Targeting the Proceeds of Darknet Market Crime: A Familiar Unending Struggle?

Posted on

Dr Matthew Robert Shillito

Leading Darknet markets such as Hydra, World Market, and Cypher have long attracted law enforcement attention. They provide access to illicit goods and services (such as drugs, fake identity documents, and hitmen for hire), under the cover of anonymity afforded by the technology used to access them, namely the Tor browser and Virtual Private Networks (VPNs). To maintain that anonymity throughout the whole process, cryptocurrencies are utilised as the payment method of choice.

So, why is the old-adage of ‘follow-the-money’ so important, in this context? Well, provided there are no human errors prior to accessing Tor, and that the marketplace has not been compromised (e.g. by law enforcement accessing servers), then it is the payment stage where users are potentially most vulnerable and information can be pieced together. Users have placed their faith in the marketplaces’ chosen cryptocurrency, betting that it will sufficiently mask their identity. If it does not, then it can serve to undermine the earlier browsing anonymity achieved by utilising Tor and a VPN. As a result, law enforcement success in this area can prevent crime from paying, and send out a deterrent message to criminals.

Where success is achieved, it is principally due to the public (open) nature of many blockchains and the increasing use of public-private partnerships to harness private sector resources and technology in investigating blockchain transaction data. Further, once law enforcement has a lead, the fact traditional anti-money laundering obligations (such as know-your-customer) have been placed on digital currency exchanges can result in the uncovering of identifying information.

However, whilst there have been some high-profile, successful, Darknet investigations (e.g. Silk Road, Alphabay and Hansa) overall, law enforcement has struggled to consistently get to grips with the challenge these markets present. Indeed, evidence from Chainalysis suggests that other than two small blips, both revenue and total transfers to Darknet Marketplaces have strongly increased year-on-year since 2011.

Why then, has success been so hard to come by? Fundamentally, Darknet investigations can and have taken years to come to fruition. They are impeded by many of the same basic issues that face traditional financial crime investigations, lack of resources and insufficient law enforcement training. When this is coupled with age-old issues surrounding international criminal cooperation, such as: language barriers; cultural & legal differences; and competing priorities; it makes for a particularly difficult albeit entirely predictable challenge.

The challenge is further exacerbated by the techniques criminals use to launder their cryptocurrency. Methods include: operating numerous wallets; use of unlicensed exchanges and buying cryptocurrency ‘locally’ (away from exchanges); use of tumblers / mixers to obscure funds; and switching funds for other payment forms e.g. pre-paid cards, to cash out. Again, if these seem familiar, it’s because they are traditional techniques that we have struggled to overcome, adopted for this new criminal arena.

If that is not tricky enough, darknet criminals do have some unique crypto bows to their string. They are increasingly utilising cryptocurrencies that are more privacy based, such as Monero , as their blockchain’s cannot be searched in as useful a way. Further, Darknet markets are increasingly self-closing in the belief that this makes it harder for law enforcement to establish a paper trail to all criminal activity conducted there. Certainly, given the way the Darknet works, this creates an issue in terms of evidence gathering.

But, perhaps the most significant challenge of all is confiscation. A determined criminal can simply refuse to hand over cryptocurrency and there is little law enforcement can do. Efforts have been made to induce compliance, such as adding additional time to a sentence. But, it can be questioned how persuasive that would actually be.

Whilst the recent announcement by the US Department of Justice that they are forming a specialist ‘digital currency unit’ is to be welcomed. That these challenges are predominantly long-standing unresolved issues suggests they’re not about to be overcome anytime soon. This coupled with tech specific complexities, and the potential impossibility of confiscation means law enforcement face a tall order to deter Darknet marketplace crime.

Welcome to the Cyber Security and Cyber Crime Research Cluster (CSC3 ) blog

Posted on

Welcome to the Cyber Security and Cyber Crime Research Cluster (CSC3 ) blog where we plan to share with you the latest updates from the CSC3.

Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber-attacks. In the “Hidden Cost of Cybercrime” report, McAfee estimates the average cost of cybercrime in 2020 as $945,000,000,000, up from $522,500,000,000 in 2018. Traditional crimes are now widely conducted through online means.

From a cyber crime perspective, there are two classes of attack: cyber-dependent crime (criminal behaviour that is reliant on technology and its use in society, such as ransomware attacks and cryptocurrency money laundering) and cyber-enabled crimes (traditional crimes that have now become more widespread due to technology, such as cyber bullying and online fraud). Such cyber-attacks may originate from “script kiddies” and insider threats, through to sophisticated and professional operations by organised crime groups and enemy nation states.

The Cyber Security and Cyber Crime Cluster (CSC3) will conduct novel multi-disciplinary research relating to both the conduct of, and the mitigation of cyber attacks. As a broad and ever-evolving research domain, this will involve a number of related areas, including understanding the motivations and precursors of criminality, the technical means that enable criminality to be conducted, and appropriate mitigation and best practice to uphold security and defence.

This research cluster will bring together a multi-disciplinary team of academics to promote synergy and new collaborations, with expertise across financial crime, digital forensics, software security exploitation, insider threat detection, cryptocurrencies and online fraud. It will serve to build capacity in this research domain, by involving our postgraduate and undergraduate student communities in paid research opportunities to support our expansion of research in this area.

Students and staff will work with major external partners to combat today’s challenges, in partnership with Avon and Somerset Police, the South West Regional Organised Crime Unit, the South West Cyber Resilience Centre, the Ministry of Defence, Synalogik Innovations, Leonardo MW, and the National Cyber Security Centre (NCSC).

UWE Bristol have rapidly established a reputation within cyber security education, working alongside the National Cyber Security Centre (NCSC) to offer a fully certified MSc Cyber Security and the only certified Degree Apprenticeship in England and Wales. Recognised as an Academic Centre of Excellence in Cyber Security Education (ACE-CSE) in December 2020, we now seek to expand multi-disciplinary research in this domain.

The nature of this cluster is to build capacity across related technical and societal areas of cyber security and cyber crime. Through our working groups, we will be able to address cutting-edge challenges as seen by our partners, and provide research opportunities for our students to collaborate in to build their student experience.

We look forward to sharing with you developments from this research cluster.

 


This research cluster is funded through the Expanding Research Excellence scheme at UWE Bristol. The scheme aims to support and develop interdisciplinary, challenge-led research across the University. It is designed to bring together research clusters or networks that will work together to respond to challenges (local, regional, national, global) aligned with major research themes.

Back to top