US Navy-created 'dark network' lets users buy drugs and child porn and get away with it

Illustration: Jamie Brown Photo: Jamie Brown

On Friday, August 13, 2004, three unassuming computer experts ascended the stage at a convention centre in San Diego, California. The complex was filled with holidaymakers strolling to and from the pool. But inside the darkened auditorium, everybody was wearing business clothes, and the air-conditioning made it chilly.

This was the last session of the Usenix Security Symposium, a five-day conference for digital security professionals. Two of the speakers, Roger Dingledine and Nick Mathewson, were members of Free Haven, a Massachusetts Institute of Technology research project that was looking for ways to use data so that it could resist "attempts by powerful adversaries to find and destroy [it]".

But despite all Tor's criminal applications, many who champion freedom of information refuse to condemn the network.  

Their colleague Paul Syverson, a mathematician with a PhD in philosophy from Indiana University, had been working for the US Navy to find a way to use the internet anonymously since 1995. An alpha version of his solution had been running since 2002. Now, in 2004, they were going to present the updated version that was to make history.

In custody: An unverified photograph of Ross Ulbricht, the alleged founder of Silk Road, the world's biggest drug-dealing website.

As modest as they appeared, these three men have become known as the trio who unleashed the Tor anonymity network, one of the most controversial phenomena in the history of the internet.

An acronym for The Onion Router, Tor bounces data and messages through as many as 5000 other computers, known as "nodes" or "relays", adding layers of encryption to the data like skins of an onion, until it is virtually impossible to discern the original user's location and identity.

And although it has positive applications, especially in repressive regimes such as Iran and China, where pro-democracy activists use it to publicise human rights abuses and foment dissent, it is also used by many thousands of people to trade guns, drugs, stolen goods and child pornography. It has been implicated in hundreds of cases of fraud, identity theft and paedophilia. Remarkably, though, the US Navy continues to provide most of its funding.

"When we started working on Tor, we didn't sit back and think too much about the implications of privacy, security and anonymity," says Syverson, on the phone from the US Naval Research Laboratory in Washington, DC. "The reason for our research was to allow US government employees to go to public websites to gather information, without anybody knowing that there was somebody from the Navy looking for this stuff." 

To guarantee anonymity, Tor had to have mass appeal. And so the software was designed to be "open source", meaning the source code could be distributed and developed by anybody.

"It had to be picked up by the public and used - this was fundamental," Syverson says. "If we created an anonymous network that was only being used by the Navy, then it would be obvious that anything popping out or going in was going to and from the Navy." 

Every additional ordinary user enhances the security and protection that the network is designed to offer to Navy employees and is, in a way, their "payment", he says.

Fast forward to 2014, and that attitude seems at best naive, at worst wilfully negligent. Sites that are blocked by most internet service providers, including those peddling hard-core child pornography, are accessible using Tor and available to browse following some simple steps that are well within the grasp of most computer users. 

Each page can take up to 30 seconds to load. But that aside, when I log on to the network on a Monday afternoon after downloading the Tor browser, I find it easy to access a wealth of illegal goods and services.

Gun Grave, for instance, offers a selection of weapons including a "mint-condition" M4 semi-automatic rifle that can be "shipped worldwide".  On another site, a user calling himself the Facebook Hacker from Belgium offers to hack into any social media account for 0.86 Bitcoin (the internet-only currency favoured by the dark net), or about $449.

On a retail site called Evolution, a vendor called Cat, based in China, sells illegal rhinoceros horns; someone from India offers morphine tablets; and Science Guy, another Chinese seller, offers testosterone and steroid pills. User Amazon Gold is selling "thousands of credit card details" for one bitcoin, or about $521, along with a guide to credit card hacking for "noobs", or newcomers. 

There is also a host of even more disturbing material, including a plethora of upsetting pornographic sites, suicide forums telling vulnerable users how to kill themselves, and sites offering the services of hit men and corrupt government officials. A search engine called Grams makes it as easy to find these things as Google does to find conventional websites. 

In July, security researchers at Kaspersky Lab, the world's largest private software-security company, announced that a new strain of "ransomware" - malicious software that encrypts users' data and demands hundreds of dollars for its release - had appeared, which used Tor to "hide its malicious nature" and made those responsible "hard to track".

Ransomware is so sophisticated that it has even made victims of the police. Last year, a police force in Massachusetts was forced to pay $1427 to unlock data that had been infected with Cryptolocker, a forerunner of the new Tor-based program.

Above all, perhaps, Tor has become a hugely popular means of buying drugs online without getting caught. Users can visit websites on the dark net, browse a selection of thousands of drugs, pay for them using bitcoin, and have them delivered to their door.

"I started using it two years ago. It made life a lot easier," says Alistair Roberts (not his real name), who buys drugs regularly using Tor. "It cut out a lot of the danger involved in drug buying. No one can rob you or stab you, and the police can't get involved."

The drugs arrive in a variety of ways. Some are in Amazon-style envelopes, vacuum-packed to prevent odour. Others are hidden in CD cases, or inside food packaging. "I once bought some MDMA pills, and they arrived in a sports supplement tub," Roberts says. "The company was selling nutrition supplements legitimately through a normal website, and illegal drugs on the dark web using the same packaging."

In October 2013, Silk Road, the biggest drug-dealing site, was shut down by the authorities. But even though its alleged founder, Ross Ulbricht, is now in custody, a new 2.0 version of the site reopened in May and business is booming. There are countless smaller sites, too.

The dark net poses enormous challenges to law enforcement agencies, but there are signs police are closing in on some users. In July, more than 650 suspected paedophiles were arrested in Britain as part of a six-month operation targeting people accessing child-abuse images online.

Similarly, the FBI has developed a form of malware that infiltrates high-traffic websites and infects all of its visitors, allowing users of Tor to be tracked and identified. As a result, more than a dozen alleged users of child porn sites are facing prosecution in the US.

But despite all Tor's criminal applications, many who champion freedom of information refuse to condemn the network. 

Journalists and campaigners in countries such as Iran, Syria and China have found the network invaluable in avoiding detection by their governments. Indeed, Vladimir Putin, the Russian president, is so worried about Tor's potential for undermining his regime that he has announced a prize of four million roubles to anyone who can crack the network. To many, this can only be a good sign.

In 2010, Tor won the award for projects of social benefit at the Free Software Awards. In a statement, the judges said: "Using free software, Tor has enabled roughly 36 million people around the world to experience freedom of access and expression on the internet while keeping them in control of their privacy and anonymity."

But it is impossible to ignore the fraud, the paedophile rings, the drug dealing and the rest. Does Syverson have any regrets about introducing his software to the world?

"I'm not authorised by the navy to talk about the ethics of Tor in detail," he says cagily. "The internet is used in a wide variety of ways, and not everyone is happy with those ways. But when you create a technology, it's a tool that anybody can use for good or ill. To some extent, you have to trust society broadly to do good things.

"The same is true of automobiles. In the early 20th century, police in Detroit were upset because criminals could suddenly vanish because they had these things called automobiles and the police didn't. Then the police caught up. But I'm going to start using phrases like 'democratising technology', and I don't want to get into that."

He does, however, "have opinions" about the balance of positive uses against negative ones, and his strong implication is that overall Tor has been a force for good.

"I'm aware of wide-scale use of Tor in the Arab Spring," he says. "There was a time when the only communication coming out of Egypt was over Tor. But if someone uses Tor to do something illegal, that's often what gets on the news. It creates an asymmetry about what is visible. But I'm a wrench-turner: I do the science, not the policy."

Syverson's hesitation in talking about the issue points to the paradoxical relationship between the Tor project and his employer, the government of the United States. On the one hand, the authorities - who lie behind its creation in the first place - continue to heavily fund its development. On the other, they are seeking to destroy it.

According to the Tor Project's latest financial statements, it received more than $1.99 million in federal funding last year, primarily from the State Department and Department of Defence, as well as filtered through independent organisations such as Internews Network, a non-profit network that aims to support freedom of information around the world. This amounts to about 60 per cent of its total funding.

At the same time, documents disclosed in October last year by the whistleblower Edward Snowden - ironically he used Tor to send top-secret information to The Guardian newspaper - reveal that both the US National Security Agency (NSA) and the British security agency GCHQ have made efforts to disable Tor, or at least to remove anonymity from its users.

Although Tor remained fundamentally intact, the two agencies were able to gain some success by targeting individual browsers when used in conjunction with Tor, and take control of targeted computers. This allowed them to view all the files on the machine, as well as all online activity.

The US government's self-defeating approach was again brought into sharp relief last month. Two researchers at Carnegie Mellon University in Pittsburgh - Alexander Volynkin and Michael McCord - revealed that they had launched a successful cyber attack on Tor between January and July this year, and had unmasked a significant number of people using the network.

They were due to present their findings at the Black Hat computer security conference in Las Vegas last month, in a session titled 'You don't have to be the NSA to break Tor: de-anonymising users on a budget'. But the event was cancelled for "legal reasons".

In an official blog post, Dingledine, one of the three founders of Tor, seemed rattled. He admitted that he had no idea how many users had been stripped of their anonymity, or how much data had been captured. But he announced an immediate upgrade to the system, which would "close the particular protocol vulnerability the attackers used".

Once again, however, further scrutiny reveals that the US is running two dogs after the same ball. Volynkin and McCord's department, the Software Engineering Institute, has received $646 million in funding from none other than the US Department of Defence - with the special target of finding security vulnerabilities.

"From one point of view, it's not surprising that the United States is funding both sides of the story," says Professor Bill Buchanan, an electronic security expert at Edinburgh Napier University. "For a start, they still have to monitor threats. More importantly, they want secret channels for their own use, but if anybody is going to break it, they'd rather it was them than someone else. That's how they stay at the cutting edge of technology."

Ultimately, he says, the development of Tor is the story of the maturation of the digital age. "The internet is grown up now. It recognises no boundaries, and it is very difficult to stop anything from happening," he says. "We have all gradually become disillusioned in the dream of the pure democratisation of information and technology. It is starting to reflect life more closely, in all its light and shade."

Telegraph, London