Tor’s Hidden Services

The Underground Markets of Onion Routing

“On the one hand, anonymity protects the exploitation of children. And on the other hand, anonymity protects the free expression of opposition to repressive governments.”
Hillary Clinton
Former Secretary of State

What is Tor?
Tor is free software that provides anonymity for domain names, web services, and the users who access them.

The Onion Router (Tor) is a protocol that refers to the layers of encryption used when Tor sends out data through its networks. Tor distributes users’ online traffic throughout various relays, called nodes, on the Tor network. When a user wishes to visit a website using Tor, the traffic from that user’s machine travels through a different group of nodes using encrypted connections before it reaches its end destination. Through this randomized pathway, there is no single node that knows the entire path between the user’s origin and destination, keeping a Tor user’s IP address and activity only known to the user.

The Tor service was originally created by the U.S. Naval Research Laboratory (NRL) in 2005 and has since developed into a non-profit organization focused on providing a private internet setting for every average internet user.

Tor has many beneficial uses; it provides repressed citizens in oppressive countries a method to access the internet freely, and also provides a new way for journalists and whistle-blowers to protect their sources and information online.

Hidden Markets
Combined with digital currencies and built-in escrow services, hidden marketplaces have found a special niche within Tor’s hidden servers. These market sites focus on a delicate balance between increasing sales within groups and maintaining anonymity. Finding URLs to more popular hidden markets is possible through moderate searching, but ploys by the hidden market owners are normally established to deter less motivated or less tech- savvy users from accessing their site.

Bitcoin Related Sites
Tor users provide Bitcoin services, such as laundering and exchange services, in order to further jumble Bitcoin’s public code. This makes it difficult to track transactions between users. While some hidden markets incorporate this feature into their services, other sites provide laundering services.

Silk Road
As the most publicly known hidden market, Silk Road’s creators believe all products should be available for sale regardless of legality. Silk Road gained notoriety in June 2011 when Wired wrote an extensive article outlining what they sell and how you can buy it. While various contraband and services are for sale, the largest market is for drugs.

When accessing Silk Road, users will see a public webpage falsely indicating that the site is down to deter less knowledgeable users. Silk Road keeps a public webpage up pretending the site is down due in order to deter less knowledgeable users. Silk Road takes a number of precautions to ensure the safety of their consumers/vendors. As of February 2012, Silk Road created a “Stealth Mode” to keep vendors from displaying their products publicly on the site.

Assassination Websites
Assassination websites also exist within Tor’s servers, offering contract killings for large sums of money. Bitcoins, USD cash, and Liberty Reserve appear to be the most popular forms of payment for these services.

.Onion
.Onion is the top-level domain suffix for hidden services or websites only reachable via Tor. Since it is equally difficult to determine who is either hosting or using a site, the .onion domain provides security for both the creator and user of hidden services, functionally allowing Tor users to set up websites without worrying about censorship or tracking.

Other common types of .onion sites include email and Instant Messaging services, and image/video uploading services.

How .Onion Works
Each .onion address consists of a randomized, 16- character hash tag that does not resolve the IP address of either the creator or their site’s users. This random hash URL is not searchable. Therefore, if an .onion page is created and the URL is only distributed to five people, unless those five people provide the name to other users, there is no way for anyone to discover if the URL exists.

Although .onion is a top-level domain (TLD) name, it is not recognized by official root DNS servers. This means that since there is no known IP address to establish a connection, the Tor application is required to browse to this “hidden” website. .Onion domains are not susceptible to Denial of Service (DoS) attacks since the location of .onion services are unknown.

Finding .Onion Domains.
Since finding hidden websites when using Tor can be difficult, users have created directory sites to link to more popular hidden websites. The Hidden Wiki, one of the most popular and well-kept directories for .onion domains, states it holds 177 URLs to hidden websites, with 91% of those sites running. Circle, a major site hosting .onion’s most popular services, is another valuable .onion staple resource. Directory sites also prevent users from falling prey to phishing sites.

ABOUT THE AUTHOR
Katherine Sagona-Stophel, Government Analyst, Thomson Reuters, Mclean, VA
Focused on open source collection, Katherine specializes in understanding the power of crowd sourcing through social media applications, gaming, and mobile technologies in order to solve intelligence problems. A graduate of American University in International Studies, she has always focused on technology and gaming as a hobby, from building computers to designing websites.