Onion Routing and Darknets
Technology is marvelous. It enables, encourages and aids us in our daily lives and in ways, which many have never dreamed possible. Technology is a gift, as fire from Prometheus was to humanity; it is an essential enabler. Technology lacks intention, as it is inanimate. We give it purpose. Or perhaps more appropriately, we append intentions and uses to it and describe use cases for it. Some good, some bad, but all our own. Technology lacks the ability to discern right from wrong (note: let’s table any discussion about AI or the like for the moment as that is an entirely different and drawn discussion); good from bad in the way in which you or I might. Technology represents the manifestation of ideas from the realm of thought into the material world. Innovations, which were once in the mind or on the development board of men and women the world over, made reality by the hard work and ingenuity of those same men and women or others of like mind. However, this is not to say that technology cannot (as we have seen and described so often here and likely will in the future), be used for purposes other than those for which they were originally intended with nefarious or dark ends in mind. However, this is not technologies fault but rather the fault of man.
While researching in the lab some malware, I got side tracked and began playing with covert channel technology in virtual environments. Nothing fancy, just run of the mill technology that is easily had. In doing so, I began thinking a great deal about the use cases for such technology in the public sector, the private sector and points outside of those worlds. In digging more deeply I began to notice something troubling, something that resonated deeply within my mind and security driven personality and that was the potential for utilization of such technology for bitter ends. I have been tinkering with Onion Routing technology for years. Largely because I find that, some of the most effective means of obfuscating ones intentions are not necessarily to be had in convoluted, high-speed low drag technologies but rather in mature yet lesser known ones which take advantage of clever algorithmic implementations and cryptography. Take Onion Routing for example.
Onion Routing is not new. In fact, Onion Routing enabled environments have been around for more than a decade now and date back to the original intellectual property developed by Michael G. Reed, Paul F. Syverson, and David M. Goldschlag, and patented by the United States Navy in US Patent No. 6266704 (1998). Nowadays, several technologies and solutions utilize Onion Routing — some above scrutiny and others squarely positioned to be scrutinized. Onion Routing quite simply, is a technique that enables anonymous communications over networks and computer systems. It works by repeatedly encrypting and then forwarding message traffic to network nodes known as Onion Routers (catchy huh?). Each Onion Router then removes a layer of encryption within the message traffic it has received in order to uncover the next set of routing instructions. It then forwards the message traffic on to the next router where the process is repeated until delivery is complete. The net effect is that no node (ideally), knows who the original source of the traffic was, what the intended destination is, or what the contents of the message traffic is thusly creating an inherently ’secure’ transmission environment which applies and affords “plausible deniability” to those using it. However, during the course of researching, tinkering and reading the research work of others, it became clear to me (as it had been to others as well), that Onion Routed environments are no more secure than any other environment if one takes the time to study and look for opportunities of exploitation. It is possible to monitor, intercept and observe data being sent and received (in motion and at rest), on a local host. Many consider this indisputable and I tend to agree with them. Here is a short list of weaknesses associated with Onion Routed environments:
- Weak defense against timing analysis
- Intersection attacks and predecessor attacks
- Exit node issues (can be sniffed by the operator)
So far it all sounds pretty cut and dry right? Then I began looking at what and why these solutions might be utilized outside of the public sector and for what purpose. There is a variety of reasons individuals and groups might gravitate towards utilizing these communications models. Some lay squarely in the realm of criminal activity. Others masquerade under the pretense of political discourse (hiding behind United States Supreme Court rulings on the rights to anonymity for citizens as part of political discourse activities — which by the way I think is fine so long as that is what is truly occurring), while in all actuality attempt to push subversive or counter culturally driven agendas (which, if they were exposed for what they truly represent I reckon would not garner the protection afforded to citizens by the Supreme Court decision). In this entry, I am going to avoid delving too deeply into scrutinizing the intentions of those who use this technology as a means of effectively promoting political discourse. I will say that I believe there are those who utilize the technology (like all technologies and media if given the chance — TV, radio, newspapers, magazines, blogs, podcasts etc.), for questionable purposes largely due to its ability to obfuscate source and destination in addition to its availability.
Crypto-anarchism poses a threat to us all. Whether someone is leveraging ‘darknets’ to propagate information or ideologies (so of which is illegally obtained and deemed sensitive and / or classified), or giving presentations with no intention of obfuscating their intentions on subject matter deemed subversive. We as information security professionals must be alert and vigilant. In doing so, we can better defend those who cannot defend themselves while aiding in preventing criminal activity. There is a need to ‘watch the watchmen’. I believe it is the responsibility of us all to do so; not a minority. Especially a minority who believes they are above the law and entitled to disseminate information that they are not legally entitled. That is dangerous business and not for amateurs. Information, which is deemed ‘sensitive’ or ‘classified’ should be treated as such and tradition dictates, is disseminated on a ‘need to know basis’. Deviating from that practice, regardless of what one believes to be legitimate reasoning is dangerous, and criminal. I believe that technologies such as Onion Routed networks or ‘dark nets’, can be utilized for good, however, they are and will likely continue to be corrupted and used for illegal, subversive and nefarious purposes as well.
Comments
Leave a Reply
