Several months ago two Internet security researchers from Carnegie Mellon University, Alexander Volynkin and Michael McCord, infiltrated the Dark Web system by directly attacking Tor.
This is the software that allows users to browse the net secretively without detection of their IP addresses.
Their endeavors unearthed many activities going on here and led to the arrest of many culprits.
In light of this development, Tor administrators tried to make it much safer by imposing certain access restrictions.
New security measures involved shutting down malicious nodes owned by the attackers.
But despite all these guarantees, user activity from Dark Web was still being tracked through malicious computer nodes operated from Carnegie Mellon University, where these attacks were first being reported.
SecurityScorecard’s chief research personnel, Alex Heid, has a special program which can monitor Tor nodes as they become active and inactive.
Nodes refer to the computers whereby Dark Web requests are transmitted, alongside a barrier of encryption which helps in keeping operators anonymous.
Heid’s tool discovered that both relay and exit switches linked to this university are still running active on the grid.
While this may be misinterpreted as problematic at first sight, that the same institution responsible for revealing identity of users was still participating in network activities, it’s actually not what it seems like.
Nevertheless, Carnegie Mellon’s PR team is still not doing enough to dispel these rumors.
When requested to give a statement about the ongoing activities, spokesman Ken Walters replied by saying that the university has no comment to make at this time.
These particular nodes are run by a group operating from the college’s CYLab, a cybersecurity lab distinct from the main Software Engineering Institute (SEI) also found in the same establishment.
Previously, Dark Web crackers from SEI implemented subterfuge technique in opening up the system.
They overloaded Tor with more than 100 new nodes, using a private cloud SP so that their IPs could appear generic and not necessarily tied to the primary source.
On the other hand, nodes run by CYLab are designed in such a way that they don’t hide Carnegie’s web addresses.
According to Tor developer Roger Dingledine, there are two different relay units being operated from the institution right now.
One is considerably tiny while the other is administrated by someone whom Dark Web owners have personally known for years.
Faculty member at the university in-charge of Tor exit nodes, Nicolas Christin, explained through email that his department is an entirely different group and not affiliated in any way to SEI.
He also maintained their exit portal “cmutornode” has been operational since Nov. 2012, and has never been controlled by 3rd parties or used for de-anonymizing activities.
Cristin says they decided to open a node since they frequently use Tor network for conducting research, and this was just a way of giving back to the community.
He sees the program as a decentralized, cross-cultural network that relies on volunteers like his team to create terminals so the system can continue running smoothly.
In fact, Tor has in the past asked institutions of higher learning to consider running these nodes right on campus.
This is to help curb malicious activities and encourage more meaningful ones which lead to lesser cybercrime.
The more safe nodes this network can acquire, the stronger they are able to implement their privacy-protection policy.
However, getting authorization for running these terminals isn’t always simple.
Recently, a New Hampshire library interested in opening their own node received a stern warning letter from Department of Homeland Security, giving instructions not to do so since Dark Web is often used by crooks.
Even more controversial is that Homeland Security is one of Tor’s key sponsors.
It’s a twist playing right at the center of this program.
But it’s not just DHS that has been accused of funding Dark Web; US State Department has also been mentioned including other foreign governments around the world.
State agencies fund it because of the powerful privacy protection features, while law enforcement still decries darknet as an anonymity tool that conceals criminal activity.
The drama is openly being played out at Carnegie Mellon University, where IT specialists in one building are developing programs in support of Dark Web.
While across campus in another building another department is plotting on how to bring it down.
Nicolas Christin didn’t give a response when asked what he perceived about the Tor attack launched by his fellow staff at SEI.
If the institution was still operating a set of relays then it would have been problematic, because with multiple nodes an attacker can easily follow a user’s login information without detection.
However, this same principle doesn’t apply if it’s only a single relay unit.
Those who support it say that Tor is an integral part of web freedom infrastructure. Human rights activists around the world rely on it for spreading information and so do whistleblowers as was the case with WikiLeaks.
Despite having more than 2 million active users on a daily basis, Dark Web is still relatively small in size with less than 7,000 relays.
It isn’t that massive after all and requires as many nodes as possible for randomizing user network paths.
This will help prevent attacks such as those initiated by SEI researchers.
Latest posts by Richard (see all)
- Wide Range of Job Ads Available on the Dark Web - November 5, 2018
- Continuous Exploit of RDP Pushes FBI to Issue Warning to Potential Targets - October 29, 2018
- Ross Ulbricht’s Fifth Year in Jail - October 10, 2018