The InterPlanetary File System (IPFS) is a Web3 technology designed to enable decentralized storage of resources on the internet. When content is stored on the IPFS network, it is mirrored across many systems that participate in the network, so that when one of these systems is unavailable, other systems can service requests for this content.
IPFS stores different types of data, such as the images associated with NFTs, resources used to render web pages, or files that can be accessed by internet users. IPFS was designed to be resilient against content censorship, meaning that it is not possible to effectively remove content from within the IPFS network once it’s stored there.
Users that wish to access content stored within IPFS can do so either using an IPFS client, or they can make use of “IPFS Gateways” which effectively sit between the internet and the IPFS network to allow clients to access content hosted on the network. This functionality is similar to what Tor2web gateways provide to access contents within the Tor network without requiring a client installation. Anyone can set up an IPFS gateway using a range of publicly available tools. When systems use IPFS gateways to access contents stored on the IPFS network, they typically rely on the same HTTP/HTTPS-based communications used to access other websites on the internet.
IPFS is currently being leveraged to host phishing kits, which are the websites that phishing campaigns typically use to collect and harvest credentials from unsuspecting victims. In one example, the victim received a PDF that purports to be associated with the DocuSign document-signing service. In this case, the PDF hyperlink was pointing to an IPFS gateway that moderated the content to protect potential victims and displayed the following message to victims attempting to navigate to it. However, the content is still present within the IPFS network, which allows threat actors to simply change the IPFS gateway being used to retrieve the content.