After an arrest in Ireland in early August, a number of websites mysteriously disappeared off of the Internet. The missing websites had connectivity through Freedom Hosting, a hidden services “darknet†provider founded by 28-year-old Erin Eoin Marques. Irish authorities arrested Marques as part of an FBI sting. According to one FBI agent interviewed by an Irish court, Marques was the largest facilitator of child pornography on the Internet. Sites that had connectivity through Freedom Hosting could only be found by using a Tor-enabled browser. Tor, which stands for “The Onion Router,†is a network that helps people to protect themselves from companies and even governments that can spy on their Internet activities. If you’re thinking about a career in law enforcement so that you can be a part of shutting down darknet operations like Freedom Hosting, then you can discover more here about getting an online criminal justice degree. In your studies, you may have to grapple with questions about organizations like Tor. On one hand, Tor helps to protect journalists and activists working in dangerous countries all around the world. On the other hand, Tor also enables people like Marques to conduct illegal activities without being caught.
How Does Tor Work?
Tor was originally founded as an onion-routing project for the U.S. Naval Research Laboratory. Onion routing sends encrypted Internet communications through multiple network nodes. At each node, some of the encryption is peeled away to reveal more routing instructions, and the message is sent to the next node according to the unveiled instructions. Internet communications get from one location to another by bouncing around these multiple network nodes. Because the communications are encrypted, no intermediary node can see the origin, contents or destination of the message. Tor currently bounces communications through about 3,000 network nodes in 90 countries. If you’re an activist living in a country like Syria, then you can utilize Tor to access websites that are blocked by the government. You can also use Tor to publish your own websites or to communicate online without anyone knowing your location. Tor also protects communications for people that want to talk in sensitive forums. For example, people with certain illnesses or abuse survivors can talk without having their communications tracked.
How Did the FBI Crack Freedom Hosting’s Websites?
Tor’s browser is based on Firefox 17. The FBI created a Firefox 17 JavaScript zero-day exploit that is able to create a unique cookie and send it to a random server. The cookie fingerprints an Internet user’s browser and reports the IP address back to the FBI. Since the user’s browser is transmitting identifying information from the cookie as its communications bounce through the Tor network, the information bypasses the protection of the network. The FBI did not crack Tor’s network per se, but the exploit did reveal the importance of checking for user-side vulnerabilities. For its part, Tor separated itself from Freedom Hosting and pointed out that adversarial organizations typically target the software that runs at the onion network nodes. For instance, instead of breaking into the Tor network, attackers create exploits for Apache, PHP and MySQL programs running at individual nodes.
Is Tor Good or Bad?
As Tor development director Karen Reilly pointed out in a recent interview, people don’t have to be experiencing a particular threat to want their privacy protected while they’re online. Too often, people assume that the Internet is private by default, and they don’t realize how many digital trails they leave behind. At the same time, darknet organizations like Freedom Hosting can use Tor to cover up criminal activity, and the activity doesn’t have to be something as disturbing as child pornography. While attackers and spammers can’t launch UDP packets or send outgoing port 25 (SMTP) traffic, they can use Tor to connect to open proxies, to connect to CGI scripts that send junk e-mail and to control botnets. Tor argues that its technology gives ordinary citizens the privacy privileges that hackers and criminals can already access. However, current White House director of cybersecurity Robert Knake has suggested that services like Tor should be held accountable if they don’t cooperate with criminal investigations. Tor isn’t necessarily a haven for criminal activity; however, Tor can’t provide protection for one user while refusing to provide the same anonymity for another.