How to catch criminals in the Deep Web

Cryptographic technologies of network anonymity and online payments allowed criminals to create a black market, where they sell and buy drugs, stolen and counterfeit goods, and not only. The police and other law enforcement agencies in response, improve their technology, transferring their raids and other operations to the network space.

The term " darknet " appeared long before the emergence of Tor and cryptocurrency, back in the 70s. It refers to the communication of nodes with each other using non-standard protocols and ports, which allows for a high degree of anonymity. It should not be confused with the Deep Web , those web pages that are not indexed by search engines. The combination of these two technologies will give us another Internet, for access to which we need special programs or at least browser extensions. Here we will not write about how exactly to do this, there is more than enough information on the web - the article is devoted to cases and methods of countering illegal trade via the Internet.

Police operations in Europe

In December 2015, two sellers of German police from Leipzig confiscated a large shipment of drugs weighing more than 210 kilograms. Experts estimated the supply at 4.25 million US dollars. Today it is the largest consignment of drugs, confiscated from dealers Deep Web.

On December 24, 2016, the Malta police arrested eight users for selling fake euro bills online. At the same time, there was a suspicion that the majority of the network of forgers remained at large. Banknotes of 20, 50 and 100 euros were sold for 30% of their nominal value, and payment could be made in bitcoins. 160,000 euros obtained from the Maltese digital currency exchange were confiscated. Europol Deputy Director Wil van Gemert said that "anonymity gave the criminals a false sense of security." The search for counterfeiters began in January 2015, and police officers from Italy, Austria, Germany, Portugal, France, Spain, Lithuania, Sweden and the Netherlands took part in it.
')
On February 18, 2017, the police in the Finnish capital Helsinki immediately arrested 16 drug dealers. As law enforcement officials said, “an intensive investigation into a secret operation” helped, and Tor’s encryption did not stop them.

Irish police were able to detect and uncover a smuggler selling arms. On March 15, 2017, law enforcers reported that American Michael Andrew Ryan sold a total of 18 “Berettes”, “Glock” and revolvers to customers from Ireland, England, Scotland and Australia. He was detained as a result of a joint operation by the FBI and Irish customs.

On March 28, 2017, the Danish police reported on the development of their own system called EC3, which compares the activity in the Deep Web with the cryptocurrency activity of the user. Investigator Aerenstrup said that "the traces always remain, and the criminals cannot remove them." The result of the system was the arrest of 150 users who purchase prohibited goods and two court sentences. A 22-year-old young man was sentenced to 4 years in prison, and a 23-year-old to 8 years. The Danish police held an international conference in their own way, with the interest of police from other European countries, as well as the United States.

International Police Operation Hyperion

From October 22 to October 28, 2016, a large-scale police raid took place , which was called “Operation Hyperion”. It was attended by law enforcement officers from the United States, Britain, the EU, Canada, Australia, New Zealand. As a result, in Sweden alone, 3,000 drug buyers were identified and detained, six sellers were arrested and received ten-year prison sentences. In New Zealand, 160 people were questioned at the end of the operation. In the US, more than 150 people were summoned for interrogation by the FBI; in Canada, a drug dealer was arrested. During the operation, not only revealed many cases of illegal trade. Militiamen also learned a lot about smuggling routes and data encryption methods.

Police actions in North America

In August 2015, Canadian law enforcement officers ordered the development of a search robot that studies the depths of the Deep Web. He is looking for offers of illegal goods and services. Development funding is provided by the Government of Canada. The Royal Canadian Mounted Police (RCMP) said: "We are going to explore the deepest and darkest corners of the Internet to determine everything that is a threat to national security." The software was prepared by Mercur IT Solutions, which has already cooperated with the police before. Also in Canada, on August 30, 2016, a woman who bought the deadly radioactive element, polonium-210, was detained .

The police department in the US city of Boston in early January 2017, launched a new program that compares data from the Deep Web and social networks. According to the plan, the development of the program will cost $ 1.4 million. Commissioner Evans said in an interview for Boston Radio that this is "a necessary tool of legality that will help keep our areas from violence and terrorism, prevent cases of human trafficking and protect children from pedophiles." Documents received by the Boston Globe showed that the software will show the police the geolocation of possible offenses in real time. Earlier, US police have successfully closed Silk Road, Silk Road 2, Black Market Reloaded and many other underground markets.

How exactly are criminals looking for in the deep web

Currently, the police use several methods to search for criminals. The RAND Europe Research Institute has prepared a brief overview on this topic:

1. Cars will not replace the good old police investigation.

As investigators discover drug-related activities in the real world, they will become interested in what is being done online. Observation and covert operations allow you to identify those points where the real and virtual worlds meet. For example, the arrest of Ross Ulbricht in 2013 occurred when he used the public Wi-Fi network, which coincided with the advent of the Silk Road administrator in virtual space.

2. Retrieving data from open websites

Drug traffickers use their deeply secret sites only as shops, searching for customers in public networks. This makes dealers much more vulnerable. By law, the owners of public sites should transmit to the police any information of interest. For example, five Reddit forum users discussing the purchase and sale of prohibited goods on r / darknetmarkets were detained after the Reddit administration issued their contact details. And the same Ulbricht here and there left his email address in connection with Silk Road.

3. Interception of mailings

Law enforcement agencies work with delivery companies and post offices to investigate suspicious packages. Police officers can also take the number of a suspicious item to track the recipient.

4. Big data and self-learning machines

Using large amounts of data, police identify connections that would not be possible to establish in other ways. They take into account IP-addresses and online information, drawing conclusions and gradually teaching them artificial intelligence. It is an expensive and complicated system, but its use pays off.

5. Tracking cash flow

Although Bitcoin cryptocurrency has a high degree of anonymity, the weak point is the purchase or sale of digital currency. The police can request data from Bitcoin exchanges, who and when made transactions with cryptocurrency. Militiamen also cooperate with banks for this purpose.

One of the most well-known decisions in the field of monitoring Bitcoin trafficking is Elliptic, which we wrote about in August. The project collaborates with financial institutions and law enforcement agencies. Our payment blockchain service Wirex also interacts with Elliptic.

6. Undercover work

Often, police agents are in the confidence of the administrators of prohibited sites, as well as portray sellers, retail and wholesale buyers.

7. Hacking

Customized police or FBI software is widely used to identify Deep Web users. For example, it was in this way that a large illegal forum was uncovered - FBI employees introduced a vulnerability in it that sent "where needed" IP addresses of users.

As practice shows, the anonymity of users of the "dark side" of the Internet is overvalued. Criminals from the Deep Web go unpunished only until law enforcement begins to take countermeasures, which are often not based on the latest technology of machine learning, but on classical methods of investigation.