Internet 'Cloaking Device': Why Crooks and Cops Both Love TOR

April 19, 2012 -- Until it was busted this week, an Internet drug ring doing business in 34 countries, all 50 states and the District of Columbia, eluded law enforcement by using TOR, an encrypted computer network developed for--and used by--the federal government.

The U.S. Attorney's Office for the Central District of California in Los Angeles says eight of the ring's kingpins—six from the U.S. and one each from Argentina and the Netherlands—have now been arrested. All face federal drug trafficking and money laundering charges.

The bust was a result of a coordinated effort by the DEA, the Department of Justice's Office of International Affairs, the U.S. Postal Service, and, overseas, by officials in Columbia, Scotland, and in the DEA's country office in the Hague.The two-year effort, code-named Operation Adam Bomb, targeted "The Farmer's Market," described by the U.S. Attorney's office as a "secret on-line narcotics marketplace" that in just two years processed some 5,256 orders for controlled substances valued at over $1 million.

The substances included LSD, MDMA (ecstasy), fentanyl, mescaline, ketamine, DMT, and high-end marijuana.The Farmer's Market, offered buyers the same customer-friendly e-features familiar to anybody who has ever bought a sweater or a book on Amazon.com. According to the feds' 66-page, 12-count indictment, Farmer's provided a "controlled-substances storefront" that included order forms, on-line forums and customer service. Its operators screened all sources of supply and guaranteed delivery of the illegal drugs; they also facilitated communications between buyers and sellers.

The site made money by charging a commission based on the value of each order. Payment options included Western Union, Pecunix, PayPal, I-Golder and cash.

Such sites are part of the "Dark Web"—a furtive corner of the Internet used for deals in drugs, guns, fake IDs, child pornography, and other illicit or illegal goods.

"Illegal narcotics trafficking now reaches every corner of our world, including our home computers," said U.S. Attorney Andre Birotte, Jr., in a statement. "But the reach of the law is just as long."

The goal of busts like the one successfully concluded, he said, is to "make the Internet a safe and secure marketplace by rooting out and prosecuting those persons who seek to illegally prevent and exploit that market"—no matter where they may hide.

Farmer's Market had been extremely good at hiding. It concealed its transactions and customer identities by using sophisticated strategies and software—including the TOR network, a so-called anonymizer originally developed by and for the U.S. government. TOR today can be downloaded to any computer for free from the Internet. By bouncing messages back and forth between an array of thousands of encrypted servers around the world, it permits users to mask their true identities.

TOR was created in the 1990s by the U.S. Naval Research Laboratory as a method for hiding government communications. In 2005, according to the Boston Globe, TOR's operations were entrusted to a not-for-profit based in Massachusetts that gets its funding ($1.3 million a year) from the State Department , the National Science Foundation and from other federal agencies.

Runa Sandvik, a TOR developer based in Europe, says the network today is widely used not only by crooks, but by "normal people who want to protect their privacy," including political dissidents in Syria and Iran whose lives depend on their ability to conceal their identities from their governments. Journalists, journalists' sources, and law enforcement itself also use TOR. Witnesses in protection programs use it. So does the U.S. intelligence community and the U.S. military. According to Sandvik, there are approximately 600,000 daily users of the network, most of them in the U.S., Germany and Iran.

She says she understands why people "might not be too happy" that criminals use TOR.

So far, the U.S. government has taken no steps to restrict public access to the network, she says. "We still get our projects funded."

If TOR really can provide perfect anonymity, how did the Feds get around it to bust the Farmers' Market?

Chester Sisniewski, a senior security adviser with Sophos, a security software company, thinks they may not have had to. Farmer's was shipping packages of drugs. That meant there was a physical delivery chain to follow—via UPS or the Post Office, say. Some criminals, says Sisniewski, may have been "stupid enough to be shipping to or from their house."

Others in the ring may have included in their communications some detail--an alias, say, that they might have used years ago to buy a car or to sign up for an online game--that law enforcement could have used to match them to their true identity. Their exposure might thus have been the result of nothing more high tech than what he calls "old fashioned gumshoe work."

It's also possible, he speculates, that somebody might have forgotten to use the anonymizer or pushed the wrong button, thereby sending out an unencrypted message. "TOR isn't the easiest thing in the world to use. It's easy for someone to trip up."

Law enforcement then would have seen the un-cloaked transmission and said: "'Bingo!' He's using TimeWarner Cable, and he's in Manhattan."