Where would the dark web be without Tor? Probably in the bright, uncomfortable spotlight of law enforcement if it doesn't find an alternative method of cloaking itself. Agora, the dark web site that grabbed the dubious honour of being the world's most popular online drugs marketplace following the shut down of Silk Road and Silk Road 2.0, has announced that it is "pausing" operations. The reason? Agora is worried that Tor might not be as good at keeping things anonymous as it promised. Here is part of what Agora told its users in a statement:
Recently research had come that shed some light on vulnerabilities in Tor Hidden Services protocol which could help to deanonymize server locations. Most of the new and previously known methods do require substantial resources to be executed, but the new research shows that the amount of resources could be much lower than expected, and in our case we do believe we have interested parties who possess such resources. We have a solution in the works which will require big changes into our software stack which we believe will mitigate such problems, but unfortunately it will take time to implement. Additionally, we have recently been discovering suspicious activity around our servers which led us to believe that some of the attacks described in the research could be going on and we decided to move servers once again, however this is only a temporary solution. At this point, while we don't have a solution ready it would be unsafe to keep our users using the service, since they would be in jeopardy. Thus, and to our great sadness we have to take the market offline for a while, until we can develop a better solution. This is the best course of action for everyone involved.
As Tripwire has previously reported, dark web marketplaces like Agora are out of reach for most internet users as Tor needs to be installed first, routing encrypted traffic through multiple layers of anonymous PCs scattered across the internet, mimicking the layers of an onion, and covering the tracks of visitors. The technology not only protects people browsing the web, but can also shield the identities of those who are running underground websites that would be of interest to criminal investigators. Although there are undoubtedly legitimate uses for Tor (for instance, in countries with oppressive regimes which restrict internet access), it's clear that the technology is also used by online criminals to keep their activities beyond the reach of the law. So it's no surprise that a lot of people have been interested in determining if Tor is really as secure as it promises. Last month, researchers from MIT made headlines by describing how they had found a security vulnerability in the Tor network that made it possible to identify hidden servers with an astonishing 88 percent accuracy. Of course, nature abhors a vacuum and Agora is far from the only dark web marketplace out there - some have suggested that there may be approximately 800 similar sites in operation. Maybe, somewhat perversely considering the business it is in, Agora is simply being responsible in recognising the issue, and the other sites are endangering themselves and their customers by continuing to trust Tor. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
