Tag Archives: Tor

Cracking the code: Workshop gives journalists a crash course in encryption

  • TestBed's Aaron Rinehart lectures to seminar attendees prior to the hands-on portion of the day on April 3, 2015. (Jennifer-Leigh Oprihory/MEDILL NSJI)

WASHINGTON — The minds behind TestBed, Inc., a Virginia-based IT consulting firm specializing in IT planning, analytics, testing, prototyping and business advice for the public and private sectors, gave journalists a crash course in digital safety and encryption techniques at an April 3 seminar in Washington.

The daylong event, “Cyber Security Skill Workshop for Journalists: Sending Secure Email,” was co-sponsored by the Medill National Security Journalism Initiative and the Military Reporters & Editors Association, and held in the Medill Washington newsroom.

The seminar began with an introductory lecture on cybersecurity basics and common misconceptions about online privacy and security. Security-related superstitions, such as the idea that browsing in so-called “incognito” or “invisible” modes will keep your digital whereabouts truly hidden, were promptly dispelled.

TestBed’s Aaron Rinehart and David Reese then transformed the event into a hands-on lesson in PGP – an acronym for “Pretty Good Privacy” – as well as understanding other aspects of digital fingerprints (including how to create a public key, how to register it in the Massachusetts Institute of Technology’s PGP directory so that you are more widely contactable by those in the encryption know and how to revoke (or deactivate) a key for security reasons.

The program also included a brief introduction to the Tor network, a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor, originally developed by the U.S. Navy, hides the route taken from a computer’s IP address to its eventual browsing destination.

Learn how Tor works via Medill reporter William Hicks’ helpful primer and infographic here.

When asked for the top three lessons he hoped attendees would take away from the event, Rinehart emphasized the importance of “good key management,” or not sharing your private PGP key with anyone, operating “under good security practices”(such as updating software and antivirus programs) and making email encryption a regular habit.

“Don’t compromise convenience for security,” Rinehart said in a post-workshop interview. “Try to make this something you can use everyday.”

The event drew a mix of reporters, security experts and students, which included military veterans and defense journalists.

Northwestern University in Qatar journalism student James Zachary Hollo attended the event to research encryption resources available for foreign correspondents and to report on the workshop for the Ground Truth Project in Boston, where he is currently completing his Junior Residency.

Hollo said the seminar gave him a better understanding of how to use PGP.

“I had sort of experimented with it before I came here, but this gave me a much better and deeper understanding of it, and I got to sort of refine my ability to use it more,” he said.

Hollo said he was surprised that many attendees came from military service or military reporting backgrounds, since, in his view, “one of the blowbacks against the NSA story [involving whistleblower Edward Snowden] was that it’s like reporting is like betraying your country.”


Tor and the darknet: shining a light on the web’s darkest corners

WASHINGTON– The term darknet conjures up scary images of a place where the darkest, most dubious members of the World Wide Web go to practice illicit activities. But the darknet and programs like Tor that allow for hidden sites and anonymous browsing help those online evade an online presence looking over their shoulders.

Despite many attempts, Tor has not been able to be cracked in a meaningful way and governments have not been able to successfully deanonymize Tor users. With the only alternative being to ban the program, which in itself is difficult, government agencies are attempting to index and track the growing activity on the darknet.

“Like everything else, Tor is a tool and tools are neutral,” said Paul Rosenzweig, a cybersecurity consultant and a former Homeland Security deputy assistant secretary in the Bush administration. “You can either throw the baby out with the bathwater and ban the tool or find some way to regulate it.”

What is the darknet and tor?

TorTo understand the darknet, one must first understand the surface web and the deep web.

The surface web is everything that can be accessed through a search engine such as Google. This consists of basic websites that have their pages indexed and accessible to the public.

The deep web is everything that cannot be accessed by a search engine. This includes private content blocked by a login requirement or unindexed pages on a forum. It is estimated that the deep web is far larger than the surface web.

The darknet consists of sites that are intentionally hidden and can only be accessed through the use of encrypted browsers like Tor. These sites can host drug and firearm marketplaces or child pornography. More benignly, you can find hidden message boards where journalists and political dissidents from oppressed countries can communicate.

“Tor helps people be activists by giving them the anonymity they might need,” said Cooper Quintin, a technologist at the Electronic Frontier Foundation, a digital civil rights advocacy group.  “Speaking out against the power structures could be a very dangerous proposition.”

Tor is an acronym that stands for The Onion Router. Onion routing was developed in the 1990s by the Navy in order to secure military communication. The code for Tor was released free to the public in 2004 and thus the darknet was born.

Today Tor receives 80 percent of its funding from the Defense Advanced Research Projects Agency.

It works by maintaining a network of volunteer servers around the world. Normally when accessing a web page, you connect directly to the server you are trying to access. Tor instead bounces your request randomly around through its scattered servers before finally reaching the desired site.

On top of that, Tor encrypts your communications when entering the Tor network and then unencrypts it on the way out. It also strips away part of the information you send out that includes identifiable information. Each stop on your request’s path through the network only unencrypts enough information to see the location of the previous stop in order to know where to send it next. These layers of encryptions allude to an onion where Tor gets its name.

How to access the Darknet

Accessing the darknet is surprisingly easy. Downloading Tor is as easy as downloading other browsers such Google Chrome and Mozilla Firefox. Darknet web addresses can be found through a simple google search.

Hiddenwiki.org provides an extensive list of darknet .onion sites that provide services ranging from renting a hacker to hiring a hitman. It is hard to know how many of these sites are simply law enforcement sting operations without actually purchasing the services. The ease of access of some of these sites makes the legitimacy of the services dubious.

AgoraThe Agora Marketplace has become the successor to the now defunct online drug marketplace Silk Road. Sites like Agora gives users a sense of reassurance based on a user’s seller rating. If a seller has a high rating, one can assume that he or she has had many successful transactions and can be trusted. It also makes it harder for law enforcement to set up a sting operations before building up their rating.

The currency used for these services are called bitcoins, an encrypted currency bought and sold over the internet and unregulated by any banking authority. Transfer of bitcoins are completely anonymous, making them the perfect currency for the darknet.

The current price of one bitcoin is about $290 but fluctuates often.

Taking stock of traffic on Tor

Researchers have been able to study traffic on Tor by setting up their own Tor servers and analyzing the traffic sent through them. They cannot find specific information on Tor users but by analyzing keywords in the data they can generally make assumptions to what kind of sites traffic is heading.

A study done by Gareth Owen at the University of Portsmouth in the United Kingdom concluded that about 80 percent of traffic moving through their Tor servers were heading towards sites pertaining to child abuse.

This finding does not necessarily prove that Tor is primarily used for child pornography because there is no way to know why each user is visiting the site.

“They could be law enforcement, they could be researchers, they could be bots just scanning the Tor hidden services,” Quentin said. “There’s no way to tell.”

More positive research on the uses of Tor comes from Eric Jardine at the Centre for International Governance Innovation. He was able to find a correlation between the oppressiveness of a country’s government and the amount of its Tor users in the country.

“People are using Tor because they lack political rights, but they are also using Tor for evil purposes,” Jardine said.

Reigning in the Darknet

Policing the Darknet is actually quite difficult because the technology behind Tor has not been cracked by any spy agency or government. There are a few methods for policing Tor users but they can only work on some of the users, some of the time.

“The cryptology behind Tor is pretty solid and it’s unlikely that the NSA would be able to crack it,” Quentin said.

There are a few methods to police darknet activity but none can effectively regulate the darknet on a grand scale.

The simplest way is for law enforcement to set up sting operations. They can either create their own hidden website or create an account on an existing one and conduct an illegal transaction. If a buyer is purchasing a physical item, an address must be given and law enforcement can simply arrive at the buyer’s doorstep once the package arrives.

It is much more difficult to arrest the people that host some of these illegal sites. The only reason why Ross Ulbricht, the founder of Silk Road, was arrested was because he was found discussing Silk Road on an Internet forum with an account linked to his actual email address.

Timing correlation attacks are a less effective way used by law enforcement to track Tor users. The process works by looking at the time a request moves through the initial server and matching it with the time a request moves out the final server and towards the hidden site. One could reasonably assume if the times match up that a specific user was accessing a specific site.

Although this method may be able to track the online movements of a few tor users, it is a long way off from effectively breaking tor.

“There is technological barriers to their ability to effectively police the darknet,” Jardine said. “The ability to directly track IP addresses doesn’t exist at this time.”


Tor and the darknet can be used in an increasing number of ways as concerns about the sanctity of online privacy grow.

“Whether the net benefits outweigh the costs depends on one’s perspective,” Jardine said. “In a liberal democracy it is hard to argue that a technology with a dual use can be banned just because one of those uses is criminal.”