The Attack on the Dark Net Took Down a Lot More Than Child Porn

On Sunday afternoon, large swaths of the so-called "dark net"—the network of web sites accessible only to people using the anonymity-enabling Tor software—went even darker than normal. The widespread blackout appears to be the result of an FBI sting, targeted at the trade of kiddie porn on the Tor Network. One cybersecurity researcher was watching the entire time, and offered Gawker a peek into one of the biggest attacks on the dark net in history.

The apparent sting has brought an unprecedented amount of attention to Tor, right as the world is mourning the death of privacy at the hands of the NSA. The Tor network is used by dissidents and journalists to evade government censorship and surveillance, and even the feds probably can't crack the underlying technology. But the sting highlighted another feature of the network, so-called "hidden services," which allow anyone to publish websites that hide both their creators' and visitors' identities. Browsing hidden services only requires downloading and installing an easy-to-use Tor Browser. From drugs to weapons to child porn, Tor has led to a black market e-commerce revolution.

Google doesn't index hidden services, so the Tor network has largely remained a web terra incognito to normal internet users. Explorers of the dark net usually have to rely on directory sites like The Hidden Wiki, which have spotty service and reliability. But an amateur computer security researcher who goes by the handle Gato Malo has been trying to map the contours of the dark net. Since March Gato Malo, who runs the blog USCyberLabs, and a partner have been running automated crawlers to harvest URLs and other data about Tor hidden services in order to create an easy-to-use search engine. They call their project "Artemis." Gato says Artemis has harvested around 55,000 URLs from about 6,700 different dark net websites. He estimates it's about 25% of all the hidden services on the dark net. "This is a tip of the iceberg," he said.

And it turns out Gato was running his crawlers last Sunday, right as huge swaths of the dark net went down. Sunday's blackout coincided with the arrest in Ireland on child porn charges of a man believed to run Freedom Hosting, the largest web hosting company on the dark net. Visitors to many Freedom Hosting sites found only error pages. Computer security researchers quickly discovered the error pages contained malware that spied on visitors and sent their ip addresses to a server in Virginia. This has lead to speculation the FBI had launched an unprecedented raid on the dark net, successfully exposing the trade of child porn that has long found a haven there. (The exact mechanism of the takedown hasn't been made clear.)

But it wasn't only child porn websites that went dark. By correlating the times that the error messages appeared on sites with the reported time of the Freedom Hosting takedown, Gato put together a list of 68 dark net websites that had been taken down and turned into spying machines. (This is only a fraction of all the sites that were hosted on Freedom Hosting, given Gato's limited sample size.)

A relatively small number appear to be kiddie porn sites. "I would say only 20, 25% of this list is pedophile sites," Gato said. The rest are a hodgepodge of dark net sites, both obscure and popular, illegal and legitimate. HackBB, a popular hacking forum, Noreason, a dark net technical resource, and the TorBackmachine, a dark net clone of the Internet Archive's Wayback machine, were among the other sites taken down.

The list, below, is an interesting cross-section of the dark net. It is not all, or even mostly, illegal stuff. As Gato and other security researchers shed light on the dark net, it's clear that something more interesting is going on: A parallel internet created and used by the cutting edge of privacy-obsessed geekery. The dark net has its own news blogs, forums and community, all infused with a weird, dislocated feel by the dark net's pervasive anonymity that's reminiscent of the early days of the commercial Internet. Obviously, it's good if the feds have found a way to target the trade of child porn on the Tor Network. But as the spotlight shines more brightly on the dark net, will the criminal underbelly take everything else down with it? That would be a shame.

Here's a full list of the descriptions of 68 sites Gato found, including some duplicates indicating multiple locations of the same site were crashed: editorial notes in italics

  • The Dreadful Onion Hunter « Login
  • Simon's Intel Tor directory
  • Anon comments only | tornado front end
  • Caravana Brasil • Índice
  • .onion観光案内所 入り口 - PukiWiki
  • UKetalar | UK Ketamine Vendor
  • Lista polskich stron – PB&M Wiki
  • Hosts a .onion site list and various .pdfs (Library Still Under Construction)
  • Login - Underground Market Board popular Tor forum
  • TorLinks | .onion Link List
  • Linki sprawdzone (Strona 1) - Pedo - Polish Board & Market
  • DeepChan - DeepWeb Tor Network 4chan clone
  • Collectors • Index page
  • .onion観光案内所 入り口 - PukiWiki
  • Lista polskich stron – PB&M Wiki
  • The USAHM Archive The Dark Net mirror of conspiracy website USA Hitman
  • BlackBin » 3dcacd "Free, anonymous, and uncensored tool for online communication"
  • Polska Ukryta Wiki Polish-language Tor directory
  • Fraud Network - Home Hacking forum
  • Simon's Intel Tor directory
  • Lista polskich stron – PB&M Wiki
  • KindzazaChan child porn site
  • Blue Quarters Infoa kaikesta kivasta
  • BlackBin » 3dcacd
  • はじめに - Total Sites found retrivied : 4
  • Millennium Board • Index page
  • OnionCams child porn forum
  • r/Onions: Welcome to the forum Tor subreddit mirro
  • BlackBin » 3dcacd
  • Lain Iwakura | Wellcome ;)
  • Extasy 120mg (Strona 1) - [Sprzedam] (N) - Polish Board & Market
  • はじめに
  • QTL CORNER • Index page
  • Area51 Archives - Contact Hacker culture wiki
  • Otwórz oczy - blog dla ludzi z otwartymi umysłami [light edition and backup for uaga3aoawaj6hohg.onion]
  • Lista polskich stron – PB&M Wiki
  • Lista polskich stron – PB&M Wiki
  • 3D Boys • Index page child porn forum
  • Lista polskich stron – PB&M Wiki
  • hex space - ./releases
  • Web Design Guidelines: Onionland Style
  • The TorBack Machine wayback machine clone
  • TCF • Index page
  • NBPP < Narodowy Bank Polski Podziemne
  • HAPPY BIRTHDAY, PSC (and other animals)
  • Forum of GnoM • Главная страница child porn forum
  • Acrimonious 2 Bitcoin escrow service
  • The Gates To The Clos Network wiki about clos networks
  • Paradise Village • Index page
  • Useless - A small lightouse in a sea of shadows
  • Simon's Intel
  • Difference between revisions of "Marketplace Reviews" - The Hidden Wiki
  • Aerie
  • Lista polskich stron – PB&M Wiki
  • Drugs - The Hidden Wiki
  • image uploader
  • Blue Quarters Infoa kaikesta kivasta
  • LEEME
  • Looking for "Sexual abuse" book
  • Notes // TORtiglione tor Microblogging site
  • BlackMarket Reloaded v.3 — Login
  • Lista polskich stron – PB&M Wiki
  • BlackBin » 3dcacd
  • SITES DEEP WEB - POR: ANONYMOUS BRASIL DEEP
  • The Dreadful Onion Hunter « Login
  • はじめに
  • Otwórz oczy - blog dla ludzi z otwartymi umysłami [light edition and backup for uaga3aoawaj6hohg.onion]
  • Blue Quarters Infoa kaikesta kivasta

[image by Jim Cooke]