The text on this page was automatically translated and hence may differ from the original. No rights can be derived from this translation.
Cybercrime is on a steep rise
It was a question within the National Science Agenda: 'Which new forms of crime are emerging in our society due to increasing digitalisation and how can this crime be tackled?' New forms mentioned include digital piracy of 3D designs (including guns) and medical cyber crimes (hacking of devices like pacemakers and e-records). There is much uncertainty about new forms of (cyber)crime and we can hardly keep up. This is not surprising, considering that the police force is still relatively traditionally trained and there is a shortage of ICT experts in almost all government branches. Meanwhile, the new generation quickly picks up on relatively simple tricks on the internet. It is extremely easy to remain anonymous on the dark web, where drugs, weapons, new identities, and cyber attacks can be ordered as easily and quickly as on bol.com. We are not claiming that law enforcement and security services lack the knowledge to act against this, but it is undeniable that we will always be playing catch-up. The figures underline this. In mid-January 2021, the National Police published the crime statistics they recorded in 2020. A remarkable finding was the more than doubled prevalence of online crime, an increase of 127%, while registered prevalence of pickpocketing and burglaries showed a significant decrease, almost 50% and 25% respectively (Police, n.d.). Does this indicate a shift from traditional to cybercrime? According to experts, that is indeed the case (Van der Vorst, Steur, Jelicic, Van Rees, 2019).
In the most recent Safety Monitor, 13% of the population aged 15 and older stated that they were victims of one or more forms of cybercrime in 2019 (CBS, 2020). Only a small percentage of victims report these incidents to the police. For reports, it is 12.8%, and for filed complaints, 8.2% (CBS, 2020). For traditional crime, these percentages are significantly higher: in 2019, reporting occurred in 31.9% of cases, and complaints in 22.9% of cases. This indicates not only a shift, but also that cybercrime remains more hidden from the criminal justice system than traditional crime.
In 2018, we conducted research on the infamous 'dark number in crimes', with cybercrime as one of the focus areas (Smit, Ghauharali, Van der Veen, Willemsen, Steur, et al., 2018). It revealed that estimates of the scale of cybercrime vary widely. This is due to reasons mentioned above ('under-reporting', for example, because individuals or companies are often reluctant to report an attack, either because they do not want to disclose being a victim or sometimes do not even realise they were affected), as well as because general estimates are often based on incomplete and non-representative data. Many statements are based on what virus scanners intercept at large companies in certain countries. We explored various new measurement methods for, among others, DDoS, phishing, pharming, and ransomware. Every interaction in a digital system is theoretically measurable in three ways: on the victim's computer system or network, at the perpetrator, or on an intermediate platform. Additionally, most manifestations involve similar interactions: acquisition of malware or tools, spreading or launching the attack, protection and security actions, payments (often in Bitcoins), and complaints. These are all potential points of measurement, but the aforementioned limitation still applies: it is incomplete and non-representative.
While it is a given that in general, law enforcement will always be behind and only able to measure a fraction of the incidents, this problem is more pronounced in the highly dynamic domain of cybercrime. Numerous developments (often ironically stemming from the trend to enhance privacy) lead to new challenges for law enforcement agencies. In 2019, for example, we studied the technical investigative possibilities with the increasing reuse of IP addresses (Van der Vorst, Steur, Jelicic & Van Rees, 2019). This turned out to be an intriguing issue, as although an IP address can make the perpetrator traceable like a 'license plate' on the internet, these IP(v4) addresses are scarce. Consequently, IP addresses are increasingly reused, making it even harder to trace criminals. Moreover, more data is being encrypted and stored in the cloud, software complexity is increasing, and attack techniques are becoming more sophisticated.
It is an enormous challenge, but the gap with cybercriminals can indeed be limited or further reduced. The fight against cybercrime has become highly professionalised and better organised over the past years. The topic is high on the agenda, also in The Hague. Think of the Dutch Cyber Security Agenda and all the initiatives that have emerged from it (including a thorough evaluation methodology, Brennenraedts, Hanswijk, Jansen, Kats, Sahebali & Hermanussen, 2020). Law enforcement agencies are also increasingly deploying innovative techniques. The amount of available data is gradually becoming an advantage. A specific example is the emerging trend of scheduled fights between fans of professional football clubs. Perpetrators post photos and videos online, enabling their identification. Whereas in the past this data would have been viewed by police officers, attempts are increasingly being made to use automatic facial recognition and predictive models (Ferwerda, Wolsink, Steur, Jelicic, 2020).
The dark web is getting a bit lighter
The main reason why cybercriminals are so hard to catch lies in the anonymity they find on the internet. This can be achieved through a VPN connection, for example. With a VPN connection, internet traffic is routed through a secure connection, hiding the IP address. Anonymous browsing can also be done with a proxy server. Users request internet data from the proxy server, which then forwards the request to the respective website. Only the IP address of the proxy server is visible (although data encryption is missing and the user's data traffic and IP address can still be traced). Taking anonymity a step further is possible with a Tor browser. Tor (an acronym for The Onion Router) is an online network for encrypted and anonymous communication. The network consists of thousands of servers worldwide, and data traffic is fragmented and encrypted through multiple servers before reaching the recipient. Data cannot be traced back to one computer or user. Tor provides access to the dark web, where things get really interesting. This is the part of the internet that is unregulated and is the basis for many illegal activities.
We are all familiar with the stories of the bizarre and horrific services and goods offered on the dark web. Think of drugs, weapons, personal data, new identities, targeted wire or device fraud, child pornography, violent videos, snuff films, and even assassin-for-hire services (although largely scams; payment upfront, no execution). The most famous 'marketplace' on the dark web was Silk Road. During its existence, Silk Road allegedly facilitated the sale of narcotics worth $1.2 billion. The platform has been shut down, but there are now plenty of comparable sites available again.
The Dutch police are increasingly present on the dark web, partly due to political pressure from the US and Australia due to the amount of (mostly synthetic) drugs shipped from the Netherlands (Hietkamp, 2021). And they are doing a good job at it. For instance, the Dutch police achieved some major successes. In 2017, together with the FBI, they apprehended traders by keeping an illegal trading platform operational for a month: Hansa. When Alphabay (a market estimated to be ten times larger than Silk Road) was shut down, many users fled to Hansa, exactly as the police had planned. By turning off encryption, the police were able to monitor everything transmitted through the site. Suddenly, the dark web wasn't so dark anymore.
However, in most cases, actions remain reactive and opportunistic, as revealed by the research of our intern Lennart Hietkamp (2021). Monitoring, eavesdropping, and hoping for information disclosure, such as on packaging methods or locations. Communication is one of the key puzzle pieces for online investigations. Trading on the dark web revolves around trust. Reviews and reputation are essential for this. It helps to imply that the drugs come from the Netherlands or subtly hint at a Dutch origin through names with a Dutch touch, as Dutch drugs have a good reputation. This 'Dutch branding' is also employed by sellers who are not from the Netherlands. Therefore, the police mainly rely on Dutch communication, even if it's just a term or certain sentence structure in English. To carry the built reputation and identity across different platforms, PGP (Pretty Good Privacy; a method for exchanging messages and files with encryption) is often used.
The carefully built trust structure is something the police are actively trying to dismantle by being visible on the dark web themselves (Hietkamp, 2021). By disclosing who they have recently arrested or are investigating, the police deliberately communicate that the dark web is not as anonymous as believed. By increasing the risk of being caught, especially smaller buyers are deterred.
Although several successes have been achieved lately, there is still much to be gained in terms of investigating the dark web, in our opinion. The well-known marketplaces are literally hubs of illegal activities, available for the police to identify criminals. This approach can be more proactive. Many leads have not been fully explored yet, such as tracking financial transactions (cryptotraces).
A race we can win?
Yes, we can. The current advancements and increasing digitalisation make it easier for cybercriminals, but these same opportunities are also present for law enforcement agencies. As long as we continue to deploy innovative methods, act proactively, make (international) agreements, and above all, continue to conduct thorough research.
Download the full article as pdf here.
For more information, please contact Jessica Kats.