Chapter 4 - Facilitators and relevant factors

4.2 Anonymisation tools - Overview

Anonymisation tools are widely used by many Internet users for a range of purposes; some have a simple desire for privacy, others require anonymity to avoid detection, persecution or prosecution.

There are many methods to hide or obscure one’s origin or identity on the Internet. In terms of tools and technologies specifically designed for anonymity, although diverse in how they may ultimately function, these tools can be roughly grouped into three classes: (simple) proxies, virtual private networks (VPNs) and Darknets.

Darknets are networks which operate within the Deep Web [156]. The first Darknet - The Onion Router (more commonly referred to as TOR) - was invented in 1995 by the US Navy for the purpose of protecting US government communication. Now publicly available, today TOR is one of the most widely used and well known anonymisation tools. These services also offer additional functionality using the same architecture such as secure messenger software (e.g. Torchat).

Although the most heavily adopted, TOR is only one of several Darknet services. Freenet and the Invisible Internet Project (I2P) are also popular and offer similar anonymisation opportunities, although they operate using alternative protocols.

In addition to the anonymisation of communications, Darknets also offer the possibility to anonymise content, such as the Hidden Services discussed in chapter 3.1. Darknets are also increasingly being used to host botnet Command and Control infrastructure [157]. The use of Darknet in such a way makes it difficult for LE to locate and seize the servers.

The use of anonymisation tools is ubiquitous amongst the cyber underground. VPNs followed by TOR are the most commonly encountered form of anonymisation used by cybercriminals. The use of simple (one layer) proxies would appear to be in decline, with only a handful of jurisdictions reporting their use. In some cases suspects will stack several levels of anonymisation using multiple VPNs, proxies and TOR for maximum security at the expense of performance.

The use of encryption is also becoming increasingly commonplace. Encryption is commonly used in secure communications including applications such as PGP, VOIP, TOR and VPNs and is becoming a standard protection feature in many products, such as e-wallets for virtual currencies. Both the public and industry are also increasingly using encryption to protect their digital assets in the event of a cyber attack. However, in addition to weaponising encryption in the form of cryptoware, cybercriminals are increasingly using encryption to protect their data, thereby frustrating forensic analysis and evidence gathering from seized media by law enforcement.