What exactly is the Dark Web?
The Dark Web is basically a collection of websites that are visible to the public, but hide the IP addresses of the servers that are running them. The sites can be visited by anyone, but accessing a website over the dark web requires a pre-shared knowledge of the address. It is hard to find out who is behind them and they cannot be found using search engines like Google.
Most sites on the Dark Web hide their IP addresses by using the TOR anonymity network’ to hide their location and encrypt their network traffic. TOR is an onion router which means that messages are encapsulated in layers of encryption. The encrypted data is then transmitted through a series of network nodes called onion routers, each of which "peels" away a single layer and uncovers the data's next destination. This means that the only systems that know the source or destination of the data is the first and last node to receive the data. Anonymity is granted to users as it is impossible to intercept communications sent over the network.
People who use the internet for everyday things are often surprised to discover that the Dark Web is part of the ‘Deep web’. The Deep Web is estimated to be over 500 times the size of the ‘clear web’ and is unindexed. This includes data which is not indexed by search engines, DNS servers, etc., and is estimated to be over 6 petabytes in size, (6000 terabytes).
The Dark Web is perhaps most infamous for the things that can be purchased on it. The original version of Silk Road for example was a well-known place to buy drugs and many of the weapons bought illegally online are on the Dark Web.
In some ways the Dark Web can also be regarded as a type of privileged channel which is used by citizens living inside totalitarian regimes. The Dark Web allows these operators to work in relative safety and is a vital tool to allow them to avoid the censorship imposed by such states. Journalists also use the Dark Web to communicate with sources, do research and publish controversial articles anonymously. By using the Dark Web a reporter can research safely and not attract unwanted attention.
Another way for the Dark Web to be used in a positive way is for charities to communicate with victims of abuse. By communicating via the Dark Web a victim can remain hidden from their abusers and use a much needed secure line of communication.
The Problems created by the Dark Web
Terrorist groups and organised crime groups cannot function without communicating and it is this that provides law enforcement and intelligence agencies with opportunities to monitor and disrupt their activities. By enabling these groups to anonymise their communications, the Dark Web can impede a vital strand of traditional investigation. The onion address is not shared with anyone outside of the organisation and will be changed regularly to ensure that it is not discovered. These sites are also monitored actively by their owners to ensure that no outsiders are gaining access.
In effect, the Dark Web is almost impossible to police due to its architecture, which is why there is so much hype about cybercrime via this medium.
The police scour the Dark Web as much as possible, but it’s like finding a needle in a haystack, except you are fully aware that you can’t access 95% of the haystack anyway. Criminals are caught now and again on the Dark Web, but those using it correctly are almost impossible to catch.
Adding to the difficulty faced by the police is the fact that criminals use multiple mediums to anonymise themselves, such as renting servers using Bitcoins in countries with no extradition or intelligence sharing treaties such as Panama or Switzerland. Once you combine the use of the Dark Web with some of these other techniques, it is certain that the authorities will focus on where getting a conviction is more likely.
Criminals using the Dark Web are not totally out of reach of law enforcement, but those using it with an effective communication security regime will be very difficult to detect and be almost impossible to catch. It’s really a case of luck, or lack of it in the case of the criminals.
Where could the Police start?
As with anything, knowledge is key and cybercrime is no exception. Police need to learn what makes hackers and other cybercriminals tick, what motivates them, what are their methods, and where do they hang out. It is possible to get a foot into this world by immersing yourself into the culture. A good place to start is to scour universities for those with the right skillsets. They could recruit talented young people to give them a window into the culture. Team them with seasoned investigators and allow their combined skills to develop into an effective unit.
The Cyber Security Challenge is often a good source for the best and brightest talent in the cyber security arena. The Cyber Security Challenge is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more EU citizens to become cyber security professionals.
Intelligence can be gathered covertly on the dark web, yes it is difficult to identify individuals, but intelligence can be gathered around their activities, aliases and associations; a good place to start are forums where hackers like to communicate with each other, 4chan and Reddit are good for this. Intelligence gathered from these sources could show signs of criminal intent or provide leads. Conversations made on these forums could mention an incident reported on the news, giving police a place to start with their investigations. The important thing to bear in mind is that eventually, a lot of cybercrime comes into the real world and this is where cybercriminals are at their most vulnerable. When this happens there are perpetrators, victims and witnesses, vital evidence and intelligence can be lost without skilled interviewers with a good level of understanding of the subject they are now involved in.
For further assistance the police can also use the services of cyber security companies like PGI who provide cyber security training and who can provide expert advice on the cybercrime issue. At PGI, we monitor the cyber threat to identify instances of attack planning and network breaches, key indicators of targeted systems or individuals, as well as prospective vulnerabilities, all to give invaluable intelligence.
PGI’s Bristol based Cyber Academy offers the most sophisticated training on the market in techniques for cyber defence, cyber threat intelligence analysis and organisational leadership roles.
PGI also provides courses for senior police officers to help them understand the cyber threat. The Advanced Threat Methodology, Executive Cyber Awareness and Operational Digital Forensics courses are aimed at senior level as it is this level that needs to be educated if progress in the struggle against cybercrime is to be made.