Cryptocurrency driven economy is global in nature, and not necessarily be governed well in the geography the transactions take place. Although currency listing and trading exchanges are tightening their controls to improve transparency, reliability, and avoid criminal use, there is still significant room for misusing crypto tokens in the chain and layers of transactions. Some tokens offer greater privacy and anonymity. They inherently attract criminals. According to a UN report, nearly 20% of serious criminal attacks are now linked to cryptocurrency funding. What began as an attempt to create a hidden network to conceal sensitive communication from ordinary internet users has now expanded into a full-fledged darknet. It gives underlying technologies to the hidden sides, which are not accessible via standard browsers and are not indexed by search engines. It promotes communication through forums, chat rooms, files, and picture hosts. It also developed commerce facilities allowing the development of marketplaces for illicit offerings. The convergence of the cryptocurrency and darknet realms takes this paradigm to a new level. In their preparation for large-scale cryptocurrency theft or other operations funded by cryptocurrencies, cybercriminals are increasingly turning to the dark web. In this paradigm, criminal investigation becomes a hard task.
In the darknet realm, the standard procedure of contacting web-hosting providers, working through regional and national authorities, serving and seeking conformance with court orders, and initiating takedown orders would not work. UNODC’s Darknet Threat Assessment Report 2020, the use of cyberspace and cryptocurrencies on the illicit darknet market poses significant challenges to law enforcement. As per the report, the number of marketplaces in the Tor network has increased from one in 2011 to 118 in 2019. The increase in the number and diversity of products was also significant. Valhalla, a dark-web marketplace, for example, it grew from 5,000 in 2015 to 13,000 in 2018. Drugs (including cocaine, heroin, and pain relievers), firearms and ammunition, hacking tools and services, and a variety of other items are for sale. Some online markets even sell credit card information and counterfeit documents. The preferred payment option is cryptocurrency. Although Bitcoin remains the dominant currency, tokens that provide greater privacy and anonymity are gaining popularity. Following the COVID outbreak, there was a significant increase in TOR users.
Top darknets often use a decentralised distributed method of chopping data into parts, encrypting it, and distributing it around peer nodes. Only the intended user has access to it via secret keys shared with him or her. One leading among them relies on one-way tunnels, which can either be outbound to send traffic to a destination or inbound to accept traffic. TOR Browser, on the other hand, runs on networks known as TOR circuits to keep users anonymous when browsing websites. It routes user traffic through distributed network relays managed by volunteers, also known as the Tor Network. Disc forensics, memory forensics, and network forensics, when paired with dark web monitoring, can aid in the extraction of artefacts, detection of embedded anti-forensics elements, capturing path of TOR browser, intercepting traffic, mapping file system and performing timeline analysis.
Law enforcement agencies having been gearing up to address these challenges. Criminal investigation and associated operations involving crypto tokens are improving gradually. A level of collaboration with the private sector is witnessed more within and across borders. Cryptocurrency market players, particularly crypto exchanges, began tightening the screws to prevent unlawful use. Responsible players seem proactively engaged with law enforcement agencies. Methods of blockchain analysis and crypto investigations are emerging. Specific tools, capabilities, and services are now designed to help this effort.
The Joint efforts from multiple law enforcement agencies around the world achieved some success. They were able to identify individual actors or marketplaces in some cases. Collaboration to generate actionable intelligence and timely execution of coordinated activities necessitate a high level of cooperation. Geographic limits provide barriers, jurisdictional concerns cause roadblocks, a lack of enabling rules for intelligence exchange may derail the investigation, and a lack of legal instruments may make it difficult to seize criminal infrastructure.
Lack of consistent, quantitative, and qualitative data still a challenge, limiting law enforcement threat recognition, prioritization and resource mobilization. However, with Open-Source Intelligence [OSINT] methods, sharing of information, data analytics, emergence of specialized tools, and deploying specialized skills often prescribed for investigations of crimes involving crypto and the dark web. Law enforcement officials should augment their capabilities, learn tactics, embarrass tools and methods, and collaborate with skills available in the private sector. They should look for ways to connect the dots, reveal activities on the darknet, and actively engage in campaigns against the network. The key to success would be a specialised political, policy, and operational understanding of darknet networks, services, cryptocurrency investigations, and information gathering, as advised by the UNODC.
The G20 Conference on Crime and Security in the Age of NFT, AI, and Metaverse scheduled in NCR on 13th and 14th July would extensively deliberate on how as a society we achieve significant progress in ensuring law and order in the age of cryptocurrency and darknet.
Article is written by Vinayak Godse, CEO, Data Security Council of India.