by Ronnen Armon, Chief Product & Technology Officer, Cellebrite
In the decade since the darknet underground site Silk Road was seized by the Federal Bureau of Investigations (FBI), the number of Dark Web users has only increased. Dark Web platforms provide users with anonymity by shielding their activity and location, making it a fertile ground for criminals.
One of the most popular Dark Web markets is the Invisible Internet Project (I2P), a fully encrypted private network layer that leverages unidirectional tunnels to allow users to connect without tracking and collecting their location or data.
Trends in the Criminal Use of I2P and the Dark Web
Over the last 20 years, criminals have used I2P and other dark markets as a haven for criminal activities, including drug trafficking. With the click of a mouse, criminals can do everything from sharing explicit data to conducting a drug deal.
The anonymity of the Dark Web allows criminals to mask their identity and hide their activity, especially cryptocurrency and crimes against children. Bad actors can share identifiable information, such as illicit and illegal images, on the open web while hiding their malicious behavior. In crimes involving cryptocurrency, the anonymity of the dark web often hides the true ownership of illegal currency.
Challenges for Law Enforcement
I2P and other dark markets have created challenges for law enforcement including:
- A firm understanding of dark markets: The lack of training and information sharing between agencies has made it difficult for investigators and examiners to understand these emerging platforms. Some teams do not even have access to digital forensic practices that support the analysis of data shared on it.
- Lack of funding: Many agencies do not have the funding to scale digital forensics solutions that would best address dark markets within their own organization.
- Going digitally undercover: Law enforcement must maintain a presence in dark markets without being detected—an increasing hurdle as the complexities of usernames and authentication measures put those undercover at risk of being identified.
- New and emerging applications: Criminals can develop applications in the Dark Web that are challenging to detect using traditional evidence extraction and analysis tools.
In some cases, investigators struggle to serve search warrants or subpoenas to companies involved in dark markets due to the technology’s inherent difficult nature, which greatly limits how much digital evidence they can gather. Dark markets are commonly hosted in countries that aren’t compliant with modern legal processes and most sites are hosted behind obfuscated VPN-routed network traffic, making it challenging for investigators to source the true IP address locations of the nefarious activity.
Not only do these challenges expand the learning curve for investigators, but they can also increase the time required to build a case—adding to the growing backlog of cases in most jurisdictions. With the growing sophistication and volume of internet crimes against children, gang activity and crimes involving financial, drug and human trafficking, it is more important than ever for investigators to have access to digital solutions that give them visibility of data housed on the dark web. Robust digital intelligence solutions, along with proper investigator training, can help agencies overcome these barriers and efficiently access and extract evidence—regardless of anonymity.
Leveraging Digital Forensics in Cases Involving the Dark Web
With the right digital intelligence solutions, digital forensic teams can uncover evidence housed on I2P and other dark markets. Regardless of the medium, the data criminals share is eventually consumed through applications on devices that can be obtained during an investigation. Digital intelligence technologies can help investigators decode these complex interactions.
The data digital intelligence solutions can lawfully extract from devices can corroborate cases and is increasingly becoming the key component that drives the investigation. Digital intelligence also helps law enforcement stay a step ahead of the technology criminals use on the Dark Web, including AI. Specifically in crimes involving human trafficking and crimes against children, criminals are leveraging AI to fabricate images and data that propagate their malice.
Modern digital intelligence solutions help investigators search legally seized devices for specific criteria, eliminating the need for an investigator to manually sift through and extract data. Machine learning efficiently categorizes the collected data, saving investigators abundant time. With lawful and ethical technology, the data collected legally and within the confines of an investigation is admissible in court—empowering judicial teams to thoroughly prosecute offenders.
Digital intelligence helps all parties involved in the chain of custody access and collaborate on data extracted from dark markets. When all evidence in a given case is managed in a customized, central hub, data can be shared with other stakeholders in a matter of minutes. These technologies employ robust security and document each instance that evidence is accessed and used.
Another critical component in the use of digital forensics in dark market cases is training. As I2P and other areas of the dark web become more sophisticated, investigators must have a scrupulous understanding of how they operate.
Without access to the right technology, law enforcement risks falling behind a bad actor’s use of sophisticated technologies. As Dark Web and I2P use grows, so will the need for agencies to level up their digital forensic practices to expedite justice.
About the author: Ronnen Armon oversees Cellebrite’s solutions, products, and technology, including R&D, Product Business Management, and CTO domains. He previously led R&D at Mercury for almost four years, and later became VP and GM for Hewlett Packard’s BTO team (Business Technology Optimization), overseeing Products and R&D. Ronnen also co-founded Capriza, a no-code native SaaS mobility platform that simplified collaboration as well as integration with legacy applications and platforms. With Capriza, Ronnen initially led Products and R&D until he became their CEO. Ronnen holds a BSC degree in Computer Science and Industrial Engineering, and a MA degree in System Analysis and Operations Research, both from the Technion, Israel’s Institute of Technology.