Cybercrime investigations Time to Shed Light on the Darknet

The teenager who killed nine people in a shooting spree in Munich last week bought his gun on the so-called Darknet. It's high time this murky online world was tackled to prevent more failures in the fight against cybercrime.
Guns can be found for sale on the Darknet.

The man behind the July 22 killing spree in Munich obtained his weapon from the mysterious Hades of the Internet, the Darknet, without having developed criminal contacts first. The same phenomenon has appeared in other cases. Criminal goods are in fact relatively easy to obtain on the Darknet. How can this sort of activity be more effectively controlled in the future?

More investigations would be the most obvious option, but they are extremely difficult. There are many thousands of Darknets, mini-Internets that even when found use a wide variety of overlapping security mechanisms to prevent them from being simply switched off – and they offer full anonymity. Internet tools such as the TOR browser, with the search engine, offer security mechanisms that are easy for novices to use.

Security against interference is high, as a case from Russia demonstrates. The Kremlin had hired a top company to develop tools against the TOR network, after its own intelligence service had failed. A year later, the company tried to get out of its contract and hired attorneys to do so, because the task was too difficult.

The few cases of successful investigative action speak volumes about the substantial difficulties. The U.S. National Security Agency succeeded in a few cases, but it had to hack into many computers in the anonymous network and gain control over them, in order to bring together fragmented information and identify the real addresses.

The famous FBI team that achieved multiple successes against Darknets was lured away in its entirety by a security firm.

The U.S. Federal Bureau of Investigation has also had the occasional success story. In its last case, it did not reveal how its attack on the dark structures succeeded, although it was presumably through a weak point in Firefox (the browser that is used for the TOR plug-in and isn’t quite as secure as the anonymizing tool). But that case is unlikely to be repeated.

The famous FBI team that achieved multiple successes against Darknets was lured away in its entirety by a security firm. And the success of investigations in this field continues to depend on the investigators, and their training, experience and team size – as well as on how much discretion they are given. German investigators, for example, could hardly hack into computers in all kinds of countries, as the NSA has done.

So what would be a more effective way to cope with the dark Internet? One option currently being discussed is to ban the basic technical structures. The TOR browser, for example, is a publicly funded and generally accessible research project at the Massachusetts Institute of Technology in Boston. If its availability was strongly restricted and it became more inaccessible as a result, the mass market could possibly be contained. But the TOR browser also performs important functions for democracy.

In authoritarian countries, it is a tool to facilitate political communication and education among dissidents and members of the opposition. The Kremlin's interest in monitoring the TOR browser is no accident.

A trade-off had to be made, for which there are still too many unknowns. If the TOR browser became unavailable to the public, it would certainly not spell the end of the Darknet, but rather a shifting and a downsizing that would most likely be temporary. In other words, the increase in security could only be minor.

On the other hand, it is unclear what the political benefits would be, as there are no relevant statistics. And, in fact, opposers of dictatorships would be better off not using the Internet at all. It is hard to predict which intelligence service has developed which capability at any given time. The security of the TOR browser could fail from one day to the next.

In any case, a ban should be approached with caution. Other measures are more interesting and presumably more effective. Investigators should be strengthened and better equipped, especially with salaries similar to those in industry, to avoid the chronic problem of experts being lured away by the private sector. Legal scopes of action should be expanded for targeted, individual investigations, while preserving data privacy.

International cooperation needs to be significantly improved. Non-digital investigations into the infiltration and recruitment of insiders must be operationally reinforced. It isn’t absolutely necessary to digitally resolve digital crimes.

In addition, more attention should be paid to more "exotic" investigative statistics. Interesting lessons can be learned from the intelligence agencies' "information operations." The goal of these operations is to manipulate perceptions. This approach could also be used to significantly weaken the criminal Darknet.

A known tactical problem is trust. This presents an obvious difficulty, given that anonymous criminals are making deals with other anonymous criminals. Who guarantees the buyer that the seller won't simply take his money and disappear? To establish trust, reputation and broker systems are established, which may not be vulnerable to investigations, but are much more vulnerable to sabotage than hardened technical structures.

Whatever the choice of tools is, more money needs to be invested and more needs to be done. The attempts to date have been too hesitant, too slow and too compartmentalized.

The killing spree in Munich also represents a failure in the fight against cybercrime.


To contact the author: [email protected]