“ISIS will often post pictures of themselves with guns … and then they’ll add a cat because cats to very well on social media”

Dark net
 

8 June 2015 – In the past two weeks we have had the opportunity to attend the IBM Analytics Summit in Brussels which included a full day hands-on/interactive “Cybersecurity 101″ class on cyber vulnerabilities, exploits and active attacks, viruses and other malware, spam, phishing, and malicious web content. The sessions also went through the whole process of applying security measures to ensure confidentiality, integrity, and availability of data, with one session focused on the law firm. Discussed were countermeasures that can be put in place in order to increase the security of data. Some of these measures include, but are not limited to, access control, awareness training, audit and accountability, risk assessment, penetration testing, vulnerability management, and security assessment and authorization.

And over the weekend during my flight to the States for client meetings I was able to finish Jamie Bartlett’s “The Dark Net” which chronicles the secret corners of the Internet that Bartlett likens to the “Wild West”: anonymous users visiting sites that can’t be censored. So anybody with something to hide, whether it’s for good reasons or for ill, finds a very natural home there. It’s the side to the Internet most people have never visited. Tor Hidden Services, or the Tor Network, is an encrypted, hidden network of about 50,000 websites that can’t be accessed with a traditional browser like Chrome or Firefox. Its users include criminals, trolls and extremists.

So we have been in cybersecurity/darknet “heaven” as it were as we further develop an expertise in these subject areas.  I’ll have a longer post coming on the IBM event (IBM has a bevy of solutions to make effective use of analytics, security intelligence, cyber forensics and advanced threat protection to remediate security holes) but first a few points on the Bartlett book and cypherpunks and the crypto-war against government.

Bartlett first became involved with the Tor Network, which the media generally refers to as “the darknet,” when he was researching the online components of radical social and political movements. Gradually his investigation expanded to include different channels within the darknet. As part of the research for the book, he moderated a trolling group, purchased marijuana on a black market site and studied child pornography networks. Bartlett says that infiltrating the encrypted world of the Internet wasn’t as difficult as he expected. As he noted in an interview discussing how he wrote the book: “I found overall that people that live in these darker parts of the net actually want to get their side of the story out, they want to be heard. So once you have their trust, you actually can’t stop them from talking; they won’t shut up.”

Tor browsers: to access the “darknet”

It’s called a Tor browser and you download it from the net. It was originally invented by U.S. naval intelligence who wanted a Web browser that would allow their intelligence officers to browse the net without giving themselves away. It essentially means that when you go online with it, you can go to any website; you can go to CNN.com with this browser, but it bounces your request to access a website via several different computers around the world encrypting and decrypting your request as it goes, which means by the time it gets to the CNN website nobody really knows where that request has come from. This browser can be used for anything and more and more people are using it because they care about their Internet privacy. But it’s also your key, your way in, to this second, hidden, encrypted Internet which is technically called Tor Hidden Services, but the media call “the darknet.”

On how darknet marketplaces work

When you go onto this site, you use your encrypted browser — the Tor browser — you have your Bitcoin, which is a cryptocurrency that allows you to transact with people; it’s sort of a form of digital cash that keeps your identity secret. So you have this clever encryption system but it’s so familiar when you arrive. You get online, you log onto the site, and you are presented with what essentially looks like an eBay for drugs — so thousands of products from hundreds of different vendors based all around the world, and all those trappings of an e-commerce site. You have your special offers. You have your product descriptions. And … just like Amazon!!! … you have user reviews of each product that’s on offer. You scroll through the different options available to you. You contact the vendor, if you so wish. You place an order. You pay with your cryptocurrency. You put your address in, and you wait for your product to arrive in the post. It really is that simple.

And for the government and security defenders it’s an uphill battle

Because of that powerful combination of public appetite and new technology, the means of staying hidden online will only get easier to use, more widespread and ever more sophisticated. And the cypherpunks have physics on their side: it is easier to encrypt something than to decrypt it. (Encrypting is like cracking an egg; decrypting it without the key is like trying to put it back together again.) Bartlett notes “it’s not an exaggeration to say that the laws of mathematics tend toward secrecy. Although it might feel unlikely at a time when every click and swipe is being collected by someone somewhere, the direction of travel is toward greater online anonymity. In the years ahead, for those who want it, it will be easier to hide online”.

On how the Islamic State uses social media

I watched an interview of Bartlett earlier this week and got knocked over by his comment that “ISIS will often post pictures of themselves with guns and then they’ll add a cat into it because images of cats tend to do very well on social media, people love cats”. If you have read some of the analysis of how the Islamic State uses social media you will realize they use very traditional advertising techniques probably more associated with cool, young advertising and marketing types in Brooklyn than people fighting for an Islamic State. But as Bartlett points out, this is the thing: in a way, it’s not surprising at all, because the people that are joining the Islamic State are typically Western men in their 20s and 30s. Is it any surprise that they might take to Facebook or to Twitter or to YouTube to produce glitzy videos, to try to make their content go viral? They get “viral marketing”.

So … we need hacking groups like Anonymous, who are taking down ISIS propaganda

Bartlett’s view is that groups like Anonymous are exactly the types of people we need on our side to fight against groups like ISIS. Now, sometimes Anonymous will do things that we don’t agree with. But frankly, says Bartlett, when you’re fighting against someone like ISIS, who are so good in the digital space, you need people who are just as good to try to counteract their influence. He thinks it’s going to be groups like Anonymous that will be far better at doing that than governments.

As to be expected, there really is not any “upside” on any of this stuff. Bartlett has been criticized for writing about this subject at all, and providing so much information. But he shines an invaluable light on a world that remains determinedly opaque.

But as far as his comment “the laws of mathematics tend toward secrecy”, well … no. There is no such thing as a mathematical system that knows a secret when it sees one. The instinctive needs of living beings require secret strategies simply to survive. We want privacy to conceal our competitive purposes, and openness to pretend we’ve nothing there to hide. No matter what our governments wish to do, or types like Snowden and Assange pretend they shouldn’t, secrecy will prevail when it’s needed by both the good and the bad among us.

Leave a Reply

Your email address will not be published. Required fields are marked *

scroll to top