The Techno-Crime Blog - Techno-Crime Institute

What Crooks Are Doing On Darknets

March 18, 2018 by Walt Manning Leave a Comment

Introduction

If you read the first two posts in this series, you have an idea about what the darknets are and how the Tor network functions. (Here are the links to the previous posts, if needed: “Darknets: What You Need To Know” and “Darknets: The Mysterious Technology Explained, Part I.”)

Many people want to know the answers to these questions:

How does a buyer pay for darknet services or merchandise?

Darknet vendors usually accept only digital currencies and, in the past, Bitcoin has been the primary method of payment.

However, now there are alternative currencies, like Dash, ZCash and Monero that are even more anonymous and could be impossible to trace.

The use of these “alt coins” is growing dramatically, creating more challenges for darknet investigations.

How can a buyer trust a darknet vendor?

Most darknet sites allow both buyers and sellers to rate each other. This can build “social validation” for vendors who receive high ratings from previous buyers.

A high vendor rating might even allow a vendor to charge higher prices than a competitor.

For the other side of the transaction, high ratings for frequent buyers might result in special offers or discounts for future purchases.

Even with social validation, how many buyers would be willing to send payment to a vendor with no guarantee that he would receive his merchandise?

Many darknet markets solve this by serving as an escrow agent. The market operators will hold the payment until the buyer notifies them that he has received the merchandise. Payment is then forwarded to the vendor.

However, both parties in the transaction must also trust the darknet market operators. There have been cases where the operators suddenly closed the market and disappeared with the funds being held in escrow, never to be heard from again.

This happened with a previous popular darknet named Evolution, where the operators disappeared with over $12 million USD in Bitcoin, and have never been found.

PLEASE NOTE: At the request of our web hosting provider, all personal information in the images displayed in this post has been removed, including the darknet names of the vendors or any of their contact information. We are not promoting their products nor are we encouraging the use of darknets for illegal activities. We strongly believe that increasing awareness will help educate investigators and law enforcement professionals who were not already familiar with this area.

Criminal Activity on the Darknets

Drugs

The sale of drugs probably generated the most publicity about criminal activities on Tor.

The Silk Road was the first major darknet marketplace to gain the attention of the international press. Silk Road was in operation from 2010 through October 2013. At the time it was shut down, the site had over 950,000 registered users and over 100,000 registered buyers.

According to a federal indictment, during the time period from February 2011 through July 2013, the site processed over $1.2 billion (USD) in transactions, and the operators of the site earned almost $80 million (USD) in fees.

Silk Road was the first major darknet market to have features such as buyer and seller ratings, a consolidated shopping cart, and a very user-friendly interface. The operators of the marketplace also acted as escrow agents for the transactions.

For a more detailed story about Silk Road, you might be interested in reading “The Rise and Fall of Silk Road” by Joshua Davis and Steven Leecart published in Wired magazine.

Since Silk Road was shut down in late 2013, numerous other darknet marketplaces have been created to provide similar products and services.

There are too many darknet marketplaces and individual vendor sites for us to cover here, but here are some examples of the type of merchandise available.

Almost every type of narcotic and banned substance is available from a darknet market. Products include, but are certainly not limited to:

Click here for a larger version of the image.

There is a source for almost any drug that you can name from either numerous darknet markets or individual vendor sites.

Here are a couple of interesting items about darknet drug sales.

During the Silk Road investigation, law enforcement conducted over 100 covert purchases of drugs from various vendors. After delivery of the order, many of the drugs were sent to a laboratory for analysis. Surprisingly, the analysis indicated very high quality, even compared to street drugs.

Judith Aldridge, a law professor at the University of Manchester, and David Decary-Hetu, a criminologist at the University of Lausanne, published an interesting academic paper, titled: “Not an ‘eBay for Drugs’: The Cryptomarket ‘Silk Road’ As a Paradigm Shifting Criminal Innovation.”

Their hypothesis was that the darknet drug trade might actually reduce real-world drug-related violence.

If you think about it, in these transactions the identity and location of both buyer and seller are unknown. Where is the potential for violence? How could another vendor or group use violence to eliminate a darknet competitor when one doesn’t know who or where the other is?

It is an interesting topic to consider.

Weapons

I have seen many vendors who offer a wide range of weapons, from handguns to military-grade arms and explosives.

Opinions on some darknet forums claim that there are no legitimate weapons vendors on the darknet, and all of them are scams.

However, there have been arrests of darknet vendors dealing in weapons of all types.

One past vendor claimed to be a legitimate gun dealer located in the mid-western United States. He sold all types of weapons, even offering to de-serialize the weapon and disassemble it so that the individual parts could be shipped separately.

How much of this type of activity is real? I don’t know, but I have seen these items for sale on various sites:

Click here for a larger version of the image.

(There is no larger version of this image.)

Click here for a larger version of the image.

(There is no larger version of this image.)

Click here for a larger version of the image.

Personal and Financial Information

Everyone knows that data breaches of personal and financial information continue to grow. Much of this stolen data is sold on darknets.

Some examples of information for sale:

Click here for a larger version of the image.

Forged Identification & Currency

Any type of forged identification and supporting documentation can be found for sale on darknets.

Click here for a larger version of the image.

Vendors selling forged currencies abound. U.S. dollars and euros appear to be the most popular, but occasionally the currency of another country might also be seen.

Click here for a larger version of the image.

Hacker And Hacking Tools

Hackers sell their services on the darknets, and will take on any assignment for a price.

Hacking tools are also available for sale that make it easy to attack a target. In the past, a hacker might need a high level of technical skill to break into a network. But the tools today are packaged into automated toolkits requiring much less knowledge and experience.

Keep in mind that the hackers who do have sophisticated expertise are the ones who penetrate your security and leave no trace.

New botnets used to conduct Distributed Denial of Service (DDOS) attacks are available to rent, with the price depending on the number of “bots” desired for the attack, and the length of time the attack lasts.

The basic concept of a DDOS attack is to launch so much Internet traffic against a target that the system is overwhelmed and can’t function. At the very least, the system is dramatically slowed or not available for legitimate users.

There is a fear that massive DDOS attacks could take down the Internet for entire countries. Limited examples have already been seen.

Millions of connected devices with little, if any, security have been added to these botnets. Devices such as Personal Digital Recorders, smart televisions (and other home appliances), CCTV surveillance cameras, Internet routers, and even baby monitors are now parts of these criminal botnets.

More and more devices are being connected to the Internet, providing possible entry points to home and business networks, as well as the potential for even larger botnets.

I will talk about the risks from the “Internet of Things” in future posts.

A few of the hacker tools seen for sale on the darknet markets include:

Click here for a larger version of the image.

Click here for a larger version of the image

Click here for a larger version of the image.

Why Is This Important?

There are lots of people who aren’t aware of the type of criminal activities occurring on the darknets.

I would suggest two points for you to think about.

First, I believe that some of the darknet vendors are criminals operating independently for their own purposes.

But I also believe that a portion of the criminal activity on the darknets involves organized transnational criminal groups, and that the different types of activities are related to support the organization’s goals.

Does this seem to be overly paranoid?

There are other criminal justice researchers who agree with this view.

Think about the potential revenue.

Think about the anonymity provided by using this technology.

Think about how these criminals are making it harder for investigators to find them.

The crime we are seeing on these darknets is only the beginning…

Final Thoughts:

I hope that these posts have increased your awareness and understanding about the darknets.

Investigators need to be aware of every tool being used by techno-criminals in the world today.

Darknets are migrating and the technology is always changing.

We must change and evolve with it, so that we will continue to be effective.

Join us.

Darknets: The Mysterious Technology Explained, Part I

February 6, 2018 by Walt Manning Leave a Comment

Introduction:

I hope you enjoyed the first post in this series, “Darknets: What You Need To Know.” If you didn’t have a chance to read it, it provides some basic background that might help before you read this post.

Darknets work by either hiding your location, protecting your identity, or both. Even more security can be added by using encryption.

There are various ways darknets operate to accomplish these goals. Some darknets route transmissions through several computers, making it hard to trace a transmission from beginning to end.

Other darknets are being developed with peer-to-peer technology, where every device connected to the network uses special software to become a “node” on that network that can be used to either transmit or store data.

Some of these networks break every transmission into pieces that are individually encrypted before they are sent. Other darknets use this same method to store data.

The key concepts to understand about darknets include routing information through several computers, using encryption, and sending individually encrypted pieces of data by a different route each time.

How Darknets Help People to Hide

To begin, the first darknet we’ll address is The Onion Router Project, also known as Tor. Tor is perhaps the most well-known and popular platform, and you may have heard a little about it without really understanding why it was created and how it functions.

In the mid-1990s, several branches of the U.S. government recognized the need for a secured network for intelligence agents, law enforcement, or dissidents in oppressed countries with restricted access to the Internet.

In 2003, the United States Naval Research Laboratory created The Onion Router Project. Their solution was to transmit data through several computers, or “nodes,” using encryption to mask a user’s physical location as well as his identity.

Even today, the U.S. government continues to provide significant funding for the Tor network.

Most Internet users can be identified by the Internet Protocol address of the device they use when connected to the network. Normally, this IP address can show the geographic location of the user, and could be used to learn his identity. Because of the way Tor works, this IP address is hidden.

The Tor network is composed of over 7,000 nodes whose owners have volunteered to be part of Tor.

The easiest way to use Tor is to download the Tor browser, which is a modified version of the Mozilla Firefox browser that is configured to automatically connect to the Tor network and change important settings to protect the privacy of the user.

All traffic transmitted on Tor is encrypted, with the exception of the data transmitted from an “exit” node when the data leaves the encrypted protection of the network.

Here is a simplistic version of how Tor works.

Alice needs to communicate with Bob and wants to use Tor to protect her location and identity. Alice downloads and installs the Tor browser, and opens it on her computer. The Tor browser then contacts a volunteer node operated by “Dave” to obtain a list of all Tor servers that are currently running.

“Dave” returns the list to Alice’s browser, which then creates a random pathway of 3 Tor nodes to transmit her communication with Bob. Alice’s data is encrypted with a different layer of encryption for each node. Note that in the graphic below, the links shown in green are encrypted.

When Alice’s message is received by Tor node #1, the first layer of encryption is stripped away. The discarded data contains any information related to Alice or her IP address, while revealing the address for Tor node #2. The message is then sent to the next address in the path.

The message is received by Tor node #2, which strips off the next layer of encryption. This second layer contains information about Tor node #1, but nothing about Alice because the first node removed that data.

The only information known by node #2 is that someone is using the Tor network to communicate with someone else. No data related to either party is known at this point in the transmission.

After this layer is removed, the address for Tor node #3 is revealed, and the message is passed along.

At Tor node #3, which in this example is also the exit node, the final layer of encryption is removed revealing the address for Bob. This node only knows that the message came from Tor node #2 with Bob as the final destination.

Consider the analogy of sending a note through the regular mail. You insert the note in an envelope and address it to a friend named Jim.

You seal the envelope and then put that envelope into a second one, addressed to another friend, Barbara, requesting that she forward it on to Jim.

You then enclose these two envelopes into yet another one and address it to a third friend, Jerry. You ask Jerry to forward the enclosed envelopes to Barbara.

Finally, you enclose the group of three envelopes into another one, addressed to a friend, Jane. You ask Jane to forward the envelopes to Jerry.

Let’s assume that the content of the original note to Jim is encrypted with a code known only to you and Jim.

This is how the Tor network works, but using technology instead of envelopes.

Back to our original scenario. If Alice later wants to communicate with Jane, a different random path of Tor nodes is created for that message, as in the final graphic below.

Some people believe that Tor is completely anonymous, but that’s not necessarily true. A user’s Internet Service Provider (ISP) or the IT department of an organization can see when a person on their network is using Tor. They probably won’t be able to tell what the user is doing on Tor, but some organizations block users from accessing any IP address known to be associated with the Tor network.

The other way that a person using Tor might be identified is if the exit node on the Tor network is being monitored. Remember that data leaving the Tor network may not be encrypted.

Why Should Investigators Care?

Criminals and terrorists will use the technology if it benefits them…and the use of darknets helps them to hide their identity, their location, and their activities.

Are darknets like Tor inherently evil?

No, they’re not.

But there is criminal and terrorist activity happening on these darknets, and investigators and more people from the general public need to be aware of what they are and how they work.

If you don’t know enough, then you give them an advantage.

To me, that’s unacceptable.

Final Thoughts:

Many of you have never visited Tor, and may believe that it’s too dangerous to even explore to see what’s out there.

I value your time, so I’ll continue the discussion of Tor in my next post. I’ll show you some examples of merchandise and services available on Tor, and will talk about why they are important.

In future posts, I’ll show you examples of other types of darknets and explain how they are different from Tor.

Once again, let’s keep things in the proper perspective. There is crime in the real world, and there is crime in the darknet virtual world as well.

The real world is not completely evil, and neither are darknets.

Just as we do in the real world, our purpose as investigators should be to track down and eliminate crime, while recognizing and preserving the rights of those who use the technology for their personal privacy and security.

Here is a link to the final post in my series about darknets: “What Crooks Are Doing On Darknets.”

Darknets: What You Need to Know

January 22, 2018 by Walt Manning 2 Comments

Introduction:

There are sites on the Internet where any type of drug or weapon can be purchased and the transactions are conducted with digital currencies which are almost impossible to trace.

Credit card and bank account data, counterfeit currencies, medical records, and every type of forged document are for sale. Assassins, hackers, and other services are also available for hire.

Human trafficking and child pornography can be found there, along with tutorials for committing any type of crime.

I call these hidden networks darknets.

Most people don’t even know they exist.

When I give talks and show demonstrations of these sites, most people are shocked, and can’t believe that governments and law enforcement agencies allow them to exist.

Are they real or fake?

If you’re an investigator, how much do you know about these darknets?

I think you should know enough about these networks to understand why people use them and what the current and future implications might be for investigators.

Why People Use Darknets

If people want to make it harder for law enforcement or government intelligence agencies to find them, there are lots of technology tools and techniques to help those people to hide.

We’ll be talking about some of them in future posts.

You may have seen publications, or heard officials from governments or law enforcement agencies say that every person who uses these darknets is a crook or terrorist.

There have been some court rulings in the United States saying that anyone who uses these networks or other “anonymizing” technologies like Virtual Private Networks (VPNs) should automatically be suspect.

But there can be legitimate uses for darknets, and anyone who says that every use is for either criminal or terrorist purposes is wrong.

As investigators, we need to keep these darknets in a proper perspective, yet understand why they exist and how they work.

Today an increasing number of law-abiding people are using these networks to find a way to communicate securely and to better protect their privacy.

I think many of you would agree that governments and private companies have become unreasonable in the amount of data that they are collecting about all of us.

Add to these fears the growing number of data breaches where organizations collecting personal data fail to secure it. Government agencies, like the Internal Revenue Service and the Office of Personnel Management, have been hacked and the confidential data they should have protected was stolen.

The security of major companies, financial institutions, credit reporting agencies, and healthcare providers has been breached far too many times.

Identity theft and now medical identity theft continue to grow and claim more victims every year.

One of the most widely used darknets, the Onion Router network (TOR), was originally designed to protect the identity and location of people who lived in oppressed countries. There was (and still is) a need for people to be able to communicate with the outside world and receive uncensored information without putting themselves at risk.

There’s also a need for undercover intelligence agents and law enforcement to have this capability. Many people believe that the U.S. government itself uses the TOR network to provide secure access to confidential information. Given the many data breaches of traditional government networks, this might be true. It might also explain why the government continues to partially fund TOR and allow it to exist.

Our growing use of technology raises serious questions about personal privacy and security risks compared to the need for accurate intelligence for national security and law enforcement.

Does the use of these darknets by criminals and terrorist outweigh the need for privacy and security?

The fear of terrorism has been used by governments to justify programs that continue to enable widespread surveillance, with little transparency.

We don’t have good solutions to these problems.

This is our new reality, and it has driven more people to use the darknets, encrypted email services, and confidential messaging apps. They hope to recover some of their personal privacy, and to reduce the mind-boggling volume of data that tracks their activities.

Is there criminal activity happening on these darknets?

Absolutely.

But every person who uses this technology is not a criminal or terrorist.

What Will It Mean for You?

There are people working on newer types of networks that are even more anonymous, along with new untraceable types of digital currencies.

If the crooks can use these technologies to make an investigation take more time or increase costs, they can shift the odds in their favor.

The use of darknets and other technologies will make our job even more difficult. Do you know how someone can use the darknets to hide? How do darknets work?

Final Thoughts:

I believe that the Internet is evolving, and we may see even more networks that are more sophisticated than the Internet of today. They will be more secure, anonymous, and untraceable.

Currently, we don’t have enough cyber security professionals or cybercrime investigators to fill the demand. We’ll need to change this dramatically to face the challenges of the coming years.

Can our existing models of government, law enforcement, and security succeed in this environment? We don’t seem to be doing a great job right now, and the threats of techno-crimes are only going to grow.

Investigators need to understand how the current darknets work, and how they will change in the future.

Click on the link to read the next post in this series, “Darknets: The Mysterious Technology Explained, Part I,” which will give you more information about the basics of several current darknets, and the trends I predict for the future.

What Will Be Under Your Tree?

December 21, 2017 by Walt Manning Leave a Comment

The holiday season is a great time to spend with your family and friends, and to take a well-deserved break from the pressures of work and worry.

I hope you will enjoy it.

I also have a gift to give you on this holiday that you may not have even thought about.

Many of you or members of your family will receive gifts of technology. An increasing number of items now allow them to be connected to your network, usually with either Wi-Fi or Bluetooth.

One of the most popular gifts last year, and probably this year will be smart home speakers and controllers.

Your children may receive connected toys that communicate via Wi-Fi, and some of them now come with voice recognition to allow the youngster to “talk” with the toy. I have seen connected dolls and stuffed animals that allow the child to carry on a conversation with the doll, but most people don’t understand how the technology works, and the information that is transmitted to make the conversation possible.

Almost every smartphone and tablet comes with a personal assistant, along with many new vehicles. Do you know how they work?

Connected televisions have built-in microphones and cameras, along with many other entertainment and communication apps. Some of them even set up a separate wireless access point that you may not have realized.

New wireless home security systems now allow a homeowner to set up a system without the need for running power cables to every device connected to the system. Many of these don’t encrypt their data, even the data that’s transmitted back to the developer.

Smart thermostats, smoke detectors, and even kitchen appliances are becoming connected to make your lives more convenient. Do you know what data do they collect and how is it used?

We’ll talk about the Internet of Things in more detail in future blogs next year. But you should also be aware that many of these devices have been hacked, or could raise serious privacy concerns related to the type of data they collect, how they transmit the data, or potentially could even provide a back door access point to your network.

Convenience almost always wins over security and privacy.

So during the holidays, just keep this in mind when you see a new gift that can connect to your network, and think about whether it is “naughty” or “nice.”

My gift to you is a new awareness of security and privacy risks and things you can do to minimize the risks by giving you our Smart Home and Mobile Device Security Checklist at our website in our Free Content Library.

The checklist is a gift to you, and even if you don’t act on every recommendation it will at least make you more aware of possible risks related to the technology you use.

Once again, best wishes for this holiday season and for a great 2018!

Techno-crime and Why We Need a New Vision

October 11, 2017 by Walt Manning Leave a Comment

Introduction:

I hope you enjoyed the previous post “Techno-crime and the Evolution of Investigations.” If you haven’t read it, feel free to follow the link.

Now do you have a different perspective on how serious the problem with techno-crimes already is?

Why do we need to change how we deal with techno-crimes?

Because Current Approaches Aren’t Working

Technology is growing at an exponential rate.

Law enforcement, legal systems, and computer security don’t.

Throughout history, who had technology first…the crooks or the cops?

Investigations and security have tended to grow at a more gradual, linear pace, as you see in the graph below.

Historically, we have always been reactive.

If we could be more proactive, would that be enough to close this gap?

To be honest, I’m not really sure.

As Daniel Burrus says in his amazing book, “Flash Foresight: See The Invisible To Do The Impossible:” “But in the twenty-first century, being proactive has outlived its usefulness. It’s too late to be proactive: we need to become preactive.”

The problem is, it’s now becoming exponentially harder for us to even be reactive, much less proactive or “preactive,” because of how fast technology is changing.

We have limitations that the criminals, and even the terrorists of the world don’t.

We are limited by:

Current international systems of law and legal case precedents;
Sophisticated technology that will require increased specialization;
Demand for investigative and security specialists that we can’t satisfy, even today;
Increased costs to hire specialized technology investigators;
The exploding costs for specialized equipment, software and training requirements;
Governments and agencies that don’t fully communicate and share information or resources.

When you think about it, the success of most investigations is based on either time or money.

If we can throw enough resources at an investigation or security program for a long enough time, we have a better chance of success.

But if the crooks and terrorists use technology to make it more time-consuming and expensive for us, the odds shift in their favor that we’ll never catch them.

They don’t have to “play by the rules.”

They can use every type of criminal enterprise to raise more money to pay for better technology…and that’s just what they are doing today.

What Can We Do?

We are at a critical tipping point for the future. In fact, unless we develop a completely new mindset to deal with techno-crime, we could be left behind.

But there are lots of serious questions to be discussed:

Do we really want a world where we are no longer capable of investigating techno-crime or unable to protect our personal and business data?
How do we balance the need for data protection (more than likely using encryption) with the need for law enforcement to obtain criminal evidence, or government intelligence agencies’ national security concerns?
Is there a way to satisfy these legitimate needs while protecting our own privacy?
Will our legal systems require change to deal with these issues?
If we require more investigative and security technology specialists, where are they going to come from and how will be find the specific ones we need for every situation?

Final Thoughts:

It’s not good enough to just “try to keep up” with techno-crimes.

We need to evolve to get ahead of these technologies by developing new expertise, new tools, and new training that may not even exist today.

Investigators and security professionals may think that the best practices you are using today are still working fine for cases involving these technologies, but you’re probably wrong.

Let me just ask, how many data breaches have there been in the last couple of years?

How many more will happen before we realize (or admit) that the problem is already out of control?

Are you really confident that you’re prepared to handle every investigation or security incident involving every type of technology?

We need to start thinking about the best practices we’ll need for the technologies of tomorrow, our efforts won’t be effective anymore.

But together we have the knowledge and experience to make a difference.

But we can’t wait.

Technology is moving too fast.

We need something bigger than change. We need an evolution.

Evolve with me to talk about ways that we can close the gap between where we are today and the technical criminals in the world.

Evolve with me to prove to the world that we can even be better than they are.

Evolve with me so we can win the battle against techno-crime.

I’m curious to hear what you think about this problem. Continue the discussion with me and join us. Together, we can change the world and create a better future.

Introduction

Criminal Activity on the Darknets

Why Is This Important?

Final Thoughts:

Introduction:

How Darknets Help People to Hide

Why Should Investigators Care?

Final Thoughts:

Introduction:

Why People Use Darknets

What Will It Mean for You?

Final Thoughts:

Introduction:

Because Current Approaches Aren’t Working

What Can We Do?

Final Thoughts:

Evolve With Us to Fight Techno-Crimes!