What Is Selling On the Dark Net?

Spying on the digital underground requires discrete and technically capable police and Germany's Federal Criminal Police Office (BKA) has presented a new study on cybercrime, although they do not intend to shut the darknet down.

Coming as it did after the announcement that a teenager who killed 9 people in July before turning his gun on himself had purchased the weapon on the darknet, media interest was huge when the German Federal Police Office (BKA) presented its 2015 cybercrime report recently.

The illegal trading platform is a semi hidden part of the Internet where those in the known can use special search engines to move in total anonymity - well, almost total.

"The Internet is not a space that is beyond criminal prosecution," BKA boss Holger Munch said several times on Wednesday 13th Sept. in a briefing about the report's findings. It was in part a hopeful invocation.

About 140 BKA investigators are currently tasked with tracking cybercrime, and Münch told DW that the darknet was their main focus. At the moment, the BKA is conducting 85 criminal investigations into the sale of arms and explosives on the darknet, Münch said.

He estimated that the number of weapons sold on the darknet still pales in comparison with commerce on the analog black market, but perhaps not for long. "Very dangerous weapons are being sold there," Münch said, adding that cybercrime is "still a growing phenomenon."

"Here and there it has even become an industry," Münch said.

'A growing phenomenon'

Though impressive, the BKA's statistics do not reflect the complexity of cybercrime. For 2015, the agency documented 45,000 cases of cybercrime that can be directly linked to Germany, for a total value of 40 million euros. Global cybercrime stastics are much higher. And then there are the victims who don't report offenses - and those who do not know that a cybercrime has occurred.

Münch cited a 2015 study by the German Institute for Economic Research (DIW). Using to a broad-based survey, DIW experts estimated that the financial damage from the four largest areas of internet crime - phishing, identity theft, fraudulent goods and services, and malware - totaled 3.4 billion euros.

The BKA boss said detectives were confronting the threat with a "combination of investigative approaches from the analog and digital worlds," with information technology experts and police detectives working side-by-side at the BKA. Undercover investigators are operating in the virtual world, and in the real world they are attempting to coerce people active in the scene to work as informants.

Münch said the BKA had had a number of investigative successes, including closing down five illegal darknet trading platforms in Germany last year. Internationally, Münch said, the BKA was involved in closing down 30 further darknet marketplaces and had gathered evidence for cases against their operators, dealers and customers.

According to The Economist, the darknet's vendors overwhelmingly deal in drugs, which are generally sold at much higher prices than on the street, although they are also of higher quality. Goods are paid for anonymously using the cryptocurrency bitcoin and are then shipped to purchasers - sometimes even via regular post.

Also traded are counterfeit money, credit card data, knockoff branded goods and, as the attack in Munich made clear, weapons.

Other Cybercrimes

The BKA report detailed a growing number of cases of blackmail using special malware known as ransomware. Such software can be purchased by criminals, even those who have few technical skills, on forums in the digital underground. Once installed on unwitting users' computers, commonly via infected files, ransomware automatically encrypts all of the data on the device, forcing victims to pay bitcoin ransoms to restore access to their information.

As the digital world slowly becomes a center of commerce through Industry 4.0, the Internet of Things, criminals are increasingly finding new opportunities for digital attacks. Münch said gaming consoles and even refrigerators had been targeted by denial-of-service attacks, which can make devices unusable until, once again, a digital ransom is paid.

Despite the potential for abuses, the darknet fulfills an important function for people who live under oppressive regimes: It enables the exchange of information and freedom of expression. In those places, law enforcement polices ideas in the way that the German authorities chase cybercriminals.

"We have to be flexible and react as quickly as the perpetrators," Holger Münch said. "We have to work together nationally and internationally. And we have to be on top of our game technically and tactically."

Deutsche Welle

You Might Also Read: 

German Police Catch Suspect in Global Cyber Crime Operation:

International Police Start Crackdown On The Darknet:

Interpol is Training Police to Fight DarkNet Crime:

 

« A Global Issue: Cybercrime In Singapore
Banks Join Forces to Fight CyberCrime »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Virtustream

Virtustream

The Virtustream Enterprise Class Cloud provides a secure, highly available, Infrastructure as a Service (IaaS) to enterprises and government customers.

Rapid7

Rapid7

Rapid7 unites cloud risk management and threat detection to deliver results that secure your business and ensure you’re always ready for what comes next.

Dome9

Dome9

Dome9 is a cloud firewall management service that stops vulnerabilities, secures remote access, and centralizes policy management.

IBackup

IBackup

IBackup is a Web Based Online Backup service provider.

CISPA Helmholtz Center for Information Security

CISPA Helmholtz Center for Information Security

The CISPA Helmholtz Center for Information Security is a German national Big Science Institution within the Helmholtz Association. Our research encompasses all aspects of Information Security.

Verint Systems

Verint Systems

Verint is a leader in CX automation. The world’s most iconic brands rely on our open platform and team of AI-powered bots to create tangible AI business outcomes, now.

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

NT Cyfence

NT Cyfence

CAT Cyfence is the IT Security services business unit of CAT Telecoms.

RFA

RFA

RFA is an institutional-quality IT, financial cloud and cyber-security services provider to the financial service and investment management sector.

Open Raven

Open Raven

Open Raven is the cloud native data security platform that prevents breaches driven by modern speed and sprawl. Restore full visibility and regain control within minutes, without agents.

Crypto International

Crypto International

Crypto International offers comprehensive services for the operation of our customers’ IT and communication infrastructure, with a focus on cybersecurity and encryption solutions.

Information Services Group (ISG)

Information Services Group (ISG)

As a leading global research and advisory firm, ISG partners with our clients to determine a future vision, lead rapid change and realize the value of your digital investments at scale.

Arakyta

Arakyta

Arakÿta specializes in business strategy, work flow process and IT systems for organizations.

QFunction

QFunction

QFunction works within your existing security stack to detect anomalies and threats within your data.

Nagomi Security

Nagomi Security

Nagomi is changing the way security teams balance risk and defense, empowering customers to focus on what matters now.

Vantyr

Vantyr

Vantyr's core mission is to safeguard the business-led adoption of SaaS applications by automating the lifecycle management and security of non-human identities.