Originally designed to provide a secure communication channel for journalists, military personnel, and individuals in high-risk countries, the Dark Web has evolved into a dynamic ungoverned environment where threat actors dwell.
This subsection of the internet has become an effective shield for the sale and coordination of nefarious activity, including trafficking of drugs and weapons, leaking sensitive documents, spreading propaganda, dissemination of stolen data from cyberattacks and so on.
If you see “.onion” at the end of a web address, you’re eyeing a Dark Web website. But you won’t just stumble upon it. Access requires a specialised browser – such as Tor, OpenBazaar, I2P, or ZeroNet – and navigating it is just as messy as you might expect.
While the Dark Web still holds place for well-intentioned anonymity – such as freedom of speech for those under authoritarian regimes, including censored environments in Russia and China– this ultimately comes at the expense of empowering drug kingpins, arms traffickers, child abusers, and other criminals.
Research firm Terbium Labs analysed 400 randomly selected .onion sites, and from this pool, concluded over half of all Dark Web domains generate illegal activity. Although much of the activity consists of illicit trafficking, financially motivated cybercrime is a building phenomenon creating headaches for law enforcement and enterprise cyber teams alike.
In addition, while public and private organisations are doubling down on their defences to protect against cyber threats, there are still unintentional data leaks all over the internet. Think of the LinkedIn post where colleagues are photographed with their photo ID cards on display. Found by a threat actor, this could quickly turn into an identity theft-driven financial gain in the Dark Web.
In fact, much of its perverse growth in recent years has been fuelled by the ability to conduct transactions anonymously through the rise in cryptocurrency markets. According to a 2020 report from Chainalysis, crypto transactions on the Dark Web market surpassed US$790 million in 2019, up 70 per cent. The firm also reported that in 2020 roughly 900,000 Bitcoin were held by cybercriminals on Dark Web markets. It’s a perfect match.
Under this flourishing landscape, the ability to pinpoint where known threat actors are gravitating – which cryptocurrencies they use, what a typical transaction looks like, what is it financing, and where is the activity hiding in the Dark Web – is critical. But trying to figure this out by manually sifting through countless red flags, patterns, and anomalies is untenable.
Identifying cyber and crypto crimes and their spread across the online world shouldn’t be constrained to one analyst’s expertise nor capacity. Under the weight of the digital underworld, investigative teams can reach better outcomes with augmented intelligence – where technology is used to pick up a wider catchment and process data more quickly to zero in on the most important data from masses of noise.
The noise of grassroots anger
Complicating matters further is the Dark Web’s heightened popularity in response to incubating political unrest all over the world. The COVID-19 pandemic, the insurrection at the US Capitol, and Russia’s invasion of Ukraine are some of the many major global events that have polarised global communities.
For example, during the first two years of pandemic lockdowns, some Australians responded by baking sourdough or binging Tiger King. However, others took their grassroots anger to dark corners of the internet where COVID-19 misinformation spread like wildfire.
Abroad, Dark Web forums became a haven for groups like Boogaloo supporters, the Proud Boys, QAnon conspiracists, and other extremists to deny the legitimacy of the US Presidential election following the January 6 Capitol riots.
This means the threat surface is constantly widening and getting busier. The sheer volume of dynamic information creates blind spots for law enforcement, national security and other agencies manually scouring the Dark Web for leads.
Manual methods of technology past are too time-consuming and laborious with data volumes beyond the capacity of even the best resourced security teams. The scale of the dark web requires technologies that augment investigative skills – tools that help teams get ahead of crimes before they’re even committed.
Quicks steps for fast getaways
This brings us to AI’s role in law enforcement, national security, and intelligence teams. To manually wander through the Dark Web and uncover critical insights is beyond human scale. Any attempt to keyword search will inevitably lead to false positives and, worse, operator burnout.
While Dark Web search engines exist, even the best struggle to keep up with the constantly moving ecosystem. Websites are often set up by scammers who constantly change their web addresses to avoid being caught. And drug lords do the same – they move around trying to avoid the wrath of the police in the digital underworld.
The pace of change means timed-out connections and 404 errors make the experience reminiscent of searching the ‘Clear Web’ in the late 90s.
Meanwhile, AI learns fast, and can gather risky behaviors at scale. Bluestone Analytics, for example, holds over one billion Dark Web records and collects between 400K to 600K new records daily across more than 65 languages – this data is invaluable, but without AI technology it is incredible difficult for intelligence teams to understand, let alone piece together. Investigators do better when they can make sense of the intricate webs.
Where investigators are augmented to make Dark Web threat finding not only achievable but timely, we’re on the better road to stripping impunity from the weeds of the underworld.
Dr Brenton Cooper is co-founder and CEO at Fivecast, open-source intelligence platform.