Cybercrime and the dark web: tracking down criminals
Cybercrime has become increasingly known among regular internet users, governments, and companies in the last few years, even though law enforcement authorities have been fighting cybercriminals for decades. The purpose of this article is to show cybercrime as a fast-evolving crime committed through the most modern technologies and difficult to investigate and prosecute, particularly when it originates from the depths of the dark web.
While the definition of cybercrime varies within jurisdictions, it is commonly accepted that it is an act that violates the law, perpetrated using information and communication technologies to target networks, systems, data, websites, and technology. It was introduced for the first time as a predicate offense of money laundering through Directive (EU) 2018/1673, which adds another layer of protection and obliges banks and other financial institutions to further safeguard their systems and the financial products of their clients.
An interesting element that distinguishes cybercrime from conventional crime is that it is borderless. A wide range of criminal activities can be committed by these means, which are not restricted to one jurisdiction but rather take place simultaneously in different countries. Some of these include, for example, attacks against information systems, phishing, spoofing, but also online fraud and forgery, selling drugs, and even commercializing child sexual abuse material. The possibilities are endless, and criminals are reinforcing their systems every day to avoid detection by law enforcement authorities.
An overall explanation of the internet is necessary to understand the infinite possibilities criminals have. The most common access point is called the surface web that contains the regular web pages and applications a common person will access daily, and that bots can index. This also includes documents and media files that can be simply accessed via search engines, such as Google or Bing. The second access point is the deep web. Although commonly believed to be dangerous, it is rather harmless and also easily accessible. It consists of sites that require entering a CAPTCHA for access, or articles available only by subscription. The main intention is to limit bots from indexing their content and to add an extra layer of security.
The third point is known to be a dark place plagued with illegal content. The dark web connects darknets, which are networks with restricted access used mostly for illegal purposes. They are invisible to common search engines or browsers; the sites that operate here usually end in “.onion’ and can only be accessed anonymously or with the use of encryption and special software. The average person does not know how to access the dark web and, even if accomplishable, its internal system is quite complex since it requires the user to know the links to marketplaces and other content beforehand. This creates the perfect place for criminals to offer illegal services such as drugs, arms, contract killers, stolen data, falsified documents, or sexual acts of all kinds. It is also used by people in need of secrecy and anonymity, such as dissidents or whistleblowers.
There are several laws in place aimed at holistically tackling cybercrime, particularly on a European level, but cybercrime’s reach is so vast that eradicating it is rather difficult, not to say impossible. Some estimate that the average number of connected devices per household in 2022 is 22 and that by the end of 2022 the number of connected devices will be 13.1 billion. These numbers translate virtually into endless possibilities for criminals to, at least, attempt to steal data from a person or hack their devices. Nowadays, criminals have more chances than ever to perform their attacks.
One interesting method by which law enforcement authorities can track and detect cybercriminals is OSINT, which stands for Open-source Intelligence, and consists of collecting information from public sources to conduct an investigation. Millions of data are left on the internet, which can be traced using simple online and publicly-available tools such as OpenCorporates or Wayback machine. This sometimes serves as the perfect starting point, especially when the individual under investigation has left crucial information in public forums, usernames, or social media accounts. An interesting example of this is the case of Ross Ulbricht, who ran the infamous dark web market called Silk Road from 2011 to 2013.
This digital market offered illegal goods, particularly a variety of drugs. During the investigation, it was found that a user online named “Altoid” made a post on a forum for drug users, referencing Silk Road. Eight months later, “Altoid” posted a job ad on a Bitcoin forum indicating that interested parties could contact a specific email address. He was ultimately charged with drug trafficking, computer hacking, and money laundering and Silk Road was ultimately shut down. Unfortunately, this marketplace served as a template for future ones with reinforced security. Dark web users, nowadays, make sure to use Virtual Private Networks (VPNs) that disguise their identities online by bouncing the IP addresses through servers located in multiple nations, making it difficult and time-consuming for law enforcement to conduct investigations.
OSINT investigations can, nonetheless, find useful information through specialized dark web OSINT tools that enable safe access to the dark web and help build a clearer picture of the information found therein. A comprehensive internet-based investigation should be nurtured with information found as well in the surface and deep web. It is interesting to note that OSINT can be done exclusively manually, although it presents several limitations.
For instance, it is advisable to have a separate computer for conducting these investigations, with up-to-date protection software and a VPN or other software used to hide the IP address and provide full anonymity. Additionally, it is necessary to create a separate account on every social media site that intends to be used. In sum, it is a time-consuming process. For this reason, there are tools developed nowadays to perform a thorough search through the internet that creates several social media accounts automatically and that can provide a report with the main findings. Whatever approach is taken, it is important to make sure that the investigation is as thorough as possible.
While this helps investigate and prosecute some of the criminals, cybercrime is far from being fully tackled. There are constant news reports about hacks, data theft, or identity theft targeting different actors. Despite the high publicity given to these news, people do not seem to be fully aware of the true implications of cybercrime. For instance, hacking and releasing destructive malware can be used as a powerful weapon during international conflicts such as the alleged use of ransomware by the Russian military intelligence causing power blackouts in several parts of Ukraine in 2015 and 2016, or ransomware attacks on Ukrainian and Polish transportation and logistics organizations.
It is important to highlight that banks and other financial institutions have specialized knowledge in fighting several kinds of cybercrime. Particularly, cybercriminals are interested in stealing large amounts of money or customer data from institutions or trying to put them out of operation through cyberattacks. Clients, on the other hand, commonly suffer from receiving spam mail or phone calls by someone impersonating bank staff attempting to request personal information that will lead to stealing the funds from the account. Therefore, clients must not disclose login information to anyone regardless of the communication method, particularly by phone or email, and to make sure to have installed proper security updates in connected devices and constantly check the account balance to make sure their financial products are safe.
Banks and other financial institutions have an essential role as gatekeepers, bearing in mind as well the number of financial resources and personal information they have in their systems. These organizations must keep constant vigilance on their online banking systems to make sure it is secure and updated and to report suspicious activity to the Financial Intelligence Units or law enforcement authorities in case of attempted cyberattacks. Furthermore, they must provide proper training to staff to make sure that there is awareness of the implications and extent to which cybercrime occurs and to better safeguard the institution’s financial activity.
The European Union has given increasing attention to cybersecurity for several reasons, the threat to hack governments being most likely the main one. The EU will likely start implementing a new cyber defense policy to boost its defense capabilities as well as strengthen coordination and cooperation between the military and the civil cyber communities and enhance crisis management. It is yet to be seen whether Member States will provide further cooperation with the European Commission and set up implementation plans after the implementation of this proposal. This will lead to possible changes and adjustments for financial institutions in enhancing their response to cybercrime.
This article has explained how complex cybercrime is. Cybercriminals are no longer considered the typical hacker locked up in a basement, but rather criminals working through complex organizations with far-reaching and borderless powers. They have worked in developing the most advanced software to protect their identities while conducting their criminal activities, whether it be selling illegal content online or hacking connected devices. This means that society in general, including governments and institutions regardless of their nature, needs to keep up with the protection of their online systems to be able to respond to developing threats.
It is necessary to raise awareness about what cybercrime is and its different forms, particularly how to react when receiving phishing emails or alerts about breaches of online banking systems. Prevention is extremely important, but once a cybercrime has been committed OSINT can be a useful tool that allows tracking criminals online whenever they have left traces of information on the internet. In sum, it is essential to take a proactive approach to fight cybercrime, which can affect millions of lives and even be used as a weapon during war times. It is yet to be seen whether future legislation will be able to meet the fast-paced development of cybercrime and whether cybersecurity will be able to be one step ahead of criminals.