#1 and #2 really should just be a part of #3: catastropic opsec.
I don't know what it is about people who run these criminal enterprises on the darknet, but they constantly seem to be failing even the most basic of opsec. Re-using identities across multiple services, using e-mail addresses with real names, posting photos with identifiable information (and before websites stripped metadata for them, often posted with metadata), etc. I mean it's nice that they are making it easier to catch themselves, but at the same time I can only wonder how some genius can invent some novel and complex ransomware operation just to turn around and use the email they've had since they were 13 to register the services that operate it.
I suspect anywhere in the world, if you're capable of avoiding all 3 of these, you can get a job that pays in the 85th-99th percentile for your country, and 60th percentile globally.
It's not a particularly high bar, but I suspect the majority of technically apt people would fail it.
People with lucrative work available legally have more to lose and less desperation to engage in activities that are both illegal and malicious
Yea, it would be rather unfortunate terminology to call websites outside the realms of Google and bing as “dark web” as if somehow these services legitimize the internet itself.
I know absolutely nothing about the subject but I would at least run nginx and tor in a docker container. Make sure no traffic comes out of the container on my public ip. Wouldn’t solve every problem but seems like it would solve…a lot of them?
That and I could move it around a lot. Not sure if that’s good opsec or bad though lol.
Avoiding all of this is incredibly basic and borderline common sense.
When running a darknet site you don't want associated with the clearnet, step one should be only having the http server listen on the Tor onion domain!
There is no silver bullet when it comes to protecting against ransomware. A ransomware attack A prime example of this was the WannaCry virus attack in May 2017, where 200,000+ computers worldwide were infected due to a weakness in Windows SMB EnternalBlue, which allowed hackers to hijack computers running on an unpatched Microsoft Windows operating system. Users were asked to pay anywhere from 300-700 bitcoins to decrypt the data in 3 days.
Basically they found some darknet onion sites whose operators reused the same unique favicon, self-signed TLS certificate, etc. on other sites hosted from public IP's. And in one case left a secret key in a publicly-accessible configuration file.
Anonymity of the origin server is not at all a design goal of SSL/TLS: in fact, the whole point is to tie a web host to a particular identity. Originally it was supposed to be legal identity, but that is actually fairly useless, so now it's just a domain name.
For end-users TLS and Tor both provide privacy; since you don't need to identify yourself in order to use https. In fact, with ESNI and DoH the only thing anyone snooping wire traffic can see is that you're connecting to whatever data center is owned by the company hosting the website.
The sites in the original article are criminal enterprises, which means they have the unique problem of needing the origin server to remain anonymous so that their hosting provider can't find out what they are doing. This is the one thing Tor does that TLS doesn't; and they were deanonymized by them insisting on providing a self-signed cert anyway. However, this is a particularly unusual threat model that is far harder to maintain. Even the whole anticensorship thing is usually just hiding what sites you're visiting from, say, the Great Firewall - we don't care that China can also use Tor to learn where Google's servers are.
Many security-enhancing technologies have been used to deanonymise websites. For example, by checking the certificate transparency log (the thing that prevents any CA from generating a certificate for Google.com that doesn't get nuked in seconds) it's often possible to find certificates for servers hidden behind Cloudflare. Those certificates can in turn be found using the mechanisms described here, and DDoS protection may quickly be bypassed that way.
Generally, though, TLS is not designed with privacy of the server in mind. The data exchanged between the client and the server is kept private between the two parties, but that's it.
If you wish to anonymise your connection, technologies like Tor will help. You'll still have to pay attention though. In a great many cases, security and usability are polar opposites, and a balance must be struck to find a workable solution. In this case the best balance is probably in-depth knowledge of how web servers work combined with reading through the documentation of the Tor project.
Certificates enable privacy for the user - fundamentally, they are about proving the identity of the server, which is at least somewhat at odds with privacy of the server.
Anyway, these all seem like pretty obvious opsec fails where the darknet website is also served over the regular internet, which is just atrocious.
If you follow the best practices and do not bind your onion service on 0.0.0.0 and use selfsign and don't reuse key, they do provide privacy against snooping exit node.
This is not a big deal really. Getting an SSL cert only requires you provide proof of ownership of your domain and has no KYC. You can get as many certs as you want, or sign it yourself.
Right now, SSL(or PKI to be precise) is a very privacy respecting technology. For both the server and the client.
ziddoap|3 years ago
I don't know what it is about people who run these criminal enterprises on the darknet, but they constantly seem to be failing even the most basic of opsec. Re-using identities across multiple services, using e-mail addresses with real names, posting photos with identifiable information (and before websites stripped metadata for them, often posted with metadata), etc. I mean it's nice that they are making it easier to catch themselves, but at the same time I can only wonder how some genius can invent some novel and complex ransomware operation just to turn around and use the email they've had since they were 13 to register the services that operate it.
pcthrowaway|3 years ago
It's not a particularly high bar, but I suspect the majority of technically apt people would fail it.
People with lucrative work available legally have more to lose and less desperation to engage in activities that are both illegal and malicious
number6|3 years ago
FredPret|3 years ago
anothernewdude|3 years ago
auiya|3 years ago
mirntyfirty|3 years ago
orthoxerox|3 years ago
flatiron|3 years ago
jmprspret|3 years ago
When running a darknet site you don't want associated with the clearnet, step one should be only having the http server listen on the Tor onion domain!
unknown|3 years ago
[deleted]
aaron695|3 years ago
[deleted]
spacemanmatt|3 years ago
neh_89|3 years ago
https://www.spiceworks.com/it-security/cyber-risk-management...
rkagerer|3 years ago
paulpauper|3 years ago
Handytinge|3 years ago
20 year old memories of proxying my ssh traffic through InterNIC just came flooding back!
0. https://en.wikipedia.org/wiki/Uplink_(video_game)
48cfu|3 years ago
[deleted]
dpapai|3 years ago
[deleted]
ipaddr|3 years ago
SSL may stop your roommate or isp but they provide another vector for linking to other entities.
I wonder how many are using this technique to link web properties together.
kmeisthax|3 years ago
For end-users TLS and Tor both provide privacy; since you don't need to identify yourself in order to use https. In fact, with ESNI and DoH the only thing anyone snooping wire traffic can see is that you're connecting to whatever data center is owned by the company hosting the website.
The sites in the original article are criminal enterprises, which means they have the unique problem of needing the origin server to remain anonymous so that their hosting provider can't find out what they are doing. This is the one thing Tor does that TLS doesn't; and they were deanonymized by them insisting on providing a self-signed cert anyway. However, this is a particularly unusual threat model that is far harder to maintain. Even the whole anticensorship thing is usually just hiding what sites you're visiting from, say, the Great Firewall - we don't care that China can also use Tor to learn where Google's servers are.
jeroenhd|3 years ago
Generally, though, TLS is not designed with privacy of the server in mind. The data exchanged between the client and the server is kept private between the two parties, but that's it.
If you wish to anonymise your connection, technologies like Tor will help. You'll still have to pay attention though. In a great many cases, security and usability are polar opposites, and a balance must be struck to find a workable solution. In this case the best balance is probably in-depth knowledge of how web servers work combined with reading through the documentation of the Tor project.
miloignis|3 years ago
Anyway, these all seem like pretty obvious opsec fails where the darknet website is also served over the regular internet, which is just atrocious.
nick__m|3 years ago
no_time|3 years ago
Right now, SSL(or PKI to be precise) is a very privacy respecting technology. For both the server and the client.