CCIS PhD Student and Professor Discover Snooping in Dark Web

December 2, 2016

By Mackenzie Nichols

In the vast space of the Internet, there exists another dimension called the dark web. Amirali Sanatinia is one researcher who works with his PhD advisor, Professor Guevara Noubir, to study this dimension through the anonymous platform Tor to suss out which users are acting maliciously. The two have discovered that many users inside this space misbehave. At conferences in August and in October, the two shared their findings with top researchers and academics, and received media attention and praise for their work.

“These [users] can be anyone,” Sanatinia says. “Since there is no notion of identifying these people, that’s where the problems are. We wanted to research how much of this is going on so that we can make Tor more secure.”

Sanatinia, a PhD student at Northeastern University’s College of Computer and Information Science, started working with Professor Noubir on the project in February of 2016 by setting up what are called “honions,” websites in the dark web that attract and capture malicious users. If they found that users were gaining access to the honions, those users were referred to as “snoopers”. After publishing these honions, Sanatinia and Noubir quickly found out that users were able to access them – meaning that there are potentially malicious users inside Tor.

“Honions are private websites, and if they get access then I know they are the snoopers” Sanatinia says. “For instance, if I share information with you, and if I see that the information is being shared, then I know you are the person who released this information.”

Originally created to give free internet access to those in oppressed countries, Tor has benefits and pitfalls. One benefit is the level of privacy that Tor offers. If a user does not want to be tracked, for instance by Google and Amazon, they can use Tor to remain anonymous. Tor offers a secure connection for journalists and activists alike to search the web without being detected. One major pitfall, Sanatinia says, is that this means users can surf the web and discover and share illegal websites used for drug trafficking and black markets such as The Silk Road.

“This snooping [that we found] is not a result of an anomaly,” Sanatinia says. “It has been going on for much longer than that.”

At the Def Con conference in Las Vegas in August 2016, Sanatinia and Noubir released their findings for the first time, and left a lot of people in the audience wanting to know more. Nearly 20,000 people attended the conference, including security researchers, media personnel, and academics. At the IEEE Conference on Communications and Network Security in Philadelphia in October, Sanatinia and Noubir presented to academics from the all over the world, sharing their findings on the level of snooping that is occurring. The snoopers can be anyone who is running a volunteer relay, ranging from government agencies and law enforcement to other academics and researchers.

“Tor depends on the honest behavior of the volunteer relays,” Sanatinia says. “These volunteers aren’t being exactly honest, and are snooping into users. We are interested in the level of snooping. Operators should not do that, and the main objective is to research this.”

Sanatinia has been in contact with “Tor People,” a group who runs the domain, and he says that the Tor team is aware of the snooping. Sanatinia and Noubir are interested in collaborating with them to improve the accuracy of identification of the snoopers, and to help design for a better future for Tor.

“The main idea is to improve the privacy infrastructure, and in general the level of privacy and anonymity,” Sanatinia says. “Taking people out of the snooping makes it more anonymous, so we are interested in keeping that anonymity [for users].”

As for working with Professor Noubir at CCIS, Sanatinia says it has been great to work with him, and that he likes CCIS as a college because of its dynamic research environment, growth in size and ranking, and the hiring of great faculty.

“Guevara has been a tremendous and great mentor in skills not solely academic but in life as well,” Amirali says. “This [research] wouldn’t be possible without him.”