StMU Research Scholars

Featuring Scholarly Research, Writing, and Media at St. Mary’s University

April 8, 2020

Five Eyes & An Onion: Tor & the Deep Dark Web

In December 2013, Harvard University was rocked by a bomb threat. As the threat threw the campus into a state of chaos, local law enforcement and the FBI went to work, catching the culprit in under two days. The perpetrator in question was actually a student, sophomore Eldo Kim, who had attempted to use the bomb threat to, of all things, get out of taking his final exams.1

Harvard University – Courtesy of Wikimedia Commons

Foregoing the obvious jokes about how ridiculously over the top this student’s plan was and about Ivy League schools, still leave interesting facts to reveal. Eldo Kim had taken some basic precautions to not be detected as the bomb threat maker, using a famous and highly touted free privacy service called Tor, short for The Onion Router, which is supposed to guarantee complete anonymity when it is used, along with a brand new temporary email, but to no avail. His mistake? Connecting to Tor on the campus WiFi! Investigators determined the bomb threats had come through Tor, and conducted a search on the university network for anyone using Tor at the same time the threats were sent. Only one name came up – Eldo Kim. His use of Tor made him stand out like a “glow stick”.2 Kim was tripped up by that, not by Tor failing, but it did lead to some questions about the reliability of Tor’s protective capabilities. Is Tor truly anonymous, and safe to use?

Tor works by basically creating an alternate path to wherever you are logging onto the internet. It prevents identification of your computer IP address by relaying and bouncing your commands around thousands of servers, run by volunteers around the world.3 It is somewhat akin to someone trying to shake a suspected pursuer by taking an indirect route to their destination in real life. In fact, with Tor, you get access to the vast majority of the internet you probably did not even know existed. Only an estimated 10% of the internet is actually indexed and visible (making it accessible to everyone), while 90% is out of sight, similar to an iceberg.

Graph with the Iceberg representation of the Web | Courtesy of Wikimedia Commons

Tor takes you to the Deep Web, which is different from the Dark Web. The Dark Web – containing everything from black markets like the infamous Silk Road to assassination groups like the Hitman Network – is the illegal subset of the Deep Web. The Deep Web is everything that is unindexed, meaning it does not come up on in searches using basic search engines, like Google or MetaCrawler. There can be overlap between the two, but this is not always the case. Basically, to navigate anywhere in the Deep Web, you highly desire to remain anonymous, hence the use of Tor, and you need to know the web address of wherever it is you want to go since you cannot simply search for it. The sites accessed through Tor, end in dot onion (.onion), not dot com, .org, or any other common ending. The .onion, and the name of the application, come from the idea that using Tor is like peeling back the layers of an onion – there is always another one under the surface, layers within layers, to protect your identity.4

TOR (The Onion Router) logo | Courtesy of Wikimedia Commons

While there are definitely some illicit places in the Deep Web, such as the aforementioned two sites and other illegal and exploitative child porn sites, there can also be warranted uses for it as well. Using Tor, whistle-blowers can post things to places, including areas like Wikileaks or the CIA’s website, without worrying about their identity going public.5 Human rights journalists can publish reports, oppressed people under strict authoritarian governments can access news sites, business owners can hide trade secrets, and people stranded in war zones can conceal their location. The trade-off for security is speed however, as the process of routing your requests around the world and hiding your identity takes time, so it tends to be much slower than a regular internet connection. However, while Tor can help hide your IP address, it is not foolproof.6

The U.S. Government, for example, has ways to decloak certain Tor users. In 2013, when whistleblower Edward Snowden released hundreds of secret documents from NSA, he included one that revealed the NSA was able to unmask 24 Tor users over one weekend, one of which was an Al-Qaeda operative.7 The NSA, however, is only able to target individual users – despite their efforts to reveal users en masse, including by trying to track users by microscopic differences in the internal time of the computers clocks – but that is not necessarily the case for other government agencies.8 The FBI, though, has remained quiet about its capability to break through Tor’s anonymity. In a court case against a man busted for sharing child pornography on Tor, the judge presiding over the case ordered the FBI to reveal how they had discovered the suspect’s true identity. The FBI refused, and dropped all charges rather than revealing how they did it. From the Tech Times, who was reporting on the case: “The FBI used ‘network investigative techniques’ to reveal users’ real identities despite Tor’s efforts, but in court it refused to comply with a request for information regarding its techniques. Rather than divulging its methods, the FBI preferred to see all charges dropped.”9

Picture of Def Con Las Vegas | Courtesy of Tony Webster and Flickr

In addition, attempts to find new ways to crack Tor constantly make progress. In 2015, researchers from Carnegie Mellon University scheduled a talk at the Black Hat hacking Conference (one of the two most famous meetups for hackers and internet security, along with Def Con). The Carnegie Mellon presentation promised to reveal the IP addresses and real users on Tor by using a $3,000 piece of equipment. While the talk was abruptly canceled at the last minute, it is extremely likely the FBI and Department of Defense have access to that technique as well. The very next year, in 2016, a federal judge confirmed that the FBI and DOD had hired researchers and software engineers from Carnegie Mellon University to help them break into Tor.10 That does not necessarily mean that the US Government is using their ability to target Tor users in a bad way – they have used that ability to shut down numerous illicit sites on the Dark Web, such as the Silk Road – but it is definitely something that potential users need to be aware of, especially those who are using Tor to protect their privacy.

Silk Road Seizure Message – Courtesy of Wikimedia Commons

Other issues with Tor include the fact that Tor popularized itself as a way to hide your identity from “Big Brother” and from the government, but was actually founded by the Navy and DARPA (Defense Advanced Research Projects Agency). Tor also is funded in large part by the US government, including the Pentagon, the US Department of State, a CIA branch organization, and others. This is because these agencies have a vested interest in keeping Tor afloat. As the co-founder of Tor, Roger Dingledine, said in a speech “they think of it as security technology. They need these technologies so that they can research people they’re interested in, so that they can have anonymous tip lines, so that they can buy things from people without other countries figuring out what they are buying, how much they are buying and where it is going, that sort of thing.” Later in his speech, he doubled down, saying “The United States government can’t simply run an anonymity system for everybody and then use it [for] themselves only. Because then every time a connection came from it people would say, “Oh, it’s another CIA agent looking at my website,” if those are the only people using the network. So you need to have other people using the network so they blend together.”11 Even more worrisome is the fact that Tor has backdoor routes of communication with the FBI and other agencies. A journalist did some digging using the Freedom Of Information Act, and found Roger Dingledine had been communicating with the Department of Justice and the FBI about vulnerabilities they had found, and talking about installing backdoors into Tor.12 Below is a picture of some of their messages with some redacted parts.

Messages between Tor & FBI
Some messages obtained in 2018 by a Freedom of Information Act request, showing communication between TOR and the FBI and DOJ | Courtesy of Journalist Yasha Levine

There are, however, ways to further enhance the security and anonymity of using Tor. While Tor itself remains so far untraceable, barring some stupid mistakes by users who set it up improperly, all the known ways of breaking Tor’s cloak of secrecy revolve around finding you by looking at was done before and after using Tor, and matching them up. Using a VPN (Virtual Private Network) to conceal your IP address even before logging into Tor works wonders for foiling that method. While many VPNs do still log what goes on while using them, there are a few that have been proven as “no leak VPNs” by court cases and investigations, and those, when used in conjunction with Tor, work very well. In addition, running Tor through The Amnesiac Incognito Live System (also known as TAILS), adds an extra layer of security. TAILS boots your computer from a flash drive, from which you access Tor. This allows you to simply remove the flash drive from your computer to instantly remove any traces of your history from your computer. While not foolproof, this does help add extra safety.

While many people, especially in the privacy and internet security circles, swear by Tor, it is not without its cons. There are bad people using it and bad places that can be accessed through Tor, but it is also a safe haven for those who are in danger and need a place to hide, or for whatever reason cannot access the internet directly, for fear of surveillance. Is Tor foolproof? No. If a nation-state, especially one of the so-called “Five Eyes”, the USA, UK, Canada, New Zealand, and Australia, who are in a tightly knit cyber security alliance, really wanted to, they could detect an individual with some effort.13 Other countries that are involved in the lesser extensions of the Five Eyes, the Nine Eyes and the Fourteen Eyes, might be able to as well, though it is not guaranteed. What Tor can do, beyond a shadow of a doubt, is make a user safer. It will protect against your local and average hackers, and, even if it fails to conceal your identity, certainly makes it harder on those trying to find you. A way of thinking about it is “Tor is good, but not perfect”. Added security steps like TAILS and VPNs only make using Tor safer, and while Tor is not quite as invulnerable as it is often touted to be, it is still the best option for anyone in need of safety and anonymity.

Friendly Local Hackers provide warning about lack of security | Courtesy of The Next Web
  1. Russell Brandom, “FBI Agents Tracked Harvard Bomb Threats Despite Tor,” December 2013, The Verge, https://www.theverge.com/2013/12/18/5224130/fbi-agents-tracked-harvard-bomb-threats-across-tor.
  2. Sven Taylor, “Is Tor Trustworthy and Safe?”, October 2019, Restoreprivacy.com, https://restoreprivacy.com/tor/.
  3. Jill Schar, “What is Tor? Answers to Frequently Asked Questions,” October 2013, Tom’s Guide, https://www.tomsguide.com/us/what-is-tor-faq,news-17754.html.
  4. Steve Symanovich, “How to Safely Access the Deep and Dark Webs”, Norton.com, https://us.norton.com/internetsecurity-how-to-how-can-i-access-the-deep-web.html.
  5. Vladimir Unterfingher, “How to Get on the Dark Web – A Step by Step Guide”, August 2019, Heimdal Security, https://heimdalsecurity.com/blog/how-to-get-on-the-dark-web/.
  6. Vladimir Unterfingher, “How to Get on the Dark Web – A Step by Step Guide”, August 2019, Heimdal Security, https://heimdalsecurity.com/blog/how-to-get-on-the-dark-web/.
  7. Barton Gellman, Craig Timberg and Steven Rich, “Secret NSA Documents Show Campaign Against Tor Encrypted Network,” October 2013, The Washington Post, https://www.washingtonpost.com/world/national-security/secret-nsa-documents-show-campaign-against-tor-encrypted-network/2013/10/04/610f08b6-2d05-11e3-8ade-a1f23cda135e_story.html.
  8. Kevin Poulsen, “The FBI Used the Web’s Favorite Hacking Tool to Unmask Tor Users,” December 2014, WIRED, https://www.wired.com/2014/12/fbi-metasploit-tor/.
  9. Alexandra Burlacu, “FBI Drops Child Pornography Case To Avoid Disclosing TOR Vulnerabilities,” March 2017, Tech Times, https://www.techtimes.com/articles/200592/20170307/fbi-drops-child-pornography-case-to-avoid-disclosing-tor-vulnerability.htm.
  10. Judge Richard A. Jones, “Order on Defendant’s Motion To Compel,” February 2016, United States Court For the Western District of Washington at Seattle, https://www.documentcloud.org/documents/2719591-Farrell-Weds.html.
  11. Roger Dingledine, “The Future of the Digital Commons,” (speech, Berlin, Germany, June 11, 2004,), Internet Archive, https://archive.org/details/3_fr_t2_15h_4-Dingledine_a.
  12. Yasha Levine, “Fact-checking the Tor Project’s Government Ties,” February 2018, Surveillance Valley, https://surveillancevalley.com/blog/fact-checking-the-tor-projects-government-ties.
  13. Sven Taylor, “Five Eyes, Nine Eyes, 14 Eyes – Explained,” February 2020, Restoreprivacy.com, https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/.

Tags from the story

Dark Web

Deep Web

FBI

Internet Security

Online Safety

TAILS

The Onion Router

Stephen Talik

Howdy. I’m Stephen Talik, a native Texan born in College Station, and an Eagle Scout. I find history – especially the World Wars, Cold War, and the espionage world – fascinating. I also enjoy learning about the newest and coolest gadgets for technological use and internet security, and watching sports. I have also interned in the Washington D.C. office of a member of Congress, and I am a Political Science Senior at St. Mary’s University.

Author Portfolio Page

Recent Comments

Sophia Rodriguez

This article is really interesting. I had heard of Eldo Kim using Tor for his bomb threat, however I never knew as much information as I learned from your article. I agree that Tor is not a bad thing, but people could turn it into something bad. I like how you wrote some of the ways you could help protect your identity by using the VPN and TAILS. Overall I loved this article and I was really happy to learn more information about Tor.

reply

22/08/2020

2:34 pm

Lindsey Ogle

I had never heard about the Harvard bombing or anything about TOR until I read this article. It is crazy how someone would do all of this just to get out of finals! It was definitely an informative piece that explains what TOR is and all of the outcomes of using it. I knew the dark web was a big and unknown place but I never knew that the government and the FBI also knew about it too and had the tools to be able to get passed all that stuff that comes with the dark web and still track down people.

reply

23/08/2020

2:34 pm

Elijiah Logan

While I have heard about the Harvard bomb threat, this seemingly accessible service named Tor seems highly suspicious after reading your article. With your article is highly informative, there are still so many unknowns. For example, what if Tor is allowed simply due to the easy accessibility agencies like the FBI have to it. It makes you wonder just how safe browsing on the Deep Web truly is. Overall, I think the way you explained Tor and the history of it was very well done. It is perfect for a reader like myself who has never heard of it, to be exponentially informed.

reply

23/08/2020

2:34 pm

Samson Pullattu

I had always thought that anyone who needed to use a VPN or any other means to hide themselves while on the internet is probably doing illicit things, but reading this article has shown me that there are people around the world who need these “alternate pathways” when there lives could be in danger if anyone found out their intentions.

reply

30/08/2020

2:34 pm

Jakob Trevino

The complexities of the deep web are hysterical to me. I cannot fathom the kinds of things that happen in this type of server that allows for child pornography, assassinations, murders, and much more obscene material. I have had prior knowledge of the dark web, but have never heard of Tor, nor the deeper understanding of what the dark web is and how to access it. The fact that this guy made a bomb threat to miss exams almost seems oblivious, and I would not trust him especially if he has that kind of access to the dark web.

reply

05/09/2020

2:34 pm

Pedro Lugo Borges

okay so it was really interesting how the government decided to drop the case on a pedophile and someone who had shared child pornography rather than show how they were able to invade a presumably uncrackable cloaking Program. This later made a-lot more sense when u realize one of tor biggest user and backer is the us government making me think tor is more like a trap for the so all wanna be criminal but more likely a way for the us government to do shady things without public scrutiny. it really scary to realize the level the government goes to hide and gain information without the public even knowing. You hear scrutiny over Chinese internet regulators but then you realize that in the us we still have such regulator just in different way like moderators on social media that target and hiding certain polarizing political rhetoric while pushing the other polarizing view onto its users, or the government using the patriot act to ever increase the reach that the government is able to enter into our personal and private life.

reply

06/09/2020

2:34 pm

Elizabeth Santos

I appreciate how the article is so informative and really paints a picture with the examples and graphics. It’s crazy to me how Tor is used and supported by government agencies, and how they lurk among all the other users that may be selling on the black market or leaking significant information. It’s also scary how the U.S. works with this and their security alliance, and I can only imagine the corruption that may be taking place. More people should know about this, although I can already hear many providing excuses for the sake of “security”.

reply

13/09/2020

2:34 pm

Vianka Medina

I had never heard of Tor, like I knew of the deep and dark web but never Tor. I am not surprised the FBI decided to drop all charges honestly, we only know a fraction of what the government knows and tells us. It’s honestly scary knowing the government is behind everything we do, especially when we think we have “privacy.” This was pretty interesting to read, makes me feel like I’m in a Mission Impossible movie.

reply

13/09/2020

2:34 pm

Kayla Mendez

I find it mind-boggling that the public typically uses only 10% of the internet, meaning there’s a whole other side of the internet unknown to us. Although I understand the position of the FBI, in the case against the pedophile, it shocked me how easy of a decision it was, to drop all charged instead of revealing their methods. When the article explained how the government is so heavily involved in TOR, it made sense. This article just reiterated the type of culture we live in today, nothing is truly private anymore, for our information/movement can be found anywhere through the internet.

reply

18/09/2020

2:34 pm

Micheal Baladez

Being a person who grew up on the internet, I knew about the deep web, onion browser, and Tor for an incredibly long time. However, I found it incredibly interesting that the government decided to drop the case on an individual charged with the possession and distribution of child pornography. However, this action made a lot of sense when one realizes that the single biggest user base for Tor and the Onion Browser is the United States government; being primarily used to find websites showing less then savory content. Yet, if the government had decided to go after the alleged pedophile, it would demonstrate to all of the hackers and such that their presumably untraceable browser could actually be cracked in to. all things considered, it is rather disturbing to think about how much governments could invade our private lives and gather information on us. Incredible article overall, would definitely read again!

reply

27/09/2020

2:34 pm

1 2 3

Leave a Reply