How the dark web spurs a spying 'arms race'

Frank Gardner
Security correspondent

image copyrightPA
image captionDark web networks let people conceal who they are and where they are

It's a technological arms race, pure and simple.

That's how Jamie Bartlett, author of The Dark Net, sums up the constantly evolving battle in cyberspace between terrorists and the intelligence agencies trying to discover their hidden communications.

"The unbelievable growth in widely available (encryption) software will make their job much harder," he said.

"What it will mean is a shift away from large-scale traffic network analysis to almost old-fashioned intelligence work to infiltrate groups - more and people on the ground as opposed to someone on a computer in Cheltenham."

Hidden signals

Where do you go if you want to communicate in secret without being intercepted and eavesdropped on?

In the Second World War there was Enigma, the German cipher machine eventually decoded by Britain.

There was also steganography, the art of shrinking and concealing information inside objects such as microdots, usually only detectable by those who knew exactly where to look.

In Cold War days spies sat next to each other on park benches or left secret messages to be picked up later in "dead letter drops" behind objects such as flowerpots or in crevices in walls.

In the 1990s extremist groups used satellite phones and faxes to communicate, with paper messages from Osama Bin Laden in Afghanistan churning out of a fax machine operated in North London by his UK representative. Already that sounds almost prehistoric.

For close to two decades now the internet has been the river through which most terrorist communications flow, hiding amongst the legitimate, the ordinary, the innocuous or the just conventionally criminal. So how, I asked Sir David Omand, the former Director of Britain's GCHQ spy agency, do they conceal them?

image copyrightSPL
image captionThe Allies turned to technology to help break the German Enigma enciphering machine

"They have a wide range of options and... they can hide in the sheer volume of the internet," said Sir David. "There is an enormous variety of applications that ride on the internet that can be used to communicate, including games. You can hide in and communicate in a multiplayer game."

Staying anonymous

Increasingly, terrorists as well as law-abiding citizens are using ways of staying anonymous online, with two of the most popular tools being virtual private networks (VPNs) and Tor, popularly known as "the dark web" or "the dark net".

"The dark net, the part of the internet that requires anonymisation software, is probably where they go to share their videos, the ghastly beheading videos," said Sir David. "So that they can do that anonymously and can't be traced back and then, when they're ready, they can upload that kind of video material to the open internet so that media can then pick it up."

Tor, aka "The Onion Router" is free software that allows users to browse online without revealing either their identity (through their IP address) or their location by rerouting their messages through confusing layers.

It now has over 2.5 million daily users, of which only a tiny fraction are likely to be engaged in terrorism.

Since the former CIA employee Edward Snowden fled to Russia in 2013 and revealed how western intelligence agencies are engaged in wide-scale surveillance, more and more ordinary citizens are turning to easily available encryption tools.

Put simply, they don't want somebody else reading their messages. But with volumes like that, it is becoming easier for organised criminals, paedophiles and terrorists to hide amongst the crowd.

"One thing we do know is that terrorists are using the Tor browser, an anonymous browser that allows its users to not give away their IP address, and we know they use various types of secure communications, encrypted messages etc, essentially anything they can find that will make it harder for the authorities to monitor," said Mr Bartlett.

image copyrightAFP
image captionIn some nations Tor has helped opposition groups avoid official persecution

In practice, this means that a jihadist from IS in Raqqa, in northern Syria, for example, can use a VPN or Tor to appear to be communicating online from a completely different part of the world. Many of IS's followers are acutely aware they are at risk of being monitored and the group's more technologically savvy members post advice online on how to avoid detection.

"They share practical advice," said Mr Bartlett. "They say download Tor and don't put personal details on social media. Make sure you are using Tails - an operating system that makes it hard to know what is being downloaded onto a computer."

Benign uses

There is, of course, another side to all this. Software encryption and rerouting that can help conceal terrorist communications also works for journalists, civil rights and democracy activists under threat of censorship or imprisonment.

"Tor is absolutely essential in countries like China, Iran and Saudi Arabia where the network is censored or controlled, said Gregoire Pouget, head of new media at the advocacy group Reporters Without Borders. "In order to evade censorship we explain to journalists how to use it. We even have an agreement with Tor."

The dark web sounds sinister and it certainly does hide a multitude of very dark dealings. But the sheer volume of ordinary people now using it as a matter of course have inevitably pulled it closer into the mainstream of digital communications.

The more people who use it, the easier, in theory, it will be for terrorists to hide their own messages amongst its terabytes of data. But the dark web does have benign uses and while it presents a growing challenge to counter-terrorism authorities this is a phenomenon that is unlikely to disappear anytime soon.

More on this story

Related Internet Links

The BBC is not responsible for the content of external sites.