110 likes | 137 Views
The Tor Browser is a web broswer that anonymizes your web traffic using the Tor network, making it easy to protect your identity online. ... A few caveats: Browsing the web over Tor is slower than the clearnet, and some major web services block Tor users.
E N D
What Is Tor And The Dark Web? What Is Tor-Dark-Web There is a lot of talk about the dark web these days, including how cybercriminals often use it to spread malware, sell stolen data, and publish user account credentials. This term can be defined as an encrypted network that exists between Tor servers and their clients. It is completely separate from the web, or just the internet. Tor, an acronym for "The Onion Router," allows users to surf the Internet, chat, and send instant messages anonymously. In itself, it is not harmful. Here's https://www.torproject.org/. According to them, Tor is free software and an open network that helps you defend yourself against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential and confidential business activities and relationships. how Tor server developers see their creation at There was a 24% growth rate of sites on the dark web between 2014 and 2015. According to research conducted by Flashpoint, Tor usage has jumped again in the last year since the reveal of the program oversight of the National Security Agency. A little history Negative stereotypes on the dark web abound. In March, a CIGI (Center for International Governance Innovation) study shows that 7 out of 10 people
want this platform closed. Many people first heard of the dark web in 2013, when the FBI dismantled the “Silk Road,” the largest black market site (at the time) for arms trafficking and drugs. But the dark web did not start as a haven for criminals. Tor was developed in the mid-1990s by computer scientists and US government agencies. In 2006, the Tor Project was established as a non-profit organization to maintain Tor for public use. There are many reasons why people might want to anonymize their web activity using Tor. On the one hand, in countries where many websites are blocked, Tor provides a way to access those sites. For example, in mainland China, in September 2015, around 3,000 websites were blocked. These included most Google, Facebook, YouTube, Twitter and Instagram accounts. Anonymity was essential when communicating sensitive information or reporting abuse. Today, news outlets like "The Guardian", "The Intercept" and "The New Yorker" all host dark web sites for tips and material that have been leaked anonymously.
Like WikiLeaks, Tor and the dark web have been used to mobilize the “Arab Spring”. Some people even use Tor to prevent websites from tracking them for advertising. How does Tor work? Tor is not the only tool for accessing the dark web. It is simply the most popular. Other systems include “Freenet” or the anonymous network “Invisible Internet Project (I2P)”. How Tor works Tor transfers network traffic from the user's computer and mixes it through a random series of relays to reach its destination. Each node (or “onion router”) of the path knows its predecessor and its successor, but no other node of the circuit. Downstream traffic along the circuit is sent in fixed-size packets which are unwrapped by a symmetric key at each node (like the layers of an onion) and relayed downstream. This process anonymizes the user's location and makes it difficult to monitor user activities. Tor encryption is done by Tor servers, not on your desktop computer. Traffic between two Tor nodes cannot be traced, but traffic entering or leaving Tor gateways to (or from the “normal” Internet) unless SSL encryption is in effect.
Tor is not an end-to-end encryption mechanism. In other words, if the communication is not encrypted using separate software before entering the Tor network, anyone can read it on the gateways. Since the National Security Agency, a government agency of the United States Department of Defense, was suspected of administering a high percentage of all Tor exit gateways worldwide, you can bet that all unencrypted traffic is monitored by the NSA. Many users access Tor through a VPN. That's why: In reality, a VPN (or Virtual Private Network, in English ") allows you to usurp your geographical position. As mentioned above, anyone with the Tor egress gateway can read unencrypted communications that pass through. VPN ensures privacy Some internet service providers (ISPs) block Tor. An ISP will therefore not know that you are accessing the dark web if you are using a VPN. The Tor entry gateway will see the IP address of the VPN server, not the user's actual IP address. However, Tor exit gateways are often blocked. Additionally, a VPN does not offer any protection against malicious Tor egress gateways. Instead of using a VPN, some Tor users go through a Tor gateway like Obfsproxy, a Tor subproject that can be used to obfuscate traffic (whatever
it is) so that it becomes unrecognizable. This can be effective in hiding Tor usage if deep packet inspection is not configured to detect Tor. What does the dark web look like? The first thing to notice is the slowness of the Tor browser; even more if a VPN is used in tandem. URLs are also a bit strange. One example is wlupld3ptjvsgvsgwqwqw.onion, a dark website dedicated to Wikileaks. For this site, protocols outside of the standard HTTP / HTTPS abound, including IRC, IRCS, Gopher, XMPP, and FTP. A long-term study, carried out by TrendMicro, showed that 41% of URLs are Russian and 40% English. Finding what you want to look for is often a bit difficult, as many sites appear and disappear within days. That's not to say that there aren't search engines, for example, the Google-like Grams drug search engine. The issue is that since there are a lot of malicious web page links, some users rely on Tor.onion link lists or a friend's advice to get around. An alternative is one of the dark or deep web search engines, which talks to the onion service through Tor and relays. They resolve the ".onion" links, then deliver the end result to your regular web browser. The Dark Web, on the other hand, has some of the same types of sites available on the “normal” Internet.
Deep Web Radio is, for example, a global music radio station. But there are other dedicated hosting services, anonymous emails and chat rooms; even Twitter clones who offer this same service. In January 2016, ProPublica launched the first major news site on the dark web. Whistleblowers, human rights activists, journalists, military and law enforcement were all present. In fact, victims of domestic violence used the dark web to communicate without being followed by their attackers. A description of the dark web would not be complete without mentioning the financial sites. BIT, a new popular unit that serves to represent small amounts of Bitcoin, for example, showed a state regarding the market for stolen information and illegal goods, exploit kits and information for malicious hackers. Daniel Moore and Thomas Rid, in their book Cryptopolitik and the Darknet, reported that 57% of the dark web is made up of illegal activity. It is fair to say that the deep web, the hidden web or the invisible web, is a huge information sharing platform that facilitates criminal activity. Another alternative: cryptocurrency. It is one of the best options for securing financial transactions (like bitcoin) and anonymization networks like Tor.
They make it easy for adversaries to enter the malware market and quickly start generating revenue. Can Tor be a problem for a business? It is true that Tor has many legitimate uses. However, there are also other reasons for a network administrator to want to block all traffic based on this computer network within a company. As mentioned above, Tor might be the ideal medium for users who want to cover their tracks, but using it in your local computer network may put your organization at risk. The reason is that criminals can also use Tor to keep their communications private. In the process, they can: Bypass security checks: Tor can encrypt all traffic on your network and make monitoring your activities very difficult. Steal sensitive information: Exit nodes can monitor the traffic passing through your employees' devices and capture any unencrypted information such as login or password. Affect the reputation of your organization: the malicious people who manage the "exit nodes" can use the node in order to add malware. Any user who downloads web content through Tor could therefore put your corporate network at risk of malware infection. Carry out a denial of service (DDoS) attack: remember that traffic via the Tor network can use up the bandwidth of your corporate network. This can permanently expose your organization to a DDoS attack, which can make your server, service, or infrastructure unavailable.
Example of a threat related to the use of Tor In April 2015, the administrator of the Sigaint email service - a very popular service on the Darknet - had warned its users that Sigaint had become the target of a government agency that was trying to compromise it. The group behind this attack had attempted to hack the service using around 70 corrupted discrete output nodes. Note that, in addition to providing anonymity to users browsing the public Internet, Tor also provides a means for Internet users to host websites within Tor itself. This service is called “hidden services”. Indeed, these are addresses that end in .oion, like Facebook's https://facebookcorewwwi.onion . To access any of these sites, the user must connect to the Tor network. hidden service, In our case, Sigaint also provided a hidden service in .oion, accessible via the address at http://sigaintevyh2rzvw.onion . The problem is that the .oion addresses were generated by a hash algorithm. They therefore tended to be difficult for users to remember. To make it easier for Tor users to access this hidden service, Sigaint has posted a link on their public website. In this way, Internet users could navigate to the easier-to-remember public site and therefore have access to their email account completely anonymously via Tor's secure network.
Although this measure seemed like a good idea, it was not really! The problem is that Tor users could click on a link in a plain text HTML response that had passed through a Tor exit node. But not all of the people who participated in this network were good people. In fact, a hacker had configured at least 70 egress nodes, or around 6% of the total egress nodes at the time, to rewrite Sigaint's .oion link in the HTML response to a link that looked similar. Yet the link was not the same and it redirected users to a completely different hidden service. This malicious hidden service had acted as a reverse proxy to the legitimate SIGAINT hidden service. Thus, any user who accessed their Sigaint mailbox through the malicious hidden service was unaware that their activities were being monitored by people who at this point were still unknown. Were the consequences significant? For some of the users who had used the malicious Sigaint hidden service, the passwords were compromised. It was impossible to precisely determine the number of Sigaint users who were targeted during this attack. This was made easier by the fact that Sigaint did not use SSL on its public page.
To counter it, Sigaint administrators therefore had to consider transforming the encryption system they had used and then removing the URL to .onion from the official sigaint.org page. They were also forced to add SSL support for the mainstream site. Although it does not prevent the risk of future attacks, this measure still helps to increase the difficulty for attackers to compromise your company's server. For their part, users of the Tor service had to change their passwords. How do you prevent Tor from accessing your network? It should first be noted that it is difficult to detect and block Tor in your corporate network. Your administrators should therefore consider deploying more than one solution to increase the chances of preventing the use of this service on your network. The reason is that Tor doesn't just provide encryption. It can also look like normal HTTPS traffic, making communications through this service difficult to identify. In what follows, we will therefore try to offer you some mitigation measures to bring you closer to the goal. Prevent users from installing Tor: to do this, it is recommended to set up security control systems limiting users' access rights to a computer. This will help prevent the installation of unauthorized devices or software. Develop a black list of Tor nodes: you can also stop all outgoing traffic linked to Tor. This can be done at the firewall level, by creating an explicit deny-to-exit rule based on the IP addresses on your blacklist. This way,
you will also be able to keep a log of all hosts that may attempt to connect with the Tor nodes. You can build your blacklist using online resources such as https://www.dan.me.uk/tornodes. Block All Traffic Using Self-Signed Digital Certificates: In fact, Tor uses self- generated SSL certificates to encrypt traffic between servers and nodes. If you block all outgoing SSL traffic that uses self-signed SSL certificates on your network, this will help prevent the use of Tor. Conclusion Whether you are an employee or a business owner, it is easy to understand that you are eager to experience all of the possibilities offered by the Tor service. To browse dark web links Tor is an essential browser. However, be aware that some of these possibilities can put you (or your business) at great risk.