Peeling back the darknet

Mark Gregory is a Senior Lecturer in the School of Electrical and Computer Engineering at RMIT University.

Most organisations are unaware of the need to bring darknet expertise in-house to ensure that there will be no surprises bubbling out of the darkness. The darknet does not have a pretty face, but it is not entirely evil either; so what is it that your organisation should know about the darknet, and why?

The darknet is a private network where connections are made using friend-to-friend (F2F) trusted peering with non-standard protocols and Internet Protocol (IP) ports.

In some respects, the idea behind the darknet is similar to an enterprise network that utilises MPLS (Multiprotocol Label Switching) to provide fast tunnels between facilities such as branch offices. An enterprise network is a private network that that is under the organisations control, but may utilise infrastructure provided by an eternal service provider.

The most common darknet approach utilises facilities connected together over the public Internet which means that sophisticated approaches including encryption, non-standard protocols and IP ports are used to ensure that the nodes, services and applications, users and other components remain private and are not able to be interrogated by third parties.

An example of the methods used to build a darknet is the Tor project which provides a free software application that acts as an anonymiser when used in conjunction with the Tor open network.

The Tor project states that it aims to “defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.”

Tor was “originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.”

But the darknet has been slowly peeled back by organisations that often have competing interests including the US government agencies including the NSA and FBI, non-US government agencies and organised crime.

The darknet is a petri dish that provides the opportunity to learn not only how to create and build private networks that exist using public infrastructure, but also provides the opportunity to hack into the darknet to capture information and user identity.

A key facet to the attacks on the darknet has been the use of man-in –the-middle (MITM) attacks and the ongoing development of techniques that focus on unravelling the IP traffic including decryption techniques that utilise massive computing resources to break into private information streams.

What this means for the average organisation is the need to develop a plan that builds awareness within the organisation of the digital arms race, how it will be necessary to regularly update infrastructure and security capability and to maintain either in-house expertise or to maintain a relationship with a reliable digital security provider.

Enterprises are not safe, and the belief that external threats come through the public facing firewall is a mistake that is made all too often. The techniques being developed to break into the darknet will be utilised to break into commercial private networks and this means every node, link and user connection is at risk necessitating a hierarchy of intruder detection capability, including working with any infrastructure service providers used to provide components of the enterprise network.

Another aspect of the darknet that is often overlooked is the ability by enterprise employees to setup darknet tools on the enterprise IT systems or to introduce this capability if the enterprise has a bring-your-own-device (BYOD) environment.

BYOD reduces costs but escalates security problems so it is vital that BYOD networks are secured, segmented from non-BYOD areas and monitored utilising the latest digital security systems.

Unfortunately key technologies used to provide digital security have been found wanting in recent years and the OpenSSL bug found in June 2014 was far worse than the previously top security bug known as heartbleed.

As the darknet is attacked by all and sundry, the outcomes provide an insight into the methodologies being used to disrupt criminal activities through websites such as the infamous "Silk Road". Operation Onymous was a successful effort by the 16 member nations of Europol, the FBI and the US Immigration and Customs Enforcement agency to disrupt illegal websites on the darknet.

Does this mean that organisations should throw up their hands in the belief that expenditure on digital security is a waste?

Read more: Why is Telstra Next G serving your data to Netsweeper in America?

Adopting digital security policies and procedures provides awareness, expertise and ensures that organisations adopt prudent network segmentation and backup measures to protect key systems and intellectual property in the event that there is a security breach.

Without a security mindset organisations would not develop the plans, infrastructure and expertise to deal with the growing range of digital security and privacy issues that are fundamental for successful participation in the global digital economy.

In the digital world, being a leader in security and privacy provides customers with increased brand awareness and confidence that the organisation can be trusted. Failure to take security and privacy seriously is a mistake that can seriously damage an organisation and lead to unwanted publicity and court action.

Join the CSO newsletter!

Error: Please check your email address.

Tags Mark GregoryU.S. Naval Research Laboratorypersonal freedomInternet Protocol (IP)MPLS (Multiprotocol Label Switching)RMIT UniversityDarknetunawareF2FCSO AustraliaBYODEnex TestLabinternet protocolTOR Project

More about EuropolFBINSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Gregory, RMIT

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts