- Training — training officers and investigators to spot relevant dark web evidence.
- Information-Sharing — improving information-sharing among agencies, both domestically and internationally.
- New Structures for Cooperation — examining the benefits of building cross-organization structures for cooperation.
- New Forensic Standards — developing new standards for forensic tools to collect dark web evidence on computers.
- New Laws for Package Inspection — researching ways to modernize laws facilitating inspection of packages shipped by mail or other services.
- Research on Crime Connections — researching the increasingly connected nature of crime to help law enforcement recognize and address both highly visible traditional crime and the less-visible crime on the dark web.
In all, the experts’ workshop identified 40 problems or opportunities and 46 potential solutions or needs related to dark web investigations. Nineteen needs were deemed high-priority, across four general subject areas: training, organizational cooperation and information-sharing, tool development, and other problems and opportunities.
“Taken together,” said the RAND report on the workshop and its results, “the high-priority needs identified during the workshop represent a way to prepare law enforcement at all levels to better address the challenge posed by cybercrime, now and into the future.”
A critical problem for law enforcement spotlighted by the workshop experts is a lack of knowledge of how the dark web operates and how criminals have begun to use it, the report said. See “A Snapshot of How the Dark Web Works.”
The Workshop Design and Objectives
The workshop participants prioritized needs using a formula that took into account both the perceived importance of a particular need and the perceived likelihood of meeting that need successfully.
Thus, if two needs were rated of the highest importance, one would be assigned a higher priority than the other if a law enforcement commitment to fulfilling that need had a perceived higher likelihood of success than committing to the second need.
The workshop covered six overarching topics. Those topics, and critical established needs and challenges related to each, follow.
General Needs and Challenges
Rapid Changes in Volume of Use — Law enforcement sees evidence of a steady expansion of dark web activities. Still, it mostly lacks quantitative data to inform effective responses and solutions to dark web activities.
Globalization — Dark web activity crosses local and state boundaries and national borders. The cross-jurisdictional nature of the dark web makes it essential that investigators collaborate across agencies. If agencies avoid the dark web because of its cross-jurisdictional nature, participants noted, “dark web actors might be emboldened by the lack of enforcement to conduct more illicit business using the dark web.”
The Need to Demystify the Dark Web — Some law enforcement participants expressed concern about exposing themselves and their departments to retaliation by malicious web users, should they act against dark web interests. The report, noting “a need to demystify the dark web” for law enforcement, stated, “Given the lack of definitive quantitative data, law enforcement is expected to act without comprehensive information regarding what works and what is needed to address these dark web challenges. Participants suggested police trainers could emphasize the commonalities of dark web investigations and traditional investigations, or “plain old police work.”
Command Buy-In for Additional Training — Participants noted a need to persuade law enforcement command staff to initiate dark web training and investigations. Command buy-in may be essential to commitments of funding and training time.
Training — Participants identified a need for two distinct categories of training:
- For line officers, courses to develop a basic familiarity with digital evidence found at the scene.
- For specialized units, targeted training on evidence preservation as well as advanced training on methods used by criminals on the dark web.
Participants identified a need for more subject matter experts to conduct training. In all, the workshop participants identified 12 highest priority needs related to training, more than any other area.
Technical Needs and Challenges
Even as the anonymity of the dark web often keeps law enforcement at bay, basic tools can enable anyone to engage dark web services without much difficulty: “Basic internet literacy, a computer, and access to the internet are enough for any sufficiently motivated individual to begin supplying or purchasing illicit goods on the dark web,” the RAND report said.
Law enforcement seizures can compromise entire markets, with buyers’ and sellers’ information de-anonymized. But users have found additional tools to protect their data.
A significant challenge is interdicting dark web shipments through postal systems. The U.S. Postal Service alone is estimated to move more than 500 million parcels daily. In addition to the number of packages, seizures from the Postal Service often require warrants.
As a high-priority need, the workshop experts called for researching gaps in laws related to searching packages.
Crime Identification
Line officers need to develop an awareness of the types and scope of illicit dealings on the dark web. Participants pointed to the potential of new state task forces, which could share data, across organizations and jurisdictions, on the dark web.
Privacy Protection
Workshop participants related a need for guidance from federal partners on how to manage privacy concerns during investigations. Although not identified as a top priority, participants also identified a need for research to understand how much privacy citizens would sacrifice in order to gain security.
Suspect Identifications
Participants noted that officers responding to criminal activity need to develop the ability to recognize items, such as login information, that could help link suspects to dark web sites, the report said.
Evidence Identification, Access, and Preservation
Law enforcement faces a challenge both in acquiring relevant technical data and in turning it into evidence understandable to the public, members of which sit on juries deciding the guilt or innocence of those charged with dark web crimes.
The evidence challenge is heightened by the growth of data quantity, indecipherable formats, and the need for cross-jurisdictional coordination.
In light of difficulties posed by the encryption and anonymity features of software used on the dark web, the participants urged that law enforcement use the best available standards, tools, and processes to capture evidence.
To that end, a high-priority need identified during the workshop is encouraging the establishment of standards for new processes used to capture dark web evidence.
Resource Allocation — Several participants noted that it could be beneficial to pool resources in new task forces.
Adaptation and Fluctuation — Successful law enforcement operations against dark web interests commonly cause users to adapt quickly, shifting to different markets, or creating entirely new markets. Workshop participants noted that dark web users often exchange information on how to evade detection by law enforcement.
Legal Needs and Challenges
The Multijurisdictional Nature of Crime — Authorities are challenged by web-based crime involving different jurisdictions with a multitude of relevant laws. Participants emphasized the importance of multiagency partnerships in that regard.
Entrapment — Concerns were expressed over the possibility of legal actions for entrapment brought by web users conducting business on dark web marketplaces created by law enforcement, the report said. The risk can arise when authorities must impersonate criminals to establish trust with criminals on the dark web.
Conclusion
Law enforcement authorities identified priority needs for investigating criminal activity on the dark web:
- Raising awareness of the dark web among state and local authorities.
- Forging cross-jurisdictional partnerships among agencies.
- Initiating more and better training to equip officers to identify dark web evidence and activity.
- Equipping special investigation units with advanced knowledge of dark web methods and activities. Because of the clandestine nature of the dark web, many state and local law enforcement agencies are generally unaware of its existence and its capacity for engendering crime in their jurisdictions.
Sidebar: A Snapshot of How the Dark Web Works
The dark web is a portion of the “dark net,” a segment of the internet employing encryption and anonymizing technology designed to prevent tracking.
For purposes of the workshop, the dark web was defined as those hyperlinked services on the dark net accessible only through The Onion Router (or Tor) protocol or similar protocols. Tor is a specially configured browser enabling users to access services on the web in ways that are difficult or impossible to trace.
Typical web browsers reveal their unique IP (Internet Protocol) address, making them traceable by law enforcement. But a dark web browser issues a false IP address, using a series of relays, to mask the user’s identity.
A significant portion of dark web activity is lawful. The Tor browser itself was initially developed by the U.S. Naval Research Laboratory in the 1990s and released to the public in 2002.
Tor’s original purpose, the RAND report noted, was “to conceal the identities of American operatives or dissidents attempting to communicate within oppressive regimes.” The anonymizing browser is also used by some journalists working internationally, the report said.
The fact that the dark web is highly anonymized and encrypted, however, also attracts illicit conduct. One study[1] estimated that 57 percent of dark websites facilitate illegal activity, according to the RAND report.
At various points in 2013 and 2016, large drug sales on the dark net approached a quarter of all cryptomarket drug revenue, the report said. But researchers found most drug sales on the dark web were under $100.
Overall, illicit internet use is on the rise. Workshop participants reported a sharp increase in crime brought to their attention with a dark web element, and according to one published study[2], total monetary losses from internet-enabled crime estimated at more than $1.4 billion in 2016.
At a Police Executive Research Forum (PERF) conference in 2018, DEA agents noted a significant increase in narcotics cases involving the dark web. Additionally, FBI officials reported a surge in the use of the dark web to purchase malware and launder money, the dark web workshop report said.
Fentanyl sales on the dark web have been a major focus of U.S. law enforcement. Other potential illegal activities include identity theft, blueprint distribution, human trafficking, and weapon sales.
For authorities, the dark web has been elusive but not invulnerable. The FBI’s 2013 crackdown on the Silk Road marketplace, an online narcotics bazaar, was a high-profile response to a large operation, the report noted.
More recently, a collaboration of the FBI, DEA, ICE, and Homeland Security Investigations has shut down two major dark web markets, AlphaBay and Hansa, the RAND report noted.
In January 2018, the Department of Justice created a joint enforcement team focused on dark web opioid sales. State and local agencies have also engaged in collaborative dark web enforcement initiatives, the report said.