“As well as investigating cybercrime and the Darknet extensively online, I read every book on the subject that I could lay my hands on. While researching the book, I realized just how important the issue of online privacy has become. Most people do not know to what extent their personal information is easily available to governments, companies and cybercriminals. For people protesting against human rights abuses in undemocratic countries, online privacy can be a matter of life or death; even in democratic nations, we have no idea to what extent our activities are monitored. " “I also came to understand that these are complex areas. While some cybercriminals carry out their activities purely for their own financial gain, others commit illegal actions to expose loopholes in security systems. The Darknet is used by many for nefarious undertakings, yet it’s also an arena for those who wish to express themselves without censorship or expose the abuse of power.”
Below is the Introduction Chapter of Cybercrime and the Dark Net by Cath Senker
Click here to purchase the e-book Cybercrime and the Dark Net. A paperback version will be available in May 2017.
Introduction
In 2016, a phenomenal leak of 11.5 million records from Mossack Fonseca, a law company based in Panama, exposed to the world the hidden financial exploits of some of the wealthiest individuals on the planet. The disclosure illustrates how law companies and banks sell financial secrecy indiscriminately to the wealthy, whether they be politicians, billionaires, celebrities, fraudsters or drug traffickers – by setting up tax havens in which they can keep all their transactions hidden. Although already possessing untold riches, clients of such outfits use their services to hide corrupt practices from the prying eyes of the authorities and evade the taxes that the rest of us have to pay. The release of the Panama Papers was the culmination of an extraordinarily detailed investigation by the International Consortium of Investigative Journalists, the German newspaper Süddeutsche Zeitung and more than 100 other news organizations. In the largest media collaboration ever, more than 370 reporters pored over millions of Mossack Fonseca’s documents disclosed to them by whistleblowers and shared their findings. Among those exposed were 12 current and former world leaders, including China’s leader Xi Jinping, who in his official capacity had led anti-corruption efforts. The prime minister of Iceland, Sigmundur David Gunnlaugsson, was shown to be a secret multimillionaire, stashing his fortune in a secret offshore company that kept millions of dollars in Icelandic banks. Following the revelations, he was forced to resign. A total of US $2 billion worth of transactions were revealed to be linked to the Russian president Vladimir Putin. In the UK, the prime minister at the time David Cameron admitted that he had benefited from an offshore trust set up in Panama by his late father. How did Mossack Fonseca do it? The firm worked with more than 14,000 banks and law companies to set up trusts and fake companies for its customers, known as shell structures, where clients could hide their assets. Paper and electronic records of transactions were destroyed so they could not be traced. These activities may be considered unethical but they are not illegal if used by law-abiding citizens. Ironically, it is the whistleblowers who reveal such confidential documents who are considered cybercriminals. To access and expose those materials, they operate on the Darknet, using illicit hacking techniques and untraceable communications. Are those who carry out such actions lawless hackers, guilty of releasing millions of secret documents that should never see the light of day? Or are they committed but misunderstood activists, devoted to exposing the corruption and abuse of power of powerful people through freedom of information? This is just one of the conundrums of cybercrime and the Darknet.
Defining cybercrime and the Darknet
It’s worth trying to unpick exactly what these terms mean. Cybercrime is any use of a computer for illegal reasons, including fraud, identity theft, stealing intellectual property, violating privacy or sharing child sexual abuse images. Cybercriminals frequently hack into computer systems, although they also use social engineering – persuading people to reveal private information that allows fraudsters to access their data. Many cybercriminals operate for financial gain, but others act to expose corruption or for political motives. The latter use illegal means but claim their reasons are legitimate.
Hackers
Hackers are labelled white-, grey- or black-hat according to the shades of legality and legitimacy of their actions. Hacktivists are hackers who infiltrate sites and expose information for political purposes. White- and grey-hat hackers and hacktivists believe they act legitimately.
White-hat hackers look for information or simply enjoy the challenge of breaking into systems to expose their vulnerabilities. Security companies, governments and big businesses employ white-hat hackers to protect their sites. Grey-hat hackers are prepared to break the law to find and publicize security vulnerabilities. Black-hat hackers, also known as ‘crackers’, steal data and seize control of websites to commit fraud.
All hackers operate by looking for weaknesses in a computer network security system, using ‘packet sniffers’ – software that searches for information being passed along computer networks, including passwords. Hackers call firewalls ‘cotton walls’ because they tend to have weaknesses that allow intruders to penetrate them easily. You don’t have to be a hacker to be a cybercriminal. It’s easy to purchase hacking services or stolen data on the Darknet.
The Darknet
The Darknet is part of the Deep Web, the biggest part of the Internet, which is not indexed by regular search engines. It’s where public databases are found, along with subscription-only and password-protected services, and the content of social networks and messaging sites. The Darknet can be accessed via the Tor browser, and Tor Hidden Services allow you to find anonymously run websites. No one uses his or her real name on the Darknet. Neither cybercrime nor the Darknet are straightforward – they are a morass of contradictions and grey areas. Cybercriminal activity occurs on the surface net: harassment, copyright infringement, fraud, subversion, sabotage and terrorist propaganda. But although these actions are illegal, are some of them legitimate? Those who believe information should be free oppose copyright laws, while cyber subversion and sabotage can help topple authoritarian regimes; they were vital catalysts in the 2010–11 Arab uprisings. Cybercrime is big on the Darknet, too: witness the vibrant trade in illegal goods and services, proliferation of child sexual abuse and organization of terrorist actions. Cryptocurrencies such as Bitcoin and blockchain technology developed on the Darknet to enable anonymous payments to be made. But is it possible to identify legitimate elements here, too? Cryptocurrencies are used for lawful as well as illicit trade, and some argue that the drugs market is safer on the Darknet than on the streets. And while governments consider whistleblowing that reveals state secrets to be a crime, freedom of information activists consider it a duty. On the Darknet, human-rights and political activists enjoy privacy, a safe haven where they can avoid surveillance. Creativity blossoms in an atmosphere free from censorship and commercial advertising.
Surveillance
Mass surveillance is a major reason that both cybercriminals and privacy activists have shifted to the Darknet. Governments and security companies are monitoring every aspect of our online lives. On both the surface net and Darknet, they adopt similar tools to the cybercriminals to fight them: using Trojans (see Chapter 2) to hack into their systems and posing as fellow-fraudsters to ensnare outlaws and bring them to justice. Governments carry out cyberespionage and sabotage operations, arguing that their actions are justified to protect people from terrorism and child sexual abuse. However, some people believe that governments overstep the mark and abuse their power. Cybercrime and the Darknet is divided into two sections. Section 1 focuses on cybercrime. Chapter 1 considers serious online harassment that has been defined as illegal, from cyberbullying to trolling, doxing and grooming, and whether the law can tackle such abuse. Chapter 2 looks at the wide variety of online fraud we risk as individuals – from email scams, malware and phishing to identity theft – and big-business heists including cyberattacks on banks and corporations. Chapter 3 examines how copyright laws are pitched against freedom of information activists and asks whether there can be a happy medium that enables the creators of music, books and movies to make a living while allowing free access to their products. Chapter 4 surveys the range of online subversion, from individual jailbreaking of devices to hacking to expose corruption and abuse, and mass political activism as a prelude to real-world uprisings. It illustrates how governments attempt to clamp down on these activities using entrapment and heavy penalties for offenders. Chapter 5 considers the rising threat of cyberattacks: cyberespionage for information gathering; cybersabotage, from the defacing of a website to damaging infrastructure; and cyberterrorism, focusing on the online coordination of terrorist actions by the so-called Islamic State (ISIS). Section 2 is about the Darknet. Chapter 6 enters the hidden world of dark markets, where all manner of illicit goods and services are traded. Drugs are the most popular – Ross Ulbricht’s Silk Road (2011–13) set the standard for the trade, adopting Bitcoin for transactions, while there has been an explosion of child sexual abuse sites. The efforts to shut down illegal markets are explored. Chapter 7 investigates the Darknet as a place of privacy and anonymity for human rights, political and freedom of information activists, of cryptocurrencies for the unbanked and creativity for musicians. It raises the question: can governments balance their desire for mass surveillance for national security and law enforcement with privacy and civil liberties for individuals?