Prevailing Against Cybercrime Requires Grit, Creativity, and Collaboration: 10 Years of Dark Web Monitor
Since 2020, the Bavarian Central Office for the Prosecution of Cybercrime (ZCB), Complexity Science Hub Vienna (CSH), Iknaio Cryptoasset Analytics GmbH (Iknaio), Netherlands Organisation for Applied Scientific Research (TNO), and CFLW Cyber Strategies (CFLW) have collaborated on new capabilities against the criminal abuse of crypto-assets and the dark web in areas such as child sexual abuse, investment scams, and organized crime. CFLW’s Dark Web Monitor and Iknaio’s GraphSense are results of co-creation of law enforcement technology based on operational needs. Nowadays, these solutions are used worldwide by hundreds of investigators to unlock the power of data-driven intelligence and forensics to close the investigative loop in fighting cybercrime.
On 22 and 23 May the Impact Days took place in The Hague at the HSD Campus, including four events to increase the impact of the fight against cybercrime:
- a hackathon to map out new data-driven investigative techniques;
- a stakeholder session to share the results of this partnership with operational units;
- a media session;
- a project meeting to align partners on progress made, key results and ideas for future improvements.
The need for dark web crawlers to monitor illegal activities such as Silk Road was first identified by TNO in May 2013, resulting in the birth of Dark Web Monitor 10 years ago. Dark web open-source intelligence (DARKINT) involves monitoring and analyzing illicit activities, discussions, and transactions on ultimately all dark web platforms. Based on this data, foundational insights and understanding of the nature of the dark web have been developed. In this regard, during the Impact Days 10 years’ history of Dark Web Monitor is celebrated by sharing the methodologies, approaches, and results of investigations achieved as inputs to further deliberate and promote law enforcement technology built upon open and transparent EU values.
Annual illicit revenue of more than €100 million necessitates robust response
DARKINT allows law enforcement agencies to gather intelligence on anonymous individuals, groups, and networks involved in child sexual abuse, cyber-trade platform scams, and organized crime. It can also reveal connections between individuals and groups involved. Thomas Goger, Deputy Chief Public Prosecutor at ZCB, explains, “DARKINT is used to identify key players, understand their operations, and disrupt their activities. By analyzing conversations, transactions, and shared information on the dark web, patterns and associations can be identified, allowing law enforcement to dismantle criminal networks and prosecute the individuals involved.”
Using identified crypto-asset addresses from dark web DARKINT through combining Dark Web Monitor and GraphSense data, researchers at Delft University of Technology (TU Delft) have discovered more than €100 million in illegal activities financed by crypto-assets. This figure is just the tip of the iceberg because it only accounts for transactions carried out using publicly shared addresses, omitting the bulk of illicit transactions which are carried out privately. According to Dr Bernhard Haslhofer, Co-Founder of Iknaio, “Data science can aid in analysing and understanding vast amounts of threat intelligence data from various sources. By applying data science techniques, organizations can extract strategic insights and identify emerging threats, staying one step ahead of cybercriminals.”
In this connection, hackathons can play a valuable role in training users in fighting cybercrime by providing practical hands-on experiences and fostering collaboration among participants. In particular, hackathons offer participants the opportunity to identify and innovate investigative techniques to ultimately disrupt illegal online activities by exploiting creative combinations of data and technology.
Mark van Staalduinen, Managing Director of CFLW Cyber Strategies: “Since cybercrime poses a multi-stakeholder challenge involving diverse domains from legal to law enforcement, and from criminological expertise to deep technology, the best possible training should develop problem-solving skillsets across multiple dimensions.”
Persistence in fight against cybercrime
Over the past decade, a culture of grit, creativity, and collaboration has matured a proof of concept into an operational security technology that is robust, up-to-date, and future proof. The main challenge in fighting cyber-enabled crime lies in de-anonymizing threat actors and their infrastructures. In this regard, the development of several such methods over the past decade has resulted in actors no longer being as anonymous as they think. Today’s technological rigor has only been made possible through many small steps taken in close collaboration with various law enforcement agencies worldwide. Encouragingly, the operational results of recent years have proven the usefulness of collecting and analyzing data from the dark web to acquire actionable intelligence.
At the same time, the use of technology by criminals is developing rapidly and requires continuous innovation by investigators to keep the fight against cybercrime on an even keel. The complexity of cyber-enabled crime requires approaches that transcend disciplinary boundaries, leading to innovative ideas, creative problem-solving, and fresh insights. That is why such intense and expansive cooperation between key stakeholders is so important.