The Deep Web is back in the news. Agora, one of the biggest darknet marketplaces, announced two weeks ago that it will go offline to bolster its defenses against law enforcement agencies who want to take them down. Meanwhile, a Deep Web user was indicted on federal charges of drug trafficking and money laundering. These recent activities give us a picture how both cybercriminals and law enforcement are dealing with the Deep Web.
Think of it as a game of cat and mouse. The law enforcement agencies are the cat, tasked to catch the vermin terrorizing the apartment he’s sworn to protect. Cybercriminals are the mouse who steals scraps of food around the apartment. The introduction of the Deep Web makes things a lot more interesting.
The Deep Web is that hole in the wall, one that connects one apartment to another. The mice can use it to run from one apartment to another, giving them reprieve from respective hunters. The Deep Web is a cybercriminal safe haven. Its borderless and anonymous nature allows cybercriminals to operate freely, making it extremely difficult for law enforcement to indict and convict them in their home turf. If they want to catch their criminal, they have to think beyond their walls.
Keeping tabs in the Deep Web
We’ve constantly talked about cybercriminals taking advantage of Deep Web, specifically the Tor network. Cybercriminals prefer Tor because it lets them anonymously communicate using Tor nodes. As they move from node to node their traffic is encrypted, repacked, and made invisible until they exit another Tor gateway. This concept ensures that their information is untraceable—but only to a certain extent.
The traffic to and from the Tor gateways can still be traced. Routing between the nodes might be random, but if law enforcement agencies own or monitor enough gateways, then roughly 20% of Tor traffic ends up in their gateways. And if they see a packet going into their gateway and coming out of another gateway they own, then whatever cybercriminals encrypt in between doesn’t matter. Law enforcement agencies already know where that information is going to and from.
But these agencies still have a problem. Though these gateways are primarily set up to track cybercriminal activity and protect their respective countries and citizens, the setup only works as long as the cybercriminals reside and operate within their country.
Challenging old-school tactics
The Deep Web has changed the rules of engagement between law enforcement and cybercriminals. An old-world approach to dealing with cybercrime will not work within this slightly new paradigm.
Let’s look at how some countries currently treat encrypted traffic. In Turkey, for example, the government forbids encrypted traffic. In Germany, some law enforcement officers are requesting that a law be made to prohibit it. Their reasoning behind this is that if someone is using encryption, it can only mean they have something to hide. Whoever uses encryption become suspicious by default and is considered a possible criminal. These law enforcement officers think banning encrypted traffic is a way of leveling the playing field.
But dealing with absolutes cannot be applied all the time, especially when talking about encryption. Think about electronic passports, online voting, or online banking. All of these items deal with proof of identity. They rely on encryption. It doesn’t make sense to allow encryption on one end and forbid it on another. The approach of banning encryption altogether shows that although some law enforcement agencies want to regulate that and maintain the status quo and the influence of their state, they have an unclear idea of how the technology works.
This is not to say that all law enforcement agencies are operating with this old mindset. Our collaborations with several agencies show that there are some who are technically savvy or skilled to take on these kinds of challenges. However, majority are still not ready to deal with the intricacies of cybercrime in the Deep Web.
More information about the Deep Web can be found in our papers, Below the Surface: Exploring the Deep Web, and Deep Web and Cybercrime: It’s Not All About Tor. You may also visit our Deep Web Hub for the latest developments in the Deep Web, including a question-and-answer segment discussing how law enforcement is dealing with the challenges of online anonymity.