The darknet, also known as the dark web, is a concealed section of the internet that's inaccessible via standard search engines. You can only access it using special software, settings, or authorization. This area comprises websites and content that are purposely kept hidden from public view.
Accessing darknet requires using Tor Browser, a special web browser that routes your internet traffic through a global network of relays managed by volunteers. This way, it becomes very difficult to trace which websites you're visiting, and these sites won't know where you are located.
When visiting the dark web, use a secure browser like Tor, do not reveal any of your personal information, and don't open suspicious files or links to stay safe.
The Darknet is often utilized for secure communication, discreet information or file sharing, anonymous research without identity exposure, and occasionally for engaging in illicit activities. It is also recognized for hosting underground black markets(darknet markets), whistleblowing platforms, and discussion boards that champion freedom of speech.
While accessing Darknet Markets themselves is typically not against the law in most places, engaging with illicit goods within them is generally considered a crime. On the other hand, some people might visit Darknet Markets for lawful purposes such as research, journalistic work, or simply to explore online communities. It's essential to know the local laws regarding online activities, and be cautious when using these platforms to avoid any potential issues.
Investigations in the Darknet: Law Enforcement Agencies Erode Tor Anonymity
The Tor network is widely regarded as the primary tool for anonymous internet browsing. Law enforcement agencies have seemingly started to penetrate it to unearth criminal activity. They have achieved success in at least one instance.
German law enforcement agencies sometimes monitor Tor network servers for months in an effort to unmask Tor users. This is particularly true for sites on the darknet. Research conducted has uncovered this practice. The findings indicate that the data collected during these surveillance operations is analyzed statistically, effectively eliminating Torâs anonymity. Journalists found documents that detail four successful operations from a single investigation. These are the first known 'timing analyses' within the Tor network, a feat once thought nearly impossible.
The largest anonymization network globally
Tor stands as the largest network dedicated to anonymous web browsing in the world. Users of Tor connect through various servers, referred to as Tor nodes, which conceal their online activities. By utilizing the Tor browser, individuals can browse the internet anonymously or access sites on the darknet. Currently, there are nearly 8,000 active Tor nodes spread across about 50 nations, with around two million users logging on each day.
The network is particularly favored by journalists and human rights advocates, especially in nations with internet censorship. In Germany, NDR and other media have set up anonymous "mailboxes" on the Tor network. They let whistleblowers share information securely. Likewise, Deutsche Welle has made its website accessible on the darknet to evade censorship in certain regions.
Infiltration of the Tor Network
Recent investigations reveal law enforcement's evolving tactics to infiltrate Tor. Long a technical challenge, agencies now monitor specific nodes, often for extended periods. While Tor offers anonymity, it also draws criminals engaging in cyberattacks and illicit darknet markets. This duality has fueled a cat-and-mouse game between authorities and those exploiting Tor's protective shield for nefarious purposes.
Experts refer to this approach as "timing analysis": the more nodes in the Tor network that authorities observe, the greater the chances that a user will attempt to anonymize their connection through one of those monitored nodes. Analyzing the timing of individual data packets can trace anonymized connections back to the Tor user. This is despite the multiple layers of encryption in the Tor network.
The 'Ricochet' chat service served as a trap
Research conducted revealed that the German Federal Criminal Police Office (BKA) and the Public Prosecutor General's Office in Frankfurt am Main effectively utilized a certain method during their investigation into the paedocriminal darknet platform âBoystownâ. They managed to repeatedly identify Tor nodes employed by one of the operators to maintain anonymity.
For instance, the BKA scrutinized Tor nodes connected to platforms used by the then-admin of 'Boystown', Andreas G., to access the Tor network. This included a chat where key members of various paedocriminal forums shared information. On two occasions, investigators pinpointed some 'entry servers' linked to the 'Ricochet' chat service that G. used. This marked a major breakthrough for the BKA. Subsequently, the district court (Amtsgericht) of Frankfurt Main mandated that the provider TelefĂłnica ascertain which o2 customers had connected to the identified Tor nodes. This investigation ultimately led to the arrest of Andreas G. in North Rhine-Westphalia. In December 2022, he was sentenced to several years in prison, though the judgement is still pending finalization.
Strengthening International Collaboration
The BKA received vital information regarding the âBoystownâ case from the Netherlands. This appears to be no coincidence, as Germany, the Netherlands, and the USA host the largest number of Tor nodes. The public prosecutor's office in Frankfurt Main would not confirm or deny any involvement in a 'timing analysis' related to the 'Boystown' case. The Federal Criminal Police Office (BKA) also declined to comment.
Nevertheless, reporters were able to interview individuals with independent knowledge of the extensive monitoring of Tor servers. Reports indicate that the number of surveilled Tor nodes in Germany has surged in recent years. The collected data suggests these nodes are likely being used for âtiming analysesâ. Experts who reviewed the research documents corroborated these findings. Matthias Marx, a spokesperson for the Chaos Computer Club (CCC), stated: âThe documents, along with the detailed information, strongly imply that law enforcement has repeatedly and successfully conducted timing analysis attacks on specific Tor users over the years to deanonymize them.â
A Significant Challenge for the Tor Project
These disclosures represent a significant challenge for the Tor Project. The US-based non-profit, which maintains the anonymity network, said it knew of no documented instances of "timing analysis." A spokesperson added that there were no signs of attacks on the Tor browser. So, users can safely and anonymously use it to access the web. A representative from "Ricochet," now "Ricochet Refresh," said she knew of no other cases of deanonymized users. She noted that the software has been improved in recent years and is still one of the safest options for online communication.
Matthias Marx from the CCC cautions about the implications of this capability: âThis technical ability exists not only for German law enforcement to address serious crimes but also for oppressive regimes to target political dissidents and whistleblowers. Consequently, the Tor project is now under pressure to enhance its anonymity protections.â