Good old DARPA. They just want to help keep ‘us’ (i.e. not us, the rich) safe. But at least a couple of programmers are taking their money and using it to strike a blow for interwebs normals like us (the real us):
“Hacker culture is dying. A scene that used to be replete with anticorporate sentiment and profreedom ideals is being sold out by cybersecurity capitalists more concerned with making a quick buck selling ways to exploit computers, websites and phones than actually protecting Web denizens.”
The team at Hyperion Gray have developed a crawler called PunkSPIDER that searches the Web and Deep Web for vulnerabilities dodgy types might exploit to steal data. The Deep Web is that part of the broader network hidden to most of us (Google etc included): databases, protected sites, government stuff, academic stuff, military stuff… and of course, the criminal and creepy part called the Dark Web.
Interestly, when PunkSPIDER made its rounds in May, the security tool only found about 7100 ‘.onion’ sites (accessible via the Tor anonymous browsing method) in total. In fact its entire scan finished in just three hours, and it would seem that:
“the number of Hidden Services [Tor network sites] up at any time has been greatly overestimated”
I guess that’s a… good thing?
Being the Dark Web, there were a number of sites found offering illegal content including, “a weird subset of child porn … it’s a really bad one”. Needless to say, destroying paedophile and human trafficking networks, for example, is certainly crucial and the fewer of them the better. But it’s not just perverts and drug dealers – the Tor network is used by the likes of political dissidents and human rights activists too, where any web activity absolutely must be anonymous and secure, so perhaps there should be more?
In any case, in the context of the NSA and Five Eyes destruction of privacy it’s hard to get too optimistic. The good thing is, though, while Google and Facebook offer bounties and criminals sell exploit info for big dollars, the exploits found by the PunkSPIDER crawl are reported for free:
“Security should not be just for the upper echelons. We really believe this information should be made freely available.”
Maybe there is hope.