The Onion Router
Tor, one of the resources on Darknet, has been known for a long time. At first it was only known of by experts and enthusiasts interested in the technical details of practical anonymity in the network (or fans of cryptograph), however, after Edward Snowden’s revelations, many Internet users started searching for this kind of online anonymity, resulting in a surge of interest in Tor.
What is TOR?
Tor is basically unrestricted, free software operating via the Internet. It has users who enter sites, exchange messages on forums, communicate in IMS, etc. – just like the “typical” Internet activity. But there’s one crucial difference. Tor is unique in that it allows its users to remain anonymous while they are active online. Network traffic is completely anonymous: it is impossible to identify the user’s IP in Tor, making it impossible to determine who the user is in real life. Therefore, no action, like the publication of posts in Tor, can be linked to a particular individual.
Just like the “ordinary” Internet, Tor also enables its users to create almost any resources (in February Kaspersky Lab experts managed to find approximately 900 currently operative hidden services online). However, contrary to the traditional Internet where the domain name of each site makes it possible to determine the owner of the site and its location, Tor utilizes so-called pseudo domains, which frustrate any efforts to uncover the resource owner’s personal information.
How does Tor provide anonymity?
Creating anonymous resources is possible due to the distributed network of servers called “nodes” or routers that operate on the principle of onion rings (hence its name is The Onion Router). All network traffic (i.e. any information) is encrypted repeatedly as it passes through several network nodes on its way to Tor. In addition, no network node knows either the source of the traffic or the destination or its content. This ensures a high level of anonymity making it impossible to determine who is behind the network activity, i.e. a real person.
Who needs Tor?
Tor has become a helpful solution for those who, for some reason, fear the surveillance and the leakage of confidential information. But as well as legitimate users, this technology also attracts the attention of cybercriminals. The Tor network has long been known for hosting a large number of resources carrying out illegal activity.
Darknet Market Square
Cybercrimal forums and market places are familiar on the Internet. Recently, Tor emerged as an underground marketplace. It all started from the notorious Silk Road market and evolved into dozens of specialist markets: drugs, arms and, of course, malware.
Carding shops are firmly established in the Darknet. Stolen personal info is for sale with a wide variety of search attributes like country, bank etc. Offers for customers of this kind are not limited to credit cards. Dumps, skimmers and carding equipment are for sale too.
A simple registration procedure, trader ratings, guaranteed service and a user-friendly interface – these are standard features of a Tor underground marketplace. Some of the stores require sellers to deposit a pledge – a fixed sum of money – before starting to trade. This is to ensure that a trader is genuine and his services are not a scam or of poor quality.
Tor and Bitcoin
The development of Tor has coincided with the emergence of the anonymous crypto currency Bitcoin. A combination of anonymous money in an anonymous environment means cybercriminals can remain virtually untraceable.
Malware in Tor
Cybercriminals have started actively using Tor to host malicious infrastructure. Kaspersky Lab experts found Zeus with Tor capabilities and then detected ChewBacca and finally analyzed the first Tor Trojan for Android. A quick look at Tor network resources reveals lots of resources dedicated to malware – C&C servers, admin panels, etc.