The web is often described as cyberspace. Hold that image, and then travel into deep space – the dark web. You might see what looks like Saturn, surrounded by rings. But look closer and you’ll find it’s a black hole protected by onion rings.
Enter Tor (the name is an acronym for ‘the onion ring’). It was developed so users can surf the internet in privacy, making it very, very hard for third parties – including law enforcement agencies – to monitor. There is common sense behind criminals using Tor to protect themselves.
Now G-Data claims to have found an example. “The botnet owners placed their C&C server, which uses the common IRC protocol, as a hidden service inside of the Tor network”, it recently wrote in a blog. This has several advantages for the operators. The service is anonymous, so even if the C&C server is found, it won’t reveal its owner – nor can it easily be taken down. And since the traffic itself is encrypted, it isn’t easily blocked by intrusion detection systems.
The main disadvantage is that the problems inherent to Tor (latency and a degree of unreliability) are introduced to the botnet. But since the FBI has already said that it cannot track the deep space of the dark net, we may soon see – or not see – more of these hidden botnets.