Dark Internet Fundamentals

Dark Internet Fundamentals

Summary: We all think we know the internet - the service that has magically transmitted these words from my keyboard to your eyeballs - but how much do you know of the fundamentals?As I wrote about last year, the plumbing of the internet is surprisingly basic.

SHARE:

We all think we know the internet - the service that has magically transmitted these words from my keyboard to your eyeballs - but how much do you know of the fundamentals?

As I wrote about last year, the plumbing of the internet is surprisingly basic.

"..although we tend to think of it as a “network of networks” consisting of millions of private, public, business, government and academic networks, once you go global the fundamental plumbing pipes are surprisingly fat and few."

The implications for those relying on the internet to deliver their data through cloud solutions are significant: if the cables are cut you won't be able to access it. In the west there are alternative routes through which your information can find its way to you but for those further away from the backbone this is a significant issue. Since companies are increasingly global the implications of disruption is very significant....we are 'relying on wires less than 10 centimeters in diameter to connect us all together' as this excellent map of 'the internet's undersea world' from the UK Guardian illustrates.

The internet is predicted to double in size every 5.32 years, and this exponential growth includes more redundant alternative routing...but it's still sobering to realize that, like your electric power, an outage can leave you stranded and looking at a blank browser window.

Future Warfare

Georgia (the country in the Caucasus region of Eurasia between Western Asia and Eastern Europe, not the American state) is in an uneasy standoff with Russia and is a harbinger of the shape of future warfare. In August of last year Georgia was in armed conflict with Russia and separatist groups from South Ossetia and Abkhazia.

Many of Georgia's internet servers fell under external control or were the subject of crippling 'Distributed Denial of Service' (DDoS) attacks during this period. You can track the attacks historically through shadowserver.org, and while it appears that Russian 'patriotic elements' were collaborating to attack Georgia in 'cyberspace', they may well have been an informal proxy of the attackers.

Botnets (infected computers are named robots, shortened to bot) are informal networks of remotely controlled computers. The first bots were developed by exploiting a messaging facility within Internet Relay Chat (IRC) intended to allow the control of PCs remotely. DDoS attacks are orchestrated by mobilizing thousands of infected computers to attack a target, flooding the bandwidth and resources to render the target inoperable.

This form of distributed unwitting collaboration allows many pc's to make light work of mobbing the resources of target servers. Estonia, a pioneer of 'eGovernment' and a sophisticated highly wired country, effectively had its entire internet connectivity disabled in 2007 in what is now known as the 'Estonian Cyberwar'.

This case of what appeared to be state sponsored cyberwarfare is studied intensively by many countries, military planners and increasingly by large corporations.

The Deep Web

Running in parallel to the internet crawled by Google and therefore fully searchable lies a far more vast - by some estimates five hundred times the size of the known internet - online space. Darknets accessible through services such as freenet.org are concealed from non users, while the deep web is the vast universe of hidden web sites and their associated databases and web services.

This is where the international trade in deploying botnets, identity and credit theft, spam, malware distribution, illegal forms of pornography and other illicit information and artifacts are transacted, a vast, loosely coupled collaboration network. The poster child 'baddest of the bad' organization operating at this level internationally are the Russian Business Network (commonly abbreviated as RBN), but there are many other more shadowy organizations of collaborators.

While the modern Web 2.0 browser user benefits from the sophistication of information mash ups of distributed information, there is a darker side to using these technologies, and exploitable loopholes in the code.

It's these sorts of realities - the dark forces which have always lurked in society - which keep IT security professionals awake at night, aware of the potential for shadowy collaborators to attack.

Image: Internet Mapping Project, Bell Labs/Lumeta Corporation

Topics: Browser, Networking, Security

About

Oliver Marks & Associates provides seasoned, technology agnostic independent consulting guidance to companies on effective Digital Enterprise Transformation business strategy, tactics, infrastructure & technology decisions, roll out and enduring use models and management.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Head in the clouds? Visibility = ZERO

    "The implications for those relying on the internet to deliver their data through cloud solutions is significant: if the cables are cut you won?t be able to access it."

    I've been saying this for years. From a security and disaster preparedness standpoint, only the most idiotic of companies would use cloud computing/SAAS/internet distributed resources if real time access to their data and processing is a critical success factor for their business.

    "According to a survey of small businesses located in the Gulf Coast region, in the aftermath of Katrina, 37 percent of those surveyed were without broadband service for more than five business days and 25 percent of those businesses reported losses of over $25,000 due to their lack of Internet
    connectivity", http://business.hughesnet.com/resources/white-papers/hurricane-preparedness-for-small-business, 30 Nov 09.

    Also from the same article, "A study by the American Red Cross found that 40% of small businesses never reopen after a major disaster."

    While the paper mentions use of satellite broadband to bypass down land communications nodes, it ignores the possibility of the cloud provider being down; and, being dedicated to examination of natural disasters, does not touch on malicious attacks.
    Dr_Zinj
    • After the Oklahoma bombing...

      ...something like 78% of the small businesses within a several block radius of the FBI building went bankrupt. The FBI cordoned off the area and would not allow anyone in or out. With their accounts payable/receivable systems and client lists locked physically out of reach they were forced to declare bankruptcy. This would not have happened in a cloud scenario. For each argument against the cloud there is one for. IMHO, the best possible solution is a combination of local and cloud services, but for some all in the cloud may be the way to go. Like those bankrupt WTC companies that had their DR sites in the other tower...
      914four
  • RE: Dark Internet Fundamentals

    "We all think we know the internet - the service that has magically transmitted these words from my keyboard to your eyeballs - but how much do you know of the fundamentals?"

    Enough to know it's a bunch of baling wire and duct tape.

    Multiple languages with poorly thought out APIs and security tacked on as an afterthought, built upon protocols that are too easily abused - it's amazing it works at all.

    "The implications for those relying on the internet to deliver their data through cloud solutions is significant: if the cables are cut you won?t be able to access it."

    Hence why the past few years I've been trying to push the idea that we should go to a hybrid model, not a pure cloud model. The "ideal" that many are pushing is, frankly, far from ideal.

    "by some estimates five hundred times the size of the known internet"

    I'd say the vast majority of it is not the underground activity, but rather private and corporate LANs. It's pretty easy to create your own network these days. Consumer routers are cheaper and far faster than broadband modems, and many large corporations have their large and extensive networks.
    CobraA1
  • RE: Dark Internet Fundamentals

    Back in the 1980s I worked on a network for a small financial organisation with many country-based offices. In those days, network capacity and quality (at least outside large cities) was not very reliable, so we had to design a system with sufficient locally stored data, refreshed from head office at intervals, so that business could continue if the network went down. Since those days, I have viewed remote storage, especially when outsourced, with deep suspicion.
    A very good read is Michael Connelly's "The Scarecrow" whose central theme is the abuse of a server farm for very nasty purposes.
    JimTheGeordie
  • RE: Dark Internet Fundamentals

    Great piece. Thumbs up for you!
    callandor87