By BROOKS TIGNER
KRAKOW – According to expert estimates, the web sites visited each day on the internet by the majority of users constitute less than 5 percent of the cyber-environment’s total resources. The rest resides in the more difficult-to-access area known as the “dark” or deep web and is mainly the lair of organised crime groups and terrorists. This is where crypto-currencies, arms and human trafficking transactions, child pornography and especially massive levels of financial fraud take place.
As debated during the 9-10 October Cybersec 2017 conference here, Europe’s police and law enforcement agencies face arduous obstacles in their efforts to track who uses the dark web, how to gather evidence of wrong-doing and how to ensure that prosecution of cyber criminals leads to actual conviction and jail sentencing.
Those obstacles fall into legal and technical categories, explained a panel of dark web experts during Cybersec.
“One of the biggest legal problems is trans-border cooperation and the acquisition of data from second states: it’s not happening enough,” said Bogdan Święczkowski, first deputy to Poland’s prosecutor general.
Another problem is the court system’s lack of expertise, he said. “The judicial sector is very conservative regarding anything on-line. It calls for the training of judges to learn how to use cyber-evidence in a case. That is something that needs to be tackled and carried out internationally in Europe,” observed Święczkowski.
Even within a country cooperation between stakeholders is too low. “A big issue for Polish prosecution is that other institutions – insurers or banks – don’t want to hint at the scale of the problem in their sector. They prefer to hide things under the carpet rather than admit they have lost money. It is a major problem for us,” he told the Cybersec gathering.
Side-stepping the cooperation issue, speaker Michael Krupinski, acting CEO of Warsaw-based Bank Pekao, said is difficult for a financial institution to find out whether an attack is by state-backed players, organised crime or a lone wolf individual. “The level of sophistication is always increasing – so much so that it is just about impossible to identify all the threats,” he said.
While he admitted the risks are “very difficult” to assess in his sector, he asserted that “we can work on pieces of information that are out there” in the dark web.
According to Krupinski, up to 50 percent of all dark web information is related to the financial sector. “This makes solutions [against financial cyber criminals] quite difficult, but the upside is that we are able to see specific trends – who is trading what at what price. This helps us plug leakages. And we can track the dark web to prepare for a release of malware.”
The other set of obstacles revolve around the dark web’s size and anonymity. The most common tool for operating in the dark web is TOR, software that enables a user to tracelessly navigate and communicate across the internet. That, combined with virtual currencies such as Bitcoin, creates near-perfect conditions for crime.
Then there is dark web’s sheer scale, as explained by Lajos Antal, head of risk services at consultant Deloitte’s office in Budapest.
“We have seen significant change in the dark net’s size and transactional nature in the last three years,” said Antal. “Its users are becoming very advanced in their business platforms by, for example, using trusted third parties for their payments and services. The entire economy on the dark net is going up.”
Święczkowski agreed, noting that such exchange sites have tripled their activities on dark net in recent years. But despite the odds, he also argued that Europe’s police and law enforcement agencies (LEAs) are finding ways to fight back.
“Passive measures won’t do it,” he said. “We have to organise activities in the dark net to create undercover police who can obtain the court evidence. As for the dark net’s encrypted character, there are tools for intercepting this. We need to train police and special forces to obtain evidence offensively. It’s also important to get prosecutors directly involved in the analysis of Bitcoin payments and the various steps of money-laundering.”
Antal agreed that the dark web’s financial criminals can be brought to justice – if criminal investigations are accompanied by financial ones. “At some point there will be a cash-out [by the criminals]. That means you need all the experts – police and prosecutors – working at local level with the financial entities involved.”
One future solution to help demolish anonymity on the internet, for example, will be the uptake of IP Protocol 6, which will allow the allocation of only one user per IP address – a big step forward in cracking down on IP abuse.
As for criminal versus innocent dark web surfing it is pretty obvious that, as a first measure, each EU nation needs to define whether the dark net’s use is legal or illegal – or at least make it very clear to user-citizens that certain kinds of cyber behavior and sites visited on the dark web will be grounds for prosecution. Has any member state given this any thought?
As for international cooperation, one of the main issues is whether, for covert purposes of speed, the LEA of one EU country could gain direct access to IP information in another without notifying the latter’s authorities.
That is probably a pipe-dream.