Cybercriminal element on ‘Darknet’ resources growing, say Kaspersky Lab experts
Expect rise in new Tor-based malware, as well as Tor support for existing malware
IN recent months Kaspersky Lab experts have been closely monitoring so-called Darknet resources, mostly the Tor (The Onion Router) network.
And one thing that is immediately obvious is that the cybercriminal element is growing, the company said in a statement.
Tor, one of the resources on the Darknet, has been known for a long time. At first it was only known to experts and enthusiasts interested in the technical details of practical anonymity in the network, or fans of cryptography.
However, after Edward Snowden's revelations many Internet users started searching for this kind of online anonymity, resulting in a surge of interest in Tor.
Although the Tor infrastructure and cybercriminal resources are not on the same scale as the conventional Internet, Kaspersky Lab said its experts managed to find approximately 900 hidden services online at the current time.
Tor is primarily unrestricted, free software operating via the Internet. It has users who enter sites, exchange messages on forums, communicate in IMS, etc. – just like the ‘ordinary’ Internet, Kaspersky Labs said.
But there’s one crucial difference: Tor is unique in that it allows its users to remain anonymous during their activity in the Net.
Network traffic is completely anonymous: It is impossible to identify the user’s IP (Internet Protocol address) in Tor, making it impossible to determine who the user is in real life. Moreover, this Darknet resource utilises so-called pseudo domains which frustrate any efforts to pick up the resource owner’s personal information.
Recently cybercriminals have started actively using Tor to host malicious infrastructure. Kaspersky Lab experts found Zeus with Tor capabilities, then they detected ChewBacca and finally analysed the first Tor trojan for Android.
A quick look at Tor network resources reveals lots of resources dedicated to malware – C&C (command and control) servers, admin panels, etc, Kaspersky Lab said.
“Hosting C&C servers in Tor makes them harder to identify, blacklist or eliminate,” said Sergey Lozhkin, senior security researcher with the Global Research and Analysis Team at Kaspersky Lab.
“Although creating a Tor communication module within a malware sample means extra work from the malware developers, we expect there will be a rise in new Tor-based malware, as well as Tor support for existing malware,” he added.
Tor managed to create anonymous resources due to the distributed network of servers called ‘nodes’ or routers that operate on the principle of onion rings (hence its The Onion Router). All network traffic (i.e. any information) is encrypted repeatedly as it passes through several network nodes on its way to Tor.
In addition, no network node knows either the source of the traffic or his destination or its content. This ensures a high level of anonymity making it impossible to determine who is behind the network activity, i.e. a real person, Kaspersky Lab said in its statement.
Tor has become a helpful solution for those who, for some reason, fear of surveillance and the leakage of confidential information.
But as well as legitimate users, this technology also attracts the attention of cybercriminals. The Tor network has long been known for hosting a large number of resources carrying out illegal activity, the company added.
How the PRISM surveillance scandal affects Asia
The Silk Road arrests, and why users should be worried
Mathematician unlocks weak domain keys, Google and Microsoft affected
Anonymity, is your time up?
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.