The text on this page was automatically translated and hence may differ from the original. No rights can be derived from this translation.
Cybercrime is on the rise
It was a question within the National Science Agenda: 'What new forms of crime are emerging in our society due to increasing digitalization, and how can this crime be tackled?' Among the new forms mentioned are digital piracy of 3D designs (including guns) and medical cyber crimes (hacking of devices such as pacemakers and e-dossiers). There is so much uncertainty about new forms of (cyber)crime, and we can hardly keep up. This is not surprising considering that the police are still relatively traditionally trained, and there is a shortage of ICT experts in almost all government branches. Meanwhile, the younger generation quickly picks up relatively simple tricks on the internet. For example, it is extremely easy to remain anonymous on the dark web, where drugs, weapons, new identities, and cyber-attacks can be ordered as easily and quickly as on bol.com. We are not claiming that law enforcement and security services do not have the expertise to act against this, but it is undeniable that we will always be playing catch-up. The figures underline this. In mid-January 2021, the Dutch National Police published the crime figures they recorded in 2020. Notably, online crime prevalence more than doubled, with a 127% increase, while the registered prevalence of pickpocketing and burglaries showed a strong decrease, a decrease of almost 50% and 25%, respectively (Police, n.d.). Does this indicate a shift from traditional to cybercrime? According to experts, this is indeed the case (Van der Vorst, Steur, Jelicic, Van Rees, 2019).
In the most recent Safety Monitor, 13% of the population aged 15 and older reported being a victim of one or more forms of cybercrime in 2019 (CBS, 2020). Only a small percentage of victims report these incidents to the police. For reports, it is 12.8%, and for formal complaints, it is 8.2% (CBS, 2020). For traditional crime, these percentages are significantly higher: in 2019, reports are made in 31.9% of cases, and complaints in 22.9% of cases. Therefore, not only is there a shift taking place, but cybercrime remains even more hidden from the criminal justice system than traditional crime.
In 2018, we conducted research on the infamous 'dark number in crimes', with cybercrime being one of the focus areas (Smit, Ghauharali, Van der Veen, Willemsen, Steur, et al., 2018). It emerged that estimates of the scale of cybercrime vary widely. For the reasons mentioned above ('under-reporting', for example, because individuals or companies are often not inclined to report an attack, either because they do not want to disclose that they have been a victim or sometimes do not even realise they have been a victim), but also because general estimates are often based on incomplete and unrepresentative data. Many statements are derived from what virus scanners intercept at large companies in certain countries. We investigated various new measurement methods for, among others, DDoS attacks, phishing, pharming, and ransomware. Every interaction in a digital system is in principle measurable somewhere. This can be at three points: on the victim's computer system or network, at the offender, or on an intermediary platform. Additionally, the same interactions occur for most manifestations, such as malware or tool acquisition, attack distribution or placement, protection and security actions, payments (often in Bitcoins), and complaints. These are all potential points of measurement, but the aforementioned limitation applies: it is incomplete and not representative.
While it is a general rule that, by definition, law enforcement is always a step behind and can only measure a fraction of incidents, this issue becomes more significant in highly dynamic domains like cybercrime. Numerous developments (often ironically stemming from the trend to enhance privacy) lead to new challenges for law enforcement agencies. In 2019, for example, we explored the technical investigative possibilities with the increasing reuse of IP addresses (Van der Vorst, Steur, Jelicic & Van Rees, 2019). This proved to be an interesting issue since, although an IP address can make the perpetrator traceable online as a sort of 'license plate', these IP(v4) addresses are scarce. Therefore, IP addresses are increasingly reused, making it even more challenging to trace criminals. Additionally, more data is being encrypted and stored 'in the cloud', software complexity is increasing, and attack techniques are becoming more sophisticated.
It is a huge challenge, but the gap with cybercriminals can indeed be limited or further reduced. In recent years, the fight against cybercrime has become highly professional and better organised. The issue is high on the agenda, also in The Hague. Think of the Dutch Cyber Security Agenda and the initiatives that have resulted from it (including a robust evaluation methodology, Brennenraedts, Hanswijk, Jansen, Kats, Sahebali & Hermanussen, 2020). Law enforcement agencies are increasingly employing innovative techniques themselves. The abundance of available data is gradually becoming an advantage. A specific example is the emerging trend of planned fights between supporters of football clubs. Perpetrators post photos and videos online, allowing them to be identified. Previously, this data would have been viewed by police personnel, but there is now more experimentation with using automatic facial recognition and predictive models (Ferwerda, Wolsink, Steur, Jelicic, 2020).
The dark web is becoming a little brighter
The main reason why cybercriminals are challenging to apprehend lies in the anonymity they find on the internet. This can be achieved, for example, via a VPN connection. Connecting with a VPN routes internet traffic through a secure connection, hiding the IP address. Anonymous browsing is also possible with a proxy server. The user requests internet data from the proxy server, and the request is then forwarded to the relevant website. In this case, only the IP address of the proxy server is visible (but the encryption of data is missing, and the data traffic and IP address of the user can still be traced). Next-level anonymous browsing is achievable with a Tor browser. Tor (an acronym for The Onion Router) is an online network for encrypted and anonymous communication. The network comprises numerous servers globally, and data traffic is fragmented and encrypted, passing through multiple servers before reaching the recipient. Data cannot be traced back to a single computer or user. Tor provides users with access to the dark web, where things get really interesting. This is the part of the internet that is unregulated and the foundation for many illegal activities.
We are all familiar with the stories of the bizarre and appalling services and goods offered on the dark web. Think of drugs, weapons, personal data, new identities, targeted wire or device fraud, child pornography, violent videos, snuff films, and even hitman services (although much of this is a scam; payment is made, but the service is not carried out). The most notorious 'marketplace' on the dark web was Silk Road. Throughout its existence, Silk Road is believed to have facilitated the sale of narcotics worth $1.2 billion. The platform has been taken down, but there are now plenty of comparable sites available.
Therefore, the Dutch police are increasingly present on the dark web, partly due to political pressure from the US and Australia due to the amount of (mostly synthetic) drugs shipped from the Netherlands (Hietkamp, 2021). And they are doing it well. The Dutch police have achieved some significant successes. In 2017, the Dutch police, in collaboration with the FBI, arrested traders by keeping an illegal trading platform operational for a month: Hansa. When Alphabay (a market estimated to be ten times larger than Silk Road) was taken down, many users fled to Hansa, exactly as the police had planned. By turning off the encryption, the police were able to monitor everything sent via the site. Suddenly, the dark web is no longer so dark.
However, in most cases, it remains reactive and opportunistic, as revealed in the research by our intern Lennart Hietkamp (2021). Monitoring, eavesdropping, and hoping someone will reveal something, such as packaging methods or locations. Communication is one of the key pieces for online law enforcement. Trading on the dark web revolves around trust. Reviews and reputation are crucial. It helps to say that the drugs come from the Netherlands or to hint at a Dutch origin by using names with a Dutch touch because Dutch drugs are highly regarded. This 'Dutch branding' is also used by sellers who are not from the Netherlands. Therefore, the police mainly rely on Dutch communication, even if it's just a term or certain English sentence structure. To carry over the built reputation and identity to various platforms, pgp (Pretty Good Privacy; a way to exchange messages and files with encryption) is often used.
The carefully constructed trust structure is something the police are trying to undermine by being visible on the dark web (Hietkamp, 2021). By revealing whom they have recently arrested or are tracking, the police deliberately communicate that the dark web is not as anonymous as thought. By increasing the sense of the likelihood of being caught, smaller buyers, in particular, are deterred.
Although some successes have been achieved lately, in our view, there is still much to be gained in terms of law enforcement on the dark web. The well-known marketplaces are literally a gathering place for illegal activities, enabling the police to fish out criminals. This could be approached more proactively. Numerous leads have not been exhausted, such as tracing financial transactions (cryptotrails).
A race that we can win?
Yes, we can. Although current developments and increasing digitalization make it easier for cybercriminals, those same opportunities exist for law enforcement agencies. As long as we continue to deploy innovative methods, act proactively, make (international) agreements, and above all, continue conducting thorough research.
Download the full article as a PDF here.
Want to know more? Contact Jessica Kats.