#cybersecurity

The Dark Web

ericcrichardson Leave a comment

In the vast expanse of the internet, a section lurks in the shadows, often misunderstood and shrouded in mystery: the dark web. This article aims to demystify this hidden segment of the digital world, exploring its history, uses, and the threats it poses, as well as the reasons why individuals may venture into this digital abyss.

So Just What is the Dark Web? The dark web is a part of the internet that isn’t indexed by standard search engines like Google or Bing. Accessible only through special software like Tor, which anonymizes users’ identities and locations, the dark web is often associated with a variety of illegal activities. However, it’s important to understand that it also serves as a haven for legitimate, privacy-seeking activities, especially in countries where free speech is restricted.   The origins of the dark web are closely linked to the development of the Tor network, originally created by the United States Naval Research Laboratory in the mid-1990s. It was designed to protect intelligence communications online. The Tor browser, released to the public in 2002, repurposed this technology for broader use, inadvertently paving the way for the dark web’s emergence.

Contrary to popular belief, the dark web isn’t solely a hub for criminal activity. It’s a complex ecosystem with both nefarious and noble uses. Are there wild rumors about what you can do? By all means there are, but I really do think they are at least partially fiction.  Some examples of very real, horrible observed activities which the Dark web can support”

  • Cybercrime: The dark web is a hotbed for cybercriminal activities. It hosts markets for buying and selling malware, exploit kits, and stolen data, including credit card information, personal identification, and login credentials.
  • Drug Trafficking: One of the most common uses of the dark web is the sale of illegal drugs. Marketplaces like the now-defunct Silk Road popularized this trend, operating much like legitimate e-commerce sites but for controlled substances.
  • Weapons Trade: The anonymity of the dark web also facilitates the sale of illegal firearms. These transactions, devoid of regulatory oversight, pose significant challenges to law enforcement agencies.
  • Human Trafficking and Exploitation: Perhaps the most abhorrent of its uses, the dark web has been used for human trafficking and sharing exploitative content, often evading standard law enforcement techniques due to its encrypted nature.

There is a downside, a big one: the anonymity of the dark web makes it a breeding ground for illegal transactions, including drug trafficking, weapons sales, and cybercrime. Notorious examples include Silk Road, a black market for drugs, and AlphaBay, a marketplace for all sorts of illegal goods and services.

This activity can be countered by good and noble uses of the Dark web.  People striving for freedom where governments try to suppress free speech are very much aided by it. In those cases   the dark web provides a platform to share information without fear of reprisal. Platforms like SecureDrop allow individuals to share sensitive information with media organizations anonymously. Some specific examples of activities for good the Dark web supports are:

  • Safe Haven for Whistleblowers: Platforms like SecureDrop are dedicated to allowing whistleblowers to share information with journalists securely. This aspect of the dark web is vital in regimes where freedom of speech is suppressed and whistleblowing can lead to severe repercussions.
  • Tool for Journalists and Activists: In countries with heavy censorship and surveillance, the dark web provides a platform for journalists and activists to communicate and share information anonymously, evading government monitoring and censorship.
  • Privacy Protection: For individuals concerned about privacy and surveillance in the digital age, the dark web offers an alternative to the surveillance-ridden ‘surface web’. It allows users to communicate, share, and browse with a significantly higher degree of anonymity.
  • Access to Censored Information: In some regions, the dark web is a crucial tool for accessing information censored by authoritarian governments, including news sites, political discussions, and cultural content

An example of good which comes to mind is  to Imagine a political activist in an oppressive regime, seeking to communicate with journalists without risking their safety. They turn to the dark web, using secure messaging services to share their story. In another scenario, a cybersecurity researcher delves into the dark web to study the latest malware trends, contributing valuable knowledge to the field of digital security.

The dark web poses significant challenges to law enforcement and national security. The anonymity it offers helps mask the identities of individuals involved in illegal activities, making it difficult to track and prosecute offenders. Additionally, it’s a fertile ground for the proliferation of malware and the exchange of stolen data, contributing to the global issue of cybersecurity. It is very much a quandary as the existence of the dark web presents a complex moral and ethical puzzle. It’s a digital embodiment of the age-old debate between liberty and security. On one hand, its potential for facilitating criminal activities demands stringent oversight and control. On the other, its role in protecting privacy, free speech, and access to information in oppressive regimes is invaluable.

I remember writing an article 25 years ago about how  (as it was often know) “The Web ” itself had strong positive and negative potential, it’s just how you use it.  The Darknet is after all, just a different type of Internet server and those pluses and misuse are magnified in a universe of anonymity.

Is it easy to access the dark web? It actually is, now there are multiple ways to go about it, but taking steps to maintain anonymity are critical.  I’m a cybersecurity professional, I literally make a living thinking about how things can go wrong, so I would take multiple layers of precaution using specific software (VPN software or Virtual Private Network,  the Tor browser, which routes internet traffic through multiple servers to anonymize it for starters).   Some individuals access the dark web out of curiosity or for research purposes, exploring this hidden part of the internet without engaging in illegal activities.  Users who are properly set could then use the dark web for more privacy-centric communications and transactions.  But as stated above unfortunately, the dark web also attracts individuals intending to engage in or facilitate illegal activities due to its anonymity.

The dark web’s existence raises complex ethical and legal questions. It’s a testament to the internet’s decentralized nature, offering both a refuge for those seeking privacy and a challenge for law enforcement. Balancing the benefits of anonymity with the need to combat illegal activities remains a persistent dilemma. It is often viewed through a lens of criminality, is more than a simple black market online. It’s a complex, multifaceted realm that reflects the diverse needs and desires of its users. Understanding this digital frontier requires acknowledging its potential for both harm and good, as it continues to evolve alongside the broader internet landscape.

The Cyber Secure Traveler

ericcrichardson 2 Comments

Looking forward we will hope a bit for a world when you are not locked down as much when things get normal. The world is struggling with the Coronavirus, we have lost at least 2 Million people due to it and traveling dramatically increases risk.  We will not be traveling for a while, but eventually we will. In 2021 will see the vaccines start to make a real impact for good.  With luck we will see people traveling around again. That means we will all need a refresher on cyber safe traveling.  So, with a bit of optimism about the future and trying to imagine a good place I am going to talk about travel and how everyone is trying to steal your data, infect your devices and be generally bad—ok so much for optimism.   Let’s talk about how to travel smart and things to consider when you do.

It can be a nice distraction to look out the window at the airport, but be sure to follow best practices

By keeping a few things in mind and taking several steps to prevent bad situations coming up you can travel quite safe.  It takes a bit of planning and actions to take beforehand, but you can be quite safe.  A bit of caution and planning goes a long way.  

Before you go:

  • Encrypt your laptop, your phone and ensure they are password protected and auto-lock after a short amount of time of inactivity
  • Get the most recent updates/patches for your system, up to the day you go if you can
  • Set ‘remote wipe’ for your hardware if it is lost you can at least wipe it/lock it
  • Back up all your files and leave a backup in a secure location (such as home)
  • Make sure you have an extraordinarily strong password on all your devices   — See my post on Passwords here:  https://ericcrichardson.com/2021/01/14/the-gist-of-passwords/amp/
  • Make sure, you are only taking any technology into a country what is allowed.  As a cybersecurity professional I cannot take certain software into China for example (Travel to China is literally its own article)
  • Make a digital copy of your passport, driver’s license, credit cards, document with contact info, flight information etc. and always keep it on an encrypted USB device on your person- literally keep it on you 24/7 (X-ray machine in the airport as the exception)

While you are traveling:

  • Keep your devices with you at all time- yes take your luggage to the bathroom/Toilet with you- yes, it is annoying, but your bags should be within reach every second when traveling.   There are other more general security reasons for this, but I am focusing on cybersecurity here. On the plane, keep your carry on directly above you and your laptop bag at your feet, which when you are in the air you can pull back towards your seat to help elevate your feet a bit for comfort.
  • Shut off Bluetooth unless you absolutely need it (computers and phones)   
  • This one may seem strange but never ever plug your phone into a public USB Charging station.  USB brings both power and data between devices. The data sharing is the risk here, it is possible that you may be the victim of what is known as “Juice Jacking” where you plug in for power and a nefarious entity is performing data theft or dropping a payload with malware on it. A bit more than 70% of the phones connected will be Android and most of the rest will be Apple based—so bad guys will know that and plan accordingly. Bring a battery to charge from.  Of course, if you just use an actual plug for an outlet that will remove the data risk, however I just use my battery as I an move about the airport or train station all I wish while charging, investing in a long USB cord is helpful for this as I usually keep my battery in my laptop bag and push the phone connector out of the headset pass through to my phone.
  • Lock everything you can in the safe in your hotel room, they are by far not the most secure safe you’ll ever find as management can override it, but it does provide a layer of protection.  Usually, a laptop will fit as well as your other electronics.
  • Try not to rely on free WI FI hot spots, they can be rife with hackers watching.  Using a VPN helps for sure, however. In fact, a rule of thumb is whenever you are traveling Always use a VPN when travelling—See my post on using a VPN here: https://ericcrichardson.com/2021/01/14/the-gist-of-passwords/amp/

If you want to be super secure you could get a burner phone which is a dumb phone via a pre-purchase for the country, you will be traveling to.   Also, you could bring a laptop with a less friendly operating system that is cheap such as Ubuntu Linux and just remote back to your main computer this way if you lose either the phone or the laptop your losses and potential data loss will be mitigated.  I will be honest with you, while I used to write and edit books about Linux, I prefer just using Windows- it is just easier.

By being smart and following prudent steps you can prevent possible attacks on your devices while traveling. One could literally write a book on steps to take but if you take nothing away from this be very aware there are bad guys out there trying to attack travelers.

@ericcrichardson

The ins and outs of using a VPN

ericcrichardson 2 Comments

One of the ways many people today are using Virtual Private Network, also known as a “VPN” is something you are hearing about often now likely.  You are likely seeing that is protects you from bad guys (aka the ever present “Hacker”) but just how does a VPN work?

The technology which would become the VPN started their life 25 years ago at Microsoft as part of Windows 95.  The problem which was being solved was the case where someone who worked for an organization who was traveling or located in a remote office who needed to securely connect to their home office.  While you could spend huge amount of money to get a dedicated direct physical connection between the two locations using the already existing worldwide Internet was a great way to go.   Effectively the team came up with the notion of creating a virtual dedicated line between two points. This became known a s PPTP- Point to Point Tunneling Protocol.  The way PPTP works is creating an encrypted connection between the remote user and the home office.

A standard Internet Connection with no VPN

What is a tunnel?

A VPN is just the next step in evolution of PPTN, the general way it works is a remote individual connects to a VPN server in a specific location. That connection is secure using encryption, they any other connections done are done from the VPN Server.  Again, the notion of the “tunnel” is like a virtual cable going from your computer to the VPN Server Selected.   The obvious use of the tunnel is security, if you and work are both connecting to a VPN server you have a virtual connection from you to work. So a Virtual Private Network is just that, you can access resources at work from the other side the world with the ease you would from inside the office.

Using a VPN as a corporate user

Benefits of a VPN

As you have encryption that means it’s much more difficult for bad guys to see your data, it’ll also prevent your ISP, or any organization for that matter with the sole exception of the VPN provider, from seeing your activity.  It also makes targeted marketing difficult as internet advertisers will have no idea who you are and where you are coming from.  Interestingly many private individuals have realized they would like some of those benefits. In the last few years, we have seen a spate of companies starting up to provide VPN services for anyone and they are pretty in expensive. 

VPN’s for everyone

A non-corporate connection to the Internet using a VPN Server- you can have a range of servers to choose from

These works just like their corporate cousins with the exception that you effectively connect to the internet from the VPN server you choose.  The “other end” of the connection is simply the internet versus a corporation. There are added benefits, a major one is regarding streaming services which restrict content depending on where you are located you can simply identify a VPN Server. 

There are some other great benefits, if you use a VPN connected to a specific country products or services could be priced much lower than where you are.  Airline tickets are a well known opportunity to connect to one country via a VPN to get better prices. I will note that as time goes on it’s more likely that merchants of all shapes and sizes will begin to identify popular VPN services and close these holes. In some countries where free speech is not guaranteed, a VPN could be a way to embrace free speech but at a risk to personal safety.

There are some less serious reasons to use a personal VPN-say you want to see the new episode of “Staged” from the BBC but you are in North America, you can select a server in the UK and the BBC would allow you to watch the episode as opposed to waiting for it to come to a streaming service in North America. 

Looking at the BBC from North America

As an example, you can see that he BBC main page is quite different when connecting from North America versus the UK, as in the second instance a VPN was used to connect to the UK.  You will notice that the websites are similar but quite different.

Looking at the BBC Website using a VPN in the UK from North America

I hope this has helped give you a quick overview on VPNs, why people use them and can help you to identify if you wish to use one or not.  They are not awfully expensive for private individuals and are becoming much more popular.  Using one all the time, just connect to your own country, is not a bad way to go as it is still a more secure way to browse the web. There will be minor lag triggered due to the encryption, but you will not notice it under normal browsing conditions.  Most personal VPN companies offer a free trial, give it a spin!

@ericcrichardson