Computing itself can become a personal threat when it is misused. Some threats cannot be mitigated by following secure computing practices. This chapter discusses threats to our security that do not involve security breaches. These threats arise when computers are used to harm individuals and society. Computing is not unique in carrying both good and bad consequences, but the bad side of computing is now prominent and undeniable. The answers to these issues will not be found in better antimalware tools and firewalls. We can’t stop child computer pornography with better backup practices or stronger passwords . However, with a better understanding of the problems we can change laws and plan for a better future.
We live in an age of information and communication . The technical revolution that promised to empower and entertain us has become a morass of unintended consequences . Both the information stored on our computers and the instant interaction provided by the Internet have been subverted for disagreeable purposes. Perspective is easily lost. For each bad, a more-than-counterbalancing good can be found, but the dangers remain.
A Tool for Mischief, Crime , and Mayhem
Why are computers a ready instrument for malice and crime? Fundamental world-changing innovations inevitably have unintended results. For example, innovations in medicine and sanitation have saved many lives and relieved suffering. No one intended it, but those same innovations are responsible for today’s economic strains that derive from the burden of supporting growing populations of older people who outlive their retirement funds.
Computing is no different. Although computing has contributed heavily to the wealth of goods and services available today, the computer revolution has spawned many unintended consequences . Computers and high speed data networks do not fit well with traditional notions of crime and property because much of the value found in computing is abstract content rather than physical objects. Stealing a file of the magnetic stripe data from 1,000 credit cards is not the same as stealing 1,000 physical credit cards, although the consequences are almost identical. Law enforcement struggles to punish actions that are clearly malicious and harmful but do not fit traditional definitions of crime. Hazy enforcement, easy anonymity , and crimes that can be committed from great distance combine into a fecund breeding ground for criminal activities that were impossible a few years ago.
The breeding ground is continually fertilized and replenished by the rapid development of hardware and software that seems to accelerate exponentially with each year. There are more and faster processors each year producing more and more data. The growing volume of data is transmitted on faster and faster networks. As more data is produced, storage devices with increasing capacities are built to contain the data. Software advances to analyze the unprecedented quantities of data on the storage devices. Immense quantities of stored data combined with computing capacity and software analysis capabilities has streamlined commerce, tailored healthcare, and sharpened our knowledge of how society works, but the new stores of data and powers of analysis have also given criminals new opportunities for crime.
Misuse of Information
Information is misused for many purposes. It is used to attack individuals by digging up and exposing private information. It is stolen to gain a competitive advantage. It is used for fraud and false identities. Salacious texts and videos are purloined and sold as entertainment. Most of these misuses involve computers.
New Sources of Digital Information
Estimates say that Facebook alone generates many times the equivalent of the physical contents of the Library of Congress each day.1 Records that have always been public have moved or are moving online. Not too long ago, researching court records required a visit to a court house and knowledge of the way records were stored in a each office. Now the records are online and records in distant places are easy to access. Libraries are rapidly digitizing their holdings and adding new digital resources.2
Our sources of information and the way information is generated has changed. Fifty years ago, the primary source for current events was a network of local, regional, and national newspapers , supplemented by news magazines and broadcast news organizations. Local newspapers are now struggling, as are regional newspapers. National newspapers like The New York Times, the Wall Street Journal, and the Washington Postnow have websites that are at least as important as their press runs. Broadcast journalism shares television screens with cable news, and independent websites like Huffington Post and Politico rival newspapers and broadcast networks as sources for current events . These changes represent an enormous social change in the way information is dispersed.
These new online sources are interactive. Readers of The New York Timeshave opportunities to express their opinions and have them published in the Times. Unlike letters to the editor, comments are monitored for objectionable material, but not chosen or rejected for publication. All the news sources interact with their audience in a similar manner. News publication is not the one-way street that it once was.
In the past, developers had to limit the amount of information they stored from tracking the activity of running programs. They could not log too many details or retain logs for too long because logs were too large and grew too fast for the available storage. Since storage capacity has grown and cost has dropped significantly, especially for cloud storage , systems now have the resources to store much more and huge logs have become exploitable assets.
One of the consequences of the burst in online information is that digital information is subject to further processing. A few years ago, an investigator searching for personal history had travel to local libraries and read old newspapers . Investigators today can investigate from their local Starbucks, searching more newspapers faster than their earlier counterparts could imagine. This powerful sword cuts both ways. The job of a legitimate investigator is much easier, but the job of a criminal searching for details from a person’s past to use for extortion is also easier.
Tools for analyzing data have grown in capacity and sophistication to take advantage of new data. Big datarefers to methods of identifying patterns and extracting significant information from large quantities of data that were not possible when computers were less powerful. Developers harness the power of many computers to process a mountain of data. Each computer processes a small chunk of data, then combines its results with other computers, processing and combining over and over until they reach a usable result. The outcome is information about the ways in which people, businesses, and natural phenomena act that was unavailable before.
The burgeoning of information and ways of analyzing it have produced a new world of knowledge and possibility, not all good.
Privacy
The information that is now stored in private and public datacenters and computers and the access provided by the Internet have resulted in an assault on privacy. The assault comes from more than one direction. Governments, businesses, and other enterprises have increased capacity for entering areas that were once considered private. Individuals also have greater opportunities for intruding on the affairs of others by mining the vast quantities of information now available online.
Businesses
The online buying, searching, and browsing habits of computer users are all recorded and stored. Most computer applications on desktops, laptops, tablets, and phones also record some user activities. Operating systems also record activities. Social media contains enormous repositories of information on their users. Streaming services track the preferences and habits of their subscribers.
Most of these businesses have privacy policies that describe the data collected and how it will be used, but these policies are often tucked away out of sight and described in legal language that many users have difficulty understanding and most would prefer not to read. Some policies include opt out choices that give users a measure of control over the data recorded and how it is used. However, these options are often overlooked.
Businesses like Amazon use the information they collect to deliver a user experience on their site that many users appreciate. Online businesses have an advantage in collecting information on their users because each transaction is tied to an identified user account. A physical store has more difficulty tying transactions to individuals. The need to tie to individuals is one reason many retailers have discount savings cards or similar programs to encourage users to identify themselves when making purchases.
One of the more troubling customer data practices is sharing or selling data to other businesses. As an example, telecommunications providers have a wealth of information on the location of the cellphones they support. This information can be used to extrapolate home addresses, workplaces, and commute routes. Retailers can use cellular location information to determine if their customers are spending time in competing stores. Software is available to link location information with web browsing history. A retailer could place the items a customer has browsed into online ads for a store on the customer’s commute route. Many customers would appreciate the convenience of these ads, but perhaps not realize how the trick was done. Other customers would find using cellphone location data in this way intrusive. Nevertheless, location data is potentially a significant source of revenue for the telecommunications industry. In Europe, where privacy laws are much stricter than the United States , this practice is prohibited.3
The information that can be obtained through data analysis can be amazing. Target Corporation is one of the leaders in analysis of customer transaction data. One of their interesting achievements is to identify their pregnant women customers, sometimes before the women know it themselves, from their buying patterns. This has led to at least one embarrassing case where Target’s directed ads revealed to parents that their teenage daughter was pregnant.4
Governments
The challenge to government is to balance the need of government to protect its citizenry against the citizenry’s legitimate demands for privacy and freedom from intrusion. For most of the 20th century , privacy was perceived to be adequately protected by the courts. Telephone and government mail were the primary means of communication . Government mail is protected by statutes enforced by the courts. Phone taps were possible from the beginning of the service, but, again by statute, law enforcement could only implement a tap with a search warrant issued by a court. Without a warrant, evidence obtained through the tap was not admissible in court and law enforcement was exposed to civil action.
Thanks to high-speed computer networks and computer-based computer communication —such as email, messaging, voice over the Internet , websites, and social media —the technology has become more diverse and the rules less clear. Mass data gathering has become easier and analyzing vast quantities of data is now possible. Unlike telephone calls, most computer-based communication is persistent—the communications process preserves the message in storage until it is deleted. Unlike a telephone tap, which must be authorized before the data can be gathered, copies of emails can be seized after the need is identified. The next step down the slippery slope is to seize copies in anticipation of the need. Further down the slope, all emails are seized just in case a need appears. Computer and cellular voice and messaging are like email and subject to the same kind of government scrutiny.
Governments have also been the beneficiary of the enormous pools of information that businesses collect and the technical potential for gathering and analyzing even more. The goals of governments differ from the goals of businesses. A primary goal of governments is to identify and find criminals and other miscreants. This can be done using techniques like those used by retailers to identify and direct ads to persons in specific life-phases such as pregnant women . For instance, the government could, and probably already has, developed methods to identify terrorists with some degree of accuracy. Thus, everyone is safer. But are terrorists the only targets of this kind of analysis? Analysis like this could also be used to identify individuals who hold beliefs that are merely unpopular but not threatening (like a terrorist).
The question is, when is it appropriate to apply these methods? And what data can they be properly applied to? Many feel that the government has over-reached; they frequently cite Edward Snowden and the National Security Agency surveillance documents he leaked to the press in 2013.5 Snowden’s revelations show that the NSA has been collecting far more information than most Americans suspected and it engages in operations, such as advanced hacking expeditions, tapping into major communications links, and surveillance of foreign leaders; many citizens were suprised by its willingness to operate near or beyond the limits of the law.
The specter of abuse of power such as that attributed to J. Edgar Hoover arises. Generally, historians agree that Hoover abused his position as head of the Federal Bureau of Investigation to collect dossiers on many innocent citizens and officials, and used the dossiers to bully his victims.6 Today, an official with an inclination toward abuses like those of Hoover has a more powerful set of tools for building his dossiers.
Doxing
Collecting public information on a victim, assembling it into a dossier, and using the contents of the dossier to embarrass, harm, or extort from the victim is called doxing (sometimes spelled doxxing). Like pwning, the word doxing arose from hacker slang. Apparently, the first use of the term came from one hacker revealing the “documents” of another to publicize his genuine identity .
Interrupting the daily life of a celebrity or political figure by publishing their private telephone number and street address of is a form of doxing. Sometimes the target is an entire organization. The names, telephone numbers, and addresses of members of controversial organizations have been published. If the information is public but hard to find, there may be nothing illegal about publishing this information; the doxer may have ferreted out the information from public sources that most of the public are not aware of. A skilled and persistent searcher can often find information that the owner may have thought to be private.
The distinction between innocent curiosity or research and doxing is malicious intent. When someone googles the name of a celebrity out of curiosity and follows up by clicking some of the links that come back, they indulge their interest, but they have done nothing wrong. The celebrity may even be pleased with the interest. The searcher may continue to dig, following up on references, using uncovered data to make further searches. The follow ups break no laws. This activity would also be acceptable to most people, but some might raise their eyebrows a bit and begin to wonder.
But somewhere there is a line between an interested fan and a doxer who pushes on with the intention of collecting personal information and using it to salve an unhealthy obsession or indulge in questionable or malicious activity. Such a person might start searching court records , prying into semi-private entries in social media such as Facebook or LinkedIn , searching for embarrassing photographs and personal information. Personal information that is available by mistakes in privacy settings are special prizes. If non-hacking doxers stay with publicly available material and do not commit some form of criminal harassment, they have not broken laws. Even when they break harassment laws, the crime is usually only a misdemeanor with a small fine and little or no jail time. Often the punishment is minor compared to the damage done to the victim.7
At some point, the doxer may turn into a hacker and attempt to access email accounts, personal computing devices , cloud storage , and social media accounts, all in search of information they can use for their purposes. Crossing the line into hacking is clearly illegal, but up to that point, ambiguity reigns.
Doxing is an effective tool for harassment and extortion. There are horror stories about teenagers encouraged to perform sex acts on video. Then the encouragement turns to harassment when the videos are placed on public sites with names, addresses, and phone numbers. For these extreme cases, the child pornography laws can be applied, but law enforcement is not always prepared to find the perpetrators.
Plagiarism and Piracy
Digitized data differs from conventionally stored data in many ways, but the ease with which digital data can be copied and recombined with other data inspires some important misuses. Plagiarism is one of these. Cutting and pasting a sentence or paragraph happens in an instant. Students and writers take notes this way constantly. Applications such as Microsoft OneNote and Evernote make this style of working easy and quick.
This practice can easily be misused or abused by copying text fragments into other works without attribution or consent from the original author. This is an act of plagiarism. Plagiarism is unethical but not a crime . However, unauthorized use of copyrighted material is unlawful and often part of plagiarism.
Students are sometimes found guilty of turning in papers that contain unattributed copied material. Search engines like Google play a double role. Students can easily find material to copy, but their plagiarism is also easy to detect with the same search engine. Students both plagiarize more often and are detected more often. Careers and reputations have been ruined when the results of these temptations and mistakes have been revealed. Reputable journalists, scholars, and authors have been found to have committed plagiarism through intentional or unintentional copying and pasting.8
Wholesale copying of entire pieces—blog posts, articles, essay, books—is a more blatant form of intellectual theft made easy by digitized text. One form of this theft is electronic publications that simply substitute the original author’s name and title for another and then are sold as a new publication. Stealing the entire content of a work approaches piracy, but differs because the thieves steal the content and substitute their own names and reputations, while pirates steal everything.
Piracy also thrives on the easy duplication of digital materials. A pirate copies an entire work. The pirated material could be an electronic book, a computer game, software, or an audio or video recording. Pirates not only steal the content of an item; they steal the value of the reputation of the author whose name remains on the work. The crime is the same as pirating paper books, wrist watches, or other goods. The pirate sells a copy of the original work as the original and pockets the price without permission and without compensating the true owners.
Misuse of Computing
The increase in the availability of computing capacity since the turn of the 20th century has powered many achievements. Some, such as decoding DNA, have been desirable; others, such as improving the odds of success of income tax fraud , are not so desirable. In the hands of well-meaning technologists, the powers of faster and cheaper processors and the aggregated capacity of cloud installations are a force for efficiency and innovation. But criminals are also able to take advantage of computing capacity.
Big Data and Cybercrime
Big data analysis is a brute force operation that applies aggregated computing capacity to discover connections and patterns among elements in large quantities of data. Prior to the rise of big data, a large data set might be several billions (gigabytes) of characters. What is considered big data changes every year, but large data sets are now measured in trillions (terabytes), quadrillions (petabytes), quintillions (exabytes), and sextillions (zettabytes) of characters.
Big data has some characteristics other than the size of its data sets . Big data is usually unstructured. Traditional data management almost always means relational data management. Relational data is organized in orderly rows and columns that have precise meanings. The meaning of the data is determined by the position of the data in the table. The way the table is organized is called the schema and it is stored separately from the data. In Figure 5-1, “Boston warehouse” is Fred’s location because it is in the Fred row and the Location column. Relational data can be manipulated using operations that are mathematically predictable and consistent.
Figure 5-1. Relational data structure is more rigid that attribute-value pairs
Big data is seldom as orderly as relational data . It is freeform, often as attribute-value pairs. The attribute, such as “Elizabeth’s location” in Figure 5-1 determines the meaning of the value “Louisville plant.” The pairs are stored in a jumble as the data is added in no special order.
Attribute-value pairs are more flexible than relational rows and columns because new attributes can be added easily. In Figure 5-1, Fred’s hire date was added because the data happened to be available. In a relational database , the table must be modified when a new attribute is added. In this case, a new column would have to be added to the Personnel table. This is a time-consuming operation that usually requires the intervention of a database administrator .
When an attribute value database is analyzed, relationships between pairs must be found. In relational databases , relationships are conveniently defined in the schema. This is fast, but the relationships that are usually most interesting in big data sets are the ones that were not known when the data was written. Because new data can be incorporated easily and relationships do not have to be defined before the data is stored, big data uses unstructured data , like attribute-value pairs.
Because big data is huge and unstructured, processing big data requires much more processing than traditional data. Even the largest single computer is seldom adequate for practical big data processing. Many computers must be harnessed to work in parallel to process all that data. The algorithms for parallel processing unstructured data tend to be more challenging than relational data algorithms. This also increases the computing load.
All this computing effort is worth it because big data techniques can discover relationships between entities that would be unknown without it. These discovered relationships are as useful to cybercriminals as they are to marketers.
Phishing , for example, is a perverse form of marketing. Tricking a victim into executing an attachment to an email is not that much different from convincing a consumer to purchase an item they had not thought of buying. Marketers use interests and habits inferred from big data to urge the consumer to buy. Phishers use account information and friends’ names from big data to convince a victim that an email attachment is legitimate.
Cybercriminals also use big data-derived information to commit scams like tax fraud . Using big data-collected information, they can construct plausible applications for tax refunds to get money from the IRS. They can also use it to fabricate credible demands for tax penalties from innocent victims. The penalties are delivered to the criminal's account, not the IRS. The same information can be used to construct fake identities for many purposes.
Encryption and Password Cracking
Encryption and password cracking are basically power games. All encryption and cryptographic hashes can be broken, given enough time and computing capacity, but the required time and capacity often renders cracking effectively impossible. An algorithm that uses more computing time to complete the encryption generally requires more time to decrypt . An encryption algorithm that takes too long to encrypt hinders performance, but an encryption that requires more time to decrypt than a hacker can practically devote to cracking the code has defeated the hack.
This is the power contest between hackers and encryptors. A hacker who can muster enough computing power to crack an encryption in a workable time has beaten a previously uncrackable encryption. As available computing power increases, both encryption and encryption breaking get faster. This makes more complex and resistant encryptions practical, but it also makes breaking the encryption more practical for hackers. If you accept that the typical hacker does not have the computing resources available to established enterprises, encryption has the upper hand. But there are several circumstances where that is not the case. Government agencies and military organizations have unlimited resources when breaking an encryption is a priority. Hackers can be exceptionally innovative in putting together specialized devices and using them efficiently.9 As faster and more efficient processors become available for breaking encryption, the balance of power shifts to the code breakers. As encryptors make use of greater computing capacity to develop stronger encryption, the balance of power shifts back to the encryptors. It is a never-ending battle.10
Misuse of Communication
Most people today use their computing devices as communication tools rather than computing tools. Facebook , Twitter, LinkedIn , Reddit, Instagram, and Flickr are all communications tools that use computing to enhance the communications experience. A service like Uber relies on smartphones for communication between passengers and drivers. Much of the utility of business-to-business and business-to-consumer applications is derived from communications abilities.
The Internet itself is the most important computer communications tool. The communications that we have come to value in the 21st century are two-way communication, which has often replaced one-way communication. Print media communicates one way: from authors to readers. Sometimes the author is an individual; in other cases, it is an agency such as a newspaper editorial board. Regardless, the reader has no convenient means of broadcasting to the rest of the audience through the medium. Radio and television also only support communication from stations to audiences, not the reverse.
Internet communications go both ways. Reader comments have become a staple of the Internet. Publications such as The New York Timesor The Washington Postattach comments to almost every news item. In these comments, readers can step up to the newspaper’s podium and broadcast their own opinions. For many readers, the comments are as important as the item itself. Two-way communication gives readers a new stake in the popularity of the publications they read because the publication’s audience is now the reader’s audience when the reader comments.
Unlike previous means of mass communication, the Internet is a forum in which everyone can participate. The kind of interaction that was previously limited to relatively small gatherings or meetings now can take place anytime and attract a large audience. In some Internet forums , such as scientific groups, participants exchange carefully crafted and thought out documents and respond with equally careful replies. In other forums, the exchange is shot from the hip and is spontaneous, sometimes raucous. Participants are not constrained to be in the same place at the same time. Although Internet forums are not likely to completely replace humans gathering in the same room, they provide a useful addition to the pool of communication alternatives which did not exist before the Internet became ubiquitous.
Free access has added a dimension to communications that some find problematic. Journalists are typically trained in research and putting forth a coherent news story. They are trained in journalistic ethics of accuracy and fairness. Typical readers are not. Consequently, their contributions cannot be judged on the same basis as those from trained journalists. The typical reader’s lack of journalism training is not inherently bad. There is much to be said for opening the doors to new opinions, but at the same time, the nature of communication has changed.
Internet Fraud , Spam , and Trolls
Fraud is the most common computer crime and it also the computer crime that is the least dependent on computers. Romance-related fraud is one of the most common computer frauds, but it certainly did not begin on the Internet. A slick and romantic stranger who convinces an innocent victim to part with money, virtue, or whatever is a stock figure that has been around as long as stories have been told. The scam works face-to-face , through traditional mails, over the phone, and in cyberspace. Computers and the Internet are not needed for successful romance fraud.
Nevertheless, computers and the Internet do offer advantages to all kinds of fraudsters . In email, a chat room , or social media , everyone can control their persona. Young can be old, old can be young and it all only depends on talent at dissembling. In a chat room or on a website, there is no way to judge whether a person is down-and-out or prosperous, well-dressed or wearing dirty sweats. This is obviously helpful in romance scams, but it also helps with other varieties of fraud such as confidence games in which the fraudster convinces the victim to send money for a faked purpose.
Face-to-face scams in the physical world may be easy to execute for a person with the right talents and skills, but evading law enforcement may not be easy at all. Physical addresses , credit card charges, driver’s licenses, and many other artifacts can be used to trace fraudsters .
On the Internet, tracing can be difficult. In this realm, the tools of traditional law enforcement do not apply. Physical addresses , for example, can be checked by visiting the location. Email addresses , on the other hand, are easy to obtain without authenticating the identity of the owner and effectively vanish into nowhere when the owner abandons them. Unlike anonymous post office boxes, email addresses that conceal their owners are indistinguishable from email addresses used by genuine persons. False names, fake photographs, and fictional biographies are easily attached to made-up personas.
The unfortunate result is that the characteristics of the Internet and computing make fraud easier to execute and harder to apprehend.
Spamming and trolls are other examples of computing and the Internet facilitating activities that are not dependent on either computing or the Internet.
Spam is a simple extension of direct mail advertising . Sending out spam is cheap. Direct mail advertising is also cheap, but not nearly as cheap as spamming. Unlike direct mail advertising, sending out a million emails is not much more expensive than sending out a hundred. If only a tenth of a percent of a million emails respond, that’s a thousand hits, which can be a respectable business proposition. Shady operations prefer the economics of spam to direct mail. If the shady operation’s spam happens to be fraudulent, as they often are, tracing and prosecuting an off-shore spammer can be difficult or impossible.
Trolls are a pain to everyone. There is nothing new about annoying naysayers who show up at all sorts of meetings to argue with anyone and all. They don’t seem to care if their arguments have truth, value, or even make sense. They feel free to accuse anyone of anything. Like romance fraudsters , they appear as stock characters in both history and literature. However, there is often no agreement on who is a troll and who is a bold speaker of the truth. Punishing one person’s troll is often punishing someone else’s hero.
The openness and two-way communication fostered by the Internet provides opportunities for trolls. Forums can be poisoned by trolls who single out participants for attack or generally attack everyone in the discussion. The disgruntled and malicious trolls are protected by forum rules designed to protect reasonable members of the forum. Sometimes, moderators can eject the troll, but that usually only happens when the forum agrees that the troll should go. Consensus is not always possible, and the troll must be tolerated as a cost of an open forum.
The Darknet
The darknet is a collection of networks of websites that are not visible without special software or hardware. The darknet is dark because it is unseen and hard to detect, not because it is inherently bad. There are legitimate purposes for invisible networks . Journalists protect their informants by communicating over dark networks. Whistleblowers avoid scrutiny by the employers over dark networks. Diplomats and government officials communicate secretly over invisible networks. The victims of stalkers use darknets to avoid being spied upon. Ordinary people who want privacy while surfing the Web also use the darknet. The darknet was developed for legitimate privacy, not criminal purposes.
But there are less legitimate uses. Darknet sites offer anonymity and reduce the traceability of their members. These qualities protect criminals as well as legitimate users. There are darknet sites that specialize in protecting their members in pursuit of illegal trade and other crimes . These criminal darknet sites allow or encourage trade in illegal drugs, money laundering , weapons, stolen or forged credentials, sex trafficking, or anything banned from legal commerce. There are unsubstantiated but credible rumors of murder for hire on the darknet.11
Access to Darknet Sites
The most important darknet protocol is onion routing. The network that uses onion routing is called the Onion Router or, most commonly, Tor . Like the Internet , Tor was developed by the United States military and is still supported by the United States government.12 The relationship between Tor and the U. S. intelligence organizations is complex. Various agencies have been active in both developing Tor security and breaking it. Paradoxically, Tor is a tool for both criminals and law enforcement .
Regular Internet communications use packets of information that have both a source and a target address. When a message is sent, the network routing equipment reads the target address and passes the packet on to the target computer. The receiving computer reads the source address and replies. When packets are encrypted, the payload, not the addressing, is encrypted. Consequently, both the source and the target address are available to network sniffers, tools that can read packets as they traverse the network. Tor uses a more elaborate routing scheme that also encrypts addresses. The packets hop between multiple intermediate Tor routers, which are run by volunteers. These volunteers include government agencies , businesses, non-profit organizations, and individuals. Combining encryption with complex and variable routes, Tor is is much more difficult to trace than conventional routing and has therefore become the foundation of the darknet.13
Criminal Darknet Sites
Criminal darknet sites are almost always for members only. The site administrators vet account applications carefully and require endorsements from existing members. Some require evidence of past crimes before granting membership. The admission procedures are intended to keep out law enforcement . They are also to enforce “honor among thieves.” Even a criminal trading exchange must have reliable trading rules, and most sites police their rules.
Although admission policies are important for maintaining the darknet, illegal commerce could not exist without protocols like Tor that foster anonymity and make messages difficult to trace and invisible to the ordinary Internet , even though these networks use the same communications infrastructure as the ordinary Internet.
Estimates of the number of sites on the darknet vary. It is probably considerably less than a million and likely more than 100,000. These sites for illegal trade are crucial to the cybercrime ecosystem. Forty million credit cards (the take from the Target heist) cannot be effectively exploited by a small group of hackers . Carding, turning stolen payment card information into cash, requires feet on the street making fraudulent payment card purchases and fencing the loot. Carding requires skill at face-to-face deception and the logistics of disposal of stolen goods, not technical hacking skills. Without convenient darknet intermediaries managing the division of labor between technical and street criminals, hacking would be far less lucrative.
The trade on these criminal sites parallels the development of online commerce by firms such as eBay and Amazon. Online commerce has proven to be far reaching and effective. Drug sellers or dealers in any kind of stolen or illegal goods and services reap the same advantages. Anonymity of transactions, including payments using crypto-currencies such a bitcoin , are added attractions.
The criminal sites do more to facilitate cybercrime . They also act as an exchange for technical information useful to other hackers , Sometimes the information is freely published. In other cases, the information is sold; often this information is a description of an exploitable weakness in an operating system or application . These exchanges also sell prepackaged code that less-skilled or unskilled hackers use to launch attacks.
These sites are usually developed and maintained by technically oriented hackers , but the participants include less-technical criminals trafficking in illegal goods and services such as stolen art, extreme pornography , illegal or restricted drugs, and weapons. If it is illegal, it is probably sold somewhere on the darknet.
Law enforcement , lead in the U.S. by the FBI, have been working to take these criminal sites down. In 2008, a large site was taken down through the efforts of an undercover agent who became an administrator of the site. The FBI estimated that the site, Dark Market , had approximately 2,500 registered users. Fifty-six arrests were made in the takedown. The FBI estimated that 70 million dollars in potential losses were prevented.14
In October of 2013, The Silk Road site was taken down and the operator, the so-called Dread Pirate Roberts , was arrested. Per the prosecutors, Silk Road had taken in 214 million dollars in sales and 13 million in commissions when it was shut down. Silk Road was an anonymous bitcoin based operation. In February 2015, Dread Pirate Roberts was found guilty of charges including drug trafficking, money laundering , and computer crimes .15 He was later sentenced to life in prison.16
Relatively recently, the Darkode site was taken down by a multi-agency investigation team with partners in 20 countries. Darkode has been called the most dangerous site on the Internet , perhaps because it was an active forum for exchanging hacking methods. Unfortunately, the site appears to have regenerated itself shortly after being shut down.17
Silk Road and Darkode illustrate two issues that complicate dealing with criminals on the darknet. Dread Pirate Roberts was apparently convinced that he was doing a service to humanity by providing the freedom to buy and sell anything that people wanted to trade in. When he was arrested, and during his trial and sentencing, his supporters declared that he had done nothing wrong and that taking down Silk Road was a violation of rights even though it supported traffic in dangerous and damaging substances. You may agree or disagree with that position, but it is important to notice that sites like Silk Road have support from idealists as well as criminals.
Darkode illustrates another issue. These criminal sites can be a whack-a-mole game. Knock one down and it pops up somewhere else. The technology for these sites is not dependent on a specific set of physical hardware or location. A sophisticated criminal site uses something like an enterprise failover system. In a well-prepared enterprise IT department, a disaster will trigger a failover system, which is a combination of software, hardware, and human intervention that establishes a replica of the system in a safe location. After the alternate system is up and running, the continuation of a business following a successful failover is still dependent on the people who provide and consume the products the system. For instance, a business badly damaged by a catastrophe such as a fire or flood may never recover even though the IT system was reproduced perfectly because employees, customers, and suppliers may not be able to recover.
Law enforcement can extinguish a criminal enterprise permanently by neutralizing enough of the operators and customers to break the criminal community even though the site reappears. This may be the case with Darkode . Although it has resurfaced, its organization and clientele is much weaker than before and may be on the way to oblivion.18
Manipulation of Markets
When prices in a public commodities or securities exchange are artificially lowered or raised, it is called market manipulation . Using computers to manipulate markets involves taking advantage of both computing power and high-speed networks. Market manipulators rely on communications that are fast enough to keep them ahead of the humans in the market. A lead of a few milliseconds is sufficient to gain the edge.
Pump and Dump
One way to manipulate a market is to surreptitiously acquire a large block of cheap stock, then broadcast rumors that push up the stock’s low price, and then sell the overvalued stock back on the exchange at the artificially increased prices. This scenario is called pump-and-dump.
A similar scenario occurs when a seller sells shares at a market price and then promises to deliver the shares at a future date. If the market price goes down, the seller profits by delivering shares purchased at the dropped price. This is short selling, a legitimate practice that becomes manipulation when the seller acts to force the price down through rumors or other illicit means. This scenario is called short-and-distort.
Pump-and-dump and short-and-distort are the patterns for many market manipulation schemes and Internet -based communications are helpful in all of them.
Spam email is an efficient method for spreading rumors and misinformation. Hackers use the same methods as they use for phishing expeditions. Big data analysis and stolen email addresses identify vulnerable targets , and botnets send out barrages of spam in staggering quantities.
Pump-and-dump stock or commodity scams have advantages over other spam attacks. Unlike phishing , the source of the misinformation is untraceable because there is no direct link between the victim and the scam. The victim sells or buys on a public exchange rather than transacting with the source of the scam. There need be no contact between the manipulators and their victims in a stock scam. If the manipulators can avoid being traced as the source of the spam , which is relatively easy, investigators are hard-pressed even to connect the manipulators to the misinformation.
High Frequency Trading
Another form of market manipulation is tied to high frequency trading. A computer can execute transactions much faster than humans. In the time it takes a human to buy or sell a block of shares, a computer can execute thousands of transactions.
Algorithms bridge this speed gap. A simple algorithm might direct the computer to purchase a block of stock whenever the price drops below a threshold, and then sell when the stock price exceeds another threshold. Operating on a powerful computer, an algorithm can execute thousands of transactions while a human sits at a console adjusting thresholds and transaction speeds of the algorithm without being involved in any specific transaction. In real life, the algorithms are more complicated than this example and consider more complex factors and relationships , like the cash available for trading, the price and direction of similar stocks, and so on, but it remains a powerful machine controlled by a human master.
Like most things cyber, high frequency trading is neither good nor bad. High frequency trades can make investing cheaper by reducing the expensive human element on the trading floor and it can reduce the spread between asking prices and offers to buy. This shifts the influences from traders on the market floor to investors on the exchange. Some economists believe that high frequency trading reduces market volatility by trading against outlying highs and lows and forcing them back to the mean.19 However , some believe that high frequency trading has caused sudden wild variations in share prices, such as the Flash Crash of 2010 when prices dropped 10% in a few minutes, then rapidly rebounded. Immediate assessments tended to blame the crash on high frequency trading.20 However, later evaluations do not assign as much responsibility to high frequency trading.21
High frequency traders can intentionally manipulate markets for gain. In 2014, a high frequency trading firm was fined one million dollars for manipulating shares on the NASDAQ exchange. The firm placed storms of high speed trades in the last two minutes of the trading day, manipulating closing prices, and taking advantage of special conditions as markets close to execute favorable trades.22
The Dilemma
Computers and computer communications have proved to be both a blessing and a curse. Many of the same features enable both legitimate and illegitimate activities. The catalog of misuses is long, and policing computing and computer communications challenges law enforcement . Much of the challenge stems from the dual nature of the technology that is misused. If, for example, high frequency securities trading was an unmitigated swindle, prohibiting it and enforcing the prohibition would be relatively easy. However, in many cases, the experts can’t decide if a high frequency trading practice helps or hinders trading. This makes formulating a reasonable computerized trading policy difficult. Without policy, policing is haphazard, to say the least. The same applies to the darknet and Tor . They are used both legitimately and illegitimately. Privacy and encryption present a similar augment. We want it both ways: unbreakable privacy but not for the criminals whose communications we want to see.
This is the dilemma of the misuse of computing and computerized communication : the same technology has both good and bad uses. And the extent of the good and the bad are limited only by the ingenuity and industry of their proponents.
Footnotes
1 See Pamela Vagata, Kevin Wilfong, “Scaling the Facebook data warehouse to 300 PB,” April 10, 2014. https://code.facebook.com/posts/229861827208629/scaling-the-facebook-data-warehouse-to-300-pb/ . Accessed April 2016. According to this article, Facebook stores 600 TB per day. As study in 2000 estimated the physical holdings of the library to be 10 TB. Peter Lyman, Hal Varian, “How Much Information?” School of Information Management and Systems, University of California, Berkeley, 2000. www2.sims.berkeley.edu/research/projects/how-much-info/how-much-info.pdf . Accessed April 2016. According to these numbers, Facebook takes in the equivalent of 60 Libraries of Congress per day.
2 See Michael Agresta, “What Will Become of the Library?” Slate, April 22, 2014. www.slate.com/articles/life/design/2014/04/the_future_of_the_library_how_they_ll_evolve_for_the_digital_age.html . Accessed April 2016.
3 Joel Hruska, “How telcos plan to make billions by selling and combining customer data,” ExtremeTech, October 28, 2015. www.extremetech.com/extreme/216988-how-telcos-plan-to-make-billions-by-selling-combining-customer-data . Accessed April 2016.
4 Charles Duhigg, “How Companies Learn Your Secrets,” The New York Times, February 16, 2012. www.nytimes.com/2012/02/19/magazine/shopping-habits.html . Accessed March 2016.
5 See Lorenzo Franceschi-Bicchierai, “The 10 Biggest Revelations From Edward Snowden’s Leaks,” Mashable, June 5, 2014. http://mashable.com/2014/06/05/edward-snowden-revelations/ . Accessed April 2016.
6 The extent of Hoover’s vagaries may be exagerated, but his abuse was clear. The view is this article seems to be fairly well-balanced: Kenneth D. Ackerman, “Five myths about J. Edgar Hoover,” The Washington Post, November 9, 2011. www.washingtonpost.com/opinions/five-myths-about-j-edgar-hoover/2011/11/07/gIQASLlo5M_story.html . Accessed April 2016.
7 This article chronicles a particularly disturbing example of doxing among many. Swatting, maliciously directing a SWAT team to a victim’s resident, frequently accompanies doxing. Jason Fagone, “The Serial Swatter,” The New York Times Magazine, November 24, 2015. www.nytimes.com/2015/11/29/magazine/the-serial-swatter.html?_r=1 . AccessedApril 2016.
8 For an example, see Lloyd Grove, “Malcolm Gladwell’s Plagiarism Problem,” The Daily Beast, December 11, 2014. www.thedailybeast.com/articles/2014/12/11/malcolm-gladwell-s-plagiarism-problem.html . Accessed April 2016. As this article points out, plagiarism is often complex and ambiguous.
9 In this example, also cited in Chapter 3, a specialized machine has been built up from standard components for password cracking. Dan Goodin, “25-GPU cluster cracks every standard Windows password in <6 hours,” Ars Technica, December 2012. http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/ . Accessed February 2016.
10 Computing capacity is not the only factor in the battle, but it is an important one. Clever encryption algorithm and equally clever encryption breaking techniques are also critical, but increasing computing capacity always changes the encryption landscape.
11 “The disturbing world of the Deep Web, where contract killers and drug dealers ply their trade on the internet” Daily Mail, October 11, 2013. www.dailymail.co.uk/news/article-2454735/The-disturbing-world-Deep-Web-contract-killers-drug-dealers-ply-trade-internet.html #. Accessed March 2014. This article describes several sites that appear to be murder for hire. However, there have not been any murders attributed to a darknet site. The lack of verified murders may show that the sites are effective or that the idea is a hoax.
12 Yasha Levine, “Almost Everyone Involved in Developing Tor was (or is) Funded by the US Government,” Pando, July 16, 2014. https://pando.com/2014/07/16/tor-spooks/ . Accessed April, 2014.
13 The Tor website describes a collection of applications and tools for working with Tor. www.torproject.org/index.html.en . Accessed April 2016.
14 Federal Bureau of Investigation, “‘Dark Market’ Takedown,” October 20, 2008. www.fbi.gov/news/stories/2008/october/darkmarket_102008 . Accessed April 2016.
15 Nate Andersen, Cyrus Farivar, “How the feds took down the Dread Pirate Roberts,” Ars Technica, October 2, 2013. http://arstechnica.com/tech-policy/2013/10/how-the-feds-took-down-the-dread-pirate-roberts/ . Accessed April 2016.
16 Benjamin Weiser, “Ross Ulbricht, Creator of Silk Road Website, Is Sentenced to Life in Prison,” New York Times, May 29, 2015. www.nytimes.com/2015/05/30/nyregion/ross-ulbricht-creator-of-silk-road-website-is-sentenced-to-life-in-prison.html?_r=0 . Accessed April 2016.
17 Alastair Stevenson, “It only took 2 weeks for the world’s most dangerous hacking forum to get back online after the FBI shut it down,” Business Insider, July 28, 2015. www.businessinsider.com/darkode-admin-returns-with-new-and-improved-hacking-site-2015-7 . Accessed April 2015.
18 Loucif Kharouni, “Darkode is down again, don’t call a Sp3cial1st!” Damballa, July 29, 2015. www.damballa.com/darkode-reloaded/ . Accessed April 2015.
19 See Antonya Allen, “High Frequency Trading Cuts Volatility: Professor,” CNBC, August 31, 2011. www.cnbc.com/id/44337362 . Accessed April 2014. Not everyone agrees that high frequency trading is positive in every circumstance. For a more nuanced and somewhat more difficult to follow report, see Marvin Wee, “Market volatility is here to stay, but high-frequency trading not all bad,” The Conversation, September 15, 2015. http://theconversation.com/market-volatility-is-here-to-stay-but-high-frequency-trading-not-all-bad-46615 . Accessed April 2015.
20 The Economist Online, “What caused the flash crash? One big, bad trade,” The Economist, October 1, 2010.
21 Andrei Kirilenko, Albert S. Kyle, Mehrdad Samadi, Tugkan Tuzun, “The Flash Crash: The Impact of High Frequency Trading on an Electronic Market,” Commodity Futures Trading Commission, May 5, 2014. www.cftc.gov/idc/groups/public/@economicanalysis/documents/file/oce_flashcrash0314.pdf . Accessed April 2014. This paper does not blame high frequency trading for the initiation of 2010 event, but it does say that it exacerbated the event.
A similar event occurred in the US Treasury market. A report on this event does not assign blame to high frequency trading, but does recommend further attention to the markets. U.S. Department of the Treasury, Board of Governors of the Federal Reserve System, Federal Reserve Bank of New York, U.S. Securities and Exchange Commission , U.S. Commodity Futures Trading Commission, “Joint Staff Report: The U.S. Treasury Market on October 15, 2014” July 13, 2015. www.treasury.gov/press-center/press-releases/Documents/Joint_Staff_Report_Treasury_10-15-2015.pdf . Accessed April 2016.
22 U.S. Securities and Exchange Commission , “SEC Charges New York-Based High Frequency Trading Firm With Fraudulent Trading to Manipulate Closing Prices,” Press Release, October 16, 2014. www.sec.gov/News/PressRelease/Detail/PressRelease/1370543184457#.VEApEfnF_pU . Accessed April 2016.