A drug dealer from Wales has been sent to prison for two years.
Unlike most busts, however, Cei William Owens wasn’t a street dealer trapped in an undercover deal in the pub car park, or spotted selling his wares in person.
Owens was an online dealer who made use of the so-called Dark Web, shielded by the apparent anonymity of Tor, or The Onion Router.
Tor deliberately shuffles web traffic between a randomly-chosen list of participating computers, known as nodes, using multiple layers of encryption so that each node in the chain knows only about the existence of the immediately previous and immediately following nodes.
According to the UK’s National Crime Agency (NCA), Owens used at least five Dark Web drug hangouts: Silk Road 2 (SR2), Agora, Onion shop, Evolution and Sheep.
Owens was charged with supplying a range of prohibited gear, including cannabis resin, ecstasy and magic mushrooms.
He pleaded guilty.
Encryption software
According to The Guardian, detective who raided Owens last year found “detectives found drugs, digital scales and encryption software installed on his computer.”
Amusingly, of course, having encryption software installed on your computer isn’t prohibited – not yet, anyway – and anyone who uses OS X, iOS, Android, Linux or non-entry-level versions of Windows already has strong encryption installed and ready to activate whenever they want.
Indeed, we strongly recommend that you use full-device encryption, because it makes it much harder for a crook to dig out your personal data if your computer or phone is lost or stolen.
(Technically, iOS comes with full-device encryption already activated, but until you set a passcode or a password, the decryption key automatically supplied when you start up, so it’s not a secret.)
The bottom line in this story is that, encryption software or not, the web is not as anonymous as many people seem to think.
As the NCA notes in its news article about this bust:
The realisation that you can be tracked and identified on the dark web is beginning to sink in for online criminals.
Indeed.
Apparent anonymity
As we mentioned above, Tor provides apparent anonymity, but your network traffic has to enter the Tor network from your computer, where surveillance software cannot only spot it, but perhaps even prioritise it as content of special interest to monitor.
Likewise, if you use Tor to access sites outside the Tor network, your scrambled traffic has to emerge from Tor at a so-called exit node.
And even though each node only knows its immediate neighbours, an exit node’s “next neighbour” is the site you were after, so a poisoned exit node can unmask you with ease.
Owens now has two years to ponder the highs and lows of “apparent anonymity.”
Anonymous
Tor seems to be wide open now!
Enthuisiast
Think the first sentence under “Encryption Software” needs some tweaking.
Anna Brading
Oops, thanks for pointing that out. We’ve fixed it.
Jack
seems you’re tending a little more towards tabloid and “law & order” content these days, is that an unintentional slip or has your focus changed?
Paul Ducklin
I’m not sure I’m 100% happy having this article described as “tabloid” :-) (Did any of the tabloid coverage of this case recommend full-disk encryption, and provide links to help you understand why?)
I think that the “law and order” stuff is important – and it’s interesting, to me at any rate, that we have more law and order matters to write about! A few years ago, people were apt to complain that we didn’t write enough about convictions of cybercrooks.
We discussed this very issue in this week’s podcast [first segment]:
https://nakedsecurity.sophos.com/2015/07/24/sscc-208-cybercrime-and-punishment-podcast/
And, to be fair, I’ve written *some* stuff in a more technical vein very recently, e.g.
https://nakedsecurity.sophos.com/2015/07/23/openssh-password-guessing-attacks-may-be-10000-times-easier-than-you-thought/
https://nakedsecurity.sophos.com/2015/07/09/the-openssl-cve-2015-1793-certificate-verification-bug-what-you-need-to-know/
https://nakedsecurity.sophos.com/2015/07/07/flash-malware-that-gives-you-a-free-security-update/
tartanrose
I love being able to obtain so much information about Security, Law and Order stuff, in fact the whole works!
Being a Senior Citizen and only online for five to six years now I have been on a very steep learning curve after a dramatic attack online in my first six months…… I think it was Cyptolocker……..they wanted money…..they didn’t get it! I’ll never forget that experience!
I’m so lucky to be able as an individual just at home to have access to all this great stuff on Naked Security……….BUT…….I feel disappointed and upset when I see unnecessary criticisms ……maybe a spelling error, or some other minimal thing, when I regard myself as privileged to have discovered Naked Security.
Thank you Paul for yet another helpful and informative article.
You make a difference.
Paul Ducklin
Thanks…I appreciate your kind words.
Chuck
I wonder why he only got 2 years? That seems odd.
Paul Ducklin
I’m guessing: he had comparatively small quantities, he co-operated and pleaded guilty, he was in the UK (not the US or S.E. Asia) where sentences seem to be shorter, he was treated as a drug dealer not also as cybercrook, he wasn’t a manufacturer, etc.
shane
Dark web is always under the spotlight
roy jones jr
And it should be spotlighted. Considering its essentially black market and illegal activities only happening.
Brett
I’d disagree with the comment that it’s ONLY illegal activities that are happening. TOR is also used for users that want to escape censoring of good content (activisits rights, etc).
I believe i heard a comment from a security podcast or related article noting that the “dark web” contributes about 3% of the illegal activities performed on the Internet. Which is small potatoes IMO.
Just because a knife can be used to kill someone, doesn’t mean that’s it’s entire purpose.
Mark Stockley
I agree that TOR is a tool and I agree that it has uses that are illegal and legal. However I also think that there is a tendency amongst those of us who believe that tools like TOR are under threat to play down some of the truly terrible things it’s used for.
I’ve not seen that 3% figure before and I’d take it with a pinch of salt. If it’s true then it actually indicates that TOR is a red hot crime hotspot.
A recent survey of TOR hidden services (anonymous websites) found that there are only about 7,000 active sites at any one time which means that, according to your numbers, about 0.0007% of the world’s findable websites host 3% of the crime.
As I said, I don’t believe the numbers but I don’t think you can quantify the crime on TOR in numeric terms anyway.
There is volume and then there is seriousness. If you want to do something very illegal with the smallest risk to yourself then you will naturally gravitate towards the safest platform.
The Memex Dark Web search engine was invented precisely because of that phenomenon (https://nakedsecurity.sophos.com/2015/02/16/memex-darpas-search-engine-for-the-dark-web/). It started off as a project to root out sex trafficking and slavery because the safest place to conduct that kind of business online is on the Dark Web.
A knife might have many uses but if it’s the most efficient tool available for killing people then it will become popular with gangsters.
CinderStormBlog
2 years is nothing. Even if he was using TOR, if his computer was encrypted, and he refused to divulge the password to decrypt, then all a judge in the UK can give him is 2 years ! He could have arranged the murder of someone, and because the evidence is not readily available from his computer, or they cannot find the actual perpetrator of the crime, it will go unpunished.
TOR may be losing it’s edge, but if it ever was compromised, it would very quickly be replaced with something else.
roy jones jr
Exactly. It is popular. hence why I said it takes a spotlight. And should continue to because we don’t see dark web or Tor going away do we?
(and like Cinder said, it would get replaced if it was ever to be removed or changed)
Bob
“And even though each node only knows its immediate neighbours, an exit node’s “next neighbour” is the site you were after, so a poisoned exit node can unmask you with ease.”
Does this mean you could remain more anonymous by going from your risky site, to a safer site, then exiting Tor?
Paul Ducklin
The problem I’m alluding to in the bit you quote is that if you’re browsing via Tor to disguise your location and the path your traffic took, but your destination is not itself inside Tor and isn’t an HTTPS site, then the Tor exit node will [a] know where your traffic is headed and [b] what’s in each packet.
That exit node might not know who you are, but it can look inside unencrypted packets and make an educated guess, or at least record enough information (e.g. cookies) to recognise you next time, or to match your traffic up with logs captured elsewhere.