Speakers at several cyber security conferences I’ve been to recently have warned IT managers about the so-called dark Web, where terrorists and criminals can anonymously communicate and buy and sell botnets, malware, stolen passwords and credit card numbers.
Now a research group has published a paper on the dark Web in the hopes that security professionals and governments will come up with strategies and policies for limiting its influence.
“The dark Web and terrorists seem to complement each other — the latter need an anonymous network that is readily available yet generally inaccessible,” warns the report from the Global Commission on Internet Governance (GCIG).
“As such, it has become increasingly important for security agencies to track and monitor the activities in the dark Web, focusing today on Tor networks, but possibly extending to other technologies in the near future.”
Issued a few days ago and authored by former U.S. Homeland Security Secretary Michael Chertoff and Tobby Simon, president of the India-based Synergia Foundation, the paper is aimed at shedding light on networks that are hard to observe compared to the visible side of the Internet.
It also comes at a time when debate over Internet governance is increasing at U.N. bodies like the International Telecommunications Union. Also, the Internet Corporation for Assigned Names and Numbers’ (ICANN) contract with the United States Department of Commerce due to expire later this year, which mean a new governing body for that needs to be created.
Part of the Tor network, the dark Web is accessed through the Tor anonymous browser. It isn’t only used by bad guys: Governments, reporters and people who are under the heels of authoritarian regimes also use it for communications. Security pros who know what they’re doing also enter it to see what’s for sale, which gives them possible clues for defences. For those who don’t know much about the dark Web and want a quick primer, the eight page white paper is a good start.
The paper calls for
- mapping the hidden services directory by deploying nodes in the distributed hash table used by the Tor and I2P networks;
- customer data monitoring by looking for connections to non-standard domains;
- social site monitoring to spot message exchanges containing new Dark Web domains;
- hidden service monitoring of new sites for ongoing or later analysis;
- semantic analysis to track future illegal activities and malicious actors;
- marketplace profiling to gather information about sellers, users and the kinds of good exchanged.
While the paper notes that there have been recent arrests of cybercriminals behind sites hosted in the dark Web (like Silk Road 2.0), it warns that may lead to it becoming more fragmented into alternative dark nets or private networks, further complicating the job of investigators.
The commission was established just over a year ago to think about the future of Internet governance. It was launched by the Waterloo, Ont.,-based Centre for International Governance Innovation (CIGI) and the British think tank Chatham House.