The dark web is often believed to be out of the reach of law enforcement officers. However, as we explained in our recent webinar, criminals couldn’t be more wrong.
How can law enforcement police the dark web?
That was the question we addressed in our eye-opening dark web investigation webinar. By looking at real-world cases and the latest investigative techniques, we explained how officers can tap directly into this goldmine of intelligence using our dark web investigation tool, Cerberus. We also delved into the reasons behind the popularity of The Onion Router (Tor) – the browser of choice for criminals engaging in illicit trades on the dark web – and explored the migration of certain threat actors, specifically drug networks, to I2P and ZeroNet. Lastly, we discussed the techniques that investigators can employ to gather dark web intelligence, unmask adversaries, and bring cybercriminals to real-world justice.
you can watch the full webinar on demand HERE or continue reading for our highlights.
How do criminals access the dark web?
Dr. Gareth Owenson, world-leading dark web researcher and Searchlight Cyber CTO, started his presentation with a valuable overview of the tools that criminals (and law enforcement investigators) can use to access the dark web. In this first highlight taken from the on-demand webinar, Dr. Owenson quickly brought us up to speed on how Tor and mix nets work and why Tor continues to be the most popular dark web browser used by threat actors in the illicit trade of materials on the dark web.
The criminal migration to I2P and Zeronet
However, Tor isn’t the only way to access the dark underworld of the internet. I2P and Zeronet – alternative dark web networks – have both recently experienced a surge in popularity, in large part by actors seeking to avoid their marketplaces being taken out by distributed denial-of-service (DDoS) attacks, and ultimately losing revenue. In this video, Dr. Gareth Owenson explains why certain actors within the dark web, particularly drug networks, are progressively migrating their websites to I2P and why that will be advantageous to law enforcement agencies.
Following the money: Tracking Bitcoin transitions
As we mentioned in the introduction, there has long been a perception that dark web activity and the use of cryptocurrencies like Bitcoin guarantee anonymity and allow criminals to operate with absolute impunity.
This couldn’t be further from the truth.
Criminals leave breadcrumbs when using the dark web and cashing out their Bitcoin to turn it into cash (good luck buying a sports car with Bitcoin). This means it is possible for law enforcement to gather evidence of criminal activity including the dealing of arms, drugs, and CSEA, and groups involved in hostile intelligence, organized crime, and human trafficking. To demonstrate this, Dr. Gareth Owenson guides us through a quick example of how poor operational security (OpSec) can expose a criminal’s true identity.
law enforcement investigations on the dark web
We also invited two expert speakers from North America and Europe onto the webinar to share the challenges being faced by law enforcement agencies in their regions.
Busting a drug ring in north america
Julian Smith, Senior Account Manager, worked with a small law enforcement investigative team that was struggling to gather intelligence on an illicit fentanyl drug ring thriving on the dark web. This clandestine operation, operating with absolute impunity, was tragically responsible for a multitude of overdose deaths within their local community. Hindered by a restricted budget and staffing shortages, the team found themselves ill-prepared to address the issue. However, everything changed when they obtained access to Cerberus.
combatting a malware attack in europe
An initial access broker recently breached a European public sector agency and injected malware without their knowledge. With the help of Searchlight Cyber’s dark web monitoring capabilities and Felipe Portero, Business Development Manager in UK and RoW, the suspicious dark web traffic pattern was detected, leading to the discovery of a dark web post selling access to this organization’s network, allowing the organization to fully mitigate the threat before any attack could take place.
helping law enforcement gain the advantage
As shown by the migration from Tor to I2P, criminals are constantly looking for ways to stay one step ahead of law enforcement agencies. With Searchlight Cyber on your side, you can strike back against crime on the dark web to level the playing field.