fbpx

[This article is originally published in phys.org written by Frédéric Garlan - Uploaded by AIRS Member: Deborah Tannen] 

For years criminal websites shrouded in secrecy have thrived beyond the reach of traditional search engines, but a group of French engineers has found a way to navigate this dark web—a tool they don't want to fall into the wrong hands.

"We insist on this ability to say 'no'," Nicolas Hernandez, co-founder and CEO of Aleph Networks, says at the company's offices near Lyon, in the heart of France's Beaujolais wine country.

He said Aleph refused 30 to 40 percent of licensing requests for its "Google of the dark web," based on reviews by its ethics committee and input from its government clients.

Most web users never venture beyond the bounds of sites easily found and accessed with casual web surfing.

But people and sites seeking anonymity can hide behind layers of secrecy using easily available software like Tor or I2P.

These sites can't be found by searching: instead, users have to type in the exact URL string of often random characters.

In an authoritarian regime, a protest movement could use the secrecy to organize itself or connect with the outside world without fear of discovery.

But the dark web is also ideal for drug and weapon sales, people-smuggling and encrypted chat-room communications by terrorists.

When Aleph's co-founder Celine Haeri uses her software to search for "Glock", the Austrian pistol maker, several sites offering covert gun sales instantly pop up.

A search for Caesium 137, a radioactive element that could be used to create a "dirty" nuclear bomb, reveals 87 dark web sites, while another page explains how to make explosives or a homemade bazooka.

Arms smugglers find the dark web particularly useful

Arms smugglers find the dark web particularly useful

"Some even advertise the stars they've gotten for customer satisfaction," Hernandez said.

Uncharted territory

Over the past five years, Aleph has indexed 1.4 billion links and 450 million documents across some 140,000 dark web sites.

As of December, its software had also found 3.9 million stolen credit card numbers.

"Without a search engine, you can't have a comprehensive view" of all the hidden sites, Hernandez said.

He and a childhood friend began their adventure by putting their hacking skills to work for free-speech advocates or anti-child abuse campaigners while holding down day jobs as IT engineers.

Haeri, at the time a teacher, asked for their help in merging blogs by her colleagues opposed to a government reform of the education system.

The result became the basis of their mass data collection and indexing software, and the three created Aleph in 2012.

They initially raised 200,000 euros ($228,000) but had several close calls with bankruptcy before finding a keen client in the French military's weapon and technology procurement agency.

"They asked us for a demonstration two days after the Charlie Hebdo attack," Hernandez said, referring to the 2015 massacre of 12 people at the satirical magazine's Paris offices, later claimed by a branch of Al-Qaeda.

Terror atttacks in 2015 focused French authorities minds on the dark net

Terror attacks in 2015 focused French authorities' minds on the darknet

"They were particularly receptive to our pitch which basically said if you don't know the territory—which is the case with the dark web—you can't gain mastery of it," Haeri added.

Ethical risks

The ability to covertly navigate the dark web is a holy grail for security services trying to crack down on illicit trafficking and prevent terror attacks.

The US government's Defense Advanced Research Projects Agency (DARPA) has been working on a similar project, called Memex, for years.

Aleph plans to soon add artificial intelligence capabilities to its software, which would recognize images such as Kalashnikov rifles or child abuse victims, or alert businesses to potential copyright infringement.

Its revenues are expected to reach around 660,000 euros this year, a figure it hopes to double in 2019.

That has attracted the attention of investors as Aleph steps up efforts to add more private-sector buyers to its roster of government clients.

But as more people and businesses start using Aleph's search engine, the risk increases that criminal organizations or hostile governments will eventually gain access.

The challenge will be to grow while setting out clear guidelines for handling the thorny ethical questions.

But Hernandez insisted he would remain vigilant, comparing his role to that of the "Protectors of the City" in ancient Greek democracies.

Categorized in Deep Web

Thanks to fake Gmail sign-in pages, hackers were able to dupe John Podesta and the entire Clinton campaign.

According to Naked Security, a technique known as spear phishing was used to hack into John Podesta and the entire Clinton campaign’s account. This hacking technique involves using fake Gmail sign-in pages and security alerts to trick the owner of the email into revealing his or her password to the person attempting to hack into the Gmail account. 

The Smoking Gun reports that when it came to John Podesta’s Gmail account, he received an email alert telling him that someone was trying to access his account from an unusual location. Basically, the email he received was asking him to change his password to secure his account.

With this hacking technique, John and the entire Clinton campaign was duped into believing the fake security alert and using the fake Gmail sign-in pages to give their login information directly to the hacker. From there, the hackers were able to log in to the Gmail accounts of anyone who used the fake Gmail sign-in page and do whatever they wanted to with the account.

Townhall reports that government officials using their private emails in order to avoid their emails becoming public record has become a very common occurrence. The hacking of Hillary Clinton and John Podesta’s private Gmail accounts put these two in the spotlight, but a former top State Department official acknowledges the fact that this is something nearly every government official does in order to avoid their conversations being a matter of public record.

Townhall goes on to report that the former State Department official claims that if something would be done to stop government officials from using their private email accounts for work-related matters, the issues with hacking wouldn’t have been a problem to begin with.

Nashville Chatter reports the same group of Russian hackers that was believed to have developed the fake Gmail sign-in pages and security alerts that hacked the Clinton campaign is responsible for a recent Microsoft bug as well. Microsoft was given a grace period of a week before Google’s Threat Analysis group made a public announcement about the vulnerability that was exposing people to malware attacks.

Terry Myerson, the executive VP of Microsoft Windows, claims a sophisticated group of hackers was exploiting a Microsoft bug. This group of hackers has since been identified as the same group who caused the DNC and Clinton campaign data breaches. Microsoft is currently working on fixing the bug, but Terry Myerson is urging Windows users to upgrade their operating systems to Windows 10 in order to protect their devices from this potential threat.

Microsoft is currently working with Adobe and Google in order to create security patches to protect the lower levels of Windows. There are several versions of the security patches currently being tested. These patches will be released on November 7 for Windows users.

Do you find it embarrassing that government officials were hacked by nothing more than fake Gmail sign-in pages and security alerts? More importantly, do you think government officials should be able to use their private Gmail accounts in order to avoid their conversations becoming public record? Share your answers to these two questions in the comments section below.

Source : inquisitr

Categorized in Internet Privacy

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media