Peeling back the darknet

Mark Gregory is a Senior Lecturer in the School of Electrical and Computer Engineering at RMIT University.

Most organisations are unaware of the need to bring darknet expertise in-house to ensure that there will be no surprises bubbling out of the darkness. The darknet does not have a pretty face, but it is not entirely evil either; so what is it that your organisation should know about the darknet, and why?

The darknet is a private network where connections are made using friend-to-friend (F2F) trusted peering with non-standard protocols and Internet Protocol (IP) ports.

In some respects, the idea behind the darknet is similar to an enterprise network that utilises MPLS (Multiprotocol Label Switching) to provide fast tunnels between facilities such as branch offices. An enterprise network is a private network that that is under the organisations control, but may utilise infrastructure provided by an eternal service provider.

The most common darknet approach utilises facilities connected together over the public Internet which means that sophisticated approaches including encryption, non-standard protocols and IP ports are used to ensure that the nodes, services and applications, users and other components remain private and are not able to be interrogated by third parties.

An example of the methods used to build a darknet is the Tor project which provides a free software application that acts as an anonymiser when used in conjunction with the Tor open network.

The Tor project states that it aims to “defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.”

Tor was “originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.”

But the darknet has been slowly peeled back by organisations that often have competing interests including the US government agencies including the NSA and FBI, non-US government agencies and organised crime.

The darknet is a petri dish that provides the opportunity to learn not only how to create and build private networks that exist using public infrastructure, but also provides the opportunity to hack into the darknet to capture information and user identity.

A key facet to the attacks on the darknet has been the use of man-in –the-middle (MITM) attacks and the ongoing development of techniques that focus on unravelling the IP traffic including decryption techniques that utilise massive computing resources to break into private information streams.

What this means for the average organisation is the need to develop a plan that builds awareness within the organisation of the digital arms race, how it will be necessary to regularly update infrastructure and security capability and to maintain either in-house expertise or to maintain a relationship with a reliable digital security provider.

Enterprises are not safe, and the belief that external threats come through the public facing firewall is a mistake that is made all too often. The techniques being developed to break into the darknet will be utilised to break into commercial private networks and this means every node, link and user connection is at risk necessitating a hierarchy of intruder detection capability, including working with any infrastructure service providers used to provide components of the enterprise network.

Another aspect of the darknet that is often overlooked is the ability by enterprise employees to setup darknet tools on the enterprise IT systems or to introduce this capability if the enterprise has a bring-your-own-device (BYOD) environment.

BYOD reduces costs but escalates security problems so it is vital that BYOD networks are secured, segmented from non-BYOD areas and monitored utilising the latest digital security systems.

Unfortunately key technologies used to provide digital security have been found wanting in recent years and the OpenSSL bug found in June 2014 was far worse than the previously top security bug known as heartbleed.

As the darknet is attacked by all and sundry, the outcomes provide an insight into the methodologies being used to disrupt criminal activities through websites such as the infamous "Silk Road". Operation Onymous was a successful effort by the 16 member nations of Europol, the FBI and the US Immigration and Customs Enforcement agency to disrupt illegal websites on the darknet.

Does this mean that organisations should throw up their hands in the belief that expenditure on digital security is a waste?

Read more: The Active International Response to Cyber Crime

Adopting digital security policies and procedures provides awareness, expertise and ensures that organisations adopt prudent network segmentation and backup measures to protect key systems and intellectual property in the event that there is a security breach.

Without a security mindset organisations would not develop the plans, infrastructure and expertise to deal with the growing range of digital security and privacy issues that are fundamental for successful participation in the global digital economy.

In the digital world, being a leader in security and privacy provides customers with increased brand awareness and confidence that the organisation can be trusted. Failure to take security and privacy seriously is a mistake that can seriously damage an organisation and lead to unwanted publicity and court action.

Tags BYODEnex TestLabRMIT Universityinternet protocolTOR ProjectInternet Protocol (IP)Mark GregoryDarknetU.S. Naval Research LaboratoryCSO AustraliaMPLS (Multiprotocol Label Switching)F2Fpersonal freedomunaware

Show Comments