What Is Selling On the Dark Net?

Spying on the digital underground requires discrete and technically capable police and Germany's Federal Criminal Police Office (BKA) has presented a new study on cybercrime, although they do not intend to shut the darknet down.

Coming as it did after the announcement that a teenager who killed 9 people in July before turning his gun on himself had purchased the weapon on the darknet, media interest was huge when the German Federal Police Office (BKA) presented its 2015 cybercrime report recently.

The illegal trading platform is a semi hidden part of the Internet where those in the known can use special search engines to move in total anonymity - well, almost total.

"The Internet is not a space that is beyond criminal prosecution," BKA boss Holger Munch said several times on Wednesday 13th Sept. in a briefing about the report's findings. It was in part a hopeful invocation.

About 140 BKA investigators are currently tasked with tracking cybercrime, and Münch told DW that the darknet was their main focus. At the moment, the BKA is conducting 85 criminal investigations into the sale of arms and explosives on the darknet, Münch said.

He estimated that the number of weapons sold on the darknet still pales in comparison with commerce on the analog black market, but perhaps not for long. "Very dangerous weapons are being sold there," Münch said, adding that cybercrime is "still a growing phenomenon."

"Here and there it has even become an industry," Münch said.

'A growing phenomenon'

Though impressive, the BKA's statistics do not reflect the complexity of cybercrime. For 2015, the agency documented 45,000 cases of cybercrime that can be directly linked to Germany, for a total value of 40 million euros. Global cybercrime stastics are much higher. And then there are the victims who don't report offenses - and those who do not know that a cybercrime has occurred.

Münch cited a 2015 study by the German Institute for Economic Research (DIW). Using to a broad-based survey, DIW experts estimated that the financial damage from the four largest areas of internet crime - phishing, identity theft, fraudulent goods and services, and malware - totaled 3.4 billion euros.

The BKA boss said detectives were confronting the threat with a "combination of investigative approaches from the analog and digital worlds," with information technology experts and police detectives working side-by-side at the BKA. Undercover investigators are operating in the virtual world, and in the real world they are attempting to coerce people active in the scene to work as informants.

Münch said the BKA had had a number of investigative successes, including closing down five illegal darknet trading platforms in Germany last year. Internationally, Münch said, the BKA was involved in closing down 30 further darknet marketplaces and had gathered evidence for cases against their operators, dealers and customers.

According to The Economist, the darknet's vendors overwhelmingly deal in drugs, which are generally sold at much higher prices than on the street, although they are also of higher quality. Goods are paid for anonymously using the cryptocurrency bitcoin and are then shipped to purchasers - sometimes even via regular post.

Also traded are counterfeit money, credit card data, knockoff branded goods and, as the attack in Munich made clear, weapons.

Other Cybercrimes

The BKA report detailed a growing number of cases of blackmail using special malware known as ransomware. Such software can be purchased by criminals, even those who have few technical skills, on forums in the digital underground. Once installed on unwitting users' computers, commonly via infected files, ransomware automatically encrypts all of the data on the device, forcing victims to pay bitcoin ransoms to restore access to their information.

As the digital world slowly becomes a center of commerce through Industry 4.0, the Internet of Things, criminals are increasingly finding new opportunities for digital attacks. Münch said gaming consoles and even refrigerators had been targeted by denial-of-service attacks, which can make devices unusable until, once again, a digital ransom is paid.

Despite the potential for abuses, the darknet fulfills an important function for people who live under oppressive regimes: It enables the exchange of information and freedom of expression. In those places, law enforcement polices ideas in the way that the German authorities chase cybercriminals.

"We have to be flexible and react as quickly as the perpetrators," Holger Münch said. "We have to work together nationally and internationally. And we have to be on top of our game technically and tactically."

Deutsche Welle

You Might Also Read: 

German Police Catch Suspect in Global Cyber Crime Operation:

International Police Start Crackdown On The Darknet:

Interpol is Training Police to Fight DarkNet Crime:

 

« A Global Issue: Cybercrime In Singapore
Banks Join Forces to Fight CyberCrime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Bob's Business

Bob's Business

Bob's Business adopts a fresh approach to information security awareness and compliance training, delivering key information through the use of short animated movies.

IGEL Technology

IGEL Technology

IGEL Technology is one of the world's leading thin client vendors. Thin clients increase data security and compliance.

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

DataVantage

DataVantage

DataVantage data masking and data management software helps you prevent data breaches, pass compliance audits and meet regulatory requirements such as HIPAA and PCI DSS.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

Identity Defined Security Alliance (IDSA)

Identity Defined Security Alliance (IDSA)

IDSA is a group of identity and security vendors, solution providers and practitioners that acts as an independent source of education and information on identity-centric security strategies.

GMV

GMV

GMV is a technological business group offering solutions, services and products in diverse sectors including Intelligent Transportation Systems, Cybersecurity, Telecoms and IT.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

StrikeReady

StrikeReady

StrikeReady have developed CARA, an advanced technology solution that offers personalized and proactive assessment and remediation of future and current risk in real-time.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

Redington

Redington

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Keytos

Keytos

Keytos has revolutionized the Identity Management and PKI industry by creating cryptographic tools that allow you to go password-less by making security transparent to the user.

Astute Technology Management

Astute Technology Management

Astute Technology Management helps businesses take control of their technology and work with greater confidence.