WEB VILLAINY
Depending on perspective & priorities, the turn of the Century has brought many developments; but as far as I'm concerned, the greatest development of all is the globalization of the Internet. Without the Web, people like me would have found it very difficult to run our businesses, make alliances or even find information we actually want to know (unlike what the average TV news channel has to offer).
But sadly, that same freedom of information & communication has proven to be an equal (or even greater) boon to the criminal underworld, who have turned a percentage of the Web into a pleasantly anonymous platform for any & every kind of illicit transaction under the Sun. Such activities have become so prolific, that they have changed the image of the Dark Web from a place for people to discuss distasteful political topics, to a booming criminal marketplace.
This poses a whole new problem, primarily for Internet entrepreneurs (like yours truly). How can we make certain our business names don't get sullied by freeloading criminals, if we have no idea how they do it? The best case scenario would be a regular journal of some sort that specializes in keeping the business world informed about the latest online misdemeanor or felony, without getting lost in a technical sermon on ones & zeroes. But the absence of such a magazine or newspaper would indicate that the question of offering relevant information at profitable rates has not been satisfactorily answered as yet. In the meantime, this week's edition attempts to clear up the confusion - to a certain extent - by offering a primer of the commercially-significant factors in the Dark Web phenomenon currently sweeping the globe.
Online Black Markets
An online black market is a website or group of websites, usually found via the Tor browser on the Dark Web, upon which goods or services are traded illegally. The key distinction between a legal commercial website & an online black market is that the transaction itself is illegal. The goods or services may or may not themselves be illegal to own, or to trade through other, legal channels.
The Silk Road was an online black market and the first modern Dark Web market, best known as a platform for selling illegal drugs. It was launched as a partnership between "Dread Pirate Roberts" (confirmed real name Ross William Ulbricht), "Variety Jones" (suspected real name Thomas Clark) & "Smedley" (suspected real name Mike Wattier). Its US operations lasted from February 2011 to October 2013, when the FBI shut it down; its European operations were re-launched as "Silk Road 2.0" & went on until November 6, 2014, after which it was deactivated by Europol.
During the time it was open for business, it is said to have made an annual revenue of approximately US$15 million & sold an entire range of products, some of which were drugs, fake driver's licenses, apparel, art, books, cigarettes, erotica, jewellery, & writing services. Weapons (primarily guns) were sold on a sister site called "The Armory" in 2012, but was shut down within a year because of prohibitively slow sales (possibly because other sites such as "Black Market Reloaded" were rumored to be far more convenient when it came to transactions involving items such as weapons of all types, stolen credit cards, child pornography & assassinations).
However, the business model of the original Silk Road has apparently engendered plenty of respect & admiration on the Dark Web, turning it into something of a Hydra-like problem. After the closure of Silk Road 2.0 in November 2014, "Diabolus Market" (another Dark Web black market site) renamed itself to "Silk Road 3 Reloaded". Further, "Silk Road Reloaded" launched (on I2P with multiple cryptocurrency support & similar listing restrictions to the first Silk Road site) in January 2015.
Ransomware
Ransomware is a type of malware that prevents or limits users from accessing their computer systems & databases. It compels its targets to make blackmail payments through specific online methods in return for getting access to their systems, or to have their data returned.
Some examples of well-known ransomware are Reveton (launched in 2012), CryptoLocker (launched in 2013), CryptoLocker.F, TorrentLocker & CryptoWall (all launched in 2014).
INTERNET INSECURITY
The short summary on ransomware brings us to the question of what exactly is malware & how does it operate? Malware is an umbrella term that covers a variety of intrusive software & malicious programs such as advanced persistent threats (APT), backdoors, greyware, rootkits, trojan horses, viruses & worms. Given below are useful & relevant descriptions of each of these computer threats (courtesy Wikipedia & Webopedia).
Advanced Persistent Threat (APT)
Also called evasion. A targeted attack that uses multiple phases to penetrate a network and then obtain valuable information over an extended period of time.
Backdoor
Also called a trapdoor. An undocumented way of gaining access to a program, online service or an entire computer system.
Greyware
Malicious software or code that is considered to fall in the "grey area" between normal software and a virus. Greyware is a term for which all other malicious or annoying software such as adware, spyware, trackware, and other malicious code and malicious shareware fall under.
Rootkit
A type of malicious software that is activated each time your system boots up. Bootkits extend the basic functionality of rootkits by infecting the master boot record (MBR) in order to remain active even after a system reboot.
Trojan Horse
A destructive program that masquerades as a benign application. Unlike viruses, trojan horses do not replicate themselves but they can be just as destructive.
Virus
A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.
Worm
A program or algorithm that replicates itself over a computer network and usually performs malicious actions.
DON'T BE AFRAID OF THE DARK
The uncomfortable mystique of the Dark Web is the same as the ancient fear of "falling off the edge of the World", which was fairly prevalent among sailors when people believed that the Earth was flat. This fear dissolved only once the knowledge of the Earth's actual shape & the concept of gravity became available to all of mankind. This story teaches us that the only way to ward off a threat is to understand how it works. Knowledge converts fear to caution.
Doing business on the Dark Web is based on three important requirements: a bitcoin account, a website with a .onion domain name & a Tor browser, all of which are free courtesy of donations from various non-profit organizations & (according to rumors) certain arms of the US Government.
Bitcoin (BTC)
Bitcoin is an online form of (more-or-less) fixed asset & payment system. It was invented by an unidentified person or group whose online pseudonym is Satoshi Nakamoto in 2008 & released as an open source software on January 3, 2009.
Network nodes (i.e. computers dedicated to the purpose) verify transactions, which are then recorded in a publicly distributed ledger known as the block chain. A group of accepted transactions is known as a block; a block is created, included in the block chain & published to all nodes, approximately every ten minutes. By current regulations, each block is worth about 25 bitcoins (until mid 2016), & then afterwards 12.5 bitcoins per block for 4 years until next halving. This halving continues until 2110-2140 when 21 million bitcoins have been issued.
Bitcoin exchange rates vary (much like any other commodity) according to time & place. It is regularly used for a number of legal transactions (for example, US Presidential candidate Rand Paul accepts campaign donations in bitcoin), but it is most well-known for its popularity on the Dark Web.
.onion Domains
The .onion domain name is a top level domain (TLD) suffix for anonymous hidden service websites accessible solely via the Tor network. The .onion domains aren't actual DNS names, and the .onion TLD is not in the Internet DNS root, but with the appropriate proxy software, web browsers can access sites with .onion addresses by sending the request through the Tor server network. The purpose is to make both the information provider & the person accessing the information relatively untraceable, by one another, by an intermediate network host, or by an outside party.
The Onion Router (TOR)
The fundamental principle of Tor, "onion routing", was developed in the mid-1990s by United States Naval Research Laboratory mathematician Paul Syverson & computer scientists Michael G. Reed & David Goldschlag. The purpose was to protect U.S. intelligence communications online. Onion routing was further developed by DARPA in 1997. However, the official version of Tor was not ready until September 20, 2002. Syverson worked with two other computer scientists Roger Dingledine & Nick Mathewson to create this new iteration of the original software.
In December 2006, Dingledine, Mathewson & five others founded The Tor Project, a Massachusetts-based 501(c)(3) research-education non-profit organization responsible for maintaining Tor. The Electronic Frontier Foundation (EFF) acted as The Tor Project's fiscal sponsor in its early years, & early financial supporters of The Tor Project included the U.S. International Broadcasting Bureau, Internews, Human Rights Watch (HRW), the University of Cambridge, Google, & Netherlands-based Stichting NLnet.
Tor conceals user identities & online activities through the implementation of "onion routing"; this concept is defined as the process of the encryption (which is multi-layered - hence the onion metaphor) & random bouncing of communications around a relay network operated & maintained by thousands of volunteers across the world. This system means two things: firstly, concealment from surveillance & traffic analysis, & secondly, the anonymity of the sender & receiver of information even to each other.
PRACTICAL PANACEAS
So, how can an Internet firm protect itself from the creepy-crawlies that might slither out of the Dark Web & attack it? The technological answer consists of two options: an air-gapped network (in networks, an air gap is a type of security where the network is secured by keeping it separate from other local networks & the Internet. While this provides security, it also limits access to the network by clients) or the protective software programs offered by companies like Intel Security Group (formerly McAfee, Inc.), Kaspersky & Symantec.
But the most important thing we can do to protect ourselves is the oldest trick in the book: Gather as much information as possible about the latest scams making the rounds, & identify the way in which your personal assets can be of use in such illicit schemes. After all, a hired guard isn't working to protect your interests because he loves you; he is pursuing a career or funding a lifestyle. Only you are actually concerned about the continued welfare of your holdings.
No comments:
Post a Comment