Darknets Coming Soon?

Anonymous Stalwart writes "CIO.com is running a story on darknets and their implications for security. With the ruling against Grokster, darknets seem poised to become a reality. How this will impact the future of the workplace, from top-level IT/IS managers all the way to non-IT jobs will depend on how the tech community that is developing this technology treats it."

Ok, real response

[LiquidCoooled]

Shouldn't the first sign "something" is up be an increase in bandwidth?
Once you know its happening, you know you have to identify the problem.

Unless somebody can root all the routers and IDS systems for every OS along the way, these darknets will always be detectable.

Re:Ok, real response

[agraupe]

Even if the darknets are detectable, it still won't be possible to monitor traffic on them. There is still the matter of encryption that will provide relative security to the users.

Re:Ok, real response

[l3v1]

The point is not hiding the network's existence, but hiding the traffic and the data itself. No use in you yelling "something's going on here" if you have no clue what it is.

Re:Ok, real response

[Kjella]

Unless somebody can root all the routers and IDS systems for every OS along the way, these darknets will always be detectable.

Technically, they can look like any kind of encrypted connection, HTTPS, SSH or whatever. Besides, I think the idea of Darknets is flawed to begin with. It is taking current anonymous P2P networks (Freenet, Ants, I2P etc.) and tying both hands behind their back by no longer allowing all-to-all connections, but only connections to people you trust. That pretty much precludes any sensible routing and load balancing because people are selecting the available routes, and you can't create new connections. Say you are the only person with access to two different social groups, all info must flow over your connection creating a huge bottleneck that the software is not allowed to compensate for.

Re:Ok, real response

[mr_z_beeblebrox]

Shouldn't the first sign "something" is up be an increase in bandwidth?

Try monitoring a campus network where you have several thousand users and an obscenely large amount of bandwidth. Oh, and you have live research data being generated on campus and moved to places like the NCSA etc... Bandwidth consumption may vary by tens of megabytes by the minute. So I ask you, in that situation (which I work in) what is an "increase in bandwidth" a sign of?
I don't understand why this article has such a tin foil hat slant to it. Darknets tell nothing about acceptable use, they primarily identify malware and misconfigurations.

Re:Ok, real response

[archeopterix]

Besides, I think the idea of Darknets is flawed to begin with. It is taking current anonymous P2P networks (Freenet, Ants, I2P etc.) and tying both hands behind their back by no longer allowing all-to-all connections, but only connections to people you trust. That pretty much precludes any sensible routing and load balancing because people are selecting the available routes, and you can't create new connections. Say you are the only person with access to two different social groups, all info must flow over your connection creating a huge bottleneck that the software is not allowed to compensate for.

This is true as the implication of "invite-only". There is, however, a middle ground between the current p2p mainstream and true darknets - encryption + origin hiding routing (onion or ants routing), but no invite-only. MUTE is like this.

Re:Ok, real response

[Tim+C]

Not in the corporate environment - the IT department will simply challenge you to explain why you're using so much more bandwidth than anyone else. If you can't, you either stop or face disciplinary action. At my company that sort of thing could possibly be grounds for sumamry dismissal; ymmv.

Re:Ok, real response

[Florian+Weimer]

Try monitoring a campus network where you have several thousand users and an obscenely large amount of bandwidth.

I have done this and it is much easier than you think. Warez traffic (let's drop this "darknet" term, I always think that it's an end-user-empowered network run over dark fibers) doesn't follow the typical 24-hour cycle in the traffic pattern. The number of legitimate hosts with such a traffic pattern is pretty small in my experience, so it's quite possible to spot the offenders.

Of course, as a network admin, there isn't much you can do when the host admin says that periodic transfers of multiple GB are perfectly legitimate and done for research purposes. But detection is not the real obstacle.

Part of the real issue is that so much traffic on research networks is filesharing and warez crap. If you started to enforce an AUP, the bandwidth would drop to minuscule levels, and you wouldn't have any plausible justification whatsoever for those fat pipes. And people feel they need them because of the dick size wars at some research conferences.

Re:Ok, real response

[1u3hr]

ot in the corporate environment - the IT department will simply challenge you to explain why you're using so much more bandwidth

TFA was focused on corporate espionage, which wouldn't necessarily consume huge bandwidth. Besides corporate types thnk nothing of sending huge files (video presentations, eg) around, so even sneaking out big files wouldn't necessarily make a blip. Of course, USB dongles and such are a much easier and right-now threat in that regard.

Re:Ok, real response

[Florian+Weimer]

In other words, massive copyright infringement drives the demand for more bandwith, which drives research, investment and competition, benefitting the society enormously in the form of better technology (both communication and processing, since you need processing power for routing), better communication infrastructure, and cheaper prices for both. I see this as yet another reason for weaker, not stronger, copyright laws.

Interesting line of thought. But I don't think it's compelling. Contemporary file sharing protocols (especially the search component) are often rather inefficient. Making file sharing clearly legal would make it possible to offer more centralized services supporting it (where it makes sense), which would increase efficiency and reduce bandwidth usage.

On the other hand, if you outlaw file sharing completely and enforce it rigorously, as a user, you'd have to tunnel all file sharing traffic over secure anonymization networks (similar to what Tor does). Each packet would run back and forth through the network, in order to obscure its sender and receiver, tremendously increasing bandwidth requirements. So, following your argument, truly fascist copyright laws would advance networks even more.

Re:Ok, real response

Not. Most corporate types don't even allow end-to-end internet connectivity onto their networks. They force all email traffic to go through particular relays that scan for viruses, and depending on the industry, check for specific classes of keywords, and block mail to certain domains. They block any email over certain sizes or to too many recipients.

A friend was streaming music at his new job recently. In less than a day they came to find out what he was doing. His 128kbit stream was 30% of the total bandwidth in use at the location, which has 300 people. Bandwidth heavy activity is noticed fast. These companies aren't running your typical consumer level 5 Mb cable modems. They are paying thousands of dollars a month for two or three megabit connections.

Finally what exactly do people think will happen when they start participating in these "darknets" (which is a stupid fucking use of the name since it already has a definition)? You cross from being a generic p2p open and free music/warez/porn swapping activity into being an invitation only secret cartel. You end up pissing off one of your members and he rats you out to the local federal prosecutor. Instead of having to make the decision to settle with the RIAA for $3,000 you get to make the choice of pleading guilty to racketeering charges and going to prison for three years and paying a $250,000 fine. You will have to get permission to leave the state, forget about travelling out of the country. And the prohibition from working in several large industries might make it hard to get a job.

Re:Ok, real response

[crazyphilman]

Umm... NO.

Unless you are actually ENGAGED IN RACKETEERING, you will not be charged with it. Wielding the equivalent of a Captain Midnight Secret Decoder Ring is still not illegal.

Here's some clarification of "racketeering" from Dictionary.com:

Main Entry: racketeering
Pronunciation: "ra-k&-'tir-i[ng]
Function: noun
1 : the extortion of money or advantage by threat or force
2 : a pattern of illegal activity (as extortion and murder) that is carried out in furtherance of an enterprise (as a criminal syndicate) which is owned or controlled by those engaged in such activity --see also Racketeer Influenced and Corrupt Organizations Act in the IMPORTANT LAWS section --compare ORGANIZED CRIME

Re:Ok, real response

[Hast]

I agree with you that it's quite easy to monitor data, even on the scale we see here. And let's be clear, there is no need to actually monitor the data. You only need to monitor the amount of data in order to find these darknets. Furthermore, even if you sometimes fail to achieve 100% of data logging that doesn't matter since you'll randomly drop packets from your data loggers and thus the darknets will still shine like beacons of bandwidth. One trick is to look for bandwidth during the off-hours. Typically traffic is low during the night, but people that download a lot typically maintain this during all hours. So during the day there might well be way too much information to parse, but during the nights only the "usual suspects" are working.

However, as I was previously involved with such logging (as an admin for a small student network) I toyed with the idea of making a more advanced darknet. Usually logging and tracking are based on the assumption that the darknets are operating on usual IP adresses, naturally this isn't necessary. Eg you could let multiple computers on one subnet create a new virtual host together. You would then load balance the darknet over all of these hosts. And this loadbalancing could be made using non-standard IP packets. The idea is that if you were to look at any specific stream of traffic it wouldn't make sense. Only when you correctly put them together are they correct.

I mentioned previously that you only log the actual data lengths. Theoretically you can make communication channels using elaborate port knocking which would circumvent this. Eg you could use port knocking to transmitt data, in a similar manner as morse code. So you are not really sending any data in packets, you are just "knocking on the ports" of the other computer in a manner which signifies a message. Inefficient as hell, that's for sure, but hard to detect unless you know what to look for.

The extreme version of this would be to hook up one computer to a central switch on a logging port and hide it. The idea is that this computer would be able to intercept all network transmission on a network and furthermore to allow it to send data on all these ports. That would allow for a pretty extreme variant of the above "multiple computers on a subnet" as suddenly you really have one computer that is hooked in on the entire subnet. This allows it to loadbalance over all of the subnet essentially making it "invicible" to most basic data logging analysis.

I'm sure people who actually spend a lot of time analysing IP data can think of even more subtle and hard to find ways of creating hidden communication channels.

Dark Ambition

[Doc+Ruby]

The "Grokster" ruling says that network operators can be liable for users illegal network abuse when operators promote abuse. It's a stupid ruling, but limited. And its standards for proving promotion are unfounded, really allowing just "appreciation" of abuse, without any evidence of public promotion. But operators which do not include even internal organizational acceptance of abuse, which promote only legal use, which offer even minimal protections of abuse, rather than any internal corporate policies which rely on the abuse, are not threatened. The sloppy evidential and jurisprudential standards in that landmark ruling will make it much more expensive for legit operators to remain safe, as they're sued willy-nilly by vengeful media corporations. But the mass media story that "P2P is now illegal" ought to get no promotion on geek sites like Slashdot. If you're going to run a darknet, why not just leave out the abuse promotion, and let your P2P flag fly?

Re:Dark Ambition

[theonetruekeebler]

With due respect, it's not a particularly stupid ruling. Grokster did in fact promote its product as a way of doing something illegal. The Supreme Court agreed that doing so exposed them to liability. If Sears/Craftsman promoted its crowbars as "The Burglar's Best Friend," they'd be liable for that, right? If Louisville Slugger had a booth at the local skinhead rally, promoting its bats as the perfect fag-bashing tool, they'd be liable for that, too. It's that simple---promote an illegal use, accept responsibility for illegal use. Why shouldn't Grokster be liable for promoting the illegal use of its products?

I have no problem with uniformly enforcing product liability laws. My problem is with the insanity of today's copyright laws. TFA was very sloppy starting off with a falsehood like

The Supreme Court might have stirred up a bigger problem than it settled when it ruled last June that file-sharing networks such as Grokster could be sued if their members pirated copyrighted digital music and video.

The Supreme Court said no such thing. But the RIAA/MPAA will of course do everything they can to take a mile from this very straightforward inch.

Re:Dark Ambition

[Doc+Ruby]

The Supreme Court found that Grokster "promoted" abuse solely on evidence that Grokster employees planned to use growth from abuse in scaling their network, and considered ways to use that abuse. They did not find any evidence that Grokster publicly promoted abuse. They found "intent" by a corporation, which is not a person who can "intend" (even if you believe that a person's intent can ever be proven). Hence my comment that Grokster "appreciated" abuse, but did not promote it.

I don't believe that people who promote illegal acts, whether advertising products or mere advocacy, are liable for the actions of those who take them up on their promotion. I do believe that their free speech can be found to be contributory, a lesser liability, when they have either demonstrated expectations of satisfaction of their promotion, clearly reasonable expectations, willful neglect of developing prior expectations, or even negligent passive ignorance of such expectations. Yelling "fire" in a crowded (nonburning) theater is a lesser crime than shoving someone down the stairs. Liability, especially liability for speech to people with freedom of choice, is not quite so simple. The Supremes have made such speech even more complicated, by ignoring its absence, and finding liability where criminals act without even the speech, just the benefit. That's an economic argument, but not a legal one. And the economics of the industry now employ the prohibitive expense to keep new distributors they don't control out of the competition. With the Court as their enforcer.

the RIAA needs to be careful...

[Spy+der+Mann]

by prosecuting unencrypted networks like eDonkey, bittorrent, etc. they're only enforcing users to search for encrypted ways to transmit data. And I don't think encouraging encryption is gonna be any good for national security.

Just a thought.

Darknets? Blame the RIAA!!!

[ThatGeek]

Well, only 3 comments posted, and the link is already hosed.
As reported by Darknet dot com, a darknet is nothing more than a place where illegal communication (filesharing/hacking talk/speaking badly of the US president) can take place.
I don't see how darknets will make things any different. For years we've had gopher, IRC and other communication channels that have been below the vision of the management elite.
I think lawyers are starting to learn that techies can't be bullied as easily as most, because techies are able to build new infrastructures. Instead of giving up, techies take threats as a challenge or motivation to dive further and further away from public vision.

Re:Darknets? Blame the RIAA!!!

[Anne_Nonymous]

>> a place where illegal communication (filesharing/hacking talk/speaking badly of the US president) can take place

Oh, a place like say... /.?

Re:Darknets? Blame the RIAA!!!

[ScrewMaster]

blame the US for producing way too many of the vermin.

That's the most reasonable bit of U.S.-bashing I've heard yet on Slashdot. At least you didn't single out all of us as being warmongers or evil or Bush-lovers or whatever. And you're right: we're becoming a remarkably litigious society. Not that I have any idea how to cure the problem.

But your average corporate attorney isn't the problem, he or she is simply a tool, and a symptom of a larger problem. It is bad law, admittedly written by a bunch of lawyers (collectively known as "Congress"), combined with corporate executives who see nothing but dollar signs. Corporate lawyers just don't sit around suing people and companies for fun: somebody has to pay them to do it, and pay them handsomely. Those people are the ones you need to worry about.

You know, like the good folks in charge of Lexmark, Diebold and DirecTV. Laws like the DMCA just gave them an opportunity to put their lawyers to work. All Congress did was give a loaded gun to a bunch of idiots.

Re:Darknets? Blame the RIAA!!!

[RAMMS+EIN]

I am told that the main difference between common law (as used in the USA and most former Brittish colonies) and civil law (as used in most of the Rest of the World) is that common law places more emphasis on precedent, whereas civil law places more emphasis on written law. Precedent is a lot vaguer and a lot less organized than written laws. Thus, it's harder to predict the outcome of a suit without trying under common law than it is under civil law.

Another thing that sets the USA apart in a legal sense is that the losing party is not generally made to pay (part of) the winning party's legal costs. This makes it less costly to start a lawsuit that you're not sure you will win, and favors those with lots of money; they can simply make the case drag on until the other party runs out of money to pay their lawyers.

I (being a rather know-it-all European) perceive these two things as problems of the American legal system. Perhaps correcting these issues will lead to a saner legal climate.

Re:I know the question we're all asking ourselves:

[MrByte420]

WOW! The media has discovered VPN's

Not necessarily illegal

[Ritz_Just_Ritz]

A Darknet is a private virtual network where users only connect to people they trust. That's it. It can be used for good or evil.

Re:I know the question we're all asking ourselves:

[rholliday]

That was a short, almost pointless article. Basically amounted to "use standard security practices."

I found this article about "darknets" that I found informative, even though it's a book ad.

Article Text && Coral Cache URI

http://www.cio.com.nyud.net:8090/archive/110105/tl _filesharing.html

---
FILE SHARING
Spies in the Server Closet
BY MICHAEL JACKMAN

The Supreme Court might have stirred up a bigger problem than it settled when it ruled last June that file-sharing networks such as Grokster could be sued if their members pirated copyrighted digital music and video.

Since then, some programmers have announced they would pursue so-called darknets. These private, invitation-only networks can be invisible to even state-of-the-art sleuthing. And although they're attractive as a way to get around the entertainment industry's zeal in prosecuting digital piracy, they could also create a new channel for corporate espionage, says Eric Cole, chief scientist for Lockheed Martin Information Technology.

Cole defines a darknet as a group of individuals who have a covert, dispersed communication channel. While file-sharing networks such as Grokster and even VPNs use public networks to exchange information, with a darknet, he says, "you don't know it's there in the first place."

All an employee has to do to set one up is install file-sharing software written for darknets and invite someone on the outside to join, thus creating a private connection that's unlikely to be detected. "The Internet is so vast, porous and complex, it's easy to set up underground networks that are almost impossible to find and take down," says Cole.

He advises that the best--and perhaps only--defense against darknets is a combination of network security best practices (such as firewalls, intrusion detection systems and intrusion prevention systems) and keeping intellectual property under lock and key. In addition, he says, companies should enact a security policy called "least privilege," which means users are given the least amount of access they need to do their jobs. "Usually if a darknet is set up it's because an individual has too much access," Cole says.

---

Re:I know the question we're all asking ourselves:

What the heck is a darknet?

The first rule of the darknet is that you never talk about the darknet!

Darknets

[ledow]

For those that are asking, a darknet is used in this context as a closed P2P system (i.e. you, your mates, your mates' mates and others by invitation only sharing what you have with each other over the internet).

Reminds me of something me and my brother used to do. We wanted to play a game online over the Internet but didn't want to sign up to yet-another online gaming service (The Zone or something it was called). We both had legit copies of the game, we both had internet connections and we just wanted to play online against each other. We couldn't do a straight TCP/IP connection for some reason or another so the only options left in the software were LAN, Modem or this Zone thing.

So what we did was set up PPTP between our routers, assigned nearby IP addresses on both sides that routed across the connection and played a "LAN" game over the Internet. As far as I can see this was a type of darknet if you like.

If we'd had non-legit copies, many games of the era would let you plan LAN without the CD so long as one player had the CD but not across the Internet. Or, say we'd cracked or VirtualCD'd the CD so that neither of us had a legit copy but could still play online. Then this sort of "PPTP darknet" would be used to let groups of friends without the legit CD to play over the Internet without needing the authorisation or intervention of the person running the gaming servers.

A further thought, bringing it up to the modern day, would suggest that things like Steam could be played over this sort of "PPTP darknet" as a LAN game (connecting to PC's spread over the internet, all disconnected from the "real" internet and bypassing restrictions on who / what is allowed to play)?

It's a interesting idea, sort of like a hidden black market for the internet (which I'm assuming is where the name comes from). As companies crack down on people lending movies to their friends and similar other quite legitimate activities, things like this are going to appear, translated from the real world where this happens all the time to the Internet.

It seems to me that these sorts of things have existed for a while, though. I've heard that things like paedophile rings are already using such tactics? Detection is much, much harder than for a centrally administered P2P network. The only way to detect is to infiltrate the network itself, which is basically social engineering?

They'll Never Learn!

[TheZorch]

You can't teach the RIAA anything. They think they can stop P2P file sharing but the truth is all their legal efforts are driving it underground...where it was before Napster appeared.

There are a lot of very talented techies out there who can come up with some astonishing new tech. A fully encrypted P2P service that masks a user's IP address would make it hard for "the man" to find those who are illegally filesharing. Also, the hacker community can adapt to changing situations faster than any corporation. This is because they aren't hindered by office politics, ethics, patant and copyright compliance and legal compliance. They operate above the law, so it was really no surprise to me when Slashdot ran the story of the trojan that exploited the cloaking ability of Sony's DRM.

I wasn't surprised one bit.

Because of Grokster and others the RIAA bring down a new, bigger, and better P2P service will emerge with multiple layers of custom encryption, IP address masking, and no central server that can be distrupted. You could even block ports at the ISP level and they'll adapt again to support multiple ports at once. Its a loosing battle they just don't get it yet.

Why do you think Internet Security and Antivirus Industies are racking in so much money these days. They DON'T want to see the hacker put in jail because if all the security threats cease and no more viruses are being made they are all out of a job. It a multi-billion dollar industry.

The RIAA is utter and completely out of their league.

Re:They'll Never Learn!

[squiggleslash]

Oh, bollocks. If Darknets become the future of P2P, the RIAA and its members are going to high-five one another and say "We did it!"

The issue with P2P is that it's a way for a single person to distribute a piece of music to potentially millions of anonymous strangers. That hadn't existed before, and it was, by and large, mostly used for piracy. People took copyrighted materials whose producers were relying upon sales (and realistically have no alternatives) to pay for the costs of production and, without permission, used Napster and its successors to distribute it instead.

That's what got the music industry in a panic. Suddenly content that could, previously, only be accessed under relatively controlled conditions was available, on a on-demand basis, to anyone who wanted it, without the receivers having to contribute a penny to the costs of production. While some Slashdotters have argued the additional publicity might have generated sales as people were exposed to content they wouldn't otherwise have been, it's also a fact that many, possibly even most, P2P users used P2P to build music collections directly, bypassing the usual pay-for-CDs routes. I know such people, and I know more people who I can definitely say didn't pay money they otherwise would have done, than people who bought CDs purely on the basis of being exposed to the content via P2P that they wouldn't otherwise have been.

What Darknets do is they reduce the numbers involved considerably, and return music-redistribution to the limited scales we saw in the days of home taping. The participants know one-another. Downloadable music libraries become limited to those of a small group of friends. It ceases to be possible for millions of people to be able to download a song illegally the day after it goes on sale.

Darknets represent a victory for the recording industry. Oh, they'll continue to chase them, if only to keep the numbers down and limited and prevent a single darknet from becoming large enough to constitute a threat, but over-all, darknets will never be as damaging, in practice, as Napster and its successors.

Don't think like a geek. The issue with Napster wasn't that you could physically transfer an MP3 from one person to another. It was that you could rip an MP3, and then it'd be available to millions of people within hours, in a form easily searched for and obtainable on demand. In short, if someone thought "How can I get Rosen and the Hillarycats's latest hit 'Copy me to the moon'", they now had two choices: find the CD and buy it, or download the MP3." That latter method just isn't practical with Darknets.

And the MPAA/RIAA's response will be...

[theonetruekeebler]

...treachery. Seriously. If they can't go through a public channel to find wrongdoers (that is, to find unprofitable conditions), they will start using undercover agents to befriend and betray their way into darknets. So basically they'll have spies pose as college students then coaxing real students into inviting them into the henhouse.

Hell, they'll probably set up a few darknets of their own, as "loss leaders" in their quest to fuck as many people out of as much money as possible. And they'll start a terror campaign, too. Did I say terror? I meant public relations. As in "The Guy You're Sharing Files With Might Be A Cop."

Re:And the MPAA/RIAA's response will be...

[arevos]

A pseudonoymous network system like MUTE or FreeNet would solve this by offering plausible deniability. You can't tell whether your neighbours are requesting illegal files, or whether they are merely unknowingly routing a request from someone else on the network.

Wrong Premise

[RAMMS+EIN]

From TFA:

``The Supreme Court might have stirred up a bigger problem than it settled when it ruled last June that file-sharing networks such as Grokster could be sued if their members pirated copyrighted digital music and video.

Since then, some programmers have announced they would pursue so-called darknets. ... And although [darknets are] attractive as a way to get around the entertainment industry's zeal in prosecuting digital piracy, they could also create a new channel for corporate espionage''

Am I the only one who thinks that if darknets are attractive vehicles for corporate espionage, they would be built no matter what the Supreme Court rules on filesharing?

Two definitions

[michaelmalak]

As usual, a Slashdot story summary haughtily uses new jargon without defining the term. So as usual, I go to Wikipedia to look it up. It seems there are two definitions.

One definition is an encrypted protocol over the Internet. The other definition is using wireless technologies off the Internet. Oddly, the person quoted in the CIO article was trying to claim that encrypted, closed file sharing over the Internet was nothing like a VPN. That makes no sense to me, especially given the other definition of a darknet (the wireless one off the Internet) really is nothing like a VPN.

A wireless-off-the-Internet darknet could serve Thomas Paine purposes if the U.S. government ever shuts down the Internet in response to a terrorist attack. An encrypted, closed information sharing network on the Internet could not.

We could fall back to the true Darknet

[popsicle67]

I'm talking about snailmail. If it gets right down to it you can fall back to this time honored completely private way of transporting any files you wish to share. It also has the advantage of carrying a federal criminal violation against anyone who attempts to stop your mail. If things gat so bad in this country that even this becomes too troublesome we can all move to eastern europe or china as they will become the beacons of freedom much as our country used to be.

Already there

[m50d]

Gnunet is here and working. Fully usable as a P2P network, not as fast as unencrypted but close. I haven't tried using it in pure friend-to-friend mode but the functionality is there. And of course it has all the things you'd expect from an advanced P2P network, searches for automatically extracted keywords, signed namespaces where you can publish content anonymously but show that it's all from you, directories, etc.

Not Really

[IBitOBear]

Actually, If you establish the DarkNet in the right way, once you are connected to a trusted node you could connect to any other node by passing authentication and encryption keys the long way. This would allow for dynamic (re)routing.

Think of an IRC style web. Basically, a properly designed network would allow one party to inform another that it wanted to make a connection. Then it would make that connection. By pre-passing the keys and proof of identity, you would be able to make arbitrary connections within a "closed surface" of the net.

===

What I have been waiting to see make a comeback is the good old fashioned POTS modem. With all the internet wire-tap laws being generally weaker than the phone tapping laws, it would _really_ make sense to transfer authentications (etc) through a old-fashioned BBS style "drop sites" that were not really on the net.

So you downloaded some particular binary splash. To turn it into the song or whatever you would have to go get the key/completion-tidbit. Heck, the actual directores could be encoded so you _couldn't_ know what you were passing unless you were also in on the sideband/drop-site.

Re:Not Really

[Reziac]

I've been saying for some time now that for secure email, an old-fashioned dialup BBS, with a known and trusted sysop, is one helluva lot more secure than any internet-based email.

The BBS's sysop is god, he sees all. But on a dialup BBS, no one other than the sender and recipient can see the content of a given local email. (Barring subpoena, of course.)

Conversely, any node along the internet could intercept and have its way with regular internet email packets.

Nasty thought: you've got BBS software on your computer? obviously you're supporting terrorism, by offering email that can't be snooped from outside the system! Off to jail with you!!

Re:Not Really

[Reziac]

For email from outside sources -- well, most halfway modern BBS software (defined as 1994 or later) can do internet email via UUCP, and the more recent incarnations use TCP/IP (and can do QWK/REP by regular email).

Otherwise, and for maximum snoop-proofing against external forces, one has to be willing to make the phone call to transfer mail (both by users and BBS-to-BBS), which may involve a long distance call, and as with FIDO, often a considerable delay as packets hop from one BBS to the next. (As the old tagline goes -- "Internet: modem and phone lines. FidoNet: tin cans and string." :)

There's no reason you can't encrypt your posts on the BBS, making them secure even from the sysop; in fact this used to be the norm on some BBSs, and I've seen one where it was *required*. You could either UUEncode the encrypted message and post it as ASCII, or attach an encrypted ZIP to an empty message, depending on the capabilities of the BBS software. To the BBS, it's just another message or attachment, it doesn't care that it's not in plain language. So the problem of snoop-proofing against the sysop is already solved (provided he allows encrypted messages. If he doesn't, he's probably not trustworthy anyway!)

The concept of a "dumb router" may have merit, tho, to prevent any human from seeing where a given packet comes from or goes to. Of course, you can still get caught when you log in, but there again -- in the old days, some BBSs *required* that you use a unique alias and never post your real name. If you're really paranoid, use a pay phone (thus not a number traceable to you) and one of those gadgets that leech to the mouthpiece. (I've got one that does 28.8 -- they're still made, for laptop use in hotels that don't have phone jacks. Hopelessly slow for files, but adequate for QWK/REP packets.)

There indeed was a problem with sysops losing interest or going off in a huff, but three that I've used had track records of 17 yrs, 10 yrs, and 11 yrs (and counting). So it's not a universal issue. Small ISPs go tits-up about as often as BBSs did.

BTW I still use two BBSs daily -- one via telnet, the other as QWK/REP by email. And should both die... well, I already own Wildcat. :)

old news

[Jerbol]

there was a wired article on this very topic several months ago.

Re:was always going to happen

[TubeSteak]

"p2p can't be stopped"

Tell that to the Great Fire Wall of China

Can't stop the signal

[macemoneta]

There are so many ways to abuse TCP/IP that it's impossible to stop data exchange unless you block all traffic. Heck, you can even communicate using ping, as in:

HOST1: ping -c 1 -p facedead12349876 host2
PATTERN: 0xfacedead12349876

HOST2: tcpdump -x ip proto \\icmp and src host host1
11:41:51.646216 IP host1 > host2: icmp 64: echo request seq 0
0x0000: 4500 0054 0000 4000 4001 1af7 8752 0886 E..T..@.@....R..
0x0010: 8752 0888 0800 4550 242d 0000 cf6c 7743 .R....EP$-...lwC
0x0020: 25e5 0900 face dead 1234 9876 face dead %........4.v....
0x0030: 1234 9876 face dead 1234 9876 face dead .4.v.....4.v....
0x0040: 1234 9876 face dead 1234 9876 face dead .4.v.....4.v....
0x0050: 1234

Sure, you'll see a lot of icmp traffic, but odds are most network folks won't considering the pad data in a ping to be payload.

It's like the old ppp over email implementations. Connectivity means data transfer. If some journalist or newbie network admin thinks otherwise, then it's just that much easier.

nah.. this is bunk

[sl4shd0rk]

Whatever devices are between the nics (no crossover cable) leave an opportunity to see whatever traffic is going between them. Even ntop will tell you what types of traffic it's seeing - not to mention if you are inside a bunch of hubs. 'Darknet' sounds spectacular, but it just comes down to another stupid protocol running on a non-standard port. If you're lucky, your best luck is to invent your own protocol, encrypt it, and don't share the source with anyone. Good luck getting anyone to trust you though.

Darknets have been around a long time

[HangingChad]

I won't say who around here has been using one for years (insert innocent look here) but it's not a new concept. It's only people they know and those with technical skill higher than the average bear. High enough to figure out how to encrypt files with PGP. Not bullet proof, but it sure makes it more difficult for ISP's to figure out what you have in your password protected ftp folder. Especially mixed in with a lot of family pictures, videos and routine stuff similarly secured.

That group has lists of what they have rather than the items themselves, so it's fairly easy to check for particular files. Sometimes they'll collaborate on new movies coming out. You bought Batman last month, we'll buy Mr. & Mrs. Smith next month. Maybe one of them has a coupon or gets a copy from a neighbor. And so on. They IM back and forth, but never the FTP address which everyone already knows.

It's not exactly a darknet but the principle is similar. Trusted users, encrypted files. If corporate snoops were going to try and catch that group they'd have to hack their way on to an FTP server, pull files pretty much at random then spend days trying to crack the PGP wrapper. Good luck with that. You might be surprised at how much material five or six different families actually have. Movies, music the differing tastes produce quite a wide selection. They save hundreds, maybe thousands a year and the risk is pretty minimal. And there's no special clients required, just a copy of PGP tools. If that group were 10 people or families instead of five, imagine how much more material would be available?

Monitoring traffic by source, destination and type

[@madeus]

Try monitoring a campus network where you have several thousand users and an obscenely large amount of bandwidth. Oh, and you have live research data being generated on campus and moved to places like the NCSA etc... Bandwidth consumption may vary by tens of megabytes by the minute. So I ask you, in that situation (which I work in) what is an "increase in bandwidth" a sign of?

Effective monitoring is actually quite achievable with freely avalible software.

On a properly managed network you should be able to tell exactly who is using how much traffic and what type of traffic (and where it's coming in and out from) and to spot suspicious changes in usuage patterns, with historical data avalible in a format appropriate for a quick visual comparison. All of this should be fed in to your monitoring platform with alerts raised once set thresholds are reached.

In practice though, it's usually not cost effective to actually clamp down on misuse of bandwith and it's more prudent to let it slide (and/or go for the low hanging fruit if spot anyone taking the mickey) and just pickup the tab afterwords.

(Disclaimer: The next part of this post drifts away from this specific thread ;)

I'm not sure why so many people imagine monitoring traffic by source and type is difficult and that they can't be spotted and rate limited on a per user basis, in an entirely automated fashion.

Using tools like jflow and cflowd (and various other commerical purpose built tools) to do detailed traffic profiling, and to a limited extent shaping, is something a few carriers and large providers do already. Even if your provider doesn't do this, there is a really good chance their transit providers do it.

At the moment, the majority of providers mark P2P traffic as the lowest priority for QoS purposes as it is, because (a) it's so all consuming and disproportionately resource intensive (compared to far more common tasks like legitimate HTTP traffic and FTP data transfer) and (b) it's hard to complain about slow transfer speeds of what is almost certainly Warez between you and an anonymous DSL/Cable subscriber in another state/country. This is partly why P2P transfer rates can be very crummy (the other major reason being of course the limited upstreams of most users).

Once you have profiling data for a given port or IP on your network, all you need to do is send a trigger to the switch/router/DSLAM/etc. to either trottle the traffic for that port on the TCP/UDP ports required (as the hardware permits - ideally on a per-TCP/UPD-port basis), or - if your feeling adventurous (or your hardware is crummy) - dynamically re-route traffic for that destination seperately, though a series of systems that are capeable of enforcing very fine grained QoS controls (on appropriate hardware, the 2.6 kernel with iptables and some appropriate modules is actually capeable of impressive work in this area).

If users start tunneling large amounts of traffic down other ports (and disguising it as as regular HTTP, SSH, HTTPS, etc. traffic) then it's going to be really obvious to spot using automated software, and those those users will find that providers will just impliment systems to nobble that specific type of traffic on their connection while they persist in doing that, and if they want unnobbled connection, they'll have to pay a real premium to compensate. It's also entirely possible providers will start enforcing QoS based on destination too, so that transfers to systems that are common P2P traffic destinations are effectively crippled (and traffic to network ranges used by Cable/DSL/College dorms/etc. could even be rated by default).

If any users imagine they can 'sneak around' by tunneling P2P traffic and making it look like encrypted VoIP traffic (and warzing to their hearts content at the expense of the rest of legitimate users) they are in for a big shock. They are going to find that suddently their VoIP traffic starts having specific (weekly/monthly) transfer limi

Re:META-NET

[name773]

doesn't public access go against the definition of a dark net?

But that's not a problem for IT managers

[Sycraft-fu]

If you are doing traffic on our network that I need to know what it is, I'll go to your computer and check. In a managed environment, like a corperation, you don't have privacy of your data. You can encrypt traffic, and should (we fight all the time to get the last few telnet users to switch to SSH) but that's to keep random malicious users out, not your IT staff. Your IT staff can come and ask to see what's happening on your computer and "no" isn't a legit answer, as the computer is company property.

I personally don't see any problems with Darknets that didn't already exist with SSH. If I work in an environment where we don't care what you do, unless it's a problem, then we'll ignore your traffic unless it's excessive. If I work in an environment where we restrict what you can do, then we'll monitor your traffic and if we see unknown encrypted traffic, you'll be asked what it was and your computer will be checked.

So I see Darknets as a problem for the RIAA maybe, and frankly I don't give a shit about them, but not for corperate IT.

Darknets have always been around, and always will.

[crazyphilman]

Darknets are just the latest "OH MY GOD WE MUST ALL FEAR" line the computer industry is going to use to field a "solution" (probably some kind of sniffer for corporations, which tries to detect traffic which it cannot categorize and produces reports for suits).

Say it with me: darknets have always been here, and they will always be.

Hackers have IRC and other invite-only forums, and all the ways in which they've used them to secretly pass information around without the squares being in on it. P2P networks are darknets (for YOU, anyway) if you don't have software which uses the protocols and don't know anyone who knows about them. ANY new network protocol can be a darknet. You can roll your own anytime you want.

Darknets are the modern equivalent of the Captain Midnight Secret Decoder Ring. They are NOT the Beginning Of The Fall Of Civilization(tm).

Don't believe me? Fine. Be that way. Try this fun experiment:

Write yourself a Java suite that:

CLIENT SIDE:

1. Briefly touches a server, downloads the current list of IP addresses that have announced themselves to the server, announces ITSELF to the server, and then logs off. The server IP is probably best implemented as one of a list of possible server sites, so that if one is compromised (doesn't give the correct handshake or whatever) you just move on to the next one. All communication should be encrypted using the server's public key and YOUR public key (RSA between the two points, or whatever is fashionable in your circle of friends).

2. Lets you compose messages, or file transfers, or whatever, destined for whatever IP address you want to communicate with, again encrypted with both public keys. Maybe you even compress the data first, to reduce bandwidth usage.

3. Lets you "blackball" any IP address you think is compromised. You could implement this as "My PC Only" or as a common blackball pool, which everyone could vote on, or as a common blackball pool which people could consider provisional and accept or not accept.

SERVER SIDE:

1. Manage lists of IP addresses and their status.

2. Provide a handshake which is meant to test whether your software is authentic and you are in fact an approved node. If you're not, you get sucked into a honeypot and studied. You are NOT given an actual IP address list; rather you are given a fake list full of false leads.

3. Allow certain admins to control the system to some extent, ousting problematic members (bans) and so forth. This could alternately be implemented on the client side, with a voting scheme, or whatever.

Bam. Instant darknet. And it's a piece of cake for anyone who's passed the junior-level networking course at any public university. THINK about it -- why do you think anyone studies computer science these days? It sure ain't to find a job... People study computer science to build themselves cool, weird things that stiff, stick-up-their-ass types don't approve of.

Deal, people. The world is not all simple and sparkly, like an amusement park. We are all grown-ups, and we can do grown up things even if it frightens The Man(tm). And, really, computer science is the closest thing any of us gets to wielding supernatural power. Us geeks can do things NOBODY else can do. Why not do them? Why be a boring square if you don't have to? Build something freaky, get yourself one of those weird, off-kilter cover photos in Wired that makes you look like Dr. Evil. Why not? You weren't put on this earth to make Sheeple feel comfy and warm. Fuck 'em.

Scalable Trust Levels

At which point, you either have a) no scalability (all must trust all) or b) no trust, which negates the entire point of the darknet

Recognizing that there is no such thing as an entirely trustworthy network (unless you know and implicitly trust each individual involved, and their security) couldn't you just implement a scalable trust level? By this I mean limiting the number of hops, or degrees of separation from who you implicitly trust (your 'friends'), to who they implicitly trust, and so on to the unknown computer. In this way you could come to a trade off between data available, and the level of insecurity you consider acceptable. In the case of highly sought after information we would see a trickle-down sort of effect... There are lots of possible variations on this theme.

How would the degree of trust-separation be tracked? I am not entirely sure, but perhaps a public key encryption of each individual's friends list could work. Files searched for in levels - first your friends, then their friends, etc until the file is found or the security limit reached?

/arbitrary

Re:not a new thing!

[shmlco]

"Darknets" have always been around and always will. By their very nature, you don't see them. You can't tell how many there are, and you certainly don't know what's going on inside them because you won't get invited without proving that you're one of them first.

Sorry, but if you're using the same network and infrastructure as the rest of us then those connections can be monitored, your endpoints mapped, and your packets and traffic patterns analyzed.

I'm quite sure, however, that the NSA appreciates your spreading your "totally secure" viewpoint around...

W.A.S.T.E. is an example

[FlippyTheSkillsaw]

W.A.S.T.E.