Ironically, Tor was "originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory ... for the primary purpose of protecting government communications," according to the Tor Project website.
It is favored by privacy advocates, who point to a number of its legitimate uses: Journalists can communicate anonymously with whistleblowers and dissidents; employees of non-governmental organizations (NGO) can connect to their home website from foreign countries without alerting that government of their activities; corporations use it to protect their sensitive information from competitors and it is generally seen as a way to protect domestic online civil liberties from government surveillance.
But, as has been widely reported — increasingly in mainstream media as well as the IT trade press — it is a haven for criminals.
While Tor, "piggybacks over the same Internet as everybody else, it has its own little secret handshakes and requires end-to-end encryption to each site," said Kevin McAleavey, a malware expert and cofounder of the KNOS Project.
He said there have been a few attempts to index Tor sites, "but by and large they change with the wind direction. The really dodgy ones probably change their onion URLs multiple times per day."
McAleavey noted that Tor has been around for more than a decade (the first version was announced in 2002), but the scale of the criminal activity has spiked. "The only thing that's changed since 2006 — even the malware has barely changed — is that there's big money in hitting big places, so the kids are better financed now," he said. "The criminals are willing to pay far bigger rewards for zero-day attacks than the software companies. It's free enterprise — pure supply and demand financing."
Still, while the McAfee report described the illicit activities on the Dark Web as "healthy and growing," enterprises are not entirely defenseless. Mario de Boer, research director, Security and Risk Management Strategies at Gartner for Technical Professionals, offered three recommendations.
Enterprises should not, "overspend on new technologies without understanding their efficacy and before optimizing their current security controls. Next, assess risks that are not addressed by your current technology stack. Then, balance additional protection with deeper monitoring capabilities and incident response," he said.
Samani said organizations have to move beyond the traditional approaches to capturing malware. "There are multiple ways that organizations can defend themselves — whitelisting, sandboxing, etc.," he said. "So the innovation within the security industry is equally healthy and growing."
McAleavey said the notion that the Dark Web is, "some immutable, impenetrable wall of doom ... is nonsense. Tor connections are suspicious to authorities simply because of the ports used and the encryption standing out like a lighthouse in the middle of the Pacific," he said.
Sign up for CIO Asia eNewsletters.