Did the FBI's Operation Onymous 'Break' the Anonymous Darknet?
In the last week, over two dozen sites on the Darknet service provider Tor were seized by the FBI. The authorities, who called their international raid "Operation Onymous" (as opposed to anonymous), have not revealed their methods, but many are speculating that, counter to the Darknet's mission, the FBI was able to break into the most anonymous section of the Internet.
Darknet is a subsection of the deep web, which contains websites that do not appear in traditional search engine results. It is distinctive for its (supposed) absolute anonymity for its users; it is an "onion router," which buries its users information under many "layers," or re-routing of their information and data through many intermediaries in order to hide the user's identity and location. By all accounts, the service is mainly used by political writers in oppressive regimes, as well as journalists and bloggers who are communicating with whistle-blowers (Edward Snowden is known to have used Tor to protect his privacy while he was sharing information about the NSA), as well as (of course) criminals. One anecdotal account characterized the Darknet as a mass of contradictions; many of the sites represent the height of idealism, as it is widely known as the go-to for political dissent and free discourse, but just as many sites represent the most cynical and degenerate of illegal activities, such as the sale of narcotics and the dissemination of child pornography.
But last week, the tide turned against the underground of the internet, as international authorities conducted a mass raid of at least 27 websites on the Darknet, making arrests all over the world. The sites ran the gamut of illegal activities, including the sale of narcotics, counterfeit credit cards, fake identity documents, and counterfeit currency (several have noted that none of the confirmed sites involved child pornography or human trafficking). The most high-profile takedown was the drug trade site Silk Road 2.0, which was reportedly a high-priority target.
But the authorities have remained almost entirely mum on their methods. FBI agent Vincent D'Agostini vaguely claimed that the bureau "identified a server located in a foreign country believed to be hosting the Silk Road 2.0 website at the time," but didn't give any further detail on the channels used in the process of identifying that server.
Once again, the question is how did the feds "locate" the Silk Road 2.0 server? pic.twitter.com/0o8JAzl1KT— Hanni Fakhoury (@HanniFakhoury) November 6, 2014
"This is something we want to keep for ourselves," said Europol's Troels Oerting. "The way we do this, we can't share with the whole world, because we want to do it again and again and again."
What are the implications?
Several theories are circulating the web, some of which are suggesting there will be more significant implications for the Darknet as a whole. Some have argued that, since the purge was relatively limited compared to the sheer number of illegal activities on the Darknet, the methods used by the FBI could be inadequate security measures specific to those sites. such as the inclusion of identifying personal information in the code of the site and bugs within the web application. In this case, the privacy of the entire Darknet would not necessarily be threatened.
However, two of the prevailing theories are more universal; first, many of the sites use a virtual currency called Bitcoin in order to pay for services within the Darknet, and a recent research paper asserted that transactions using Bitcoin are traceable. The second, and most ominous, theory, involves a series of DoS attacks, a flood of visits to the site which could potentially force the traffic through computers owned by the authorities. This is theoretical, as this method has never been used to uncover anonymous websites before, but there is evidence that it can be done. Two researchers from Carnegie Mellon, Alexander Volynkin and Michael McCord, were set to give a presentation at the Black Hat conference in which they would tell attendees how to "break" Tor through DoS attacks. They wrote in the summary of their talk, "Looking for an IP address for a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. We know because we tested it, in the wild." They claimed that their "in the wild" test involved de-anonymizing hundreds of thousands of Tor clients and collecting personal information on "suspected child pornographers and drug dealers." The talk was abruptly canceled in July, despite being one of the most highly anticipated Black Hat presentations.
In July, right after the talk was canceled, Tor released an official statement about experiencing these kinds of attacks earlier this year. They admitted that certain nodes in their network had been compromised for at least six months, and that they "hoped" the researchers were the ones carrying out the attacks, but they didn't know for sure. Several experts believe that the FBI used this method to "break into" Tor, with Nicholas Weaver, a researcher at the International Computer Science Institute, saying, "I am 95% certain that law enforcement did a mass de-anonymization attack on Tor hidden services."
Criminal activity is something like a Hydra; most notable there was a Silk Road 3.0 within hours of the raid. But in spite of this, the authorities feel that the tide is turning in favor of taking down all or most of these online criminal enterprises. Oerting said, "This is just the beginning of our work. We will hunt these sites down all the time now. We've proven we can work together now, and we're a well-oiled machine. It won't be risk-free to run services like this anymore."
No one will shed any tears over Silk Road, or any of the other sites that were taken down in this raid. But the fact of the matter is, a universal breach in Tor's security could threaten the free speech and safety of journalistic sources and whistle-blowers, not to mention soldiers and spies in the military (which was unsurprisingly responsible for creating the onion network architecture to begin with). Although catching online criminals may be a worthy goal in itself, the value of privacy, particularly when it comes to criticism of political regimes, should not be underestimated.