Recently and article appeared at NPR titled “Senators Target Internet Narcotics Trafficking Website Silk Road”. I only bothered to hit the link because I saw it mentioned on the website Anit-forensics.com. The short article complained of drugs blatantly sold on the Internet and something needed to be done about it and Congress is going to solve that one for us. Although selling drugs on the Internet is nothing new, the place on the Internet “openly” selling drugs was on the Tor network through the use of Tor’s “Hidden Services” function. The “Silk Road” is an online market open for the sale of goods and named after the ancient road used to bring goods from the orient to the west.
For the power user of the Tor network Hidden Services is probably nothing new. For the average online investigator though you may have heard of Tor and may have even tried to use it (especially of you read my last article on using Tor in your investigations). But were you aware that webpages can be hidden within the Tor network? Have you ever seen a .onion domain name? if you haven’t then read on.
Hidden services were introduced to the Tor network in 2004. Tor’s Hidden Services are run on a Tor client using special server software. This “Hidden Service” uses a pseudo top-level-domain of “.onion”. Using this domain, the Tor network routes traffic through its network without the use of IP addresses.
To get to these hidden services you must be using the Tor Network and have your browser enable to use Tor. How do you find sites using the hidden services? Start at the core…
Core.onion according to its hidden services site has been in the network since 2007.
Once in the Core.onion you find a simple directory to start exploring Hidden Services on the Tor network.
TorDir is a directory of Hidden Services. It gives you access to a variety of sites that offer instant messaging services, email, items for sale, social media type sites and marketplaces.
In the markets a variety of things are for sale, most look to be illegal though. File sharing also looks to be popular and can be found in several .onion sites.
To make purchases bitcoin seems to be the most popular virtual currency and is regularly mentioned throughout the .onion sites.
Another good location to start finding out about what Tor’s Hidden Services have to offer is a wiki located at:
Also, if you are an IRC fan Tor hidden services can be used there also. The Freenode website gives the instructions on how to access Freenode IRC servers on Tor’s Hidden Services.
If you are interested in learning more about Tor’s Hidden Services here are a few sites that can get you on your way:
Not to make it any worse but if you have not heard Ip2 (another anonymizing network that is becoming increasingly popular) also has its own “eeepsites” similar to the Hidden Services offered in Tor that a user can post content to like a website.
Hidden Services are going to increasingly become a location that will be misused by many. It will also become a place on the Internet that investigators will need to become increasingly familiar with if they are to further their online investigations.
Tags: Cyber, Cybercrime, Hidden Services, Internet Crimes Against Children, Internet evidence, Internet investigations, IP tracing, online evidence, Online investigation, social media, Tor, tracing IP addresses, Usenet