on the revenue they bring in from advertising, and the Chrome ad blocker has left some fearing if they’ll be able to carry on. The owner of one torrent site, who did not want to be named, previously told TorrentFreak that the ad blocker could signal the end of torrents. They said: ‘The torrent site economy is in a bad state. Profits are very low. Profits are f***** compared to previous years. Chrome’s ad-blocker will kill torrent sites. If they don’t at least cover their costs, no one is going to use money out of his pocket to keep them alive. I won’t be able to do so at least.’
Law enforcement agencies and governments have tried to halt online piracy for years. As they have wised up to how torrent Web sites skirt the authorities and laws have changed to ensure takedowns, online piracy may be near its end.
Torrent Websites are nearly as old as the Internet. It is hard to imagine the Internet without the more discoverable illicit activities compared to the Dark Web. While Google Chrome and its ad-blocker may be the end for this generation of online piracy, give China, Russia, the Middle East, and Eastern European countries a few months. They will come up with something and it will probably be on the Dark Web.
Whitney Grace, March 1, 2018
Legal Media Search Site Baits Pirates with Keywords
June 26, 2017
How do you attract a (media) pirate? Apparently, with targeted keywords. Torrent Freak reports, “Film Industry’s Latest Search Engine Draws Traffic with ‘Pirate’ Keywords.” Interesting tactic. Apparently a Dutch answer to Hollywood’s legal-content-finder WhereToWatch, the search engine Film.nl returns legal content. However, they’ve peppered their descriptions with keywords associated with pirated content. For example, “Don’t Wrestle With Nasty Torrents. Ignore the Rogue One: A Star Wars Story torrent.” Intriguing tactic. Reporter Ernesto writes:
Those who scroll down long enough will notice that each page has a targeted message for pirates as well. The descriptions come in a few variations but all mention prominent keywords such as ‘torrents’ and reference ‘illegal downloading’ and unauthorized streaming. …
While the piracy related messaging is unusual, it’s actually quite clever. Since a lot of people are searching for ‘torrent,’ ‘streaming’ and ‘download’ related terms combined with movie and TV-show titles, it helps to keep search traffic away from pirate sites. In other words, it’s a smart search engine optimization trick, helping it to directly compete with pirate sites on this front. The big question is whether people who search for ‘Movie X torrent’ will be satisfied with the results Film.nl offers. That said, from a movie industry perspective, it definitely beats doing nothing at all.
Does it? When prospective viewers learn their desired content is not yet legally available, we suspect most will simply navigate away to more shady destinations. Will a significant number be persuaded to wait for the legal version by Film.nl’s combination of keyword bait and moralizing? I doubt it. But it is an interesting play to note.
Cynthia Murrell, June 26, 2017
Who Knew Hackers Have Their Own Search Engines?
March 3, 2017
Hackers tend to the flock to the Internet’s underbelly, the Dark Web, and it remains inaccessible unless you have a Tor browser. According to the AIRS Association, hacker search engines are a lot easier to access than you think, read about it in “5 Hacker-Friendly Search Engines You Must Use.” The best-known hacker-friendly search engine is Shodan, which can search for Internet connected devices. While Shodan can search computers, smartphones, and tablets the results also include traffic lights, license plate readers, and anything with an Internet connection. The biggest problem, however, is that most of these devices do not have any security:
The main reason that Shodan is considered hacker-friendly is because of the amount and type of information it reveals (like banner information, connection types, etc.). While it is possible to find similar information on a search engine like Google, you would have to know the right search terms to use, and they aren’t all laid out for you.
Other than Shodan some of the other scary search engines are ZoomEye, I2P, PunkSPIDER, and Censys. These search engines range in the amount of data they share as well as their intended purpose, but they all reveal Internet connected devices. Beginners can use these search engines, but it takes a little more than technical know how to get results displayed. One needs to figure out how to use them before you even enter the first search result, because basic keyword will not get you far.
Hacker search engines are a good tool to use to find security breaches in your personal network or Web site. What will prevent most people from using them is the lack of experience, but with only a small amount of learning these search engines in the wrong hands are dangerous.
Whitney Grace, March 3, 2017
Debunking Myths About the Dark Web
February 22, 2017
What is known as the Dark Web has a fair amount of myth surrounding it, thanks to a sensationalized name and a few high-profile media stories. Tech Republic shared an article called, Four misleading myths about the Dark Web, attempting to shine light on some of the common fallacies. In summary, the Dark Web is not necessarily anonymous, it’s not very difficult to access, it’s not all nefarious activity, and there is support for businesses and organizations seeking protection from and prevention of cybertheft and security breaches. The article explains,
The biggest mistake businesses large and small can make regarding the Dark Web is to pretend it doesn’t exist. After the FBI took down the Silk Road, dozens of other niche markets took its place. With a slick interface and well organized ecommerce-like storefront, AlphaBay, one of the largest black markets on the Dark Web, makes shopping for stolen credit card data a breeze. Fortunately for companies, there’s no need to track the Dark Web alone. One technology in particular, Matchlight by Terbium Labs, helps business monitor and locate stolen Dark Web data like stolen source code, employee social security numbers, and other proprietary trade documents.
The Dark Web has become almost synonymous with Tor, the seemingly most popular way to access it. Tor has actually been used since the 1990’s by members of the intelligence community; it was developed by the US Naval Research Laboratory. While over the last decade or so, Tor has been surrounded by media coverage about drugs and crime, it will be interesting to see if the coverage shifts — or increases — because of emerging technologies such as Matchlight.
Megan Feil, February 22, 2017
Scanning for the True Underbelly of the Dark Web
February 7, 2017
Some articles about the Dark Web are erring on the side of humor about it’s threat-factor. Metro UK published 12 scary things which happen when you go on the ‘Dark Web’, which points out some less commonly reported happenings on the Dark Web. Amongst the sightings mentioned were: a German man selling pretzels, someone with a 10/10 rating at his carrot (the actual vegetable) marketplace, and a template for creating counterfeit Gucci designs. The article reports,
Reddit users shared their stories about the ‘dark web’ – specifically Tor sites, invisible to normal browsers, and notorious for hosting drug markets and child pornography. Using the free Tor browser, you can access special .onion sites – only accessible using the browser – many of which openly host highly illegal content including pirated music and films, drugs, child pornography and sites where credit card details are bought and sold.
While we chose not to summarize several of the more dark happenings mentioned by Redditors, we know the media has given enough of that side to let your imaginations run wild. Of course, as has also been reported by more serious publications, it is a myth that the Dark Web is only filled with cybercriminals. Unless pretzels have qualities that have yet to be understood as malicious.
Megan Feil, February 7, 2017
Little New Hampshire Public Library Takes on Homeland Security over Right to Tor
February 3, 2017
The article on AP titled Browse Free or Die? New Hampshire Library Is at Privacy Fore relates the ongoing battle between The Kilton Public Library of Lebanon, New Hampshire and Homeland Security. This fierce little library was the first in the nation to use Tor, the location and identity scrambling software with a seriously bad rap. It is true, Tor can be used by criminals, and has been used by terrorists. As this battle unfolds in the USA, France is also scrutinizing Tor. But for librarians, the case is simple,
Tor can protect shoppers, victims of domestic violence, whistleblowers, dissidents, undercover agents — and criminals — alike. A recent routine internet search using Tor on one of Kilton’s computers was routed through Ukraine, Germany and the Netherlands. “Libraries are bastions of freedom,” said Shari Steele, executive director of the Tor Project, a nonprofit started in 2004 to promote the use of Tor worldwide. “They are a great natural ally.”… “Kilton’s really committed as a library to the values of intellectual privacy.
To illustrate a history of action by libraries on behalf of patron privacy, the article briefly lists events surrounding the Cold War, the Patriot Act, and the Edward Snowden leak. It is difficult to argue with librarians. For many of us, they were amongst the first authority figures, they are extremely well read, and they are clearly arguing passionately about an issue that few people fully understand. One of the library patrons spoke about how he is comforted by the ability to use Tor for innocent research that might get him flagged by the NSA all the same. Libraries might become the haven of democracy in what has increasingly become a state of constant surveillance. One argument might go along these lines: if we let Homeland Security take over the Internet and give up intellectual freedom, don’t the terrorists win anyway?
Chelsea Kerwin, February 3, 2017
Exploring Dark Web Motivations
January 13, 2017
The Dark Web continues to be under the microscope. Sophos’ blog, Naked Security, published an article, The Dark Web: Just How Dark Is It? questioning the supposed “dark” motivations of its actors. This piece also attempts to bust myths about the complete anonymity of Tor. There is an entry guard, which knows who the user is, and an exit node, which knows the user’s history and neither of these are easy to avoid. Despite pointing out holes in the much-believed argument full anonymity always exists on Tor, the author makes an effort to showcase “real-world” scenarios for why their average readers may benefit from using Tor:
If you think a web site is legitimate, but you’re not completely sure and would like to “try before you buy,” why not take an incognito look first, shielding your name, your IP number, even your country? If you’re investigating a website that you think has ripped off your intellectual property, why advertise who you are? If you want to know more about unexceptionable topics that it would nevertheless be best to keep private, such as medical issues, lifestyle choices or a new job, why shouldn’t you keep your identity to yourself? Similarly, if you want to offer online services to help people with those very issues, you’d like them to feel confident that you’ll do your best to uphold their privacy and anonymity.
We’re not convinced — but perhaps that is because the article put its foot in its mouth. First, they tell us Tor does not provide full anonymity and then the author attempts to advocate readers use Tor for anonymity. Which is it? More investigation under a different lens may be needed.
Kenny Toth, January 13, 2017
HSDirs Could Be the Key to Dark Web Intelligence
January 12, 2017
An article on Security Affairs called Boffins spotted over 100 snooping Tor HSDir nodes spying on Dark Web sites points to a new tactic that could be useful to companies offering Dark Web intelligence services. Within the inner workings of the Dark Web live at least 100, according to researchers, malicious hidden service directories (HSDirs). These are the relays of the network that allow people to visit hidden services. The author quotes researchers Filippo Valsorda and George Tankersley who presented at the Hack in the Box Security Conference,
When a person wants to host a hidden service, they have to advertise their service on a Tor Onion database, which is a DHT made up of a group of stable relay machines called HSDirs . The person who wants to visit the hidden service has to request information about that service from the database. Therefore, those relays or HSDirs can see who is making the request for a connection and when you want to connect. Therefore, to deanonymize a user’s traffic, an attacker could choose to become the HSDir nodes for the hidden service.
Additionally, researchers from Karlstad University in Sweden found 25 nodes within the The Onion Router (Tor) which showed entities snooping on the supposedly anonymous network. It appears gaps exist. The research shows an unspecified actor from Russia was eavesdropping. Are these snoopers Dark Web intelligence or cybercriminals? We shall stay tuned.
Megan Feil, January 12, 2017
Linux Users Can Safely Test Alpha Stage Tor Browser
January 5, 2017
The Tor Project has released the Alpha version of Tor Browser exclusive to Linux that users can test and use in sandboxed mode.
As reported by Bleeping Computer in article titled First Version of Sandboxed Tor Browser Available:
Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can’t be leveraged to extend access to the underlying operating system.
As the browser that’s still under development is open to vulnerabilities, these loopholes can be used by competent parties to track down individuals. Sandboxing eliminates this possibility completely. The article further states that:
In recent years, Tor exploits have been deployed in order to identify and catch crooks hiding their identity using Tor. The Tor Project knows that these types of exploits can be used for other actions besides catching pedophiles and drug dealers. An exploit that unmasks Tor users can be very easily used to identify political dissidents or journalists investigating cases of corrupt politicians.
The Tor Project has been trying earnestly to close these loopholes and this seems to be one of their efforts to help netizens stay safe from prying eyes. But again, no system is full-proof. As soon as the new version is released, another exploit might follow suit.
Vishal Ingole, January 5, 2017
Malicious Tor Relays on over a Hundred Computers
January 4, 2017
For all the effort enterprises go to in securing data through technological solutions, there are also other variables to consider: employees. Ars Technica released an article, Malicious computers caught snooping on Tor-anonymized Dark Web sites, which explained malicious relays were found on over 110 machines around the world. Computer scientists at Northeastern University tracked these computers using honeypot.onion addresses, calling them “honions.” The article continues,
The research is only the latest indication that Tor can’t automatically guarantee the anonymity of hidden services or the people visiting them. Last year, FBI agents cracked open a Tor-hidden child pornography website using a technique that remains undisclosed to this day. In 2014, researchers canceled a security conference talk demonstrating a low-cost way to de-anonymize Tor users following requests by attorneys from Carnegie Mellon, where the researchers were employed. Tor developers have since fixed the weakness that made the exploit possible. More than 70 percent of the snooping hidden services directories were hosted on cloud services, making it hard for most outsiders to identify the operators.
While some may wonder if the snooping is a result of a technical glitch or other error, the article suggests this is not the case. Researchers found that in order for a directory to misbehave in this way, an operator has to change the code from Tor and add logging capabilities. It appears the impact this will have is yet to be fully revealed.
Megan Feil, January 4, 2017