It’s been announced that a certain academic institution was involved in an attack on the Tor Project in an attempt to catch the dark web criminals.
According to numerous speculations, the institution in question is most likely the Carnegie Mellon University (CMU); and according to some allegations they were quite generously paid by the FBI for this operation, around $1 million!
All this raises questions regarding universities and academics and their role in bringing down the criminals operating on the dark web.
Following the information obtained from its source, the FBI seized the Silk Road 2.0 dark web marketplace, as well as one of its staff members, Brian Richard Farrell, a.k.a DoctorClu.
He has been charged with conspiracy to distribute heroin, methamphetamine and cocaine.
After shutting down the very first dark web marketplace in 2013, Silk Road; the new Silk Road 2.0 appeared and it used the anonymity of Tor hidden services.
The SOI that helped in blocking the Silk Road 2.0, also helped in bringing down other dark web markets.
It also included 78 other IP addresses, which were the IPs of the users that had accessed vendors .onion page.
In July, 2014, Tor discovered a group of relays (on Tor’s blog they are defined as nodes of their network that route traffic, and can be set up by anyone), that had the aim to target persons operating or accessing Tor hidden services and deanonymize them.
Removing these relays coincided with the time period when the FBI’s source provided the incriminating evidence.
And it also happened around the time of the Black Hat conference where the speech of two Carnegie Mellon University academics was canceled.
Alexander Volynkin and Michael McCord were scheduled to give a talk about a $3000 kit that can obtain the IP addresses of users of Tor hidden services on the dark web.
Apparently, they would accomplish this by taking the advantage of Tor’s known bugs and vulnerabilities.
With this attack, a lot of criminals who use Tor and hidden services for illegal purposes may have been swept up; but how does this apply to innocent users? Is their anonymity at risk as a result?
Whether the CMU was indeed THE source of information for the FBI and whether paid or not to provide the crucial information is the subject of a huge discussion that’s been going on the internet lately.
Many users are passionate about civil rights being breached by this act of the academic institution; others find it justifiable knowing that the drug lords have been taken off of the internet.
Can investigations such as these simply rationalize attacks on our privacy; are they violating everyone’s liberty and trust? We live in an era of Internet censorship, and there’s always someone who could be monitoring or recording our online activities.
So, is there anything a user can do to prevent ending up like the unfortunate Silk Road 2.0 admin from the beginning of our story?
Well, one way to manage safe browsing experience and to hide your IP address is a VPN (Virtual Private Network).
It’s basically a network that uses the internet to serve remote offices or individuals with secure access to their organization’s network.
In plain English, once you send your request to visit a webpage, you first connect to the VPN’s server and then you get forwarded to the page you requested.
They are effective, easy to use and a method for bypassing Internet censorship (even on the dark web) when you are using a public Wi-Fi.
If you use any VPN service in combination with Tor, it is even more difficult to discover your IP address.
The way Tor network operates is through a network of trusted, volunteer relays (nodes, to use the technical term) which anyone can apply to be.
To access certain webpage, you first connect to the entry node, which then forwards you to the second node; your connection goes through at least 3 nodes forming some sort of a circuit, and the last node finally lets you access your desired webpage.
However, if the entry node knows your IP address, and the last node knows your desired destination, it is possible to reconstruct your IP address and location.
This is the security glitch in Tor which the academics had probably used to obtain the IP addresses of the dark web markets and its users.
In the light of this, it is possible to stay safe and preserve one’s anonymity by using VPN and Tor simultaneously.
Which makes all those philosophical discussions circulating on the internet a bit… redundant; and it certainly makes you wonder whether those guys would have been caught in the first place, had they used Tor in this way.