An Introduction to Meg Tufano’s Deep Dark Web

by

Giselle Minoli

    A little over 2 years ago Meg Tufano and I started regularly encountering one another on a variety of public posts on Google+. Soon enough we uncovered the almost mystical fact that we had lived in the same dorm at St. John’s College when we were freshwomen, but had somehow not managed to get to know one another in that famously small college noted for its Great Books heritage and its Monday and Thursday night seminars, which every student (still) attends to discuss, debate, argue, contemplate, and query, well, virtually every subject imaginable over the course of four years.  

    Setting aside a calculation of the mathematical odds of re-encountering one another all these years later in the Google Gulfstream in favor of exploring our mutual and obviously undiminished passion for The Great Conversation About Life, since then we have had many discussions and dialogues––online, over the telephone and via email––about social, cultural, business and political issues that we encounter nearly every day. Those conversations have, variously, touched on women’s rights, voting rights, gay marriage rights, religion, sex, online vs. real world education, Presidential elections, gun control, the Constitution, healthcare, parenting and stepparenting, terrorism and national security, to name just a few of our mutual interests.

    While these may appear to be entirely separate subjects, they all seem to come together at the intersection of ethics and the law, namely, what is legal and what is ethical, what happens when something might be legal but is perhaps unethical, or what happens when something illegal is perceived, nonetheless, to be an okay thing to do––the slippery slope of wondering if one can run a stop sign if no one is around to witness it. Trying to pinpoint instances where there seems to be a happy union of ethics and the law is always entertaining.

    Some things appear to be etched in stone, immune from any sort of debate or discussion. I do not, for instance, ever recall reading an argument stating that 2 + 2 does not equal 4. Other things, far murkier in nature, bubble to the surface of the national debate over and over and over again with no clear answer and are everything but etched in stone. Millions of people worldwide are wondering what to do about many of the same fractious issues that concern my former dorm-mate and me.

    Such, I think, is the case with The Deep Dark Web, Meg Tufano’s examination of the underground web and the NSA’s questionable practice of policing Americans’ telephone calls, emails and Internet communication. Written before a Federal Court Judge wrote recent his opinion that the NSA’s policy of “policing” the public to “protect” the public is illegal, and before a second Federal Court Judge even more recently wrote a contrary opinion that the NSA’s policy is, in fact, entirely legal, The Deep Dark Web prods and pokes our individual and collective belief systems––what we are programmed to believe, what we are willing to believe, what we might need to believe, what we should believe, and, perhaps most importantly, how we should behave and what we should enact into law––in the face of ongoing threats against our country’s security and safety.

    Into The Deep Dark Web we go.

The Deep Dark Web

For the Autumn Issue of The Journal I was planning to write an article about a subject I had just learned about for the first time on Google Plus, but that others have apparently known about for years, namely, The Deep Dark Web, The Silk Road, and Tor onion routers. The story, as I learned about it through various discussions, was that there were orders of magnitude more action going on on the Internet below the threshold of what we “surface users,” with our open browsers and IP Addresses, could easily find.  

    This dark part of the web apparently encompasses all areas of criminality imaginable––from drug dealing to the sex slave trade to murder for hire––and the profits are funding all sorts of criminal activity up to and including violent non-state actors (VNSAs, formerly called terrorists) and it has far more activity than that found on the surface of the web. I found that troubling and of intrinsic interest to study and write about. 

    However, I decided not to go with that topic because, just as I was writing a description of how all this “hiding in plain sight” criminality was occurring, Snowden dropped the NSA surveillance bomb (different subject, similar tune), and a child pornographer using The Deep Dark Web was picked up by the FBI in Ireland, as was the “mastermind” of The Silk Road in the U.S. I figured that any knowledge I would discover would not be as informative as others who had better access to source information. I looked forward to getting a more thorough understanding of what appeared (to me at least) to be a pretty huge national defense issue––how the web is affecting not just the privacy but the safety of our society, and especially how it is making possible serious breaches of our freedoms, not to mention supporting egregious criminal activities.

    Well, if there are people with a better understanding than I have, they are not drenching the airwaves or newspapers with their voices. There have been some articles, but nothing like the coverage I expected about behaviors so heinous. For example, each of these stories has less than half a page of results from a Google search. The facts are there of course. Yet, contrast our weeks and months of attention covering a slow legal computer site (as we seem to have been doing nonstop about healthcare.gov), surely not nearly as interesting as a site that is purportedly selling drugs, arms and even sex slaves? Which story should be more front-page-worthy?

    I have waited all these months for there to be more news coverage of what has to be one of the weirdest combinations of news revelations ever (NSA spying on German Chancellor Merkel; the FBI discovering a child pornography ring in Ireland; Snowden, an American, who is now in the loving arms of Vladimir Putin, revealing damaging secrets of the U.S. government, then the discovery of The Silk Road, a billion dollar online criminal enterprise). I have waited pretty much in vain. There has been some coverage but there has not been nearly the intensity I expected from stories so bizarre.

The Skeletal Facts of the Cases

    The arrested dual citizen (Irish and American) was described by the FBI as “the largest facilitator of child porn on the planet” (Kiss, 2013). The Silk Road owner, Ross William Ulbricht, faces charges of narcotics trafficking conspiracy, computer hacking conspiracy, money laundering conspiracy, and solicitation of murder on his dark market that handled at least 1.2 billion in revenue and 80 million in commissions for Ulbricht personally, according to court documents (Burns, 2013).  

    Although Bitcoins were named as the currency used on The Silk Road, there is some question as to how that much money was exchanged using Bitcoins. When I communicated in a discussion forum with someone on Google Plus who appeared knowledgeable about Bitcoin (but who wished to remain anonymous), he said that Bitcoins are traceable (not easily traceable, but traceable). So, actually, the currency of choice for criminals on The Deep Web are store gift cards which can be purchased online (with untraceable onion router IP Addresses) and then later used online to buy stuff (also with different untraceable IP Addresses). One can then sell these things on eBay and other legal online stores (with legal receipts), thereby laundering the money and remaining anonymous.  

    Snowden released his cache of classified NSA documents in May 2013 to The Washington Post and The Guardian, but they have not been published in their entirety (Guardian, 2013). He has been given asylum by the country of Russia (CNN, 11/4/2013) (Myers, 8/1/2013). Julian Assange, the founder of Wikileaks, is also charged with earlier NSA leaks and the revelation of other classified documents and he has been given asylum by Ecuador (Ferran, 2012).

Onion Routers

    Anyone who uses a commercial router and a browser such as Safari, Chrome or Firefox, as I do, will find “onion routers” an area that needs explaining. The idea is simple (how it is technically done would take another article to describe, but it was described in Forbes at length in October, 2013 (see Sabhlok, 10/18/2013, among the References below). An onion router hides IP Addresses––or, rather, the router changes IP Addresses like an onion. The new addresses randomly cover up the core (legal) IP Address over and over again until it is (seemingly) impossible to find the person making the transactions.

Surveillance, Hacking & Cybercrime:  Many Questions

    In The Silk Road and child pornography ring, how did the FBI find out who these criminal people were and arrest them if the criminals were using these onion routers as has been repeatedly reported? USA Today says it remains a “mystery” (USA Today Research, 10/21/2013). Moreover, if the IP Addresses are hidden, how would the FBI know if they were dealing with American citizens or foreign ones, a question that strikes at the hearts of those who are in a state of high dudgeon over the NSA surveillance and the guarantee in the Constitution’s Bill of Rights against “unreasonable” search and seizure for American citizens. (The FBI is limited in its jurisdiction to the United States but the NSA is not so limited and appears to have helped the FBI in this case (Hill, 2013).)

    To add to the current state of criminal activity hiding in plain sight on The Dark Web, there has also been a rash of criminal hacking of the data of reputable businesses and the American government itself. Adobe seems to have had the biggest commercial hack: “An outside company found the data of some 152 million Adobe customers on a site frequented by cybercriminals” (Levin, 2013). Since I subscribe to Adobe products, I should add that I personally received a letter from Adobe offering me free identity theft insurance for one year in their response to me about their hacking incident. The Department of Energy (DOE)’s human resource division and other government agencies such as the United States Army and the Department of Health and Human Services have been hacked numerous times: “FBI warns that Anonymous has hacked US government sites for a year” (Reuters, 11/2013).

    What is most surprising to me is that most of my interlocutors in discussions on Google Plus seem much more concerned about NSA surveillance than they are about what are clearly criminal and VNSA enterprises. My discussants seem much more worried about U.S. government agencies reading their emails than they are about having their identities stolen by VNSAs or their own government ransacked of information (note that DOE manages our nuclear capabilities (!)). I understand that not one of these possible threats are in any way salubrious, but why is there the greater fear of our own NSA whose mission is to, “Protect U.S. national security systems and to produce foreign signals intelligence information” (NSA, 2013) than a fear of clearly bad actors? 

    I do not understand the intensity of the fear. Perhaps because I am more worried about the bad guys. For example, as I learned from the book, Warlord’s Rising by Casebeer et al (Thomas, 2005), our threat has become much more dispersed and asymmetric as the place of individuals, rather than states, play a much more powerful role than ever before:

    One of the many ways in which I think we are “ill-equipped” is what seems to me an irrational fear of how we are countering these threats. As much as I value my own privacy, it is hard for me to imagine how those who are entrusted to keep me safe can evaluate the threats posed by all these bad agents without the freedom to look at global patterns of internet behavior which means looking at it all. As much as I do not like the idea of “Big Brother,” I am much more worried about criminals and enemy foreign agents than I am about the NSA’s broad evaluation of internet activities. I ask myself, Isn’t it their job to find all these bad actors? Wouldn’t it be against the security of our country and our individual freedoms not to let the Internet be evaluated by people who are trained to find bad guys?

Are We Thinking Straight About The NSA?  

Sovereign States

    On the one hand, the NSA is tasked with trying to find criminals and VNSAs (asymmetric threats) and other foreign threats, to protect us from harm. My sense of the information that Snowden revealed is that neither he, nor we, really have any idea how the mass of data collected is evaluated. Then, on the other hand, there are sovereign state actors who seem to be at varying degrees of cohesion; and at varying degrees of relationship with the U.S. It does seem odd to be collecting emails from our allies, but after reading the article, The Ally from Hell, in The Atlantic, some years back (Goldberg, 2011), I had the thought that it is at least possible that some of America’s efforts may be at the (secret) behest of sovereign foreign governments who do not have our high level of computer sophistication to evaluate their own data; but rather are countries who are intentionally not revealing their requests to us for help because of the issues of security (and sovereignty) of the governments involved.

    In Pakistan’s case, they are as deeply concerned about VNSAs getting hold of nuclear material as Americans are, but, according to that important 2011 Atlantic article (which I do not think received enough attention at the time), Pakistan simply does not have the capability to monitor their own nuclear stockpiles and are glad to let America do it for them. However, after Osama bin Laden was killed by an American Seal Team inside Pakistan’s borders, “The Pakistani government is willing to make its nuclear weapons more vulnerable to theft by jihadists simply to hide them from the United States, the country that funds much of its military budget” (Goldberg, 2011). This break with Pakistan seems ominous for everyone concerned, perhaps especially for Pakistan. 

Germany

    Similarly, is it possible that Chancellor Merkel was worried about a bad agent in her own government and, perhaps (I have absolutely no idea if this is true, but am using this example as a hypothetical one), assumed that the NSA could keep secrets better than its German equivalent, the BND? It seems possible (Snowden only got into NSA’s data, not into other countries’) that all countries do what Snowden and Assange revealed about the USA’s NSA’s regular surveillance.* For example, Der Spiegel revealed that the BND “has taps on the major internet exchange point in Frankfurt known as DE-CIX” (Farivar, 10/7/2013). Note that there is no explanation of how BND would know whether it was surveilling foreign or domestic web traffic. Is Germany’s outrage about the NSA an example of pots calling kettles black?

Who Benefits the Most from All This Leaking?

    All of which brings me back again to the question: Who has the most to gain from the fear created in America by all this data breaching? Clearly, criminals and VNSAs can do more harm more easily using their own sophisticated techniques if Americans become more afraid of their own government police than of criminal and foreign threats. Surely the bad guys would benefit should Americans decide to muffle the NSA.

    The main complaint against the NSA, as I understand it, is Constitutional and is related to figuring out what are the limits of “unreasonable” searches. I think this is a huge subject with many caveats. For example, is it unreasonable to express yourself on the web and then be upset when your postings are made public? Weren’t we warned when we began to use the Internet twenty years ago to cautiously share information online as we would feel comfortable sharing on a postcard? Whereas, now we routinely put our credit card information on Amazon. Should we be surprised this information can be either stolen by criminals or analyzed by those hoping to stop criminals?

    I note that Google itself has figured out our personal interests by “evaluating” the content of our gmails. Mainly, its purpose appears to be commercial. Google wants to target ads to us, something that sure feels like an invasion of privacy to me. Yet, it seems most people are more worried about the NSA, which is possibly analyzing the same data neither to sell us ads nor to be a busybody, but, rather, to prevent serious harm through investigating patterns of criminal behavior. Which should we be more wary about?

    The Guardian’s coverage of what exactly Snowden revealed begins with a discussion of metadata:  the numbers you call, the times, the dates (but not the content). I certainly can understand that the people who were contacting The Silk Road owner, Ross William Ulbricht, are not sleeping very well right now, nor should they be! But what about someone three separations away (the limit of the NSA’s reach according to The Guardian) (Macaskill, 11/2013)? I have 35,000 “followers” on Google+ and I discuss philosophical, political and general ideas with people whom I have never met in person. Maybe one of them is connected to Ulbricht. Would the NSA “dragnet” me in too? Inadvertently? I do not know!  

    Yet another question:  even if one accepts this invasion of privacy as the cost of the Internet for our civilization, what about the security of the information at the NSA? Obviously, the information was not terribly secure since Snowden and Assange leaked it. Moreover, what about all the criminals and VNSAs who are hacking INto the databases of our government? Are we doing their work for them, as it were, collecting data so that criminals and VNSAs can get it?  

    Is it possible that the NSA is actually creating more opportunities for criminal and VNSA hackers by, “making deals with the [encryption] industry to introduce weaknesses or backdoors into commercial encryption–and even working to covertly undermine the international standards on which encryption relies” (Macaskill, 11/2103)? 

    Some experts think so: “Computer security experts say that by doing this in their quest to access ever more data, the intelligence agencies have compromised the computers of hundreds of millions of ordinary internet users, and undermined one of their other key priorities – protecting the US and UK from cyberattacks” (Macaskill, 11/2013).

Are We Kidding Ourselves?

    Again I have to ask, Who is helped the most by stopping NSA surveillance? My intuition tells me that it’s the bad guys who win big time, but I do not have a satisfying solution because our Constitution is clear on this point:  “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Could our Founders have possibly imagined the kind of crazy quilt of private information crossing our world? Does an open society, to remain open, have to allow itself to be destroyed by those who (for whatever reason) simply want to destroy us––so as to be faithful to our Constitution written hundreds of years ago?

    Are we kidding ourselves that we are now “safe” because there have not been any major terrorist attacks on our “homeland” and so the NSA no longer needs to do everything it can to protect us by investigating pretty much everyone and everything? I think that is seriously wishful thinking. We do not know how many VNSA threats have been disrupted through counter-intelligence. We do not know exactly how many, but surely even the most seriously anti-NSA American must realize that what we are not seeing is not happening by accident. We seem to me to have quickly become oddly amnesiac about how our lives were disrupted by 9/11.  

    I am not sure where I stand. I love our Constitution passionately. Is it “unreasonable” to evaluate all this data if it will prevent VNSA attacks funded by criminal activities? I understand it is almost impossible to know what would have happened, but the main question of this essay is: Are we exchanging one form of threat to our freedoms for another? 

The 800 Pound Gorilla

    One of the peer reviewers of this paper read a draft of this article up to the previous paragraph and called me on the phone to tell me, “You have left out the 800 pound gorilla in the room!”

    “What’s that?” I asked.

    “China! You need to do more research!”

China

    Indeed the reviewer was correct. What I do not know about how seriously China takes cyber-hacking became almost immediately obvious to me as I read more reports. The United States (through Mondiant, a U.S. Government cyber-security firm, and through the U.S. Congress) “outed” Chinese hacking in February, 2013. Nevertheless, "‘From what we can tell, they [the Chinese] are still stealing the same type of data from the same industries,’ Mandiant spokeswoman Susan Helmick said on Wednesday” (Charles, 11/6/2013).

    The New York Times was more precise about how long China has been hacking the U.S. and what exactly it is that China is looking for:  “For almost two years, hackers based in Shanghai went after one foreign defense contractor after another, at least 20 in all. Their target, according to an American cybersecurity company that monitored the attacks, was the technology behind the United States’ clear lead in military drones.” (Wong, 9/20/2013).

    Wow. 

Conclusion

    I guess I can stop worrying about whether the U.S. should be in the business of protecting itself against cyberattacks. Obviously, if we do not protect ourselves, we are at great risk of losing valuable commercial and government information, information being the most valuable currency of our economy (and in my opinion has always been the most valuable item of our national defense). I cannot imagine how the NSA would protect us from ALL these threats without looking at ALL online activity (for surely Snowden proves that some of the “hackers” are not only inside our country, but inside the NSA itself).

    I think I am now more worried about not policing surface data and The Dark Web than I am about anyone discovering my recipe for Christmas pudding through my emails, despite the fact that such policing is contrary to both the literal and implied rights to privacy of the Bill of Rights.

    At the same time, I think we should be vigilant about protecting our right to privacy as far as possible outside these online data concerns. That said, I think it is especially absurd to expect privacy on a platform that, literally, is visibly connected to the entire planet (and the NSA is not the only entity which knows how to look at those connections).  

    I love the Constitution, and still have enough of a sense that our right to free speech is still protected, and our right to not be judged by our associations is still safe, in our non-online life. In other words, maybe our liberty online will be eroded to some extent for the sake of ensuring our country is protected from these threats, but I can see a good argument for giving up those online liberties while still demanding warrants for our veridical homes, papers and possessions.

    In the end, I think we have to deal with our new reality in a new way that the Constitution cannot, as it stands, resolve. We cannot live in the wish-dream that all of this growth in our personal expansions of (1) freedom of expression, (2) international associations and (3) efficient purchasing power through our online lives, does not come with a need for new protections against those who would use those very same freedoms against us. The perfect example of the first being 9/11 itself, which used our open society to choose to learn to fly airplanes for a horrifying purpose. For the second, an example is the ease with which Assange and Snowden could get asylum. The last example are the onion routers themselves which make “efficient” illegal purchases of not only drugs, but murder-for-hire and human trafficking, the ultimate in unfreedoms. 

    So, I ask myself again, where do I stand? I have come to the conclusion that if we do not encourage the kind of spying the NSA is doing, the result will be a total lack of freedom for many of us.

______________________________

 *This brings to mind David Amerland’s piece from the Autumn Issue about the benefits of everyone knowing everything about everyone (and his conclusion that maybe this would be a good thing (Welcome to the Panopticon).) 

References

Aid, Matthew. (6/10/13). Inside the NSA's Ultra-Secret China Hacking Group.  Foreign Policy.  

Burns, Matt.  (October, 2013). FBI Seizes Deep Web Black Market Silk Road, Arrests Owner. Tech Crunch.

Retrieved on 11/18/2013 from:

http://techcrunch.com/2013/10/02/court-docs-reveal-alleged-silk-road-founders-murder-plot/?preview=true&preview_id=887372&preview_non

Retrieved on 12/8/2013:

http://www.reuters.com/article/2013/11/06/net-us-usa-china-hacking-idUSBRE9A51AN20131106

Retrieved on 12/8/2013 from:

http://www.cnn.com/2013/11/02/world/europe/russia-nsa-snowden/

Retrieved on 12/7/2013 from:

http://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-hopkins-silk-road-20131127,0,7381393.story#ixzz2mp3tYFII

Retrieved on November 18, 2013 from:

http://arstechnica.com/tech-policy/2013/10/german-nsa-has-deal-to-tap-isps-at-major-internet-exchange/

Retrieved on December 8, 2013 from:

http://abcnews.go.com/Blotter/ecuador-grants-wikileaks-founder-assange-political-asylum/story?id=17018133

Retrieved on December 8, 2013 from:

http://www.globaltimes.cn/content/780712.shtml#.UqUBlJF2c0N

(Photo Credit:  huanqiu.com)

Retrieved on 11/18/2013 from:

http://www.theatlantic.com/magazine/archive/2011/12/the-ally-from-hell/308730/

Retrieved on November 18, 2013 from:

http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded#section/1

Retrieved on December 8, 2013 from:

http://www.forbes.com/sites/kashmirhill/2013/10/08/did-the-nsa-help-with-the-silk-road-investigation/

Retrieved on 11/18/2013 from:

http://www.businessinsider.com/tor-deep-web-servers-go-offline-as-irish-man-is-held-over-child-abuse-images-2013-8#ixzz2l11QkHKS

Retrieved on 11/18/2013 from:

http://abcnews.go.com/Business/adobe-hack-tip-iceberg/story?id=20905320

Retrieved on November 18, 2013 from:

http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded#section/1

Retrieved on December 10, 2013, from:

http://www.nytimes.com/2013/08/02/world/europe/edward-snowden-russia.html?_r=0

Reuters.  (November 13, 2013). FBI warns that Anonymous has hacked US government sites for a year. Official memo says that activist collective launched a rash of electronic break-ins beginning last December.

Sabhlok, Raj. (10/18/2013). Taking Stock Of Tor: Top 5 Tips For Using The Onion Router. Forbes. 

Smith, Michelle.  (November 17, 2013). FBI accused 'largest facilitator of child porn in the world' appears in court.  Irish Central.  

Thomas, Troy. (2005).  Warlords Rising:  Confronting Non-State Actors. Lanham, MD: Lexington Books.

USA Today Research. (10/21/2013). FBI Cracks Silk Road.

Retrieved on December 8, 2013 from:

http://www.independent.co.uk/life-style/gadgets-and-tech/news/96000-bitcoins-stolen-from-the-users-of-shady-online-bazaar-sheep-marketplace-8981240.html

<Back to Table of Contents

Meg is originally from Washington, D.C., and has lived all over North America and just recently returned from four years of living in The Hague, The Netherlands. She is married to Dr. Daniel R. Tufano, Sr., a scientist, and has two sons, Julian and Danny, Jr. She completed her undergraduate degree at The University of Toronto and her Master's at Antioch University, Midwest. (More about her education is in Part Three of her series A Critical History of the University.)  Her favorite city (so far) is Florence, Italy, the background to her picture at left. She has just had her first novel published by SynaptIQ+ under their imprint, S+™. She loves new writers and encourages submissions on social era topics for The Journal; and is happy to discuss publication by authors of both fiction and non-fiction books.

Link: Meg Tufano, M.A.

About the Artist:

t the only danger that you might face while admiring these sculptures is the danger of changing your mind and your attitudes in a way that will surely contribute to a better world for all.”