Cryptopolitik and the darknet

Survival

Volumn 58, Issue 1, 2016, Pages 7-38

  Moore, Daniel ^a   Rid, Thomas ^a  

^a KING'S COLLEGE LONDON   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84957549211     PISSN: 00396338     EISSN: 14682699     Source Type: Journal    
DOI: 10.1080/00396338.2016.1142085     Document Type: Article

References (93)

1. Barton Gellman and Ashkan Soltani, ‘NSA Infiltrates Links to Yahoo, Google Data Centers Worldwide, Snowden Documents Say’, Washington Post, 30 October 2013, https://www.washingtonpost.com/world/national-security/nsainfiltrates-links-to-yahoo-google-datacenters-worldwide-snowdendocuments-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html.
2. Joseph Menn, ‘Secret Contract Tied NSA and Security Industry Pioneer’, Reuters, 20 December 2013, http://www.reuters.com/article/us-usasecurity-rsa-idUSBRE9BJ1C220131221.
3. Bruce Schneier, ‘NSA Spying: Whom Do You Believe?’, Schneier on Security, 23 December 2013, https://www.schneier.com/blog/archives/2013/12/nsa_spying_who.html.
4. Kevin Kelly, ‘Cypherpunks, E-Money and the Technologies of Disconnection’, Whole Earth Review, no. 79, Summer 1993, p. 48.
5. Intelligence and Security Committee, ‘Privacy and Security’, UK Parliament, HC 1075, 12 March 2015, p. 67.
6. Alex Hern, ‘How Has David Cameron Caused a Storm Over Encryption?’, Guardian, 15 January 2015, http://www.theguardian.com/technology/2015/jan/15/davidcameron-encryption-anti-terror-laws.
7. Pierre Thomas, ‘Feds Challenged by Encrypted Devices of San Bernardino Attackers’, ABC News, 9 December 2015, http://abcnews.go.com/US/feds-challenged-encrypteddevices-san-bernardino-attackers/story?id=35680875.
8. Terminology reflects differences in culture: privacy enthusiasts and activists often refer to ‘crypto’ whereas intelligence agencies and law enforcement speak of ‘crypt’.
9. Our baseline for ‘legitimate behaviour’ is simply what is considered legal in the most liberal democratic jurisdiction on a specific issue. For free speech, for instance, this would be the United States; for recreational drugs, the Netherlands; for LGBT rights, probably Denmark.
10. James Ellis, ‘The Story of Non-Secret Encryption’, Communications-Electronics Security Group, 1987, available at https://cryptome.org/jya/ellisdoc.htm.
11. Whitfield Diffie and Martin Hellman, ‘New Directions in Cryptography’, IEEE Transactions on Information Theory, vol. 22, no. 6, November 1976, p. 644.
12. Ronald L. Rivest, Adi Shamir and Leonard Adleman, ‘A Method for Obtaining Digital Signatures and Public-Key Cryptosystems’, Communications of the ACM, vol. 21, no. 2, 1978, p. 120.
13. Stephen Levy, ‘The Open Secret’, Wired, vol. 7, no. 4, April 1999, pp. 1-6.
14. Martin Gardner, ‘A New Kind of Cipher That Would Take Millions of Years to Break’, Scientific American, vol. 237, August 1977, pp. 120-4.
15. Stephen Levy, Crypto (New York: Penguin, 2000).
16. Thomas Rid, Rise of the Machines: A Cybernetic History (New York: W.W. Norton, 2016), p. 255.
17. David L. Chaum, ‘Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms’, Communications of the ACM, vol. 24, no. 2, Februay 1981, p. 85.
18. David L. Chaum, ‘Security Without Identification: Transaction Systems to Make Big Brother Obsolete’, Communications of the ACM, vol. 28, no. 10, October 1985, p. 1030.
19. David L. Chaum, ‘World’s First Electronic Cash Payment Over Computer Networks’, Digicash, press release, 26 May 1994.
20. Judith Aldridge and David Décary-Hétu, ‘Not an “Ebay for Drugs”: The Cryptomarket “Silk Road” as a Paradigm Shifting Criminal Innovation’, 13 May 2014, http://dx.doi.org/10.2139/ssrn.2436643.
21. ‘Introduction to BlackNet’, email to cypherpunks@toad.com, 18 August 1993.
22. Peter Biddle, Paul England, Marcus Peinado and Bryan Willman, ‘The Darknet and the Future of Content Distribution’, ACM Workshop on Digital Rights Management, 18 November 2002, p. 54, https://crypto.stanford.edu/DRM2002/prog.html.
23. It is immensely difficult to accurately gauge darknet sizes, as metrics vary greatly, including traffic, services offered, users, relays and others.
24. Cath Everett, ‘Moving Across to the Dark Side’, Network Security, no. 9, 2009, pp. 10-12.
25. Recent assessments by the Tor Project gauge hidden-services traffic to constitute 3-6% of the overall traffic in the Tor network. For a technical breakdown, see ‘asn’, ‘Some Statistics about Onions’, Tor Project, 26 February 2015, https://blog.torproject.org/blog/33 fora technical breakdown.
26. Roger Dingledine, Nick Mathewson and Paul Syverson, ‘Tor: The Second-Generation Onion Router’, in Proceedings of the 13th USENIX Security Symposium, 2004, https://www.usenix.org/legacy/event/sec04/tech/dingledine.html.
27. Abdelberi Chaabane, Pere Manils and Mohamed Ali Kaafar, ‘Digging into Anonymous Traffic: A Deep Analysis of the Tor Anonymizing Network’, 2010 4th International Conference on Network and System Security (NSS), 1 September 2010, p. 167, http://planete.inrialpes.fr/papers/TorTraffic-NSS10.pdf.
28. Dingledine et al., ‘Tor: The Second-Generation Onion Router’, p. 1.
29. A compromise successfully employed by the FBI to decloak users accessing illicit services in 2013.
30. Kevin Poulsen, ‘FBI Admits It Controlled Tor Servers Behind Mass Malware Attack’, Wired, 13 September 2013, http://www.wired.com/2013/09/freedom-hosting-fbi/.
31. The Tor Project’s commitment to security is exemplified by their extensive release notes for the Tor Browser Bundle, and Tor’s core. See https://blog.torproject.org/category/tags/release.
32. Keith D. Watson, ‘The Tor Network: A Global Inquiry into the Legal Status of Anonymity Networks’, Washington University Global Studies Law Review, no. 11, 2012, pp. 718-723.
33. SecDev Foundation, ‘Syrian Regime Tightens Access to Secure Online Communications’, 27 October 2015, http://new.secdev-foundation.org/syrian-regime-tightens-access-tosecure-online-communications.
34. Gareth Owen, ‘Tor: Hidden Services and Deanonymisation’, presentation at Chaos Computer Club Conference 2004, https://www.youtube.com/watch?v=-oTEoLB-ses;Alex
35. Biryukov, Ivan Pustogarov and R. Weinmann, ‘Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization’, 2013 IEEE Symposium on Security and Privacy, 19 May 2013, pp. 80-94, https://doi.org/10.1109/SP.2013.15
36. Clement Guitton, ‘A Review of the Available Content on Tor Hidden Services: The Case Against Further Development’, Computers in Human Behavior, vol. 29, no. 6, 2013, pp. 2805-15.
37. Dingledine et al., ‘Tor: The Second-Generation Onion Router’, p. 9.
38. ‘Some Statistics About Onions’, Tor Project, 26 February 2015, https://blog.torproject.org/blog/some-statistics-about-onions.
39. Biryukov et al., ‘Trawling for Tor Hidden Services’, pp. 80-94.
40. Alex Biryukov et al., ‘Content and Popularity Analysis of Tor Hidden Services’, Distributed Computing Systems Workshop, 2014 IEEE 34th International, Madrid, 30 June 2014, pp. 188-93, https://doi.org/10.1109/ICDCSW.2014.20.
41. Guitton, ‘A Review of the Available Content on Tor Hidden Services’.
42. Biryukov et al., ‘Content and Popularity Analysis of Tor Hidden Services’; and the hidden-service repository Ahmia.fi, available at http://ahmia.fi, which registers 5,197 active hidden services as of 10 January 2016. These numbers approximately match our own.
43. Our findings are comparable in scale to those using the previous approaches mentioned.
44. See, for example, Biryukov et al., ‘Content and Popularity Analysis of Tor Hidden Services’.
45. DDoS stands for Distributed Denial of Service, a technique in which the attacker floods the victim service with more traffic than it can handle, thereby preventing legitimate users from accessing it.
46. See, for example, a recent ISIS Tor guide, ‘Full and Detailed Archive of Information Security and Browsing Security and the Use of the Tor Network Provided to Supporters of #Ath_Alasalamah’, 4 October 2015, https://archive.org/details/ISIL-tor-guide.
47. From the home page of a small vendor website named ‘Unique Notes’.
48. In a recent example, the shuttering of the Darkode underground market and subsequent arrests have led to the site’s resurfacing as a hidden service. See Kim Zetter, ‘Dozens Nabbed in Takedown of Cybercrime Forum Darkode’, Wired, 15 July 2015, http://www.wired.com/2015/07/dozens-nabbed-takedown-cybercrime-forum-darkode/
49. Liat Clark, ‘Hacker Forum Darkode is Back and Safer than Ever’, Wired, 28 July 2015, http://www.wired.co.uk/news/archive/2015-07/28/darkode-back-and-more-secure.
50. Often called ‘Bitcoin mixers’, these services generate a stream of transactions to turn investigations into a highly complex procedure.
51. Website named ‘CleanCoin - Low-Fee Bitcoin Mixing/Tumbling/Laundry Service’, URL withheld. Website named ‘Dark Tor Drugs’, URL withheld. Website named ‘paste.lolz’, a darknetbased clone of the popular textual posting site Pastebin (http://pastebin.com), URL withheld.
52. The front page of a website named ‘Meet My Sisters’, URL withheld.
53. Website named ‘Pedo List’, discussion named ‘13 Year-Olds Have Sex’, URL withheld.
54. Website named ‘Hitman Network- Hire Real Killers With Bitcoin, the Only True Hitman Site on the Deep Web’, URL withheld.
55. Michael G. Reed, ‘Re: Onion Routing’, email to Wei Dai, 4 March 1997, http://www.onion-router.net/Archives/onions-1997.txt.
56. Roger Dingledine, Nick Mathewson and Paul Syverson, ‘Deploying Low-Latency Anonymity: Design Challenges and Social Factors’, IEEE Security & Privacy, vol. 5, no. 5, September/October 2007, pp. 83-7.
57. Timothy May, ‘Re: Encryption and the 2nd Amendment’, email to cypherpunks@toad.com, 20 January 1996.
58. Timothy May, ‘Re: Blacknet Worries’, email to cypherpunks@toad.com, 20 February 1994.
59. The line was commonly repeated among cypherpunks. See, for example, Loren James Rittle, ‘The Clipper Chip Proposal’, email to the Vice President of the United States, copied to cypherpunks@toad.com, 21 July 1994.
60. Stephen Levy, ‘Crypto Rebels’, Wired, May/June 1993, pp. 54-61.
61. ‘We advocate encryption’, said Robert Hannigan, the director of the spy agency, in November 2015.
62. Alexander J. Martin, ‘GCHQ Director Blasts Free Market, Says UK Must Be a “Sovereign Cryptographic Nation”’, Register, 15 November 2015, http://www.theregister.co.uk/2015/11/10/gchq_director_speech/.
63. This is a counterproductive term. The controversial draft UK Investigatory Powers Bill, for example, does not call for back doors; instead, the government may demand that communicationservice providers remove end-to-end encryption from specific user accounts if presented with a warrant. Maintaining such a capability is not technically a back door.
64. Nicole Perlroth and David Sanger, ‘Obama Won’t Seek Access to Encrypted User Data’, New York Times, 11 October 2015, p. A24. Even before the White House’s decision, the Home Office had decided that the Investigatory Powers Bill would probably not change the legislative status quo on encryption in the UK. Thomas Rid, conversation with senior Home Office officials, 9 October 2015.
65. Lasse Øverlier and Paul Syverson, ‘Locating Hidden Servers’, 2006 IEEE Symposium on Security and Privacy, May 2006, pp. 100-14, https://doi.org/10.1109/SP.2006.24
66. Lasse Øverlier and Paul Syverson, ‘Valet Services: Improving Hidden Servers with a Personal Touch’, Privacy Enhancing Technologies, 1 January 2006, pp. 223-44.
67. Ross Anderson, ‘The Eternity Service’, Proceedings of PRAGOCRYPT, October 1996, pp. 242-52.
68. Michael G. Reed, Paul F. Syverson and David M. Goldschlag, ‘Anonymous Connections and Onion Routing’, IEEE Journal on Selected Areas in Communications, vol. 16, no. 4, 1998, pp. 482-94, https://doi.org/10.1109/49.668972.
69. David M. Goldschlag, Michael G. Reed and Paul F. Syverson, ‘Hiding Routing Information’, Information Hiding, 1996, pp. 137-50
70. Dingledine et al., ‘Tor: The Second-Generation Onion Router’.
71. Paul Syverson and Griffin Boyce, ‘Genuine Onion: Simple, Fast, Flexible, and Cheap Website Authentication’, IEEE Workshop on Web 2.0 Security and Privacy, May 2015, http://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/pdfs/15-1231-0478.pdf.
72. For an overview, see ‘The Official SecureDrop Directory’, http://secrdrop5wyphb5x.onion/directory. DuckDuckGo is at http://3g2upl4pq6kufc4m.onion/
73. ProPublica, the Darknet’s first major news site, is at http://www.propub3r6espa33w.onion/.
74. The first news site was possibly Kavkaz Center, a Chechen jihadi site launched in 2013.
75. Alec Muffett, conversation with authors, 1 April 2015.
76. For an introduction, see Kevin Poulsen, ‘Strongbox and Aaron Swartz’, New Yorker, 14 May 2013.
77. See ‘Tor: 80 Percent of ??? Percent of 1-2 Percent Abusive’, Tor Project, 31 December 2014, especially Roger Dingledine’s posts, as ‘arma’, https://blog.torproject.org/blog/tor-80-percent-percent-1-2-percent-abusive.
78. Syverson and Boyce, ‘Genuine Onion’.
79. ‘Hidden Services Need Some Love’, Tor Project, 22 April 2013, https://blog.torproject.org/blog/hidden-services-need-some-love.
80. Glenn Greenwald, No Place to Hide (New York: Macmillan, 2014), p. 24.
81. Thomas Jefferson, ‘Jefferson’s Draft’, in The Papers of Thomas Jefferson, Volume 30: 1 January 1798 to 31 January 1799 (Princeton, NJ: Princeton University Press, 2003), pp. 536-43, available at https://jeffersonpapers.princeton.edu/selected-documents/jefferson%E2%80%99s-draft.
82. Julian Assange, Cypherpunks (New York: OR, 2012), p. 4.
83. Joseph Cox, ‘ISIS Now Has a Propaganda Site on the Dark Web’, Motherboard, 16 November 2015, http://motherboard.vice.com/read/isis-now-has-a-propaganda-site-onthe-dark-web.
84. For details, see ‘Learning More About the GFW’s Active Probing System’, Tor Project, 14 September 2015.
85. Kari Paul, ‘Russia Wants to Block Tor, but it Probably Can’t’, Motherboard, 18 February 2015, http://motherboard.vice.com/read/russia-wants-to-blocktor-but-it-probably-cant.
86. Oren Dotan, ‘Russia Moves to Ban Tor and Anonymous Web Surfing’, Vocativ, 10 February 2015, http://www.vocativ.com/tech/internet/dark-net-russia/.
87. For an introduction, see John Bew, Realpolitik: A History (New York: Oxford University Press, 2016).
88. See ‘The Trust Machine’, The Economist, 31 October 2015, http://www.economist.com/news/leaders/21677198-technologybehind-bitcoin-could-transformhow-economy-works-trust-machine.
89. One caveat that does not affect our argument: some commercial products, such as Symantec Encryption Desktop, use open-source code; and some non-profit crypto systems are not open-source, such as Wickr, an endto-end encrypted app. Some large communication-service providers also argue that their system architecture may not allow them to remove encryption. Author conversations with three global end-to-end encryption providers, November-December 2015.
90. Vindu Goel and Vinod Sreeharsha, ‘Brazil Restores WhatsApp Service After Brief Ban’, New York Times, 18 December 2015, p. A10.
91. Perlroth and Sanger, ‘Obama Won’t Seek Access to Encrypted User Data’.
92. Ciaran Martin [director-general for cyber security at GCHQ], witness statement to Investigatory Powers Tribunal, IPT/14/85/CH, 16 November 2015, pp. 4-8.
93. Dingledine, Mathewson and Syverson, ‘Deploying Low-Latency Anonymity’.