Cryptographic technologies of network anonymity and online payments allowed criminals to create a black market where they sell and buy drugs, stolen and counterfeit goods, and not only that. In response, the police and other law enforcement agencies are improving their technology, moving their raids and other operations to the network space.
The term "darknet" appeared long before the emergence of Tor and cryptocurrencies, back in the 70s. It refers to the connection of nodes with each other using non-standard protocols and ports, which allows for a high degree of anonymity. It should not be confused with the "Deep Web", those web pages that are not indexed by search engines. The combination of these two technologies will give us another Internet that requires special programs or at least browser extensions to access. Here we will not write about exactly how to do this, there is more than enough information on the Web about this — the article is devoted to cases and methods of countering illegal trade via the Internet.
On December 24, 2016, the Maltese police arrested eight users for selling fake euro notes over the Internet. At the same time, the suspicion remained that most of the network of counterfeiters remained at large. Banknotes of 20, 50 and 100 euros were sold for 30% of their face value, and payment could be made in bitcoins. 160,000 euros received from the Maltese digital currency exchange were confiscated. Europol deputy director Wil van Gemert said that " anonymity has given criminals a false sense of security." The operation to search for counterfeiters began in January 2015, and involved police officers from countries such as Italy, Austria, Germany, Portugal, France, Spain, Lithuania, Sweden and the Netherlands.
On February 18, 2017, the police of the Finnish capital Helsinki arrested 16 drug dealers at once. According to law enforcement officials, an "intensive investigation as part of a secret operation" helped, and Tor encryption did not stop them.
Irish police officers managed to find and solve a smuggler who sold weapons. On March 15, 2017, law enforcement officials reported that American Michael Andrew Ryan sold a total of 18 Berettas, glocks and revolvers to buyers from Ireland, England, Scotland and Australia. He was detained as a result of a joint operation between the FBI and Irish Customs.
On March 28, 2017, the Danish police announced that they are developing their own system called EC3, which matches the activity in the Deep Web with the user's cryptocurrency activity. Investigator Ehrenstrup said that "traces always remain, and criminals cannot remove them." The system resulted in the arrest of 150 users purchasing prohibited goods and two court sentences. A 22-year-old young man was sentenced to 4 years in prison, and a 23 — year-old-to 8 years. Danish police officers held an international conference on their method, which attracted the interest of police officers from other European countries, as well as the United States.
The police department in the US city of Boston in early January 2017 launched a new program that compares data from the Deep Web and social networks. According to the plan, the development of the program will cost $1.4 million. Commissioner Evans said in an interview with Boston Radio that it is "a necessary tool of the rule of law that will help keep our neighborhoods safe from violence and terrorism, prevent human trafficking, and protect children from pedophiles." Documents obtained by the Boston Globe showed that the software will show police the geolocation of possible offenses in real time. Previously, American police have successfully closed Silk Road, Silk Road 2, Black Market Reloaded and many other underground markets.
1. Cars will not replace the good old police investigation
Once investigators detect drug-related activity in the real world, they will be interested in what is being done online. Surveillance and covert operations allow you to identify the points where the real and virtual worlds meet. For example, the arrest of Ross Ulbricht in 2013 occurred when he used a public Wi-Fi network, which coincided with the appearance of the Silk Road administrator in the virtual space.
2. Getting data from open websites
Drug dealers use their deep-cover websites only as stores, searching for customers in public networks. This makes dealers much more vulnerable. By law, owners of publicly accessible websites must pass on any information of interest to the police. For example, five users of the Reddit forum who discussed buying and selling prohibited goods on r / darknetmarkets were detained after the Reddit administration gave out their contact details. And the same Ulbricht left his email address in some places in connection with Silk Road.
3. Interception of mail items
Law enforcement agencies are working with delivery companies and post offices to investigate suspicious packages. Police can also take the number of a suspicious item to track down the recipient.
4. Big data and machine learning
Using large amounts of data, police identify connections that would not otherwise be possible. They take into account IP addresses and online information, draw conclusions and gradually train artificial intelligence on them. This is an expensive and complex system, but its use pays off.
5. Cash Flow Tracking
Although the bitcoin cryptocurrency has a high degree of anonymity, the weak point is the purchase or sale of digital currency. The police can request data from bitcoin exchanges, who and when made transactions with the cryptocurrency. Law enforcement officers also cooperate with banks for this purpose.
One of the most well — known solutions in the field of monitoring illegal bitcoin turnover is Elliptic, which we wrote about back in August. The project cooperates with financial institutions and law enforcement agencies. Our Wirex payment blockchain service also interacts with Elliptic.
6. Working undercover
Often, police agents gain confidence in the administrators of banned sites, as well as pose as sellers, retail and wholesale buyers.
7. Hacking
Modified software commissioned by the police or the FBI is widely used to identify users of the Deep Web. For example, this is exactly how a large illegal forum was opened — FBI employees introduced a vulnerability in it that forwarded users ' IP addresses "where necessary".
As practice shows, the anonymity of users of the "dark side" of the Internet can be overestimated. Attackers from the Deep Web remain unpunished only as long as law enforcement agencies do not begin to take countermeasures, which are often based not on the latest machine learning technologies, but on classical investigative methods.
The term "darknet" appeared long before the emergence of Tor and cryptocurrencies, back in the 70s. It refers to the connection of nodes with each other using non-standard protocols and ports, which allows for a high degree of anonymity. It should not be confused with the "Deep Web", those web pages that are not indexed by search engines. The combination of these two technologies will give us another Internet that requires special programs or at least browser extensions to access. Here we will not write about exactly how to do this, there is more than enough information on the Web about this — the article is devoted to cases and methods of countering illegal trade via the Internet.
Police operations in Europe
In December 2015, German police from Leipzig confiscated a large batch of drugs with a total weight of more than 210 kilograms from two sellers. Experts estimated the delivery at 4.25 million US dollars. To date, this is the largest batch of drugs confiscated from Deep Web dealers.On December 24, 2016, the Maltese police arrested eight users for selling fake euro notes over the Internet. At the same time, the suspicion remained that most of the network of counterfeiters remained at large. Banknotes of 20, 50 and 100 euros were sold for 30% of their face value, and payment could be made in bitcoins. 160,000 euros received from the Maltese digital currency exchange were confiscated. Europol deputy director Wil van Gemert said that " anonymity has given criminals a false sense of security." The operation to search for counterfeiters began in January 2015, and involved police officers from countries such as Italy, Austria, Germany, Portugal, France, Spain, Lithuania, Sweden and the Netherlands.
On February 18, 2017, the police of the Finnish capital Helsinki arrested 16 drug dealers at once. According to law enforcement officials, an "intensive investigation as part of a secret operation" helped, and Tor encryption did not stop them.
Irish police officers managed to find and solve a smuggler who sold weapons. On March 15, 2017, law enforcement officials reported that American Michael Andrew Ryan sold a total of 18 Berettas, glocks and revolvers to buyers from Ireland, England, Scotland and Australia. He was detained as a result of a joint operation between the FBI and Irish Customs.
On March 28, 2017, the Danish police announced that they are developing their own system called EC3, which matches the activity in the Deep Web with the user's cryptocurrency activity. Investigator Ehrenstrup said that "traces always remain, and criminals cannot remove them." The system resulted in the arrest of 150 users purchasing prohibited goods and two court sentences. A 22-year-old young man was sentenced to 4 years in prison, and a 23 — year-old-to 8 years. Danish police officers held an international conference on their method, which attracted the interest of police officers from other European countries, as well as the United States.
International Police Operation Hyperion
From October 22 to October 28, 2016, a large-scale police raid took place, which was called "Operation Hyperion". It was attended by law enforcement officers from the United States, Britain, the EU, Canada, Australia, and New Zealand. As a result, 3,000 drug buyers were identified and detained in Sweden alone, and six sellers were arrested and given ten-year prison sentences. In New Zealand, 160 people were interrogated as a result of the operation. In the United States, more than 150 people were summoned for questioning by the FBI, and in Canada, one drug dealer was arrested. The operation not only uncovered many cases of illegal trade. Law enforcement officers also learned a lot about smuggling routes and data encryption methods.Police actions in North America
Canadian law enforcement officers in August 2015 ordered the development of a search robot that studies the depths of the Deep Web. It searches for offers of illegal goods and services. Development funding is provided by the Government of Canada. The Royal Canadian Mounted Police (RCMP) stated:: "We are going to explore the deepest and darkest corners of the Internet to identify anything that poses a threat to national security." The software part was prepared by Mercur IT Solutions, which has already cooperated with the police before. Also in Canada, on August 30, 2016, a woman was detained who bought a deadly radioactive element, polonium-210, via the Internet.The police department in the US city of Boston in early January 2017 launched a new program that compares data from the Deep Web and social networks. According to the plan, the development of the program will cost $1.4 million. Commissioner Evans said in an interview with Boston Radio that it is "a necessary tool of the rule of law that will help keep our neighborhoods safe from violence and terrorism, prevent human trafficking, and protect children from pedophiles." Documents obtained by the Boston Globe showed that the software will show police the geolocation of possible offenses in real time. Previously, American police have successfully closed Silk Road, Silk Road 2, Black Market Reloaded and many other underground markets.
How exactly do they search for criminals on the Deep Web
Currently, the police use several methods of searching for criminals at once. The RAND Europe Research Institute has prepared a short review on this topic:1. Cars will not replace the good old police investigation
Once investigators detect drug-related activity in the real world, they will be interested in what is being done online. Surveillance and covert operations allow you to identify the points where the real and virtual worlds meet. For example, the arrest of Ross Ulbricht in 2013 occurred when he used a public Wi-Fi network, which coincided with the appearance of the Silk Road administrator in the virtual space.
2. Getting data from open websites
Drug dealers use their deep-cover websites only as stores, searching for customers in public networks. This makes dealers much more vulnerable. By law, owners of publicly accessible websites must pass on any information of interest to the police. For example, five users of the Reddit forum who discussed buying and selling prohibited goods on r / darknetmarkets were detained after the Reddit administration gave out their contact details. And the same Ulbricht left his email address in some places in connection with Silk Road.
3. Interception of mail items
Law enforcement agencies are working with delivery companies and post offices to investigate suspicious packages. Police can also take the number of a suspicious item to track down the recipient.
4. Big data and machine learning
Using large amounts of data, police identify connections that would not otherwise be possible. They take into account IP addresses and online information, draw conclusions and gradually train artificial intelligence on them. This is an expensive and complex system, but its use pays off.
5. Cash Flow Tracking
Although the bitcoin cryptocurrency has a high degree of anonymity, the weak point is the purchase or sale of digital currency. The police can request data from bitcoin exchanges, who and when made transactions with the cryptocurrency. Law enforcement officers also cooperate with banks for this purpose.
One of the most well — known solutions in the field of monitoring illegal bitcoin turnover is Elliptic, which we wrote about back in August. The project cooperates with financial institutions and law enforcement agencies. Our Wirex payment blockchain service also interacts with Elliptic.
6. Working undercover
Often, police agents gain confidence in the administrators of banned sites, as well as pose as sellers, retail and wholesale buyers.
7. Hacking
Modified software commissioned by the police or the FBI is widely used to identify users of the Deep Web. For example, this is exactly how a large illegal forum was opened — FBI employees introduced a vulnerability in it that forwarded users ' IP addresses "where necessary".
As practice shows, the anonymity of users of the "dark side" of the Internet can be overestimated. Attackers from the Deep Web remain unpunished only as long as law enforcement agencies do not begin to take countermeasures, which are often based not on the latest machine learning technologies, but on classical investigative methods.
