Hackers Scan All Tor Hidden Services To Find Weaknesses In The 'Dark Web'
If you go down to the deep web today, you’ll be following hot on the heels of a digital beast. In a matter of hours last week, the entire semi-anonymising Tor network, where activists and criminals alike try to hide from the gaze of their respective authorities, was traversed by PunkSPIDER, an automated scanner that pokes websites to uncover vulnerabilities.
Created by Alejandro Caceres and his girlfriend-cum-business partner Amanda Towler, PunkSPIDER, which provides a simple Google-like search tool for weaknesses in the vast number of indexable websites that exist today, has turned its gaze to Tor-based sites. The plan is to help improve security across the “dark web”, one of its numerous disputed noms de guerre. But the creepy crawler could aid law enforcement, who might not want exploitable bugs on illegal sites patched by their criminal operators. Such flaws might offer investigators a path into the server and, with the right warrants, be useful for future investigations.
One vulnerable site crawled by PunkSPIDER contained particularly egregious content, “a weird subset of child porn”, Caceres told FORBES. “After looking through them there is at least one that we’d like to share with law enforcement before releasing it publicly. This is the one case where we actually don’t want the website administrator to fix their site before someone in law enforcement hacks it – trust me, it’s a really bad one.” Caceres and Towler head up Hyperion Gray, a research organisation currently working on the Memex search project, set up to create search tools for the dark web. It’s already being used by law enforcement agencies to trace human trafficking. Memex is run by the US military’s research arm, Darpa.