Thursday, November 3, 2016

FBI: A Primer On DarkNet Marketplaces - What They Are And What Law Enforcement Is Doing To Combat Them

The FBI released the below information:

Last week, the FBI joined a number of other U.S. law enforcement agencies in Operation Hyperion, a successful international action aimed at disrupting the operations and infrastructure of illicit DarkNet marketplaces.

The initiative was the brainchild of the Five Eyes Law Enforcement Group (FELEG), an international coalition of law enforcement agencies from Australia, Canada, New Zealand, the United Kingdom, and the United States who share criminal intelligence and collaborate on operations to combat transnational crime. FELEG has a number of working groups that concentrate on specific criminal or functional areas, and one of those groups—the Cyber Crime Working Group—focuses on identifying the sophisticated perpetrators operating key criminal services in the cyber underground marketplace.

But what are these underground marketplaces, and what exactly is the DarkNet? To understand both, you first have to have a basic understanding of the entire Internet.

First, there’s what’s known as the Clear Web, or Surface Web, which contains content for the general public that is indexed by traditional search engines (like websites for news, e-commerce, marketing, collaboration, and social networking). The FBI’s own public website is part of the Clear Web.

But there is a vast amount of web content out there on the Internet, and much of it is not indexed by traditional search engines—that part of the web is known as the Deep Web. Its content is still available to the general public, but it’s harder to find unless you have the exact URL. Examples of Deep Web content are websites and forums that require log-ins, websites that don’t allow for indexing or aren’t linked to anything, and databases.

And finally, there’s the DarkNet, which is a subset of the Deep Web. DarkNet content is not indexed and consists of overlaying networks that use the public Internet but require unique software, configuration, or authorization to access. And this access is predominately designed to hide the identity of the user.

There is some criminal activity—like fraud schemes—that takes place on the Clear Web and on the Deep Web. And there are some legitimate uses—and users—of the DarkNet. But because of the anonymity it offers, many criminals and criminal groups gravitate toward the DarkNet, often doing business through online marketplaces set up for nefarious purposes.

What’s available for sale through illicit DarkNet marketplaces? Typically, products and services involve child sexual exploitation; drugs; guns; chemical, biological, and radiological materials and knowledge; stolen goods; counterfeit goods; and computer hacking tools. Payment for these goods and services is usually through virtual currency like bitcoin, also designed to be anonymous.

On illicit DarkNet marketplaces—just like on legitimate online marketplaces on the Clear Web—buyers can also provide feedback on products and services, communicate through internal messaging, and take part in website forums. The difference, of course, is that the feedback, internal messaging, and forums on DarkNet marketplaces focus on topics like the quality of child pornography images, the potency of a particular poison, or the speed at which a cache of guns is mailed to its buyer.

Screenshot of a listing taken from the website of an illicit DarkNet marketplace featuring the various categories of illegal merchandise that buyers can browse through.

Shown is a screenshot of a listing taken from the website of an illicit DarkNet marketplace featuring the various categories of illegal merchandise that buyers can browse through.

In its investigative efforts against DarkNet marketplaces, the FBI—much like in our other criminal priorities—focuses its resources not on individual criminals but on the most egregious criminal organizations and activities.

Illicit DarkNet marketplaces, by their very nature, are difficult to penetrate. But not impossible. The Bureau, with its partners, uses all available investigative techniques to target buyers, sellers, marketplace administrators, and the technical infrastructure of the marketplaces themselves. And we have had success doing it.

For example, in November 2014, federal law enforcement took action against more than 400 hidden service DarkNet addresses, including dozens of illicit marketplace websites operating on what is known as the Onion Router, or Tor, network, which was designed to make it practically impossible to physically locate the computers hosting or accessing websites on the network. One of the most prolific websites taken down as a result of those investigative activities was Silk Road 2.0—and the website’s operator was arrested and charged.

Successes like this are vital. Yes, they allow us to dismantle illicit websites and go after those responsible for them. But they also enable us to develop actionable intelligence on other websites, criminals, and criminal organizations. And the knowledge we gain from these investigations helps us create more sophisticated investigative tools to shine a brighter light into criminal activity. 

1 comment: