Darknets Coming Soon?

Anonymous Stalwart writes "CIO.com is running a story on darknets and their implications for security. With the ruling against Grokster, darknets seem poised to become a reality. How this will impact the future of the workplace, from top-level IT/IS managers all the way to non-IT jobs will depend on how the tech community that is developing this technology treats it."

Ok, real response

[LiquidCoooled]

Shouldn't the first sign "something" is up be an increase in bandwidth?
Once you know its happening, you know you have to identify the problem.

Unless somebody can root all the routers and IDS systems for every OS along the way, these darknets will always be detectable.

Re:Ok, real response

[mr_z_beeblebrox]

Shouldn't the first sign "something" is up be an increase in bandwidth?

Try monitoring a campus network where you have several thousand users and an obscenely large amount of bandwidth. Oh, and you have live research data being generated on campus and moved to places like the NCSA etc... Bandwidth consumption may vary by tens of megabytes by the minute. So I ask you, in that situation (which I work in) what is an "increase in bandwidth" a sign of?
I don't understand why this article has such a tin foil hat slant to it. Darknets tell nothing about acceptable use, they primarily identify malware and misconfigurations.

Dark Ambition

[Doc+Ruby]

The "Grokster" ruling says that network operators can be liable for users illegal network abuse when operators promote abuse. It's a stupid ruling, but limited. And its standards for proving promotion are unfounded, really allowing just "appreciation" of abuse, without any evidence of public promotion. But operators which do not include even internal organizational acceptance of abuse, which promote only legal use, which offer even minimal protections of abuse, rather than any internal corporate policies which rely on the abuse, are not threatened. The sloppy evidential and jurisprudential standards in that landmark ruling will make it much more expensive for legit operators to remain safe, as they're sued willy-nilly by vengeful media corporations. But the mass media story that "P2P is now illegal" ought to get no promotion on geek sites like Slashdot. If you're going to run a darknet, why not just leave out the abuse promotion, and let your P2P flag fly?

Re:Dark Ambition

[theonetruekeebler]

With due respect, it's not a particularly stupid ruling. Grokster did in fact promote its product as a way of doing something illegal. The Supreme Court agreed that doing so exposed them to liability. If Sears/Craftsman promoted its crowbars as "The Burglar's Best Friend," they'd be liable for that, right? If Louisville Slugger had a booth at the local skinhead rally, promoting its bats as the perfect fag-bashing tool, they'd be liable for that, too. It's that simple---promote an illegal use, accept responsibility for illegal use. Why shouldn't Grokster be liable for promoting the illegal use of its products?

I have no problem with uniformly enforcing product liability laws. My problem is with the insanity of today's copyright laws. TFA was very sloppy starting off with a falsehood like

The Supreme Court might have stirred up a bigger problem than it settled when it ruled last June that file-sharing networks such as Grokster could be sued if their members pirated copyrighted digital music and video.

The Supreme Court said no such thing. But the RIAA/MPAA will of course do everything they can to take a mile from this very straightforward inch.

Re:Dark Ambition

[Doc+Ruby]

The Supreme Court found that Grokster "promoted" abuse solely on evidence that Grokster employees planned to use growth from abuse in scaling their network, and considered ways to use that abuse. They did not find any evidence that Grokster publicly promoted abuse. They found "intent" by a corporation, which is not a person who can "intend" (even if you believe that a person's intent can ever be proven). Hence my comment that Grokster "appreciated" abuse, but did not promote it.

I don't believe that people who promote illegal acts, whether advertising products or mere advocacy, are liable for the actions of those who take them up on their promotion. I do believe that their free speech can be found to be contributory, a lesser liability, when they have either demonstrated expectations of satisfaction of their promotion, clearly reasonable expectations, willful neglect of developing prior expectations, or even negligent passive ignorance of such expectations. Yelling "fire" in a crowded (nonburning) theater is a lesser crime than shoving someone down the stairs. Liability, especially liability for speech to people with freedom of choice, is not quite so simple. The Supremes have made such speech even more complicated, by ignoring its absence, and finding liability where criminals act without even the speech, just the benefit. That's an economic argument, but not a legal one. And the economics of the industry now employ the prohibitive expense to keep new distributors they don't control out of the competition. With the Court as their enforcer.

the RIAA needs to be careful...

[Spy+der+Mann]

by prosecuting unencrypted networks like eDonkey, bittorrent, etc. they're only enforcing users to search for encrypted ways to transmit data. And I don't think encouraging encryption is gonna be any good for national security.

Just a thought.

Darknets? Blame the RIAA!!!

[ThatGeek]

Well, only 3 comments posted, and the link is already hosed.
As reported by Darknet dot com, a darknet is nothing more than a place where illegal communication (filesharing/hacking talk/speaking badly of the US president) can take place.
I don't see how darknets will make things any different. For years we've had gopher, IRC and other communication channels that have been below the vision of the management elite.
I think lawyers are starting to learn that techies can't be bullied as easily as most, because techies are able to build new infrastructures. Instead of giving up, techies take threats as a challenge or motivation to dive further and further away from public vision.

Article Text && Coral Cache URI

http://www.cio.com.nyud.net:8090/archive/110105/tl _filesharing.html

---
FILE SHARING
Spies in the Server Closet
BY MICHAEL JACKMAN

The Supreme Court might have stirred up a bigger problem than it settled when it ruled last June that file-sharing networks such as Grokster could be sued if their members pirated copyrighted digital music and video.

Since then, some programmers have announced they would pursue so-called darknets. These private, invitation-only networks can be invisible to even state-of-the-art sleuthing. And although they're attractive as a way to get around the entertainment industry's zeal in prosecuting digital piracy, they could also create a new channel for corporate espionage, says Eric Cole, chief scientist for Lockheed Martin Information Technology.

Cole defines a darknet as a group of individuals who have a covert, dispersed communication channel. While file-sharing networks such as Grokster and even VPNs use public networks to exchange information, with a darknet, he says, "you don't know it's there in the first place."

All an employee has to do to set one up is install file-sharing software written for darknets and invite someone on the outside to join, thus creating a private connection that's unlikely to be detected. "The Internet is so vast, porous and complex, it's easy to set up underground networks that are almost impossible to find and take down," says Cole.

He advises that the best--and perhaps only--defense against darknets is a combination of network security best practices (such as firewalls, intrusion detection systems and intrusion prevention systems) and keeping intellectual property under lock and key. In addition, he says, companies should enact a security policy called "least privilege," which means users are given the least amount of access they need to do their jobs. "Usually if a darknet is set up it's because an individual has too much access," Cole says.

---

Re:I know the question we're all asking ourselves:

What the heck is a darknet?

The first rule of the darknet is that you never talk about the darknet!

Darknets

[ledow]

For those that are asking, a darknet is used in this context as a closed P2P system (i.e. you, your mates, your mates' mates and others by invitation only sharing what you have with each other over the internet).

Reminds me of something me and my brother used to do. We wanted to play a game online over the Internet but didn't want to sign up to yet-another online gaming service (The Zone or something it was called). We both had legit copies of the game, we both had internet connections and we just wanted to play online against each other. We couldn't do a straight TCP/IP connection for some reason or another so the only options left in the software were LAN, Modem or this Zone thing.

So what we did was set up PPTP between our routers, assigned nearby IP addresses on both sides that routed across the connection and played a "LAN" game over the Internet. As far as I can see this was a type of darknet if you like.

If we'd had non-legit copies, many games of the era would let you plan LAN without the CD so long as one player had the CD but not across the Internet. Or, say we'd cracked or VirtualCD'd the CD so that neither of us had a legit copy but could still play online. Then this sort of "PPTP darknet" would be used to let groups of friends without the legit CD to play over the Internet without needing the authorisation or intervention of the person running the gaming servers.

A further thought, bringing it up to the modern day, would suggest that things like Steam could be played over this sort of "PPTP darknet" as a LAN game (connecting to PC's spread over the internet, all disconnected from the "real" internet and bypassing restrictions on who / what is allowed to play)?

It's a interesting idea, sort of like a hidden black market for the internet (which I'm assuming is where the name comes from). As companies crack down on people lending movies to their friends and similar other quite legitimate activities, things like this are going to appear, translated from the real world where this happens all the time to the Internet.

It seems to me that these sorts of things have existed for a while, though. I've heard that things like paedophile rings are already using such tactics? Detection is much, much harder than for a centrally administered P2P network. The only way to detect is to infiltrate the network itself, which is basically social engineering?

They'll Never Learn!

[TheZorch]

You can't teach the RIAA anything. They think they can stop P2P file sharing but the truth is all their legal efforts are driving it underground...where it was before Napster appeared.

There are a lot of very talented techies out there who can come up with some astonishing new tech. A fully encrypted P2P service that masks a user's IP address would make it hard for "the man" to find those who are illegally filesharing. Also, the hacker community can adapt to changing situations faster than any corporation. This is because they aren't hindered by office politics, ethics, patant and copyright compliance and legal compliance. They operate above the law, so it was really no surprise to me when Slashdot ran the story of the trojan that exploited the cloaking ability of Sony's DRM.

I wasn't surprised one bit.

Because of Grokster and others the RIAA bring down a new, bigger, and better P2P service will emerge with multiple layers of custom encryption, IP address masking, and no central server that can be distrupted. You could even block ports at the ISP level and they'll adapt again to support multiple ports at once. Its a loosing battle they just don't get it yet.

Why do you think Internet Security and Antivirus Industies are racking in so much money these days. They DON'T want to see the hacker put in jail because if all the security threats cease and no more viruses are being made they are all out of a job. It a multi-billion dollar industry.

The RIAA is utter and completely out of their league.

Can't stop the signal

[macemoneta]

There are so many ways to abuse TCP/IP that it's impossible to stop data exchange unless you block all traffic. Heck, you can even communicate using ping, as in:

HOST1: ping -c 1 -p facedead12349876 host2
PATTERN: 0xfacedead12349876

HOST2: tcpdump -x ip proto \\icmp and src host host1
11:41:51.646216 IP host1 > host2: icmp 64: echo request seq 0
0x0000: 4500 0054 0000 4000 4001 1af7 8752 0886 E..T..@.@....R..
0x0010: 8752 0888 0800 4550 242d 0000 cf6c 7743 .R....EP$-...lwC
0x0020: 25e5 0900 face dead 1234 9876 face dead %........4.v....
0x0030: 1234 9876 face dead 1234 9876 face dead .4.v.....4.v....
0x0040: 1234 9876 face dead 1234 9876 face dead .4.v.....4.v....
0x0050: 1234

Sure, you'll see a lot of icmp traffic, but odds are most network folks won't considering the pad data in a ping to be payload.

It's like the old ppp over email implementations. Connectivity means data transfer. If some journalist or newbie network admin thinks otherwise, then it's just that much easier.