Blog post

The “dark web” is used to publish Medibank data. What is that?

The dark web has made headlines as thousands of Australians have their privacy exposed on blogs and forums by hackers from Medibank and Optus.

Hundreds more Medibank customers are preparing to have their medical history published there later this week after hackers promised to release more information on their blog.

What is the dark web? Why do authorities have trouble tracking criminals who use it?

One Internet

The dark web is just the internet with added steps to make it more anonymous, says veteran cybersecurity consultant Troy Hunt.

In other words, it’s the same internet we all use, but some people use different technologies to hide their identity and location.

“It’s really the web, a part of the web that has many similarities, including HTML and HTTPS addresses,” Hunt said.

“But TOR is, by design, an anonymity-focused network.”

What is often referred to as the dark web generally refers to a subsection of the web accessible by people using The Onion Routing (TOR) network, originally developed for the US Navy in the 1990s and eventually refined in the TOR browser.

The goal, as stated on the TOR Foundation website, was to overlay encrypted network traffic so that it would be very difficult for anyone to determine where – or who – the web data came from.

It was a remarkable success. TOR is now used around the world for all sorts of purposes, from simple anonymous web browsing to shopping in marketplaces selling illegal goods.

Mohiuddin Ahmed, senior lecturer in cybersecurity at Edith Cowan University, said the system works by bouncing encrypted traffic between servers, making it very difficult for anyone to track down a source location.

“The servers are owned by individuals and groups who wish to remain anonymous, so it’s very difficult to know where the data is coming from,” he said.

“The TOR network hops between many networks before the traffic finally reaches its destination.”

morally neutral

Mr Hunt said one of the big misconceptions about TOR is that it is somehow inherently unethical, largely because it has been so closely associated with the sale of illegal things such as personal data.

Instead, he says, it’s more helpful to think of TOR as a morally neutral technology that’s used by people around the world for a variety of reasons, some innocuous and some clearly not acceptable.

“Encryption is very handy if you want to send your credit card over the internet,” Hunt said.

“There are always those use cases where we may not have things we want to hide, but we may have things we don’t want to share. Understanding that moral neutrality is important.

Dr. Ahmed warned anyone trying to use TOR that they could encounter gruesome material, or even increase their risk of being hacked.

“If you do anything without maintaining cyber hygiene, you could be the next victim,” he said.

“Cybercriminals are not only laying traps for victims in the ordinary surface web, but also in the dark web.”

The authorities are struggling

Authorities have difficulty tracking down criminals who use the technology. In the case of the Medibank hackers, a simple blog is being used to commit one of the most serious personal data crimes in Australian history.

It is difficult in practice for authorities to track these people down because TOR effectively hides where their connections, and in some cases their web servers, originated in the first place.

And even when they can determine an approximate location, it’s often in countries like Russia where hopes of carrying out further investigations with the support of local authorities are, in practice, remote.

But as Mr. Hunt said, that doesn’t mean it’s impossible. US, European and Australian authorities have successfully hunted down dark web markets and shut them down.

For example, the infamous arrest of Silk Road founder Ross Ulbricht didn’t happen because investigators hacked into the dark web, but because his username was linked to a separate forum where he posted his full name and email address years earlier.