The Darknet
Written by David Kushner, Rolling Stone
Thursday November 5th, 2015
Inside the Web's secret space for drug dealers, arms traffickers, hackers and political dissidents
On July 15th in Pittsburgh, David J. Hickton, a gray-haired U.S. attorney in a crisp dark suit, stepped out before an American flag to announce the feds’ latest victory against online crime. “We have dismantled a cyber-hornet’s nest of criminal hackers, which was believed by many to be impenetrable,” he said. “We are in the process of rounding up and charging the hornets.” By the next morning, more than 70 people across the world had been charged, arrested or searched in what the Department of Justice called “the largest coordinated international law-enforcement effort ever directed at an online cybercriminal forum.”
After an 18-month international investigation led by the FBI, known as Operation Shrouded Horizon, hackers on a site called Darkode were accused of wire fraud, money laundering and conspiring to commit computer fraud. The trail of crimes was massive, with one member compromising companies including Microsoft and Sony and another swiping data from more than 20 million victims. Hickton said Darkode posed “one of the gravest threats to the integrity of data on computers in the United States and around the world.” Its computers were considered “bulletproof” from the law by running on offshore servers — including one traced to Seychelles, the remote island nation in the Indian Ocean. “Cybercriminals should not have a safe haven to shop for the tools of their trade,” said FBI Deputy Director Mark F. Giuliano, “and Operation Shrouded Horizon shows we will do all we can to disrupt their unlawful activities.”
At least for a bit. Two weeks later, “Sp3cial1st,” the main administrator of Darkode, posted a retaliatory statement on a new website — underscoring the feds’ struggle to police the Internet. “Most of the staff is intact, along with senior members,” Sp3cial1st wrote. “It appears the raids focused on newly added individuals or people that have been retired from the scene for years. The forum will be back.” He vowed the organization would regroup on the Web’s deepest, most impenetrable region, the Darknet — a space where anyone, including criminals, can remain virtually anonymous. And the Darknet could never be shut down — thanks, conveniently, to the feds, who created it and are still financing its growth.
The Darknet (sometimes called the Dark Web) works on the Tor browser, free software that masks your location and activity. Originally designed by the Naval Research Lab, Tor receives 60 percent of its backing from the State Department and the Department of Defense to act as a secure network for government agencies as well as dissidents fighting oppressive regimes. It is a privacy tool that has been used for both good and evil. Over the past decade, Tor has empowered activists to spread news during the Arab Spring; it has helped domestic-violence victims hide from online stalkers; and it has allowed ordinary citizens to surf without advertisers tracking them. But at the same time, the Darknet, which Tor enables, has become the primary cove for criminals like Ross Ulbricht, imprisoned founder of Silk Road; the hackers behind the recent Ashley Madison attacks; and the international crew busted by the feds in July. As an instrument for both activists and criminals, Tor presents an increasingly difficult problem for law enforcement to solve — exacerbating the hapless game of whack-a-mole facing those who try to bring law to the most lawless part of the Net. And the battle over the Darknet’s future could decide the fate of online privacy in the U.S. and abroad. As Hickton tells Rolling Stone, “It’s the Wild West of the Internet.”
Think of the Web as an iceberg. Most people only see the so-called Surface Web above the water: all the news and gossip and porn that’s just a Google search away. But dive below and you’ll see the vast expanse of the Deep Web: all the data that search engines can’t find, which is much larger than the Surface Web. This includes anything behind a paywall (like Netflix), a password-protected site (like your e-mail) or a Web page that requires you to do your searching there (like when you’re trying to find court records).
The Darknet lurks in the Deep Web, because the sites there can’t be found by search engines either. But here’s the big difference: The Darknet is composed of people and sites that want to remain anonymous and, unless you’re using the Tor browser, are nearly impossible to find. Tor lets you peruse the Surface Web, just as you do with Firefox or Safari, but it also allows you to surf Amazon and Silk Road. Using a regular browser like Firefox, you can be identified by your Internet Protocol (IP) address, the numerical code that can be traced to your unique device. But on the Darknet, your location — and the locations of the people overseeing the sites you search — remain hidden. Most people use Tor for law-abiding privacy purposes. In fact, according to the Tor Project — the government-funded nonprofit that maintains the browser — Darknet surfing accounts for only three percent of Tor usage. (And criminal activities are just a fraction of that.) But because the Darknet is so seemingly shadowy and mysterious, it has become ominous in the popular imagination, a creepy catchall that includes everything scary lurking online: terrorists, pedophiles, dope dealers, hackers-for-hire.
In the past year, some of those scarier elements have been surfacing. In May, the feds sentenced Ulbricht, founder of Silk Road — the online black market that generated roughly $200 million in sales — to life in prison. In August, hackers dumped the personal information of 36 million users of Ashley Madison, the cheaters’ website, on the Darknet. After ISIS claimed responsibility for a shooting outside a Prophet Mohammed cartoon contest in Texas in May, the Darknet was singled out for blame. Michael B. Steinbach, assistant director of the FBI’s counter-terrorism division, told the House Homeland Security Committee that encryption tools have given such terrorists “a free zone by which to recruit, radicalize, plot and plan.” Without the ability to adequately monitor the terrorists online, Steinbach went on, “we’re past going dark in certain instances. We are dark.”
Despite the high-profile busts of Darkode and Silk Road, the Darknet is thriving. According to an August study by researchers at Carnegie Mellon University, criminals earn an estimated $100 million a year by selling drugs and other contraband on hidden websites using the virtual currency bitcoin, the digital cash that doesn’t require a credit card or bank to process the transactions. The feds aren’t just battling bad guys adept at hiding online, they’re also facing a massive rush of ordinary people looking to score anonymously. “Given the high demand for the products being sold,” the CMU researchers conclude, “it is not clear that takedowns will be effective.”
Though a lot of people think you have to be some kind of hacker to navigate the Darknet, it’s surprisingly easy to sell or buy illegal goods and services. Click on Tor, and it looks like any other browser — complete with its own cartoonish onion logo — though it moves more slowly because of complex routing behind the scenes. Instead of ending in a .com or .org Web address, Darknet sites end in .onion and are often called onion sites. Since Google doesn’t crawl onion sites, you need to use rudimentary Darknet search engines and listings such as the Hidden Wiki or Onion Link.
Black-market Darknet sites look a lot like any other retailer, except there are categories for, say, benzos, psychedelics and used AK-47s instead of woks and lawn ornaments. On Silk Road 3, a site unaffiliated with the original one, you can search by category, or scroll down to see pictures and descriptions of bestsellers: 1 g 90 percent-purity coke, x10 methylphenidate XL 18 mg (Concerta/Ritalin), and so on. Vendors are verified and rated by the community, just as on eBay and other shopping sites.
But while navigating the Darknet seems easy enough, law enforcement has a much more difficult time busting the bad guys for one simple reason: The same tools that keep government agents and dissidents anonymous keep criminals virtually invisible too. “This is the crime scene of the 21st century, and these traffickers are finding all kinds of ways to cover their tracks,” says Karen Friedman Agnifilo, Manhattan’s chief assistant district attorney, who’s among those leading the fight against criminals online. “Law enforcement has to play catch-up.”
Paul Syverson, a 57-year-old mathematician at the U.S. Naval Research Lab, created Tor as a means for people to communicate securely online. “We certainly were aware that bad people could use it,” says Syverson, wearing an M.C. Escher T-shirt in his cluttered office in Washington, D.C., “but our goal was to have something for the honest people who need to protect themselves.”
Since its inception in 1923, the NRL has been the military’s most esteemed research and development lab, inventing everything from radar to GPS. In 1995, Syverson and his colleagues conceived a way to make online communications as secure as possible. The idea was to provide a means for anyone — including government employees and agents — to share intelligence without revealing their identities or locations. With funding from the Department of Defense, Syverson brought on two scruffy graduates from the Massachusetts Institute of Technology, Roger Dingledine and Nick Mathewson, to help bring his vision to life. Like Syverson, Dingledine — a ponytailed privacy activist from Chapel Hill, North Carolina — saw the project as a way to empower everyone in the age of online surveillance. “How can we build a system that gives you privacy in the face of the large governments who are surveilling the Internet as much as they can?” Dingledine asks. “That’s a really hard research problem.”
To understand how the problem was solved, imagine a spy taking a train from Paris to Berlin. If the spy travels directly, he can easily be followed. But if he takes a series of trains between several cities — Paris to Amsterdam, Amsterdam to Madrid, Madrid to Berlin — he’s harder to trace. This was essentially how Syverson and his team designed the solution. Instead of a spy in Paris directly accessing a computer in Berlin, he would be routed through a random series of computers along the way, hiding where he was based. They called the network the Onion Routing, evoking this layered means of online access.
If only military people used Tor, though, it’d be obvious that the traffic was government-related. “We wanted to have a network that would carry traffic for a variety of users,” Syverson says, “so you don’t necessarily know if this is a cancer survivor looking up information or somebody from the Navy.” In order to do that, Syverson and his team made a decision he calls “central to the security of the system”: They designed Tor to be freely available online and open-sourced, which meant it could be assessed and improved by anyone around the world.
The Tor network wasn’t just designed to hide who is accessing websites, it was created to give websites the ability to mask the locations of the servers hosting them. One of the ideas was to provide a kind of secret bunker for government websites, so that if they were under attack, agents could visit a hidden version of the site online without hackers tracing them. These were the sites that ended with .onion. The Tor creators call them “hidden services” sites — today, it’s more sensationally known as the Darknet.
In 2003, Tor software was publicly released. Word about the browser spread on forums among privacy advocates and researchers, and it soon became the most resilient and important tool for anyone seeking to preserve their anonymity online. Geeks, agents and activists formed a volunteer network of nodes that routed Tor traffic anonymously across the world. Before long, people could reliably surf the Internet without being traced — out of sight of anyone who wanted to know who they were, where they were traveling or what they intended.
Tor’s early adopters weren’t criminals — they were dissidents. One of them is Nima Fatemi, a black-clad 27-year-old Iranian who serves as a key Tor evangelist — helping others around the world use the software to fight oppressive regimes. “We needed something different to connect to the Internet safely,” he tells me. “I found Tor and thought, ‘This is the tool.’ It was peace of mind.”
In the summer of 2009 in Tehran, Fatemi was running for his life from riot police after shooting photos of a protest. “I felt it a duty because so many people outside of Iran had no idea that we were protesting,” he says. “The state TV was just showing photos of flowers and stuff.” As soldiers chased him, Fatemi tore through the streets, leaping over a fallen woman, and turned into a courtyard where a sympathetic family gave him cover. “The police would attack me as if I had an RPG on my shoulder,” Fatemi says.
It’s dangerous to be a social-media activist in certain parts of the world. Recently, a blogger in Brazil was beheaded, and another in Bangladesh was killed with machetes. In Iran, blogger Soheil Arabi was sentenced by the Supreme Court to be hanged for “insulting the Prophet Mohammed” in Facebook posts. (His sentence was later commuted to two years of mandatory theology study, but he is serving a seven-and-a-half-year jail sentence for insulting the Supreme Leader.) This year, four secular bloggers were murdered in Bangladesh alone.
At the time of his near capture, Fatemi had been uploading photos that were used on Facebook and Twitter to spread breaking news of the Iranian government’s crackdown on dissidents. Under increased scrutiny, he’d turned to Tor to continue working anonymously — and to help himself and his fellow activists stay out of jail. Fatemi held private workshops in Iran, teaching friends and family how to use the software and thus strengthening the network, as more users meant more nodes with which to relay and hide the online traffic. “We spread the tool everywhere,” he says.
In the decade since the Tor software has been released, it has spread virally beyond the U.S. government and into the activist community. This is fueled in part by the Electronic Frontier Foundation, the digital-rights group which used to fund and still champions Tor as a powerful pro-democracy tool. Jacob Appelbaum, the noted activist who has worked closely with Edward Snowden and Julian Assange, calls it “surveillance resistance.” By using Tor in place of another browser, protesters and journalists can log on to Twitter or surf dissident chat rooms with far less risk of being tracked by a government that might imprison them or worse. “There are countries where browsing a political website about democracy can get you thrown in jail,” says Jeremy Gillula, a staff technologist at the EFF. “That’s the most life-and-death reason why Tor needs to exist.”
During the Arab Spring, Tor helped facilitate protests throughout the Middle East. Nasser Weddady, a 39-year-old Mauritanian-American activist, was living in the States and began promoting the underground browser — becoming one of the most influential social-media dissidents during the uprising. “There would be no access to Twitter or Facebook in some of these places if you didn’t have Tor,” he says. “All of the sudden, you had all these dissidents exploding under their noses, and then down the road you had a revolution.”
With the Tor Project still largely being financed by the DOD, Mathewson and Dingledine have kept the software and community evolving. For Mathewson, a bushy-bearded 38-year-old sci-fi fan, its continuing spread among activists throughout the world exceeded his dreams. “I’d be getting e-mails from people saying, ‘I’m pretty sure your software saved my life,’?” he recalls. “I’d say, ‘I’m very glad you’re alive, but I’m just this person who’s been writing software — I hope I don’t screw anything up!'”
On January 27th, 2011, Ross Ulbricht, operating under the pseudonym Altoid, announced the launch of the first black-market site to exploit the cloaking powers of the Darknet. “I came across this website called Silk Road,” he posted on a drug forum called Shroomery.org, posing as a customer. “It’s a Tor hidden service that claims to allow you to buy and sell anything online anonymously.”
By the summer of 2011, word of the Darknet hit the press and the pols. In a July news conference about Silk Road, Sen. Chuck Schumer, of New York, demonized drug sellers and buyers who were “hiding their identities through a program that makes them virtually untraceable,” and called on the Drug Enforcement Agency to crack down. Time magazine called the Darknet “a haven for criminals….where drugs, porn and murder live online.” The Daily Mail warned that “hiring a hitman has never been easier.”
Many activists in the Tor community, however, wince when they hear the word “Darknet.” Criminal sites, they say, represent a tiny fraction of .onion traffic. For them, the focus on criminality obscures Tor’s greater intent. “I don’t think very much of the term ‘Darknet,'” Mathewson says with a groan. “I think it’s pretty much a media creation.”
Whatever it’s called, powerful agencies are still taking the Darknet seriously. According to an Edward Snowden leak in October 2013, the NSA, during a top-secret presentation in 2012, considered Tor a threat. “Tor stinks,” reads the title of one NSA slide. “We will never be able to de-anonymize all Tor users [but] we can de-anonymize a very small fraction. ” (When contacted by Rolling Stone, the NSA declined to comment.) In another of Snowden’s revelations, Britain’s intelligence agency, the Government Communications Headquarters, dismissed the democratic potential of Tor as “pseudo-legitimate uses” that paled next to the “bad people” who ruled the Darknet.
As a result, law-enforcement agencies began seeking new ways to infiltrate the Darknet. In July, Interpol held its first-ever training on “identifying the methods and strategies used by organized crime networks and individuals to avoid detection on the Darknet.” That same month, FBI Director James Comey explained to a U.S. Senate Judiciary Committee the agency’s plight in tracking encrypted communications. “The tools we are asked to use are increasingly ineffective,” he said.
But according to e-mails recently leaked online, there was at least one company pawning a solution: Hacking Team, a software-security firm based in Milan, which equips governments to fight back against criminals, activists and dissenters on the Darknet. As Hacking Team CEO David Vincenzetti wrote to his private mailing list after Comey’s remarks, “The Darknet can be totally neutralized/decrypted. The right technology to accomplish this exists….Just rely on us.”
The e-mails came as part of a breach in July by an unknown attacker against Hacking Team’s internal database. They revealed that the FBI has spent almost $775,000 on Hacking Team software and services, including tools that, as Vincenzetti suggested, specifically targeted criminals on the Darknet. In one e-mail from September, an FBI employee wanted to know if the latest version of Hacking Team’s spyware could still “reveal the true IP address of target using Tor….If not, can you please provide us a way to defeat Tor….? Thank you!” (When contacted, the FBI said it does not comment on specific tools and techniques.)
Of course, this can all seem nutty, wasteful and insidious that one end of the U.S. government is trying to crack the secret code funded by another. When I ask Syverson how he feels about the government trying to compromise Tor, he declines to comment, saying that this is out of the scope of his work. Mathewson, however, shrugs off the seemingly bizarre scenario. “It’s not like people are being followed around by shadowy agents,” he quips. “I guess we kind of always assumed the NSA tries to break all interesting new encryption.”
Eric Rabe, spokesman for Hacking Team, will not confirm or deny the FBI’s use of the company’s tool. But he was quick to promote its software, which, he tells me, allows a client to see whatever a target is doing on a computer or mobile device, including surfing the Darknet. In the wrong hands, such a tool could be used to infiltrate or infect a victim’s machine. And the market for this product is only growing, as agencies try to break Tor, which Rabe calls “the front door to the Dark Web.” He goes on, “Clearly, Tor is used very broadly for criminal activity. I don’t think even the most staunch human rights activists would say that’s not true.”
But most activists view the government’s battle against the Darknet as the new Reefer Madness, a misguided attack on something becoming increasingly endangered: privacy and anonymity online. “There are a lot of governments around the world that are trying to prevent people from reaching these sites,” Dingledine tells me one afternoon at a cafe in Philadelphia. When I ask him which other government agencies are trying to break Tor, he gives a shrug. “The simple answer is ‘I don’t know,’?” he says. “And that’s really disturbing.”
Dan Kaufman, the chipper white-haired innovation head at the Defense Advanced Research Projects Agency — the DOD’s research and development wing — is a former video-game designer who quit his job to fight real-life criminals. In a darkened conference room in the agency’s non-descript Arlington, Virginia, headquarters in June, he turns on a large high-definition monitor to show me how DARPA is trying to win the Web’s ultimate game: cops and robbers in the digital age.
By way of example, he pulls up an ad for a prostitute named Cherry. In her photo, she’s thin, Asian, and looks 19 but could be in her thirties. Her description reads that she’s five feet four, has shoulder-length brown hair and no tattoos or piercings. Cherry is a sex-trafficking victim, just one of an estimated 600,000 to 800,000, according to the U.S. State Department, who are moved across international borders each year. This is the fastest-growing crime industry in the world, pulling in annual profits of nearly $100 billion.
What they did was create Memex: a search engine that works on the Deep Web and Darknet. Memex can crawl the hidden Web, finding sites and storing data so it can later be scoured, just as one would search the Surface Web with Google. It’s the latest and most important weapon for online investigators and represents a new phase in the conflict that may expose the hidden Internet like never before. As Kaufman shows me, with just Cherry’s e-mail address and a click, Memex displays a glowing matrix of associated leads: phone numbers, massage-parlor addresses, photos associated with her online ads.
Memex is the brainchild of Dr. Christopher White, a former DARPA program manager. Just 33, White earned his accolades as DARPA’s senior official in Afghanistan and, in the past couple of years, set his attention on the Darknet. The inspiration, he tells me, came from his tours of law-enforcement agencies, which seemed woefully unprepared for rooting out criminals online. “They were using Google and Bing as part of their jobs,” he says. “The things they were looking for weren’t online through those mechanisms — they were in the deeper Darknet.”
Government agencies and law enforcement now work closely with DARPA to customize Memex for their needs, and are also exploring its use for finding ISIS recruiters hiding online. The technology is part of a booming industry based on taming the Darknet. So called “threat intelligence” firms — such as iSight Partners, which The New York Times compared to “military scouts” — charge clients like banks and government agencies as much as $500,000 to comb the Darknet for potential hackers. According to Gartner, a technology research firm, the market could reach $1 billion by 2017.
But could exposing the Darknet ultimately kill the last place remaining for Internet privacy? Online freedom fighters hope Memex won’t have the same effect on those using the Darknet for legal means. “Memex might be a fascinating and powerful tool, but, like any other tool, it can be used for good or ill,” a cybersecurity blogger recently posted online. “That same technology can very well be put to use to invade privacy and trace the flow of legitimate and private data.”
“Privacy is a huge issue,” says Kaufman, who recently left DARPA to become deputy director of Google’s Advanced Technology and Projects group. Memex has built-in limitations. It can only comb content on the Deep Web and Darknet that is publicly available — those sites that aren’t password protected or behind a paywall. This limits Memex’s ability to bust a site like Darkode, which required passwords for users. Memex won’t kill the Darknet — but it will make it a lot more exposed to law enforcement. “I think the world is better with transparency,” Kaufman tells me.
In late August, administrators for the online black market Agora, one of the biggest hubs for buying dope after the bust of Silk Road, took to the DarkNetMarkets forum on Reddit with a warning. “Recently research had come that shed some light on vulnerabilities in Tor Hidden Services protocol which could help to de-anonymize server locations,” they wrote. In other words, something in Tor seemed seriously fucked.
They seemed to be referring to a new MIT study that claimed to have found crucial weaknesses in Tor that allowed researchers to break the anonymity of its users. “We have recently been discovering suspicious activity around our servers,” the Agora administrators continued, “which led us to believe that some of the attacks described in the research could be going on.” And, for safety’s sake, they were temporarily taking their site off the Darknet until they found a fix. As of this writing, Agora is still offline.
For the time being, the cops battling the Darknet have reason to celebrate. Despite the braggadocio of the Darkode forum alum, who promised they’d resurface on the Darknet, they have yet to be seen (though this doesn’t mean they’re not there) — and the first guilty pleas of its users are coming. Eric “Phastman” Crocker, a 29-year-old from Binghamton, New York, recently pleaded guilty to violating anti-spam laws after he was busted for selling malware. He is scheduled to be sentenced on November 23rd, and faces up to three years in prison and $250,000 in fines.
But as the feds count their victories, the people who depend on anonymity are still fighting for their lives. In August, Saudi Arabia’s Supreme Court decided to review the controversial case of Raif Badawi, a 31-year-old blogger sentenced to a decade in prison and 1,000 lashes, after being arrested in June 2012 for allegedly criticizing the kingdom’s clerics. Badawi, who has since won a PEN Pinter Prize, personifies the importance of preserving online anonymity and freedom — made possible by the same software that powers the Darknet. Speaking out in support of Tor, California Congresswoman Zoe Lofgren is among the small group of lawmakers who believe the feds shouldn’t lose sight of its original purpose. “Tor was developed with support by the U.S. government to promote freedom,” she says. “That’s why we support the creation of Tor and remains the core reason why Tor exists.”
As the battle continues over the Darknet, Tor’s popularity only becomes more mainstream. Facebook now offers a .onion version of its site on Tor for those wanting to feel less watched. In June, speaking at an event for EPIC, a privacy and civil liberties nonprofit, Apple CEO Tim Cook railed against government efforts to crack consumer devices. “Removing encryption tools from our products altogether, as some in Washington would like us to do, would only hurt law-abiding citizens who rely on us to protect their data,” he said. “The bad guys will still encrypt; it’s easy to do and readily available.”
Mathewson predicts that other Web browsers like Firefox will build Tor into their functionality, and he hopes that privacy will become “a default mode of communication on the Internet” within five years. But the circuitous chase will surely continue. For all the activists using these tools to better the world, there will be criminals employing the same tools to exploit it — and law enforcers hunting them down. “I’m as concerned about privacy rights as anybody,” says U.S. Attorney Hickton, “but would you have us do nothing?”