tag:theconversation.com,2011:/fr/topics/dark-web-8437/articlesDark web – The Conversation2023-09-19T12:15:41Ztag:theconversation.com,2011:article/2108452023-09-19T12:15:41Z2023-09-19T12:15:41ZWhat are ‘mule addresses’? Criminologists explain how vacant properties serve as depots for illegal online purchases<figure><img src="https://images.theconversation.com/files/547613/original/file-20230911-20491-xdqy4.jpg?ixlib=rb-1.1.0&rect=261%2C186%2C8044%2C4794&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Nobody's home, just as the sender intended.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/delivery-of-parcel-boxes-at-doorstep-royalty-free-image/1173054988?adppopup=true">AndreyPopov/ iStock via Getty Images Plus</a></span></figcaption></figure><p>Online shopping isn’t just a convenient way to buy batteries, diapers, computers and other stuff without going to a brick-and-mortar store.</p>
<p>Many Americans also use the internet to quietly acquire illegal, fake and <a href="https://www.linkedin.com/posts/evidence-based-cybersecurity_appleproducts-darkweb-applemacbookpro-activity-7103440509360099329-8xZh?utm_source=share&utm_medium=member_desktop">stolen items</a>. <a href="https://www.linkedin.com/posts/simon-botton-754952208_cybersecurity-digitalsafety-onlinesecurity-ugcPost-7103370581508587520-1gdL?utm_source=share&utm_medium=member_desktop">Guns</a>, prescription drugs no doctor has ordered and <a href="https://theconversation.com/heists-worth-billions-an-investigation-found-criminal-gangs-using-sham-bank-accounts-and-secret-online-marketplaces-to-steal-from-almost-anyone-and-little-being-done-to-combat-the-fraud-206893">checks</a> are on this long list, as well as <a href="https://www.investopedia.com/terms/c/cloning.asp">cloned credit cards</a>, counterfeit passports and phony <a href="https://www.cbp.gov/newsroom/local-media-release/2-shipments-containing-4420-counterfeit-driver-s-licenses-seized-cbp">driver’s licenses</a>. </p>
<p>Because buyers and sellers alike realize that the authorities can detect illegal online transactions, criminals and their customers prefer covert online platforms that protect user anonymity, such as <a href="https://www.torproject.org/">Tor</a>, or encrypted messaging applications like <a href="https://scholarworks.gsu.edu/ebcs_articles/20/">Telegram and WhatsApp</a>. Buyers and sellers also use <a href="https://www.cognyte.com/blog/digital-wallet-cybercrime/">digital wallets</a> and <a href="https://knowledgehub.transparency.org/helpdesk/cryptocurrencies-corruption-and-organised-crime-implications-of-the-growing-use-of-cryptocurrencies-in-enabling-illicit-finance-and-corruption">cryptocurrencies to further conceal</a> their identities. </p>
<p>As <a href="https://ebcs.gsu.edu/">scholars of</a> <a href="https://scholar.google.com/citations?user=GqggT9MAAAAJ&hl=en&oi=sra">high-tech crime</a>, <a href="https://ebcs.gsu.edu/profile/saba-aslanzadeh/">we were eager</a> to solve a riddle. Having these items shipped to the buyers’ homes or offices would make it easy for authorities to catch them. So how do people who buy these illegal items maintain their anonymity when they take possession of items they purchased on the <a href="https://theconversation.com/illuminating-the-dark-web-105542">dark web</a>?</p>
<p>They mostly use <a href="https://www.reddit.com/r/scambait/comments/163ssd0/report_package_mule_address/">vacant residential properties, called “mule addresses</a>” or “<a href="https://seon.io/resources/dictionary/drop-address">drop addresses</a>.” Once the illegal goods or phony documents get delivered – presumably without the owners’ knowledge – to the doorstep of the uninhabited home, the buyer or a middleman picks it up. This practice makes it very hard to trace these transactions.</p>
<h2>Penchant for sharing</h2>
<p>To discover where these items change hands, we took advantage of the inclination of some of the criminal vendors to share images on Telegram of the parcels they send, along with the illicit items.</p>
<p>They use this strategy to build their reputations, earn the trust of buyers and market their services.</p>
<p>Not all users of online underground markets do this, but we still spotted thousands of packages delivered this way over a period of two years.</p>
<p>In one case, we found a photo of a forged or stolen check alongside the mailed envelope used for its delivery on a Telegram channel dedicated to trading stolen and counterfeit checks.</p>
<p>The label on the envelope bears not only the shipping date but also the Wyoming address where it was sent. Armed with this information, anyone can retrieve related details by searching online. We found an apartment complex at that address with several units for rent.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A mailed envelope and a check with names obscured" src="https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=640&fit=crop&dpr=1 600w, https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=640&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=640&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=805&fit=crop&dpr=1 754w, https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=805&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/548411/original/file-20230914-25-s9wiwb.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=805&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A forged or stolen check alongside the envelope used to mail it to the person who bought it on the dark web.</span>
<span class="attribution"><span class="source">Screen capture by David Maimon</span>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span>
</figcaption>
</figure>
<h2>Guns, drugs and rentals</h2>
<p>We also found that criminal vendors use mule addresses as their sender address. In one example, we found a video, uploaded in April 2023, of an assault rifle shipped from an Arizona address. At the time, that property was for sale.</p>
<p>The video displays an assault rifle apparently shipped from that address after being purchased online on an underground gun market. At the time, that property was for sale.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="An assault rifle and an address label" src="https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=339&fit=crop&dpr=1 600w, https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=339&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=339&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=425&fit=crop&dpr=1 754w, https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=425&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/548176/original/file-20230913-34250-eslwpf.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=425&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">An illegal firearm vendor uploaded a video of an assault rifle being shipped to a customer.</span>
<span class="attribution"><span class="source">Screen capture by David Maimon, CC BY-NC-ND</span>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span>
</figcaption>
</figure>
<p>We found a similar video documenting the punctual delivery of what we believe to be illegal drugs. Considering that the video has been circulating in illegal drugs markets that we monitor, it’s reasonable to assume that the package contains narcotics or prescription drugs.</p>
<p>The footage portrays a satisfied customer who has just gotten the drugs. We looked up the recipient’s address, which is discernible in the video.</p>
<p>It’s a property in North Las Vegas, Nevada, which was listed for sale at the time of delivery – although it seems to have later been sold. The anticipated delivery date, March 28, 2023, coincided with the day the package in the video was received. </p>
<p>One of the illegal digital marketplaces we identified is a hub for prescription sales of OxyContin, Viagra, Adderall and Valium. It’s linked to an administrator who presides over several Telegram channels. </p>
<p>The administrator has shared photos on those channels that allowed us to see tracking numbers associated with packages they’d mailed. By collating the tracking numbers from April 20 to May 23, 2023, we compiled a comprehensive database of those addresses and the statuses of those properties when the packages were delivered.</p>
<p>We found that 72% of the 650 deliveries in this database were to properties listed for sale, and the rest were to properties unoccupied for other reasons. The average time that elapsed between a property listing and an illicit package being delivered there was nine days.</p>
<h2>Be on guard</h2>
<p>We haven’t yet learned of any criminals who were convicted of criminally using mule addresses to deliver illegal packages. </p>
<p>Because criminals take advantage of vacant residential properties listed for sale or rent by unsuspecting homeowners to protect their anonymity, we believe that it’s important for landlords and people who are selling or renting homes to protect themselves from these crimes of commerce.</p>
<p>Some of the same strategies that enhance safety in other regards can help, such as installing surveillance cameras and employing property managers.</p><img src="https://counter.theconversation.com/content/210845/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Maimon receives funding from Department of Homeland Security and other private organizations. </span></em></p><p class="fine-print"><em><span>Saba Aslanzadeh does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Buyers and sellers alike use this system to not get caught.David Maimon, Professor of Criminal Justice and Criminology, Georgia State UniversitySaba Aslanzadeh, PhD Student in in Computer Science, Georgia State UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2071582023-06-21T11:58:58Z2023-06-21T11:58:58ZBehind the scenes of the investigation: Heists Worth Billions<figure><img src="https://images.theconversation.com/files/532336/original/file-20230616-17-43c17e.png?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">David Maimon's cybersecurity research group noticed a flood of checks in underground markets, which opened a window into much broader criminal activity.</span> <span class="attribution"><span class="source">Collage by Kimberly Patch</span></span></figcaption></figure><p><em>Professor David Maimon is director of the Evidence-Based Cybersecurity Research Group at Georgia State University.</em></p>
<p><em>He and his group are well familiar with what happens on the dark web, which consists of websites that look like ordinary websites but can be reached only using special browsers or authorization codes and are often used to sell illegal commodities.</em></p>
<p><em>In this behind-the-story video, Maimon shows some of the hundreds of thousands of bank-related images that he and his team have collected from the dark web and text message applications, and the research these discoveries spurred them to do. That research sparked the investigative story <a href="https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz">Heists Worth Billions</a>, which Maimon teamed up to write with The Conversation’s senior investigative editor Kurt Eichenwald. Here’s how Maimon and colleagues uncovered the crimes, and his remarks from a follow-up interview.</em></p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/O4h2eOIrzts?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure>
<p><strong>Maimon’s group was monitoring images posted on the dark web when it found the initial clues that something big was afoot.</strong></p>
<p>My group and I spend a lot of time on underground markets in which criminals sell all kinds of illicit commodities. We see a lot of counterfeit products. We see a lot of identities. And in mid-2021 we started to see a lot of checks flooding the markets. </p>
<p>Those checks led us down a path where we realized that thousands of sham bank accounts were being created to steal and launder money.</p>
<p><strong>The group’s first realization was about the volume of deposits.</strong></p>
<p>Folks were using multiple accounts simultaneously to deposit the high volume of checks. They were simply purchasing from the markets and depositing on different accounts.</p>
<p>For example, three checks would be deposited into three different bank accounts by a single criminal.</p>
<p><strong>Group members connected another clue that showed them how the criminals were getting access to multiple accounts.</strong></p>
<p>We saw numerous debit cards and realized that the criminals were using those debit cards to deposit all the checks they stole or purchased.</p>
<p><strong>Then, in June 2022, the group made a key observation.</strong></p>
<p>Criminals were posting screenshots from bank accounts with balances showing zero. </p>
<p>We realized that these screenshots of zero-balance bank accounts were advertisements – they were selling bank accounts that had zero balances.</p>
<p><strong>This led the group to an investigation.</strong></p>
<p>Over six months we tracked a single criminal, counting the number of images of credit cards and the number of screenshots of bank accounts showing zero balances that he posted. </p>
<p>We’re seeing this increasing trend from one single actor and, of course, being out there in the ecosystem, we are able to see more and more copycats: more and more folks like the individual we’re monitoring, offering their services. </p>
<p><strong>And a conclusion about what allowed this to happen.</strong></p>
<p>If a criminal opens a credit card under someone else’s name, when the person realizes something is wrong and freezes the credit card, the criminal can’t use that identity anymore.</p>
<p>But with bank accounts, it’s a different story, because the credit freeze does not affect your ability to establish a new bank account under someone else’s name.</p>
<p><strong>Maimon gives some advice on how to protect your identity.</strong></p>
<p>Make sure you freeze your credit. Make sure you purchase some kind of identity theft protection plan, which will alert you every time someone is using your identity. And simply monitor your bank account on a daily basis, monitor your credit card.</p>
<p>Freezing your credit ensures that no one can access your credit report unless you actively lift the freeze.</p>
<p><strong>He talks about what’s next for his research group.</strong></p>
<p>We’re trying to understand how all those identities are actually being used in the context of money laundering and, more specifically, sports betting.</p>
<p><strong>And he sounds the alarm.</strong></p>
<p>This is a serious problem that is largely being ignored. It’s our hope that exposing the magnitude of this will help spur action, because far too many people are losing far too much money to this type of crime.</p>
<hr>
<p></p><div style="float:right;width:205px;">
<a href="https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz"><img alt="Graphic showing a masked criminal on a stamp and saying 'Heists worth billions'" class="ls-is-cached lazyloaded" data-src="https://images.theconversation.com/files/532510/original/file-20230618-28-hh0pox.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=200&fit=clip" src="https://images.theconversation.com/files/532510/original/file-20230618-28-hh0pox.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=200&fit=clip"></a></div>
<em>This article accompanies <strong><a href="https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz">Heists Worth Billions</a></strong>, an investigation from The Conversation that found criminal gangs using sham bank accounts and secret online marketplaces to steal from almost anyone – and uncovered just how little being done to combat the fraud.</em><p></p>
<p>• <strong><a href="https://theconversation.com/how-to-protect-yourself-from-drop-account-fraud-tips-from-our-investigative-unit-206840">How to protect yourself from drop account fraud – tips from our investigative unit</a>.</strong></p>
<p>• <strong><a href="https://theconversation.com/announcing-the-conversations-new-investigative-unit-were-looking-for-collaborators-in-academia-207394">Announcing The Conversation’s new investigative unit</a></strong></p><img src="https://counter.theconversation.com/content/207158/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Maimon receives funding from the National Science Foundation, the Criminal Investigations and Network Analysis Center at George Mason University, and other private grants which support the Evidence Based Cybersecurity research group.</span></em></p>Professor David Maimon describes how his team investigated criminal enterprises on the dark web.David Maimon, Professor of Criminal Justice and Criminology, Georgia State UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2068932023-06-21T11:58:44Z2023-06-21T11:58:44ZHeists Worth Billions: An investigation found criminal gangs using sham bank accounts and secret online marketplaces to steal from almost anyone – and little being done to combat the fraud<p>In January 2020, Debi Gamber studied a computer screen filled with information on scores of check deposits. As a manager for eight years at a TD Bank branch in the Baltimore suburb of Essex, she had reviewed a flurry of account activity as a security measure. These transactions, though, from the ATM of a tiny TD location nestled in a nearby mall, <a href="https://www.documentcloud.org/documents/23808373-23-02-14-tdc-jt-2-usa-v-seck-diape-v-vaduva-et-al_exc-dg-dir_p-2">struck her as suspicious</a>.</p>
<p>Time and again, Gamber saw that these checks were payable to churches – many states away from the Silver Spring shopping center branch – <a href="https://www.documentcloud.org/documents/23808369-diape-seck-indictment">yet had been deposited into personal accounts</a>, a potential sign of theft.</p>
<p>Digging deeper, she determined that the same customer service representative, Diape Seck, had opened at least seven of the accounts, which had received more than 200 church check deposits. Even fishier, the purported account holders had used Romanian passports and driver’s licenses to prove their identities. Commercial bankers rarely see those forms of ID. So why were all these Romanians streaming into a small branch located above a Marshall’s clothing store?</p>
<p>Suspecting crimes, Gamber submitted an electronic fraud intake form, then contacted TD’s security department to inform them directly of what she had unearthed. Soon, the bank discovered that Seck had relied on Romanian documents for not just seven accounts but for <a href="https://www.justice.gov/usao-md/pr/former-bank-employee-convicted-after-trial-fraudulently-opening-bank-accounts">412 of them</a>. The bank phoned local police and federal law enforcement to report that an insider appeared to be helping criminals cheat churches and TD.</p>
<p>Nine months after TD’s tip, agents started rounding up conspirators, eventually arresting <a href="https://www.documentcloud.org/documents/23808369-diape-seck-indictment">nine</a> of them for crimes that netted more than <a href="https://www.justice.gov/usao-md/pr/former-bank-employee-sentenced-three-years-federal-prison-fraudulently-opening-bank">US$1.7 million</a> in stolen checks. They all <a href="https://www.documentcloud.org/documents/23809801-district-of-maryland-cmecf-live-nextgen-1">pleaded guilty</a> to financial crimes except for Seck, who was <a href="https://www.justice.gov/usao-md/pr/former-bank-employee-convicted-after-trial-fraudulently-opening-bank-accounts">convicted</a> in February 2023 for bank fraud, accepting a bribe and other crimes. He was <a href="https://www.justice.gov/usao-md/pr/former-bank-employee-sentenced-three-years-federal-prison-fraudulently-opening-bank">sentenced in June 2023</a> to three years in prison. </p>
<p><iframe id="zhfmR" class="tc-infographic-datawrapper" src="https://datawrapper.dwcdn.net/zhfmR/1/" height="400px" width="100%" style="border: none" frameborder="0"></iframe></p>
<h2>Sophisticated crimes</h2>
<p>How could it happen? How could criminals engineer a yearlong, multimillion-dollar fraud just by relying on a couple of employees at two small bank branches in a scheme with victims piling up into hundreds? </p>
<p>The answer is, because it’s easy. Crimes like these happen every day across the country. Scams facilitated by deceiving financial institutions – from international conglomerates to regional chains, community banks, and credit unions – are robbing millions of people and institutions out of billions and billions of dollars. At the heart of this unprecedented crime wave are so-called drop accounts created by street gangs, hackers and even rings of friends. These fraudsters are leveraging technology to obtain fake or stolen information to create the drop accounts, which are then used as the place to first “drop” and then launder purloined funds. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A person in a white hooded sweatshirt walks toward a U.S. postal carrier" src="https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=428&fit=crop&dpr=1 600w, https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=428&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=428&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=537&fit=crop&dpr=1 754w, https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=537&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=537&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">An October 2022 surveillance photo of an armed robber approaching a mail carrier.</span>
<span class="attribution"><a class="source" href="https://www.documentcloud.org/documents/23809211-usa_v_capers__flmdce-23-01027__00010">The Conversation/court records</a></span>
</figcaption>
</figure>
<p>To better understand the growing phenomenon of drop accounts and their role in far-reaching crime, the <a href="https://ebcs.gsu.edu/">Evidence-Based Cybersecurity Research Group</a> at Georgia State University joined The Conversation in a four-month investigation of this financial underworld. The inquiry involved extensive surveillance of criminals’ interactions on the dark web and secretive messaging apps that have become hives of illegal activity. The reporting shows:</p>
<ul>
<li><strong>The technological skills of street gangs</strong> and other criminal groups are exceptionally sophisticated, allowing them to loot billions from individuals, businesses, municipalities, states and the federal government.</li>
<li><strong>Robberies of postal workers have <a href="https://www.durbin.senate.gov/imo/media/doc/Letter%20to%20PMG%20DeJoy%20on%20Carrier%20Robberies%20Signed.pdf">escalated sharply</a></strong> as fraudsters steal public mailbox keys in the first step of a chain of crimes that ends with drop accounts’ being loaded with millions in stolen funds.</li>
<li><strong>A robust, anonymous online marketplace</strong> provides everything an aspiring criminal needs to commit drop account fraud, including <a href="https://www.documentcloud.org/documents/23824400-binder1">video tutorials and handbooks</a> that describe tactics for each bank. The dark web and encrypted chat services have become one-stop shops for cybercriminals to buy, sell and share stolen data and hacking tools.</li>
<li><strong>The federal government and banks know the scope</strong> and impact of the crime but have so far failed to take meaningful action.</li>
</ul>
<p>“What we are seeing is that the fraudsters are collaborating, and they are using the latest tech,” said Michael Diamond, general manager of digital banking at Mitek Systems, a San Diego-based developer of digital identity verification and counterfeit check detection systems. “Those two things combined are what are driving the fraud numbers way, way up.”</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/7BrqAMx2vMg?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Criminals target letter carriers for their arrow keys, giving them access to public mailboxes. Via Evidence-Based Cybersecurity Research Group.</span></figcaption>
</figure>
<h2>Billions stolen</h2>
<p>The growth is staggering. Financial institutions <a href="https://www.fincen.gov/sites/default/files/shared/FinCEN%20Alert%20Mail%20Theft-Related%20Check%20Fraud%20FINAL%20508.pdf">reported more than 680,000</a> suspected check frauds in 2022, nearly double the 350,000 such reports the prior year, according to the Treasury Department’s Financial Crimes Enforcement Network, also known as FinCEN. Through internet transactions alone, swindles typically facilitated by drop accounts cost individuals and businesses almost $4.8 billion last year, a jump of about 60% from comparable fraud losses of more than $3 billion in 2020, the Federal Bureau of Investigation <a href="https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf">reported</a>.</p>
<p>Plus, a portion of the <a href="https://www.documentcloud.org/documents/23834834-ssrn-id3906395">estimated $64 billion</a> stolen from just one COVID-19 relief fund went to gangsters who rely on drop accounts, according to a <a href="https://www.documentcloud.org/documents/23808364-20221201-how-fintechs-facilitated-fraud-in-the-paycheck-protection-program-compressed">congressional report</a> and an analysis from the <a href="https://www.documentcloud.org/documents/23834834-ssrn-id3906395">University of Texas at Austin</a>. Criminals using drop accounts also hit the pandemic unemployment relief funds, which experienced improper payments of as much as $163 billion, the <a href="https://www.oig.dol.gov/doloiguioversightwork.htm">Labor Department found</a>. Indeed, experts say the large sums of government money meant to combat economic troubles from COVID-19 fueled the rapid growth of drop account fraud, as trillions of dollars in rescue funds were disbursed in the form of wires and paper checks.</p>
<p>“There were a huge range of criminals who were trained in this during the pandemic,” said one banking industry official who spoke on condition of anonymity because of the sensitivity of the matter. “A lot of them have grown up in the pandemic and seen that it is easy to make a lot of money with these schemes, with very little risk of prosecution.”</p>
<hr>
<p></p><div style="float:right;width:205px;">
<a href="https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz"><img alt="Graphic showing a masked criminal on a stamp and saying 'Heists worth billions'" class="ls-is-cached lazyloaded" data-src="https://images.theconversation.com/files/532510/original/file-20230618-28-hh0pox.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=200&fit=clip" src="https://images.theconversation.com/files/532510/original/file-20230618-28-hh0pox.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=200&fit=clip"></a></div>
<em>This article is an excerpt from <strong><a href="https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz">Heists Worth Billions</a></strong>, an investigation from The Conversation that found criminal gangs using sham bank accounts and secret online marketplaces to steal from almost anyone – and uncovered just how little being done to combat the fraud.</em><p></p>
<p>• <strong><a href="https://theconversation.com/how-to-protect-yourself-from-drop-account-fraud-tips-from-our-investigative-unit-206840">How to protect yourself from drop account fraud – tips from our investigative unit</a>.</strong></p>
<p>• <strong><a href="https://theconversation.com/behind-the-scenes-of-the-investigation-heists-worth-billions-207158">Behind the scenes of the investigation</a></strong></p>
<p>• <strong><a href="https://theconversation.com/announcing-the-conversations-new-investigative-unit-were-looking-for-collaborators-in-academia-207394">Announcing The Conversation’s new investigative unit</a></strong></p><img src="https://counter.theconversation.com/content/206893/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Maimon receives funding from the National Science Foundation, the Criminal Investigations and Network Analysis Center at George Mason University, and other private grants which support the Evidence Based Cybersecurity research group. </span></em></p><p class="fine-print"><em><span>Kurt Eichenwald does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Check fraud is one of history’s oldest financial crimes and criminals are finding new ways to use it to steal billions from banks.David Maimon, Professor of Criminal Justice and Criminology, Georgia State UniversityKurt Eichenwald, Senior Investigative Editor, The ConversationLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2068402023-06-20T13:40:12Z2023-06-20T13:40:12ZHow to protect yourself from drop account fraud – tips from our investigative unit<figure><img src="https://images.theconversation.com/files/532280/original/file-20230615-15-z17k8.png?ixlib=rb-1.1.0&rect=11%2C187%2C2546%2C1388&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Loot stolen from the U.S. Postal Service is displayed on the dark web.</span> <span class="attribution"><span class="source">Via Evidence-Based Cybersecurity Research Group</span></span></figcaption></figure><h2>The types of crimes that use drop accounts are multiplying rapidly, but there are ways to decrease your chances of becoming a victim.</h2>
<ul>
<li>Do not mail checks from anywhere but your local post office. Not even your own mailbox is safe. <a href="https://theconversation.com/how-cybercriminals-turn-paper-checks-stolen-from-mailboxes-into-bitcoin-173796">The best option? Pay bills and send money online</a>.</li>
</ul>
<h2>Protect your identity online by following these steps</h2>
<ul>
<li>Guard your Social Security number. Never use it on medical forms - if asked, write “available upon request” - for a job interview, when applying for a grocery store reward card or when booking travel. If you believe the number has been compromised, <a href="https://faq.ssa.gov/en-us/Topic/article/KA-02220">contact the Social Security Administration to get a new one</a>.</li>
<li>Use only one credit card for online shopping, and never use a debit card.</li>
<li><a href="https://theconversation.com/choose-better-passwords-with-the-help-of-science-82361">Strengthen your online and mobile phone passwords</a>.</li>
<li>If you don’t expect to apply for a credit card or loan soon, <a href="https://www.consumerfinance.gov/ask-cfpb/what-does-it-mean-to-put-a-security-freeze-on-my-credit-report-en-1341/">freeze your credit with all three credit rating agencies</a>.</li>
<li><a href="https://theconversation.com/your-credit-report-is-a-key-part-of-your-privacy-heres-how-to-find-and-check-it-116999">Check your credit reports</a>.</li>
<li>Do not respond to preapproved credit card or loan offers delivered by mail, and, to reduce offers, consider <a href="https://www.optoutprescreen.com/">opting out of receiving these mailings</a>.</li>
<li>Shred your financial information; don’t simply throw it out.</li>
<li>Never give out personal information to anyone contacting you through unsolicited phone calls or emails. </li>
</ul>
<h2>To prevent fraud involving a tax return refund or any other tax issue</h2>
<ul>
<li>Complete and send in your tax return as early as possible, which makes it more difficult for someone to steal your refund. </li>
<li><a href="https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin">Establish an identity protection PIN with the IRS</a>, which only you and the agency will know. </li>
<li>If the IRS rejects your attempt to file your tax return, or if you receive any unusual mail from the agency such as a tax transcript you didn’t request, or it notifies you of suspicious activity, contact the agency at the number <a href="https://www.irs.gov/individuals/understanding-your-cp01c-notice">listed here</a> to report possible identity theft. </li>
<li>Pay any <a href="https://www.irs.gov/payments">taxes owed online</a>, not by check.</li>
</ul>
<h2>To prevent losses through business email compromise scams</h2>
<ul>
<li>Learn and teach employees basic email safety techniques. </li>
<li>Confirm urgent emails from supervisors or vendors demanding immediate wire transfers. In fact, urgent requests are the most suspicious.</li>
<li>Assure employees that double-checking whether these purportedly urgent emails came from the listed sender will not result in criticism or punishment. </li>
<li>Never purchase a gift card requested by a supervisor through email or text.</li>
<li>Human resources officials should never change bank accounts for direct deposit if employees ask by email or text. Always call to double-check that the request is real.</li>
</ul>
<hr>
<p></p><div style="float:right;width:205px;">
<a href="https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz"><img alt="Graphic showing a masked criminal on a stamp and saying 'Heists worth billions'" class="ls-is-cached lazyloaded" data-src="https://images.theconversation.com/files/532510/original/file-20230618-28-hh0pox.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=200&fit=clip" src="https://images.theconversation.com/files/532510/original/file-20230618-28-hh0pox.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=200&fit=clip"></a></div>
<em>This article accompanies <strong><a href="https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz">Heists Worth Billions</a></strong>, an investigation from The Conversation that found criminal gangs using sham bank accounts and secret online marketplaces to steal from almost anyone – and uncovered just how little being done to combat the fraud.</em><p></p>
<ul>
<li><p><strong><a href="https://theconversation.com/behind-the-scenes-of-the-investigation-heists-worth-billions-207158">Behind the scenes of the investigation</a></strong></p></li>
<li><p><strong><a href="https://theconversation.com/announcing-the-conversations-new-investigative-unit-were-looking-for-collaborators-in-academia-207394">Announcing The Conversation’s new investigative unit</a></strong></p></li>
</ul><img src="https://counter.theconversation.com/content/206840/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Kurt Eichenwald does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cyber bank fraud is on the rise. Here are some important ways to protect yourself.Kurt Eichenwald, Senior Investigative Editor, The ConversationLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2011802023-05-04T05:13:44Z2023-05-04T05:13:44ZLickable toads and magic mushrooms: wildlife traded on the dark web is the kind that gets you high<figure><img src="https://images.theconversation.com/files/524271/original/file-20230504-24-jzg7ba.jpg?ixlib=rb-1.1.0&rect=122%2C32%2C5332%2C3598&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Colorado River toad</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>The internet has made it easier for people to buy and sell a huge variety of wildlife – from orchids, cacti and fungi to thousands of birds, mammals, reptiles, amphibians and fish, as well as insects, corals and other invertebrates.</p>
<p>But alongside legal trade in wildlife, there’s a dark twin – illegal trading of wildlife. Endangered birds with very few left in the wild. Horns sawn off shot rhinos. The illegal wildlife trade is a blight. It puts yet more pressure on nature, adds to biodiversity loss and threatens biosecurity, sustainable development and human wellbeing <a href="https://www.nature.com/articles/s41893-019-0363-6">globally</a>. </p>
<p>In our <a href="https://besjournals.onlinelibrary.wiley.com/doi/epdf/10.1002/pan3.10469">new research</a>, we probed the dark web – the secretive section of the internet deliberately set up out of view of search engines. Most people associate the dark web with illicit drug marketplaces. We wanted to see what types of wildlife were being sold there. </p>
<p>The result? Across 51 dark web marketplaces, we found 153 species being sold. These were almost entirely plants and fungi with psychoactive effects, indicating they are part of the well-known dark web drug trade. There were only a small number of advertisements offering vertebrates such as the infamous <a href="https://www.smithsonianmag.com/smart-news/dont-lick-this-toad-national-park-service-says-180981092/#:%7E:text=%E2%80%9CAnd%20there's%20a%20whole%20sect,called%205%2DMeO%2DDMT.">Colorado River toad</a>, which faces poaching pressure because its skin secretes psychoactive toxins as a defence.</p>
<p>Why aren’t traders in illegal wildlife using the dark web? Mainly because the trade in illegally traded animals and animal parts is not hidden – it’s all over the open internet. For instance, the frog toxin kambo used in the ritual <a href="https://www.theguardian.com/australia-news/2023/may/02/its-not-good-nsw-inquest-hears-of-womans-last-words-during-kambo-frog-toxin-ritual">that killed</a> a Mullumbimby woman in 2019 is still sold openly.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/524273/original/file-20230504-28-2l8yxn.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="magic mushrooms" src="https://images.theconversation.com/files/524273/original/file-20230504-28-2l8yxn.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/524273/original/file-20230504-28-2l8yxn.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/524273/original/file-20230504-28-2l8yxn.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/524273/original/file-20230504-28-2l8yxn.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/524273/original/file-20230504-28-2l8yxn.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/524273/original/file-20230504-28-2l8yxn.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/524273/original/file-20230504-28-2l8yxn.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Magic mushrooms from the Psilocybe genus were commonly sold on the dark web.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<h2>What was being sold on the dark web?</h2>
<p>We found over 3,000 advertisements selling wildlife species on dark web marketplaces between 2014 and 2020. We searched these marketplaces for keywords relating to <a href="https://www.sciencedirect.com/science/article/pii/S2352340921008076">wildlife trade and species names</a>. </p>
<p>What was for sale? Of the 153 species we found, we verified 68 as containing psychoactive chemicals. </p>
<p>The most commonly traded species was a South American tree <em>Mimosa tenuiflora</em>, commonly known as jurema preta, whose bark contains an extremely potent hallucinogen, DMT. Plants made up most of the species being sold, with many coming from Central and Southern America. </p>
<p>We also found 19 species of Psilocybe fungi being sold. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/astonishing-global-demand-for-exotic-pets-is-driving-a-massive-trade-in-unprotected-wildlife-188971">'Astonishing': global demand for exotic pets is driving a massive trade in unprotected wildlife</a>
</strong>
</em>
</p>
<hr>
<p>Many species were being sold for their purported medical properties, as well a small number of species being sold for clothing, decoration or as pets. </p>
<p>Many of the animals we found on the dark web have a long history of being illegally traded, such as live African grey parrots, as well as elephant ivory, rhino horn, and the teeth and skins of tigers and lions. </p>
<p>We also found small amounts of <a href="https://www.sciencedirect.com/science/article/pii/S0006320720300677">less commonly documented wildlife</a>, including the Goliath beetle, Chinese golden scorpion and Japanese sea cucumber.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/524274/original/file-20230504-30-7tx7d1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Japanese sea cucumber" src="https://images.theconversation.com/files/524274/original/file-20230504-30-7tx7d1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/524274/original/file-20230504-30-7tx7d1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/524274/original/file-20230504-30-7tx7d1.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/524274/original/file-20230504-30-7tx7d1.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/524274/original/file-20230504-30-7tx7d1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/524274/original/file-20230504-30-7tx7d1.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/524274/original/file-20230504-30-7tx7d1.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Japanese sea cucumbers were also being sold.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<h2>The illegal wildlife trade is hard to stop</h2>
<p>Globally, the wildlife trade is regulated by the Convention on International Trade in Endangered Species of Wild Fauna and Flora (CITES). But the regulated market is just a fraction of the whole. To date, CITES protects less than 5% of traded species. The number of species traded live outnumbers the regulated trade by <a href="https://conbio.onlinelibrary.wiley.com/doi/10.1111/cobi.13978">at least three times</a>, according to some estimates. </p>
<p>To date, there have been few effective disincentives to stop traffickers from selling illegal wildlife online. Punishments for convicted wildlife traffickers are not effective, with Australian traffickers continuing to harvest animals even <a href="https://www.abc.net.au/news/2023-03-02/animal-smuggler-fined-after-native-fauna-found-in-his-car/102040096">after being caught</a>. </p>
<p>Efforts to combat wildlife trafficking online <a href="https://doi.org/10.1016/j.biocon.2023.110040">are increasing</a>. One positive recent initiative is the <a href="https://www.endwildlifetraffickingonline.org/">End Wildlife Trafficking Online</a> coalition. It’s a collaboration between animal NGOs and online platforms like Facebook, Alibaba and eBay aimed at rooting out online trafficking. </p>
<p>While clamping down on illicit open web trade is crucial, crackdowns here make it more likely that a wider range of wildlife will surface on the dark web.</p>
<h2>What can be done?</h2>
<p>Australia and all other nations that have signed up to CITES have a responsibility to keep track of internet-based wildlife trade. At recent CITES conferences resolutions were made to track and report all internet trade – including on the dark web – in an effort to boost monitoring and enforcement of wildlife trafficked online. </p>
<p>One stumbling block is the legality of online trade, which depends on factors such as the laws of the country or countries involved and whether the sale actually took place. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/524275/original/file-20230504-14-2l8yxn.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Red tailed black cockatoo" src="https://images.theconversation.com/files/524275/original/file-20230504-14-2l8yxn.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/524275/original/file-20230504-14-2l8yxn.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/524275/original/file-20230504-14-2l8yxn.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/524275/original/file-20230504-14-2l8yxn.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/524275/original/file-20230504-14-2l8yxn.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/524275/original/file-20230504-14-2l8yxn.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/524275/original/file-20230504-14-2l8yxn.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Red-tailed black cockatoos are illegally trafficked overseas.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<p>To stop the trafficking of iconic Australian species <a href="https://www.abc.net.au/news/rural/2021-10-02/illegal-wildlife-trade-reports-of-trafficking-increase/100508584">such as</a> shingleback lizards and red-tailed black cockatoos, authorities here have to monitor <a href="https://zslpublications.onlinelibrary.wiley.com/doi/abs/10.1111/acv.12721">what native species</a> are being bought and sold online, as well as the species <a href="https://www.publish.csiro.au/pc/PC21057">trafficked into and through</a> Australia. </p>
<p>Since 2019 we have been monitoring the wildlife trade in Australia, drawing data from over 80 websites and <a href="https://www.nature.com/articles/d41586-022-01830-9">forums</a>. </p>
<p>Datasets like this will be vital in monitoring and combating internet-facilitated wildlife crime as it continues to grow – especially if enforcement drives traffickers to harder-to-access parts of the internet like the dark web. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/new-expose-of-australias-exotic-pet-trade-shows-an-alarming-proliferation-of-alien-threatened-and-illegal-species-203354">New exposé of Australia's exotic pet trade shows an alarming proliferation of alien, threatened and illegal species</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/201180/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Phill Cassey receives funding from the Australian Research Council and previously the Centre for Invasive Species Solutions. </span></em></p><p class="fine-print"><em><span>Adam Toomes receives funding from the Australian Research Council and previously the Centre for Invasive Species Solutions.</span></em></p><p class="fine-print"><em><span>Charlotte Lassaline previously received funding from the Centre for Invasive Species Solutions.</span></em></p><p class="fine-print"><em><span>Freyja Watters receives funding from an Adelaide University Postgraduate Research Scholarship. </span></em></p><p class="fine-print"><em><span>Jacob Maher previously received funding from the Centre for Invasive Species Solutions. He is affiliated with the National Tertiary Education Union.</span></em></p><p class="fine-print"><em><span>Oliver C. Stringham previously received funding from the Centre for Invasive Species Solutions.</span></em></p>Most wildlife is trafficked openly, while dark web markets sell animals, plants and fungi as drugs. But this could change if there’s a clampdown on open trade.Phill Cassey, Head, Department of Ecology & Evolutionary Biology, University of AdelaideAdam Toomes, Ph.D. student at the Invasion Science & Wildlife Ecology Group, University of AdelaideCharlotte Lassaline, PhD Student, University of AdelaideFreyja Watters, PhD candidate, University of AdelaideJacob Maher, PhD Candidate, University of AdelaideOliver C. Stringham, Researcher, University of AdelaideLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1931452022-11-29T12:00:52Z2022-11-29T12:00:52ZChild sexual abuse review: how research can help to tackle growing online abuse<figure><img src="https://images.theconversation.com/files/492535/original/file-20221031-14-pp4l6n.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Each time abuse material is shared, the victim is revictimised.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/digital-lifestyle-blog-writer-business-person-407179981">Chinnapong | Shutterstock</a></span></figcaption></figure><p>In the seven years since the <a href="https://www.gov.uk/government/publications/iicsa-report-of-the-independent-inquiry-into-child-sexual-abuse">Independent Inquiry into Child Sexual Abuse</a> launched in 2015, it has held more than 300 days of public hearings, processed over 2 million pages of evidence, heard from over 700 witnesses, and engaged with over 7,000 victims and survivors. </p>
<p>One of the most pressing issues the inquiry <a href="https://www.theguardian.com/uk-news/2022/oct/20/what-is-the-child-sexual-abuse-inquiry-and-why-did-it-take-seven-years">has raised</a> is that of <a href="https://theconversation.com/eu-law-would-require-big-tech-to-do-more-to-combat-child-sexual-abuse-but-a-key-question-remains-how-183512">online-facilitated child sexual abuse</a>. The use of hidden services to distribute online child sexual abuse material globally increased <a href="https://www.iwf.org.uk">by 155%</a> between 2019 and 2020. </p>
<p>In 2021 alone, <a href="https://inhope.org/EN">Inhope</a> – an organisation that supports 50 hotlines in 46 countries around the world to remove child sexual abuse material from the internet – handled almost 1 million URLs featuring suspected child sexual abuse and exploitation. And the scope and scale of online child sexual abuse show no sign of abating. Of the images and videos reviewed by the Inhope hotlines in 2021, 82% had not seen before. </p>
<h2>A growing threat</h2>
<p>In the wake of the scandals involving <a href="https://theconversation.com/jimmy-savile-how-the-netflix-documentary-fails-to-address-the-role-institutions-play-in-abuse-181383">Jimmy Savile</a>, Rolf Harris and other celebrities, the inquiry was commissioned by the UK government in 2015, to scrutinise the extent to which state and non-state institutions had failed to protect children.</p>
<p>On October 20 2022, this inquiry <a href="https://www.theguardian.com/uk-news/2022/oct/20/child-sexual-abuse-inquiry-final-report-20-actions-for-change">published</a> its <a href="https://www.iicsa.org.uk/final-report">final report</a>. Underlining that child protection should be made a national priority, its report puts forward 20 recommendations, designed to make England and Wales places where children can grow up safely and thrive. These both take in lessons from the past and seek to address evolving challenges, of which online sexual abuse is the most urgent.</p>
<p>Research with survivors <a href="https://www.protectchildren.ca/en/resources-research/survivors-survey-results/">shows</a> that when documentation of their abuse is shared online, it affects them differently than the abuse they originally suffered. The images are permanent and the sharing never ends. Online distribution of this kind of material thus results in children being re-victimised each time it is viewed. </p>
<p>The sheer scale of offending in this sphere, and the opportunities afforded to offenders to hide their activities with end-to-end encryption, means that the deck is heavily stacked against a law-enforcement response alone. The inquiry has asserted as much. </p>
<p>The report thus focuses attention on the responsibility of platform providers. It recommends that it become mandatory for all search service and user-to-user service providers <a href="https://theconversation.com/apple-can-scan-your-photos-for-child-abuse-and-still-protect-your-privacy-if-the-company-keeps-its-promises-165785">to screen any material</a> at the point where it is uploaded. The hope is that this will prevent any child-abuse material from ever getting into the public domain. </p>
<p>This recommendation, of course, only addresses the supply side of the equation. What is also needed is an approach that actively reduces the demand for child sexual abuse material. </p>
<p>Research has a key role to play here. By looking for patterns and insight into the behaviour of people who intend to abuse children, as the collaboration between the <a href="https://childrescuecoalition.org">Child Rescue Coalition</a> non-profit and the <a href="https://aru.ac.uk/policing-institute">Policing Institute for the Eastern Region</a> is doing, academics can help with the development of tools to support law-enforcement investigations. </p>
<p>Research can also help to design interventions for people who share and consume this abuse material. The <a href="https://www.suojellaanlapsia.fi/en/post/csam-users-in-the-dark-web-protecting-children-through-prevention">Redirection survey (2021)</a> by the Helsinki-based non-profit, Suojellaan Lapsia (meaning “Protect Children”), canvased the views of over 8,000 people on the dark web who accessed abuse images. This survey found that only 13% had sought help but that 50% wanted to stop and 62% had tried to stop but failed. These findings have helped with the development of a self-help programme for people who search for, view, and distribute child sexual abuse material. </p>
<p>A 2021 threat assessment by the We Protect Global Alliance organisation <a href="https://www.weprotect.org/global-threat-assessment-21/">stated</a> that online child sexual abuse represents “one of the most urgent and defining issues of our generation”. Finding ways to tackle the devastating harm caused by this type of abuse, at the root, is crucial. For a sustainable, long-term prevention strategy to make any kind of headway, preventing harm in the first place needs to be prioritised.</p><img src="https://counter.theconversation.com/content/193145/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Samantha Lundrigan receives funding from The Dawes Trust</span></em></p>Online child sexual abuse has been described as one of the most urgent and defining issues we face. Tackling it at the root is imperative.Samantha Lundrigan, Professor of Investigative Psychology and Public Protection, Anglia Ruskin UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1916582022-10-05T00:01:43Z2022-10-05T00:01:43ZThe dark web down under: what’s driving the rise and rise of NZ’s ‘Tor Market’ for illegal drugs?<figure><img src="https://images.theconversation.com/files/487679/original/file-20221003-24-gf1j44.jpg?ixlib=rb-1.1.0&rect=7%2C0%2C5100%2C3660&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Getty Images</span></span></figcaption></figure><p>New Zealand is generally proud of being a world leader, but there’s one claim that might not be universally admired: being home to the longest running English-language market for illegal drugs on the so-called “darknet”.</p>
<p>Known as “Tor Market”, it has been active since March 2018 and has outlived several larger and better known operations such as “Dream Market”, “Hydra Market” and “Empire”. The longevity of Tor Market is surprising, given so many darknet drug markets have only lasted relatively briefly.</p>
<p>That doesn’t mean you’ll be able to find it easily. The darknet is an encrypted portion of the internet not indexed by search engines. It requires specific anonymising browser software to access, typically I2P or Tor software – hence the local market’s name.</p>
<p>Many darknets sell illegal drugs anonymously, with delivery by traditional post or courier, and resemble legal e-commerce sites such as Amazon. </p>
<p>An <a href="https://www.emcdda.europa.eu/system/files/publications/6585/TD0417834ENN.pdf">analysis of over 100 darknet markets</a> between 2010 and 2017 found sites were active for an average of just over eight months. Of the more than 110 darknet drug markets active from 2010 to 2019, just <a href="https://www.emcdda.europa.eu/system/files/publications/12078/20192630_TD0319332ENN_PDF.pdf">ten remained fully operational</a> by 2019.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=425&fit=crop&dpr=1 600w, https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=425&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=425&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=533&fit=crop&dpr=1 754w, https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=533&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/487684/original/file-20221003-10113-s17ihm.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=533&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">US authorities announce the arrest of 179 people and seizure of more than US$6.5 million in a worldwide crackdown on darknet opioid trafficking in 2020.</span>
<span class="attribution"><span class="source">Getty Images</span></span>
</figcaption>
</figure>
<h2>The fragmented darknet ecosystem</h2>
<p>Darknet marketplaces have disappeared as a result of increasingly sophisticated and successful law enforcement operations, including clandestinely taking over sites for extended periods to gather evidence on vendors and buyers. </p>
<p>Alternatively, site administrators pull off opportunistic exit scams and abscond with cryptocurrency held in accounts. </p>
<p>No dominant international darknet market has emerged since the “voluntary shut down” of Dream Market in 2019. And there appears to be a general loss of confidence in darknet drug supply due to those enforcement shutdowns and exit scams.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-darknet-is-not-a-hellhole-its-an-answer-to-internet-privacy-101420">The darknet is not a hellhole, it's an answer to internet privacy</a>
</strong>
</em>
</p>
<hr>
<p>While total sales on all darknet markets increased in 2020, and again in the first quarter of 2021, data for the fourth quarter of 2021 suggest <a href="https://www.unodc.org/res/wdr2022/MS/WDR22_Booklet_2.pdf">sales declined</a> by as much as 50%.</p>
<p>This makes Tor Market’s performance over the same period even more remarkable. Its listings grew from fewer than ten products in the months prior to Dream Market’s closure in early 2019 to over 100 products by July that year. </p>
<p>After a steady period where there were, on average, 255 listings across 2020 and 379 across 2021, another period of growth happened in early 2022. This saw over a thousand products being listed on Tor Market by mid-2022 (see graph below).</p>
<p>This expansion was driven by a steady increase in international sales, which grew to outnumber domestic New Zealand sales by early 2022.</p>
<hr>
<iframe src="https://flo.uri.sh/visualisation/11329272/embed" title="Interactive or visual content" class="flourish-embed-iframe" frameborder="0" scrolling="no" style="width:100%;height:600px;" sandbox="allow-same-origin allow-forms allow-scripts allow-downloads allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation" width="100%" height="400"></iframe>
<div style="width:100%!;margin-top:4px!important;text-align:right!important;"><a class="flourish-credit" href="https://public.flourish.studio/visualisation/11329272/?utm_source=embed&utm_campaign=visualisation/11329272" target="_top"><img alt="Made with Flourish" src="https://public.flourish.studio/resources/made_with_flourish.svg"> </a></div>
<hr>
<h2>Filling a market gap</h2>
<p>On the face of it, New Zealand may seem an unlikely location for a rising international darknet drug market. Its geographical isolation from large European and US drug markets, small population, and historical absence of any substantial cocaine and heroin supply should all work against it.</p>
<p>Yet these factors may be exactly what has driven this market innovation.</p>
<p>Darknets provide anonymous and direct access to international drug sellers who have MDMA, cocaine and opioids for sale – drug types not easily accessed in physical drug markets in New Zealand. These international sellers are otherwise unlikely to have any interest in supplying such a small, distant market.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/inside-a-ransomware-attack-how-dark-webs-of-cybercriminals-collaborate-to-pull-them-off-163015">Inside a ransomware attack: how dark webs of cybercriminals collaborate to pull them off</a>
</strong>
</em>
</p>
<hr>
<p>By providing offerings from dozens of international drug sellers and a centralised forum for buyers, Tor Market solves the very real economic problem of “thin markets” in the New Zealand drug scene, where there are simply not enough buyers to sustain sellers for some drug types. </p>
<p>Usually, buyers and sellers would have trouble connecting and hence justifying large-scale international trafficking. Darknets solve this problem by offering retail quantities of drug types that are traditionally difficult to source, such as MDMA, directly to buyers. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-the-worlds-biggest-dark-web-platform-spreads-millions-of-items-of-child-sex-abuse-material-and-why-its-hard-to-stop-167107">How the world's biggest dark web platform spreads millions of items of child sex abuse material — and why it's hard to stop</a>
</strong>
</em>
</p>
<hr>
<h2>Size and scrutiny</h2>
<p>New Zealanders have a history of innovative solutions to the so-called “tyranny of distance”. They also have a relatively <a href="https://datareportal.com/reports/digital-2021-new-zealand">high level</a> of digital engagement and online shopping habits by international standards. Perhaps darknets offer a familiar online shopping experience. </p>
<p>For their part, the Tor Market administrators claim (based on their own site’s help manual) to offer a range of design innovations and features that ensure the security of Tor Market. </p>
<p>This kind of boasting is not uncommon among darknet operators as a marketing strategy to attract new vendors to a site. And it’s not clear whether Tor Market is really offering any superior security features or coding infrastructure compared to other sites. </p>
<p>More credible is Tor Market’s purported business strategy of purposely seeking to maintain a low profile compared to larger international sites. Indeed, many of the vendors on Tor Market in the early days were New Zealand-based and who only sold to local buyers. </p>
<p>The rising international listings on Tor Market may reflect wider problems in the darknet ecosystem, including the closure of previously dominant darknet markets and the unreliability of many sites due to denial-of-service attacks. </p>
<p>In the end, Tor Market’s success may be its undoing. It remains to be seen whether it can sustain its international growth and operate with a higher international profile, given the related risk of international law enforcement looking its way.</p><img src="https://counter.theconversation.com/content/191658/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Chris Wilkins and Marta Rychert receive funding from the New Zealand Royal Society Te Apārangi Marsden Fund Grant MAU1812. </span></em></p><p class="fine-print"><em><span>Marta Rychert receives funding from the New Zealand Royal Society Te Apārangi and NZ Health Research Council.</span></em></p>Tor Market is now the longest-running English-language market for illegal drugs on the dark web. But its success and profile may contain the seeds of its own downfall.Chris Wilkins, Associate Professor of illegal drug research, Massey UniversityMarta Rychert, Senior Researcher in Drug Policy, Massey UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1914942022-09-28T01:58:26Z2022-09-28T01:58:26ZThe ‘Optus hacker’ claims they’ve deleted the data. Here’s what experts want you to know<figure><img src="https://images.theconversation.com/files/486966/original/file-20220928-12-cw5kk.jpg?ixlib=rb-1.1.0&rect=23%2C23%2C3970%2C2041&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">T. Schneider/Shutterstock</span></span></figcaption></figure><p>Shortly after Australian telecommunications company Optus announced the identity data of millions of customers had been stolen, a person claiming to be the hacker announced they would delete the data for US$1 million.</p>
<p>When Optus didn’t pay, the purported hacker published 10,000 stolen records and threatened to release ten thousand more every day until the ransom deadline. These leaked records contained identity information such as driver’s license, passport and Medicare numbers, as well as <a href="https://www.theguardian.com/business/2022/sep/27/police-all-over-dark-web-ransom-threat-to-release-10000-customer-records-a-day-optus-ceo-says">parliamentary and defense contact information</a>.</p>
<p>A few hours after the data drop, the purported hacker <a href="https://www.abc.net.au/news/2022-09-27/optus-data-breach-cyber-attack-hacker-ransom-sorry/101476316">unexpectedly apologised</a> and claimed to have deleted the data due to “too many eyes”, suggesting fear of being caught. Optus confirms they <a href="https://www.theguardian.com/business/2022/sep/27/alleged-optus-hacker-apologises-for-data-breach-and-drops-ransom-threat">did not pay the ransom</a>.</p>
<h2>They’ve said they deleted the data – now what? Is it over?</h2>
<p>Communication from the person claiming to be the hacker and the release of 10,200 records have all occurred on a website dedicated to buying and selling stolen data.</p>
<p>The data they released are now easily available and appear to be legitimate data stolen from Optus (their legitimacy has not been verified by Optus or the Australian Federal Police; the FBI in the United States <a href="https://www.afr.com/companies/telecommunications/more-optus-data-details-dumped-online-overnight-20220927-p5bl7s">has now been called in</a> to help the investigation).</p>
<p>The question then is – why would the hacker express remorse and claim to delete the data?</p>
<p>Unfortunately, while the purported hacker did appear to possess the legitimate data, there is no way to verify the deletion. We have to ask: what would the hacker gain from claiming to delete them?</p>
<p>It is likely a copy still remains, and it’s even possible the post is a ploy to convince victims not to worry about their security – to increase the likelihood of successful attacks using the data. There is also no guarantee the data were not already sold to a third party. </p>
<h2>What next?</h2>
<p>Whatever the motivations of the person claiming to be the hacker, their actions suggest we should continue to expect all records stolen from Optus do remain in malicious hands.</p>
<p>Despite the developments, <a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">recommendations still stand</a> – you should still be taking proactive action to protect yourself. These actions are good cyber hygiene practices no matter the circumstances.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide</a>
</strong>
</em>
</p>
<hr>
<p>An extra measure offered recently is <a href="https://www.theguardian.com/australia-news/2022/sep/27/optus-data-breach-australians-will-be-able-to-change-their-drivers-licence-with-telco-to-pay">changing your driver’s license number</a>, <a href="https://www.passports.gov.au/optus-data-breach">ordering a new passport</a> and <a href="https://www.servicesaustralia.gov.au/what-to-do-if-youve-been-affected-recent-optus-data-breach">Medicare card</a>.</p>
<p>However it is unclear at this early stage whether free options to change these documents will be made to all data breach victims, or only a subset of victims.</p>
<h2>Can I find out whether my data were part of the 10,200 leaked records?</h2>
<p>Reports of <a href="https://eftm.com/2022/09/scammers-already-targeting-optus-customers-exposed-in-million-dollar-ransom-demand-227627">people being contacted by scammers</a> suggest they are already being used.</p>
<p>Troy Hunt, the Australian cyber security professional who maintains <a href="https://haveibeenpwned.com/">HaveIBeenPwned</a> – a website you can use to check whether your data are part of a known breach – has announced he will <a href="https://twitter.com/troyhunt/status/1574582128385224705">not add the leaked data to the site</a> at this stage. So this method will not be available.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1574582132969656320"}"></div></p>
<p>The best course of action in this case is to assume your data may have been released until <a href="https://www.linkedin.com/posts/victordominello_digital-cybersecurity-activity-6980423491669946368-UWWj">Optus notifies people in the coming week</a>.</p>
<h2>Are the released data already being used?</h2>
<p>The least technically sophisticated method of targeting Optus customers is to use the details to make direct contact and ask for a ransom. There are reports blackmailers are <a href="https://www.theguardian.com/business/2022/sep/27/alleged-optus-hacker-apologises-for-data-breach-and-drops-ransom-threat">already targeting breach victims</a> via text message, claiming to have the data and threatening to post it on the dark web unless the victim pays.</p>
<p>The data have already leaked and claims about deleting the data are untrue. Paying anyone who makes these claims will not increase the security of your information.</p>
<p>Data recovery scams – where scammers target victims offering help to remove their data from the dark web or recover any money lost for a fee – <a href="https://7news.com.au/technology/optus/cyber-criminals-using-optus-hack-to-target-anxious-australian-customers-with-new-scams-c-8371154">have also become prominent</a>. Instead of helping, they steal money or obtain more information from the victim. Anyone who claims to be able to scrub the data from the dark web is claiming to put toothpaste back in the tube. It isn’t possible.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1574614032858124288"}"></div></p>
<p>The data could also be used to identify family members to make the “<a href="https://www.accc.gov.au/media-release/accc-warning-of-suspicious-messages-as-%E2%80%9Chi-mum%E2%80%9D-scams-spike">Hi Mum</a>” or family impersonation scam more convincing. This involves scammers posing as a family member or friend from a new phone number, often using WhatsApp, in need of urgent financial help. Anyone receiving this kind of text message should make every effort to contact their family member or friend by other means.</p>
<h2>What else can my data be used for?</h2>
<p>The scams involved with these data will only grow in the coming days and weeks and may not be confined to the digital world.</p>
<p>Other possible uses involve activities like attempting to take over valuable online accounts or your SIM card, or setting up new financial services and SIM cards in your name. The advice we provided in <a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">our previous article</a> applies to these.</p>
<p>Additionally, anyone with reason to be concerned about physical safety if their location is known (for example domestic abuse survivors) should consider the possibility that their names, telephone numbers and address may have leaked or may in the future.</p>
<p>If you have been the victim of fraud or identity theft as a result of this breach or any others, you can contact <a href="https://www.idcare.org">IDCare</a> for additional aid and <a href="https://www.cyber.gov.au/acsc/report">Cyber Report</a> to report the crime.</p><img src="https://counter.theconversation.com/content/191494/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>If you’ve been affected by the Optus data breach, the danger is far from over – no matter what the purported hacker is claiming.Jennifer J. Williams, PhD Candidate, Macquarie UniversityJeffrey Foster, Associate Professor in Cyber Security Studies, Macquarie UniversityTamara Watson, Associate Professor in Psychological Science, Western Sydney UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1671072021-09-02T20:09:31Z2021-09-02T20:09:31ZHow the world’s biggest dark web platform spreads millions of items of child sex abuse material — and why it’s hard to stop<figure><img src="https://images.theconversation.com/files/419032/original/file-20210902-14-1a4z44w.jpeg?ixlib=rb-1.1.0&rect=80%2C0%2C4808%2C3254&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Child sexual abuse material is rampant online, despite <a href="https://www.blog.google/around-the-globe/google-europe/using-ai-help-organizations-detect-and-report-child-sexual-abuse-material-online/">considerable efforts by</a> big tech companies and governments to curb it. And according to reports, it has only become <a href="https://www.weprotect.org/library/impact-of-covid-19-on-child-sexual-exploitation-online/">more prevalent</a> during the COVID-19 pandemic.</p>
<p>This material is largely hosted on the anonymous part of the internet — the “darknet” - where perpetrators can share it with little fear of prosecution. There are currently a few platforms offering anonymous internet access, including <a href="https://geti2p.net/en/">i2p</a>, <a href="https://freenetproject.org/index.html">FreeNet</a> and <a href="https://www.torproject.org/">Tor</a>. </p>
<p>Tor is by far the largest and presents the biggest conundrum. The open-source network and browser grants users anonymity by encrypting their information and letting them escape tracking by internet service providers. </p>
<p><a href="https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/">Online privacy advocates</a> including Edward Snowden have championed the benefits of such platforms, claiming they protect free speech, freedom of thought and civil rights. But they have a dark side, too.</p>
<h2>Tor’s perverted underworld</h2>
<p>The <a href="https://support.torproject.org/">Tor Project</a> was initially developed by the US Navy to protect online intelligence communications, before its code was publicly released in 2002. The Tor Project’s developers have acknowledged the potential to misuse the service which, when combined with technologies such as <a href="https://www.getmonero.org/">untraceable cryptocurrency</a>, can help hide criminals. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/explainer-what-is-the-dark-web-46070">Explainer: what is the dark web?</a>
</strong>
</em>
</p>
<hr>
<p>Tor is an overlay network that exists “on top” of the internet and merges two technologies. The first is the onion service software. These are the websites, or “onion services”, hosted on the Tor network. These sites require an onion address and their servers’ physical locations are hidden from users. </p>
<p>The second is Tor’s privacy-maximising browser. It enables users to browse the internet anonymously by hiding their identity and location. While the Tor browser is needed to access onion services, it can also be used to browse the “surface” internet. </p>
<p>Accessing the Tor network is simple. And while search engine options are limited (there’s no Google), discovering onion services is simple, too. The <a href="https://www.bbc.com/news/technology-50150981">BBC</a>, New York Times, ProPublica, Facebook, the CIA and Pornhub all have a verified presence on Tor, to name a few.</p>
<p>Service dictionaries such as “The Hidden Wiki” list addresses on the network, allowing users to discover other (often illicit) services.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Hidden Wiki main page screenshot." src="https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=834&fit=crop&dpr=1 600w, https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=834&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=834&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1048&fit=crop&dpr=1 754w, https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1048&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/419033/original/file-20210902-13-1ws3uhq.jpeg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1048&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">The Hidden Wiki main page.</span>
<span class="attribution"><span class="source">Wikimedia Commons</span></span>
</figcaption>
</figure>
<h2>Child sex abuse material and abuse porn is prevalent</h2>
<p>The number of onion services active on the Tor network is unknown, although the Tor Project estimates about 170,000 active addresses. The architecture of the network allows partial monitoring of the network traffic and a summary of which services are visited. Among the visited services, child sex abuse material is common. </p>
<p>Of the <a href="https://metrics.torproject.org/userstats-relay-country.html">estimated</a> 2.6 million users that use the Tor network daily, <a href="https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/iet-ifs.2015.0121">one study</a> reported only 2% (52,000) of users accessed onion services. This suggests most users access the network to <a href="https://www.pnas.org/content/pnas/117/50/31716.full.pdf">retain their online privacy</a>, rather than use anonymous onion services. </p>
<p>That said, the same study found from a single data capture that about 80% of traffic to onion services was directed to services which did offer illegal porn, abuse images and/or child sex abuse material.</p>
<p>Another <a href="https://dsimg.ubm-us.net/envelope/385643/510233/The%20Truth%20About%20The%20Dark%20Web.pdf">study</a> estimated 53.4% of the 170,000 or so active onion domains contained legal content, suggesting 46.6% of services had content which was either illegal, or in a grey area. </p>
<p>Although scams make up a significant proportion of these services, cryptocurrency services, drug deals, malware, weapons, stolen credentials, counterfeit products and child sex abuse material also feature in this dark part of the internet.</p>
<p>Only about 7.5% of the child sex abuse material on the Tor network is <a href="https://cj.msu.edu/_assets/pdfs/cina/CINA-White_Papers-Liggett_Commercial_Child_Sexual_Abuse_Markets_Dark_Web.pdf">estimated to be</a> sold for a profit. The majority of those involved aren’t in it for money, so most of this material is simply swapped. That said, <a href="https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2020">some services have started</a> charging fees for content. </p>
<p>Several high-profile onion services hosting child sex abuse material have been <a href="https://www.vice.com/en/article/4xezgg/australian-dark-web-hacking-campaign-unmasked-hundreds-globally">shut down</a> following extensive cross-jurisdictional law enforcement operations, including The Love Zone website in 2014, PlaypEn in 2015 and Child’s Play in 2017.</p>
<p>A recent effort led by German police, and involving others including Australian Federal Police, Europol and the FBI, resulted in the shutdown of the illegal website <a href="https://en.wikipedia.org/wiki/Boystown_(website)">Boystown</a> in May. </p>
<p>But one of the largest child sex abuse material forums on the internet (not just Tor) has evaded law enforcement (and activist) takedown attempts for a decade. As of last month it had 508,721 registered users. And since 2013 it has hosted over a million pictures and videos of child sex abuse material and abuse porn.</p>
<p>The paedophile (eroticisation of pre-pubescent children), haebephile (pubescent children) and ephebophile (adolescents) communities are among the early adopters of anonymous discussion forums on Tor. Forum members distribute media, support each other and exchange tips to avoid police detection and scams targeting them.</p>
<p>The <a href="https://www.weprotect.org/">WeProtect Alliance</a>’s 2019 <a href="https://www.end-violence.org/sites/default/files/paragraphs/download/Global%20Threat%20Assessment%202019.pdf">Global Threat Assessment report</a> estimated there were more than 2.88 million users on ten forums dedicated to paedophilia and paraphilia interests operating via onion services. </p>
<h2>Countermeasures</h2>
<p>There are huge challenges for law enforcement trying to prosecute those who produce and/or distribute child sex abuse material online. Such criminal activity typically falls across multiple jurisdictions, making detection and prosecution difficult.</p>
<p>Undercover operations and novel online investigative techniques are essential. One example is targeted “hacks” which offer law enforcement back-door access to sites or forums hosting child sex abuse material.</p>
<p>Such operations are facilitated by <a href="https://www.coe.int/en/web/cybercrime/the-budapest-convention">cybercrime</a> and <a href="https://www.unodc.org/unodc/en/organized-crime/intro/UNTOC.htmll">transnational organised crime</a> treaties which address child sex abuse material and the trafficking of women and children.</p>
<p>Given the volatile nature of many onion services, a focus on onion directories and forums may help with harm reduction. Little is known about child sex abuse material forums on Tor, or the extent to which they influence onion services hosting this material.</p>
<p>Apart from coordinating to avoid detection, forum users can also share information about police activity, rate onion service vendors, share sites and expose scams targeting them.</p>
<p>The monitoring of forums by outsiders can lead to actionable interventions, such as the successful profiling of active offenders. Some agencies have explored using undercover law enforcement officers, civil society, or NGO experts (such as from the <a href="https://www.weprotect.org">WeProtect Global Alliance</a> or <a href="https://www.ecpat.org">ECPAT International</a>) to promote self-regulation within these groups.</p>
<p>While there is a lack of research on this, reformed or recovering offenders can also provide counsel to others. Some sub-forums seek to offer education, encourage treatment and reduce harm — usually by focusing on the legal and health issues associated with consuming child sex abuse material, and ways to control urges and avoid stimuli. </p>
<p>Other contraband services also play a role. For instance, onion services dedicated to drug, malware or other illicit trading usually ban child sex abuse material that creeps in. </p>
<p>Why does the Tor network allow such abhorrent material to remain, despite extensive opposition — sometimes even from those within these groups? Surely those representing Tor have read complaints in the media, if not <a href="https://www.protectchildren.ca/pdfs/C3P_SurvivorsSurveyFullReport2017.pdf">survivor</a> reports about child sex abuse material.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-darknet-a-wild-west-for-fake-coronavirus-cures-the-reality-is-more-complicated-and-regulated-137608">The darknet – a wild west for fake coronavirus 'cures'? The reality is more complicated (and regulated)</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/167107/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Roderic Broadhurst has received funding for a variety of research projects on cybercrime and darknet markets from the Australian Research Council, Australian Institute of Criminology, Korean institute of Criminology and, the Australian Criminology Research Council. Since April 2019 he has served on the Australian Centre to Counter Child Exploitation Research Working Group. </span></em></p><p class="fine-print"><em><span>Matthew Ball does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>One study found 80% of darknet traffic on Tor went to sites hosting unmoderated porn and child sex abuse material.Roderic Broadhurst, Emeritus Professor, Australian National UniversityMatthew Ball, Laboratory Coordinator at the Australian National University's Cybercrime Observatory, Australian National UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1589342021-05-13T12:33:49Z2021-05-13T12:33:49ZHere’s how much your personal information is worth to cybercriminals – and what they do with it<figure><img src="https://images.theconversation.com/files/400396/original/file-20210512-16-eqal3n.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C10667%2C7984&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The black market for stolen personal information motivates most data breaches.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/illustration/internet-fraud-hacker-behind-a-laptop-royalty-free-illustration/1276940612?adppopup=true">aleksey-martynyuk/iStock via Getty Images</a></span></figcaption></figure><p>Data breaches have become common, and <a href="https://pages.riskbasedsecurity.com/hubfs/Reports/2020/2020%20Q1%20Data%20Breach%20QuickView%20Report.pdf">billions of records are stolen worldwide every year</a>. Most of the media coverage of data breaches tends to focus on how the breach happened, how many records were stolen and the financial and legal impact of the incident for organizations and individuals affected by the breach. But what happens to the data that is stolen during these incidents?</p>
<p>As a <a href="https://scholar.google.com/citations?user=pvxc54kAAAAJ&hl=en">cybersecurity researcher</a>, I track data breaches and the black market in stolen data. The destination of stolen data depends on who is behind a data breach and why they’ve stolen a certain type of data. For example, when data thieves are motivated to embarrass a person or organization, expose perceived wrongdoing or improve cybersecurity, they tend to release relevant data into the public domain. </p>
<p>In 2014, hackers backed by North Korea <a href="https://www.pbs.org/newshour/nation/north-korean-programmer-charged-in-sony-hack-wannacry-attack">stole Sony Pictures Entertainment employee data</a> such as Social Security numbers, financial records and salary information, as well as emails among top executives. The hackers then published the emails to embarrass the company, possibly in retribution for releasing a <a href="https://www.sonypictures.com/movies/theinterview">comedy</a> about a plot to assassinate North Korea’s leader, Kim Jong Un.</p>
<p>Sometimes when data is stolen by national governments it is not disclosed or sold. Instead, it is used for espionage. For example, the hotel company Marriott was the victim of a data breach in 2018 in which personal information on 500 million guests was stolen. The key suspects in this incident were hackers backed by the Chinese government. One theory is that <a href="https://thehill.com/policy/technology/420929-china-behind-marriott-data-breach-investigators-conclude">the Chinese government stole this data</a> as part of an intelligence-gathering effort to collect information about U.S. government officials and corporate executives. </p>
<p><iframe id="T0U9h" class="tc-infographic-datawrapper" src="https://datawrapper.dwcdn.net/T0U9h/1/" height="400px" width="100%" style="border: none" frameborder="0"></iframe></p>
<p>But the majority of hacks seem to be about selling the data to make a buck.</p>
<h2>It’s (mostly) about the money</h2>
<p>Though data breaches can be a national security threat, 86% are about money, and 55% are committed by organized criminal groups, according to <a href="https://enterprise.verizon.com/resources/reports/dbir/2020/results-and-analysis/">Verizon’s annual data breach report</a>. Stolen data often ends up being sold online on the <a href="https://www.csoonline.com/article/3249765/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html">dark web</a>. For example, in 2018 hackers <a href="https://gbhackers.com/hackers-selling-stolen-data/">offered for sale more than 200 million records</a> containing the personal information of Chinese individuals. This included information on 130 million customers of the Chinese hotel chain Huazhu Hotels Group. </p>
<p>Similarly, data stolen from <a href="https://www.nbcnews.com/business/business-news/target-says-stolen-info-data-breach-hit-70-million-people-flna2D11894083">Target</a>, <a href="https://www.bloomberg.com/news/articles/2014-03-05/sally-beauty-data-hack-another-day-another-retailer-in-a-massive-credit-card-breach">Sally Beauty</a>, <a href="https://www.latimes.com/business/la-fi-pf-changs-breach-33-restaurants-20140804-story.html">P.F. Chang</a>, <a href="https://www.bankinfosecurity.com/new-retail-breach-reported-a-5927">Harbor Freight</a> and <a href="https://money.cnn.com/2014/09/18/technology/security/home-depot-hack/index.html">Home Depot</a> turned up on a known online black-market site called <a href="https://qz.com/260716/these-are-the-websites-where-hackers-flip-stolen-credit-card-data-after-an-attack/">Rescator</a>. While it is easy to find marketplaces such as Rescator through a simple Google search, other marketplaces on the dark web can be found only by using <a href="https://drfone.wondershare.com/dark-web/dark-web-browser.html">special web browsers</a>.</p>
<p>Buyers can purchase the data they are interested in. The most common way to pay for the transaction is with bitcoins or via Western Union. The prices depend on the type of data, its demand and its supply. For example, a <a href="https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/follow-the-data">big surplus</a> of stolen <a href="https://www.csoonline.com/article/3215864/how-to-protect-personally-identifiable-information-pii-under-gdpr.html">personally identifiable information</a> caused its price to drop from US$4 for information about a person in 2014 to $1 in 2015. <a href="https://www.privacyaffairs.com/dark-web-price-index-2021/">Email dumps</a> containing anywhere from a hundred thousand to a couple of million email addresses go for $10, and <a href="https://www.privacyaffairs.com/dark-web-price-index-2021/">voter databases</a> from various states sell for $100. </p>
<p><iframe id="YtPSu" class="tc-infographic-datawrapper" src="https://datawrapper.dwcdn.net/YtPSu/1/" height="400px" width="100%" style="border: none" frameborder="0"></iframe></p>
<h2>Where stolen data goes</h2>
<p>Buyers use stolen data in several ways. Credit card numbers and security codes can be used to create clone cards for making fraudulent transactions. Social Security numbers, home addresses, full names, dates of birth and other personally identifiable information can be used in identity theft. For example, the buyer can apply for loans or credit cards under the victim’s name and <a href="https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft">file fraudulent tax returns</a>. </p>
<p>Sometimes <a href="https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/what-do-hackers-do-with-your-stolen-identity">stolen personal information is purchased</a> by <a href="https://www.bbc.com/news/technology-25808189">marketing firms</a> or companies that specialize in spam campaigns. Buyers can also use stolen emails in phishing and other social engineering attacks and to distribute malware. </p>
<p>Hackers have targeted personal information and financial data for a long time because they are easy to sell. Health care data has <a href="https://www.hipaajournal.com/healthcare-data-breach-statistics/">become a big attraction for data thieves</a> in recent years. In some cases the motivation is extortion. </p>
<p>A good example is the theft of patient data from the Finnish psychotherapy practice firm Vastaamo. The hackers used the information they stole to demand a ransom from not only Vastaamo, but also from its patients. They <a href="https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/">emailed patients</a> with the threat to expose their mental health records unless the victims paid a ransom of 200 euros in bitcoins. At least 300 of these <a href="https://apnews.com/article/psychotherapy-cabinets-finland-6b27c895df0abd532a4fb000c9d5d517">stolen records have been posted online</a>, according to an Associated Press report.</p>
<p>Stolen data including medical diplomas, medical licenses and insurance documents can also be used to <a href="https://www.zdnet.com/article/this-is-how-hackers-make-money-from-your-stolen-medical-data/">forge a medical background</a>. </p>
<h2>How to know and what to do</h2>
<p>What can you do to minimize your risk from stolen data? The first step is to find out if your information is being sold on the dark web. You can use websites such as <a href="https://haveibeenpwned.com/">haveibeenpwned</a> and <a href="https://intelx.io/">IntelligenceX</a> to see whether your email was part of stolen data. It is also a good idea to subscribe to <a href="https://www.usnews.com/360-reviews/identity-theft-protection">identity theft protection services</a>. </p>
<p>If you have been the victim of a data breach, you can take <a href="https://www.tomsguide.com/us/data-breach-to-dos,news-18007.html">these steps</a> to minimize the impact: Inform credit reporting agencies and other organizations that collect data about you, such as your health care provider, insurance company, banks and credit card companies, and change the passwords for your accounts. You can also report the incident to the Federal Trade Commission to get a <a href="https://identitytheft.gov/">tailored plan</a> to recover from the incident.</p><img src="https://counter.theconversation.com/content/158934/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Ravi Sen does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A thriving black market for stolen personal data makes millions of people vulnerable to spies, spammers, scammers and hackers.Ravi Sen, Associate Professor of Information and Operations Management, Texas A&M UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1544272021-02-08T11:21:50Z2021-02-08T11:21:50ZBanning disruptive online groups is a game of Whac-a-Mole that web giants just won’t win<figure><img src="https://images.theconversation.com/files/382587/original/file-20210204-14-1k56qsd.jpg?ixlib=rb-1.1.0&rect=0%2C8%2C5991%2C3979&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/angry-mob-various-diverse-people-on-1508248688">Zenza Flarini/Shutterstock</a></span></figcaption></figure><p>From Washington DC to Wall Street, 2021 has already seen online groups causing major organised offline disruption. Some of it has been in violation of national laws, some in violation of internet platforms’ terms of service. When these groups are seen to cause societal harm, the solution has been knee-jerk: to ban or “deplatform” those groups immediately, leaving them digitally “homeless”.</p>
<p>But the online world is a Pandora’s box of sites, apps, forums and message boards. Groups banned from Facebook migrated seamlessly to Parler, and from Parler, via encrypted messaging apps, to a host of other platforms. My research has shown how easily users migrate between platforms on the “dark web”. Deplatforming won’t work on the regular internet for the same reason: it’s become too easy for groups to migrate elsewhere.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/does-deplatforming-work-to-curb-hate-speech-and-calls-for-violence-3-experts-in-online-communications-weigh-in-153177">Does 'deplatforming' work to curb hate speech and calls for violence? 3 experts in online communications weigh in</a>
</strong>
</em>
</p>
<hr>
<p>This year, we’ve come to see social platforms not as passive communication tools, but rather as active players in public discourse. Twitter’s <a href="https://blog.twitter.com/en_us/topics/company/2020/suspension.html">announcement</a> that it had permanently suspended Donald Trump in the wake of the Capitol riots is one such example: a watershed moment for deplatforming as a means of limiting harmful speech.</p>
<p>Elsewhere, the Robinhood investment platform suspended the trading of GameStop stocks after the Reddit group r/WallStreetBets (which had 2.2 million members at the time) <a href="https://theconversation.com/gamestop-im-one-of-the-wallstreetbets-degenerates-heres-why-retail-trading-craze-is-just-getting-started-154584">coordinated a mass purchase</a> of the shares. While the original Reddit group remained open, many r/WallStreetBets users had also been communicating via the social network Discord. In response, <a href="https://www.theverge.com/2021/1/27/22253251/discord-bans-the-r-wallstreetbets-server">Discord banned their channel</a>, citing “hate speech”.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/382747/original/file-20210205-23-na5j4c.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A tweet from a Reddit users asking people to migrate to a different platform" src="https://images.theconversation.com/files/382747/original/file-20210205-23-na5j4c.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/382747/original/file-20210205-23-na5j4c.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=246&fit=crop&dpr=1 600w, https://images.theconversation.com/files/382747/original/file-20210205-23-na5j4c.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=246&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/382747/original/file-20210205-23-na5j4c.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=246&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/382747/original/file-20210205-23-na5j4c.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=309&fit=crop&dpr=1 754w, https://images.theconversation.com/files/382747/original/file-20210205-23-na5j4c.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=309&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/382747/original/file-20210205-23-na5j4c.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=309&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Platform promiscuity: a Twitter account connected to a Reddit trading group invites followers to connect on Instagram.</span>
</figcaption>
</figure>
<h2>Net Migration</h2>
<p>Deplatforming is the mechanism currently used by social networks and technology companies to suspend or ban users who’ve allegedly violated their terms of service. From a company’s perspective, deplatforming is a protection from potential legal actions. For others, it’s hoped that <a href="https://www.newstatesman.com/international/2021/01/ban-donald-trump-s-twitter-account-good">deplatforming might help stop</a> what some see as online mobs, intent on vandalising political, social, and financial institutions. </p>
<p>But deplatforming has proven ineffective in stifling these groups. When Trump was banned from social media, his <a href="https://www.independent.co.uk/life-style/gadgets-and-tech/trump-twitter-ban-parler-gab-b1785515.html">supporters quickly reorganised on Parler</a> – a social networking site that markets itself as the home of free speech. Shortly after, Parler was removed from the Apple and Google app stores, and <a href="https://www.bbc.co.uk/news/technology-55608081">Amazon Web Services</a> – who provided the digital infrastructure for the platform – removed Parler from its servers.</p>
<p>With Parler offline, Trump’s supporters began looking for alternative social media apps, including MeWe and CloudHub, which both <a href="https://techcrunch.com/2021/01/11/following-riots-alternative-social-apps-and-private-messengers-top-the-app-stores/">rose rapidly up the app store rankings</a>, organised by volume of downloads. Similarly, after the Discord ban, Reddit investors quickly <a href="https://ambcrypto.com/xrp-to-rally-tomorrow-wsb-and-telegram-hopes-so/">reorganised themselves on the messaging service Telegram</a>. These “Whac-a-Mole” dynamics, with deplatformed groups rapidly reforming on other platforms, is strikingly similar to what my research team and I have observed on the dark web.</p>
<h2>Dark dynamics</h2>
<p>The dark web is a hidden part of the internet that’s easily accessible through specialised web browsers such as TOR. Illicit trade is rife on the dark web, especially in dark “marketplaces”, where users trade goods using cryptocurrencies such as Bitcoin. Silk Road, regarded as the first dark marketplace, launched in 2011 and mostly sold drugs. Shut down by the FBI in 2013, it was followed by dozens of dark marketplaces which also traded in weapons, fake IDs and stolen credit cards.</p>
<figure class="align-center ">
<img alt="A web browser showing Silk Road website and a list of drugs for sale on it." src="https://images.theconversation.com/files/382730/original/file-20210205-15-whgsbj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/382730/original/file-20210205-15-whgsbj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/382730/original/file-20210205-15-whgsbj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/382730/original/file-20210205-15-whgsbj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/382730/original/file-20210205-15-whgsbj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=565&fit=crop&dpr=1 754w, https://images.theconversation.com/files/382730/original/file-20210205-15-whgsbj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=565&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/382730/original/file-20210205-15-whgsbj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=565&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Anonymous marketplaces like Silk Road are commonly removed from the dark web, causing user migration.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/san-francisco-us-august-31-2018-1168698142">Jarretera/Shutterstock</a></span>
</figcaption>
</figure>
<p>My collaborators and I looked at what happens after a dark marketplace is shut down by a police raid or an “exit scam” – where the marketplace’s moderators suddenly close the website and disappear with the users’ funds. We focused on “migrating” users, who move their trading activity to a different marketplace after a closure.</p>
<p>We found that most users <a href="https://www.nature.com/articles/s41598-020-74416-y">flocked to the same alternative marketplace</a>, typically the one with the highest amount of trading. User migration took place within hours, possibly coordinated via a <a href="https://news.bitcoin.com/after-empires-exit-scam-darknet-market-patrons-scramble-to-find-alternatives/">discussion forum such as Reddit or Dread</a>, and the overall amount of trading across the marketplaces quickly recovered. So, although individual marketplaces can be fragile, with participants being exposed to losses due to scams, this coordinated user migration guarantees the marketplaces’ overall resilience, so that new ones continue to flourish.</p>
<h2>Platform promiscuity</h2>
<p>Back in 2006, Facebook was competing for dominance against other social networks such as MySpace, Orkut, Hi5, Friendster and Multiply. When Facebook started to dominate the scene, <a href="https://arxiv.org/pdf/1307.1354.pdf;">network effects made it unstoppable</a>. </p>
<p>Put simply, network effects compound platform dominance because you and I are most likely to join networking platforms our friends are already on. Given this tendency, Facebook and Twitter grew to host billions of users, and Hi5 disappeared. By the time their dominance had crystallised, a ban from Facebook or Twitter would have meant total ostracisation from the online community.</p>
<p>In 2021, everything is different. Global communities organised by interests or political opinion are now established, and are able to quickly formulate emergency evacuation or migration plans. Members are usually in contact on several channels – even “dormant” channels few users are active upon. As dark markets show, dormant channels can become active when they’re required. </p>
<p>All this means that being banned from Twitter, Facebook, Instagram, Snapchat, Twitch and others no longer results in your isolation, or in your community being disbanded. Instead, just like on the dark web, deplatforming simply requires users to migrate to a new home, which they do in a matter of hours. </p>
<p>Deplatforming is clearly an ineffective strategy for stopping disruptive groups from forming and coordinating online. This means that policing online conversation will be harder in the future. Whether this is seen as good or bad will depend on the specific circumstances and - of course - your point of view.</p><img src="https://counter.theconversation.com/content/154427/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Andrea Baronchelli does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Deplatformed groups can all too easily flock to alternative platforms to coordinate.Andrea Baronchelli, Associate Professor, Department of Mathematics, City, University of LondonLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1542362021-02-04T13:12:57Z2021-02-04T13:12:57ZNorth Korea targeted cybersecurity researchers using a blend of hacking and espionage<figure><img src="https://images.theconversation.com/files/382358/original/file-20210203-13-lz0u3a.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C1280%2C958&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">North Korea has a long history of hacking targets in the U.S.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/pricey/477266148/">Chris Price/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-nd/4.0/">CC BY-ND</a></span></figcaption></figure><p>North Korean hackers have staged an audacious attack targeting cybersecurity researchers, many of whom work to counter hackers from places like North Korea, Russia, China and Iran. The attack involved sophisticated efforts to deceive specific people, which raises the level of social engineering, or phishing attacks, and enters the realm of spy tradecraft. </p>
<p>The attack, <a href="https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers">reported by Google researchers</a>, centered on fake social media accounts on platforms including Twitter. The fake personas, posing as ethical hackers, contacted security researchers with <a href="https://www.wired.com/story/north-korea-hackers-target-cybersecurity-researchers/">offers to collaborate on research</a>. The social media accounts included content about cybersecurity and faked videos purporting to show new cybersecurity vulnerabilities. </p>
<p>The hackers enticed the researchers to click links to shared code projects – repositories of software related to cybersecurity research – that contained malicious code designed to give the hackers access to the researchers’ computers. Several cybersecurity researchers <a href="https://www.zdnet.com/article/google-north-korean-hackers-have-targeted-security-researchers-via-social-media/">reported that they fell victim</a> to the attack. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1353864756109578241"}"></div></p>
<h2>From phishing to espionage</h2>
<p>The lowest level of social engineering hack is a typical <a href="https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams">phishing</a> attack: impersonal messages sent to many people in the hopes that someone will be duped into clicking on a malicious link. Phishing attacks have generally been on the rise since early 2020 – a side effect of the pandemic-driven work-from-home environment in which <a href="https://www.securityinfowatch.com/cybersecurity/article/21204158/hackers-go-phishing-for-remote-workers-during-pandemic">people are sometimes less vigilant</a>. This is also why <a href="https://www.securitymagazine.com/articles/92886-covid-19-pandemic-sparks-72-ransomware-growth-mobile-vulnerabilities-grow-50">ransomware has become prevalent</a>.</p>
<p>The next level of sophistication is <a href="https://usa.kaspersky.com/resource-center/definitions/spear-phishing">spear-phishing</a>. Here people are targeted with messages that include information that is specific to them or their organizations, which increases the likelihood that someone will click a malicious link. </p>
<p>The North Korean operation is at a higher level than spear-phishing because it targeted people who are security-minded by the nature of their occupation. This required the hackers to create convincing social media accounts complete with content about cybersecurity, including videos, that could fool cybersecurity researchers. </p>
<p>The North Korean operation highlights three important trends: stealing cyberweapons from industry, social media as a weapon, and the blurring of cyber and information warfare.</p>
<h2>1. Theft of cyberweapons from industry</h2>
<p>Before the North Korean operation, the theft of cyberweapons made headlines at the end of 2020. In particular, December’s <a href="https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html">FireEye breach</a> resulted in the theft of tools used by ethical hackers. These tools were used to crack the security of corporate clients to show the clients their vulnerabilities. </p>
<p>This prior incident, attributed to Russia, illustrates how hackers attempted to augment their arsenals of cyberweapons by stealing from a commercial cybersecurity firm. The North Korean action against security researchers shows that they’ve adopted a similar strategy, though with a different tactic.</p>
<p>Back in the fall, the <a href="https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2387347/nsa-warns-chinese-state-sponsored-malicious-cyber-actors-exploiting-25-cves/">National Security Agency disclosed a list of vulnerabilities</a> – ways that software and networks can be hacked – that were exploited by Chinese state-sponsored hackers. Despite these warnings <a href="https://www.technologyreview.com/2021/02/03/1017242/google-project-zero-day-flaw-security/">the vulnerabilities have persisted</a>, and information about how to exploit them could be found on social media and the dark web. This information was clear and detailed enough that my company, CYR3CON, was able to use machine learning to <a href="https://blog.cyr3con.ai/predicting-vulnerabilities-used-by-state-sponsored-hackers">predict the use of these vulnerabilities</a>.</p>
<h2>2. The weaponization of social media</h2>
<p>Information operations – collecting information and disseminating disinformation – on social media have become abundant in recent years, especially those conducted by <a href="https://www.rand.org/content/dam/rand/pubs/research_reports/RR4100/RR4192/RAND_RR4192.pdf">Russia</a>. This includes using “<a href="https://www.wsj.com/articles/bots-vs-trolls-how-ai-could-clean-up-social-media-1533849001?mod=hp_lead_pos8">social bots</a>” to spread false information. This “pathogenic social media” has been used by national intelligence operatives and ordinary hackers alike. </p>
<p>Traditionally, this type of targeting has been designed to either spread disinformation or entice an executive or high-ranking government employee to click on a malicious link. In contrast, the North Korean operation was aimed at stealing cyberweapons and information about vulnerabilities.</p>
<h2>3. The confluence of cyber and information warfare</h2>
<p>Outside of the United States – especially in China and Russia – cyberoperations are considered part of a broader concept of information warfare. The Russians, in particular, have proved very adept at combining information operations and cyberoperations. Information warfare includes using traditional spy tradecraft – operatives with false identities attempting to gain the trust of their targets – to collect and disseminate information.</p>
<p>The attack against cybersecurity researchers could indicate that North Korea is taking cues from these other powers. The low-cost ability of a second-tier authoritarian regime like North Korea to weaponize social media provides it an advantage against the much greater technical capabilities of the U.S.</p>
<p>In addition, the North Koreans appear to have used one of their most valuable cyberweapons in this operation. Google reported that it appeared the hackers used a means of exploiting a <a href="https://searchsecurity.techtarget.com/definition/zero-day-vulnerability">zero-day vulnerability</a> – a software flaw that is not widely known – in Google’s Chrome browser in the attack on the cybersecurity researchers. Once such an exploit is used, people are alerted to defend against it and becomes much less effective.</p>
<p>[<em>The Conversation’s science, health and technology editors pick their favorite stories.</em> <a href="https://theconversation.com/us/newsletters/science-editors-picks-71/?utm_source=TCUS&utm_medium=inline-link&utm_campaign=newsletter-text&utm_content=science-favorite">Weekly on Wednesdays</a>.]</p>
<h2>Setting the stage for something bigger?</h2>
<p>In cybersecurity, big news items tend to be events like the <a href="https://theconversation.com/the-sunburst-hack-was-massive-and-devastating-5-observations-from-a-cybersecurity-expert-152444">Sunburst operation</a> by Russian hackers in December – large-scale cyberattacks that cause a great deal of damage. In the Sunburst attack, Russian hackers booby-trapped widely used software, which gave them access to the networks of numerous corporations and government agencies. </p>
<p>These large events are often proceeded by smaller events in which new techniques are experimented with – often without making a large impact. While time will tell if this is true of the North Korean operation, the three current trends – stealing cyberweapons from industry, social media as a weapon, and the blurring of cyber and information warfare – are harbingers of things to come.</p><img src="https://counter.theconversation.com/content/154236/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Paulo Shakarian works for/consults to/owns shares in Cyber Reconnaissance, Inc. (CYR3CON)</span></em></p>Sophisticated fake social media personas created by North Korean hackers offered to collaborate with cybersecurity researchers. Several US researchers fell for it.Paulo Shakarian, Associate Professor of Computer Science, Arizona State UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1432372020-08-19T12:20:31Z2020-08-19T12:20:31ZSketchy darknet websites are taking advantage of the COVID-19 pandemic – buyer beware<figure><img src="https://images.theconversation.com/files/353477/original/file-20200818-24815-1ex4lpu.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C5304%2C3594&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Black markets thrive online and flourish during pandemics and other crises.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/protective-surgical-masks-on-white-backrgound-money-royalty-free-image/1216144535?adppopup=true">Marko Klaric/EyeEm via Getty Images</a></span></figcaption></figure><p>Underground markets that sell illegal commodities like drugs, counterfeit currency and fake documentation tend to flourish in times of crisis, and the <a href="https://impakter.com/black-markets-shaped-the-covid-19-crisis/">COVID-19 pandemic is no exception</a>. The online underground economy has responded to the current crisis by exploiting demand for COVID-19-related commodities. </p>
<p>Today, some of the most vibrant underground economies exist in <a href="https://www.investopedia.com/insights/what-dark-net/">darknet markets</a>. These are internet websites that look like ordinary e-commerce websites but are accessible only using special browsers or authorization codes. Vendors of illegal commodities have also formed dedicated group-chats and channels on encrypted instant messaging services like WhatsApp, Telegram and ICQ. </p>
<p>The <a href="https://ebcs.gsu.edu/project/darknet-analysis/">Darknet Analysis</a> project at the <a href="https://ebcs.gsu.edu/">Evidence-Based Cybersecurity Research Group</a> here at Georgia State University collects data weekly from 60 underground darknet markets and forums. My colleagues <a href="https://scholar.google.com/citations?user=Ussl738AAAAJ&hl=en">Yubao Wu</a>, <a href="https://scholar.google.com/citations?user=px5AJoYAAAAJ&hl=en">Robert Harisson</a> and <a href="https://www.researchgate.net/profile/David_Maimon">I</a> have analyzed this data and found that three major types of COVID-19 offerings have emerged on darknet markets since late February: protective gear, medications and services that help people commit fraud.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/353459/original/file-20200818-24-1of2iwp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Darknet website product page showing COVID-19 antibody test" src="https://images.theconversation.com/files/353459/original/file-20200818-24-1of2iwp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/353459/original/file-20200818-24-1of2iwp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=355&fit=crop&dpr=1 600w, https://images.theconversation.com/files/353459/original/file-20200818-24-1of2iwp.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=355&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/353459/original/file-20200818-24-1of2iwp.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=355&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/353459/original/file-20200818-24-1of2iwp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=446&fit=crop&dpr=1 754w, https://images.theconversation.com/files/353459/original/file-20200818-24-1of2iwp.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=446&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/353459/original/file-20200818-24-1of2iwp.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=446&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">If it’s an in-demand COVID-19 commodity, chances are it’s available on darknet markets.</span>
<span class="attribution"><span class="source">Screenshot by David Maimon</span>, <a class="license" href="http://creativecommons.org/licenses/by-nd/4.0/">CC BY-ND</a></span>
</figcaption>
</figure>
<p>Using these darknet markets is risky business. First, there’s the built-in risk of becoming the victim of a scam or <a href="https://theconversation.com/buyer-beware-counterfeit-markets-can-flourish-during-a-public-health-crisis-134492">buying counterfeit products</a> when purchasing products from underground vendors. There are also health and legal risks. Inadvertently buying ineffective COVID-19 protective gear and dangerous remedies from unregulated sellers could physically harm buyers. And purchasing information and services with the aim to defraud people and the government is a criminal offense that carries legal penalties.</p>
<h2>Personal protective equipment</h2>
<p>Several vendors have added protective gear such as face masks, protective gowns, COVID-19 test kits, thermometers and hand sanitizer to their list of products for sale. The effectiveness of this protective gear is questionable. Underground vendors typically do not disclose their products’ sources, leaving consumers with no way to judge the products. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/353455/original/file-20200818-16-njmabz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Darknet website product page showing protective gown" src="https://images.theconversation.com/files/353455/original/file-20200818-16-njmabz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/353455/original/file-20200818-16-njmabz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=300&fit=crop&dpr=1 600w, https://images.theconversation.com/files/353455/original/file-20200818-16-njmabz.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=300&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/353455/original/file-20200818-16-njmabz.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=300&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/353455/original/file-20200818-16-njmabz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=377&fit=crop&dpr=1 754w, https://images.theconversation.com/files/353455/original/file-20200818-16-njmabz.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=377&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/353455/original/file-20200818-16-njmabz.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=377&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">COVID-19 protective gear is a common product type on darknet e-commerce sites.</span>
<span class="attribution"><span class="source">Screenshot by David Maimon</span>, <a class="license" href="http://creativecommons.org/licenses/by-nd/4.0/">CC BY-ND</a></span>
</figcaption>
</figure>
<p>One example of the uncertainties that surround protective gear effectiveness comes from one of the encrypted channel platforms we monitored during the first few days of the pandemic. Vendors on the channel offered facemasks for sale. Demand for facemasks was very high at that time, and people around the world were scrambling to find facemasks for personal use. </p>
<p>While governments and suppliers faced difficulties in meeting demand for facemasks, several vendors on these platforms posted ads offering large quantities of facemasks. One vendor even uploaded a video showing many boxes of facemasks in storage. </p>
<p>Given the global shortage of facemasks at the time, our research team found it difficult to understand how this vendor in Thailand could offer so many for sale. One disturbing possibility is that they sold used facemasks. Indeed, authorities in Thailand <a href="https://www.youtube.com/watch?v=k92TTXZe77E&feature=youtu.be">broke up an operation</a> that washed, ironed and boxed used facemasks and supplied them to underground markets.</p>
<h2>Treatments</h2>
<p>Darknet vendors are also selling medications and cures, including effective treatments, like <a href="https://theconversation.com/remdesivir-explained-what-makes-this-drug-work-against-viruses-137751">Remdesivir</a>, and ineffective treatments, like <a href="https://theconversation.com/why-hydroxychloroquine-and-chloroquine-dont-block-coronavirus-infection-of-human-lung-cells-143234">Hydroxychloroquine</a>. They’re are also selling various purported COVID-19 antidotes and serums. Some vendors even offer to sell and ship oxygen ventilators.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/353456/original/file-20200818-18-18na4f4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Darknet website product page showing Hydroxychloroquine pills" src="https://images.theconversation.com/files/353456/original/file-20200818-18-18na4f4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/353456/original/file-20200818-18-18na4f4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=258&fit=crop&dpr=1 600w, https://images.theconversation.com/files/353456/original/file-20200818-18-18na4f4.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=258&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/353456/original/file-20200818-18-18na4f4.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=258&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/353456/original/file-20200818-18-18na4f4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=324&fit=crop&dpr=1 754w, https://images.theconversation.com/files/353456/original/file-20200818-18-18na4f4.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=324&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/353456/original/file-20200818-18-18na4f4.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=324&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Darknet markets offer ineffective and potentially dangerous COVID-19 therapies, including hydroxychloroquine, which studies have shown is not an effective treatment.</span>
<span class="attribution"><span class="source">Screenshot by David Maimon</span>, <a class="license" href="http://creativecommons.org/licenses/by-nd/4.0/">CC BY-ND</a></span>
</figcaption>
</figure>
<p>Using COVID-19 medications purchased on darknet platforms could be dangerous. Uncertainties about the true identity of medication manufacturers and the ingredients of other cures leaves patients vulnerable to a wide array of potentially detrimental side effects. </p>
<p>[<em><a href="https://theconversation.com/us/newsletters/the-daily-3?utm_source=TCUS&utm_medium=inline-link&utm_campaign=newsletter-text&utm_content=experts">Expertise in your inbox. Sign up for The Conversation’s newsletter and get expert takes on today’s news, every day.</a></em>]</p>
<h2>DIY fraud</h2>
<p>Government efforts to relieve the financial stress on individuals and businesses from the economic impact of the pandemic has led to a third category of products on these markets. We have observed many vendors offering to sell online fraud services that promise to improve customers’ financial circumstances during this crisis. </p>
<p>These vendors offer to either support customers in putting together fake websites that allow them to lure victims into disclosing their personal information, or simply provide stolen personal information. The stolen information can be <a href="https://www.fbi.gov/news/pressrel/press-releases/fbi-sees-spike-in-fraudulent-unemployment-insurance-claims-filed-using-stolen-identities">used to file for unemployment benefits</a> or obtain loans. Some vendors go a step further and offer support in the fraudulent benefits application process. </p>
<p>COVID-19-related fraud could have grave consequences for individuals whose identities have been stolen and used to apply for government benefits or loans, including the loss of future government assistance and damage to credit scores. Fraudulent requests for COVID-19 relief funds filed using stolen personal information also puts additional strain on federal, state and local governments. </p>
<h2>Digging up the data</h2>
<p>The size of the online illicit market of COVID-19 essentials is unknown. We aim to collect enough data to provide an empirical assessment of this underground economy. </p>
<p>There are several challenges to understanding the scope of the COVID-19 underground market, including measuring the magnitude of the demand, the extent supply meets that demand and the impact of this underground economy on the legitimate market. The unknown validity of darknet customers’ and vendors’ reports about the products they purchased and sold also makes it difficult to assess the underground market. </p>
<p>Our systematic research approach should allow us to overcome these issues and collect this data, which could reveal how online underground markets adjust to a worldwide health crisis. This information, in turn, could help authorities develop strategies for disrupting their activities.</p><img src="https://counter.theconversation.com/content/143237/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Maimon receives funding from the National Science Foundation. </span></em></p>The global pandemic has fueled illicit online sales of COVID-19 commodities, some of which are dangerous or illegal. Researchers are assessing the size and reach of this underground market.David Maimon, Associate Professor of Criminal Justice and Criminology, Georgia State UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1376082020-05-04T19:50:43Z2020-05-04T19:50:43ZThe darknet – a wild west for fake coronavirus ‘cures’? The reality is more complicated (and regulated)<figure><img src="https://images.theconversation.com/files/332232/original/file-20200504-83730-e9qxp9.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C4345%2C2721&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>The coronavirus pandemic has spawned <a href="https://www.sbs.com.au/news/fake-coronavirus-vaccines-and-repurposed-drugs-are-being-sold-on-the-dark-web">reports</a> of unregulated health products and fake cures being sold on the dark web. These include <a href="https://www.france24.com/en/20200427-french-police-seize-14-000-face-masks-bound-for-black-market">black market PPE</a>, illicit medications such as the widely touted “<a href="https://www.theguardian.com/world/2020/apr/06/hydroxychloroquine-trump-coronavirus-drug">miracle</a>” drug <a href="https://decrypt.co/24802/dark-web-vendors-are-selling-face-masks-for-bitcoin">chloroquine</a>, and fake COVID-19 “cures” including blood supposedly from <a href="https://www.abc.net.au/news/2020-04-30/blood-recovered-coronavirus-patients-dark-web-passive-vaccine/12199324">recovered coronavirus patients</a>.</p>
<p>These dealings have once again focused public attention on this little-understood section of the internet. Nearly a decade since it started being used on a significant scale, the dark web continues to be a <a href="https://theconversation.com/dark-web-not-dark-alley-why-drug-sellers-see-the-internet-as-a-lucrative-safe-haven-132579">lucrative safe haven</a> for traders in a range of illegal goods and services, especially illicit drugs. </p>
<p>Black market trading on the dark web is carried out primarily through darknet marketplaces or <a href="https://journals.sagepub.com/doi/pdf/10.1177/1748895813505234?casa_token=yBIwwCagNiMAAAAA:9OWxEytBtLbudsRKv0nmTr6qLFmiEwBiqUfpvrgotiGrcN03RBb_V_mmSr_LLACrs_QDDvmufa2gMBo">cryptomarkets</a>. These are anonymised trading platforms that directly connect buyers and sellers of a range of illegal goods and services – similar to legitimate trading websites such as eBay. </p>
<p>So how do darknet marketplaces work? And how much illegal trading of COVID-19-related products is happening via these online spaces? </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/dark-web-not-dark-alley-why-drug-sellers-see-the-internet-as-a-lucrative-safe-haven-132579">Dark web, not dark alley: why drug sellers see the internet as a lucrative safe haven</a>
</strong>
</em>
</p>
<hr>
<h2>Not a free-for-all</h2>
<p>There are currently more than a <a href="https://darknetlive.com/markets/">dozen darknet marketplaces in operation</a>. Protected by powerful encryption technology, authorities around the world have largely <a href="https://idp.springer.com/authorize/casa?redirect_uri=https://link.springer.com/article/10.1007/s10611-016-9644-4&casa_token=HsGOAAiu-GMAAAAA:1GFH2-Imgd-Br1tEBfyenyQhTmxBSQcKf7TGHGrUaoRPp6GYU6TqL6gp8HjHG6W2iyflofpcLMWKBJnI08s">failed to contain their growth</a>. A steadily increasing proportion of illicit drug users around the world report sourcing their drugs online. In Australia, we have one of the world’s <a href="https://www.abc.net.au/news/2018-06-01/australian-concentration-of-dark-net-drug-dealers/9824954">highest concentrations</a> of darknet drug vendors per capita.</p>
<p>Contrary to popular belief, cryptomarkets are not the “lawless spaces” they’re often presented as in the news. Market prohibitions exist on all mainstream cryptomarkets. Universally prohibited goods and services include: hitman services, trafficked human organs and snuff movies. </p>
<p>Although cryptomarkets lie outside the realm of state regulation, each one is set up and maintained by a central administrator who, along with employees or associates, is responsible for the market’s security, dispute resolution between buyers and sellers, and the charging of commissions on transactions. </p>
<p>Administrators are also ultimately responsible for determining what can and can’t be sold on their cryptomarket. These <a href="https://www.emerald.com/insight/publication/doi/10.1108/9781838670306">decisions are likely informed by</a>:</p>
<ul>
<li>the attitudes of the surrounding community comprising buyers and sellers</li>
<li>the extent of consumer demand and supply for certain products</li>
<li>the revenues a site makes from commissions charged on transactions</li>
<li>and the perceived “heat” that may be attracted from law enforcement in the trading of particularly dangerous illegal goods and services. </li>
</ul>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/illuminating-the-dark-web-105542">Illuminating the 'dark web'</a>
</strong>
</em>
</p>
<hr>
<h2>Experts delve into the dark web</h2>
<p>A <a href="https://www.aic.gov.au/publications/sb/sb24">report</a> from the Australian National University published last week looks at several hundred coronavirus-related products for sale across a dozen cryptomarkets, including supposed vaccines and antidotes. </p>
<p>While the study confirms some unscrupulous dark web traders are indeed exploiting the pandemic and seeking to defraud naïve customers, this information should be contextualised with a couple of important caveats.</p>
<p>Firstly, the number of dodgy covid-related products for sale on the dark web is relatively small. According to this research, they account for about 0.2% of all listed items. The overwhelming majority of products were those we are already familiar with – particularly illicit drugs such as cannabis and MDMA. </p>
<p>Also, while the study focused on products listed for sale, these are most likely listings for products that either do no exist or are listed with the specific intention to defraud a customer.</p>
<p>Thus, the actual sale of fake coronavirus “cures” on the dark web is likely minimal, at best. </p>
<h2>A self-regulating entity</h2>
<p>By far the most commonly traded products on cryptomarkets are illicit drugs. Smaller sub-markets exist for other products such as stolen credit card information and fraudulent identity documents. </p>
<p>This isn’t to say extraordinarily dangerous and disturbing content, such as child exploitation material, can’t be found on the dark web. Rather, the sites that trade in such “products” are segregated from mainstream cryptomarkets, in much the same way convicted paedophiles are <a href="https://www.judcom.nsw.gov.au/sentencing-trends-21/">segregated from mainstream prison populations</a>.</p>
<p>Since the outbreak of the coronavirus, dark web journalist and author <a href="https://www.theguardian.com/books/australia-books-blog/2018/mar/22/the-darkest-web-exploring-the-ugly-world-of-illegal-online-marketplaces">Eileen Ormsby</a> reported some cryptomarkets have quickly imposed bans on vendors seeking to profit from the pandemic. For instance, the following was tweeted by one cryptomarket administrator:</p>
<blockquote>
<p>Any vendor caught flogging goods as a “cure” to coronavirus will not only be permanently removed from this market but should be avoided like the Spanish Flu. You are about to ingest drugs from a stranger on the internet –- under no circumstances should you trust any vendor that is using COVID-19 as a marketing tool to peddle tangible/already questionable goods. I highly doubt many of you would fall for that shit to begin with but you know, dishonest practice is never a good sign and a sure sign to stay away.</p>
</blockquote>
<p>So it seems, despite the activities of a few dodgy operators, the vast majority of dark web traders are steering clear of exploiting the pandemic for their own profit. Instead, they are sticking to trading in products they can genuinely supply, such as illicit drugs. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-is-the-dark-web-and-how-does-it-work-63613">What is the dark web and how does it work?</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/137608/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>James Martin receives funding from the Australian Institute of Criminology and the National Health and Medical Research Council. </span></em></p>These online spaces are more regulated than many media reports would have you believe. And the vast majority of dark web traders are steering clear of exploiting the pandemic.James Martin, Associate Professor in Criminology, Swinburne University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1331592020-03-11T19:16:49Z2020-03-11T19:16:49ZChristchurch’s legacy of fighting violent extremism online must go further – deep into the dark web<p>It didn’t take long for a terrorist to show how hard it is to prevent violent extremist content being shared online.</p>
<p>Within six months of the attacks at two Christchurch mosques on March 15 last year, which were live streamed on Facebook, a far-right terrorist’s attack at a German synagogue was <a href="https://www.cnbc.com/2019/10/09/the-german-synagogue-shooting-was-streamed-on-twitch.html">broadcast live</a> on Amazon’s video-streaming platform Twitch. </p>
<p>In an echo of the Christchurch attack, it was users who <a href="https://twitter.com/Twitch/status/1182036268202381313">reported the video</a> to Twitch, which was up for about half an hour before being removed.</p>
<p>Last year, New Zealand Prime Minister Jacinda Ardern was commended for her leadership on the <a href="https://www.christchurchcall.com/">Christchurch Call</a>, bringing together governments and tech companies with the aim of eliminating terrorist and violent extremist content online.</p>
<p>A year on, the Christchurch Call is still an important initiative. But one of the <a href="https://www.stuff.co.nz/national/politics/116024493/jacinda-arderns-christchurch-call-has-made-strides-but-is-worth-much-more-than-the-paper-its-written-on">biggest challenges</a> we face is to prevent far-right groups from simply moving to “<a href="https://theconversation.com/what-is-the-dark-web-and-how-does-it-work-63613">the dark web</a>”.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/far-right-extremists-still-threaten-new-zealand-a-year-on-from-the-christchurch-attacks-133050">Far-right extremists still threaten New Zealand, a year on from the Christchurch attacks</a>
</strong>
</em>
</p>
<hr>
<h2>Three missing nations in the Christchurch Call</h2>
<p>Since <a href="https://theconversation.com/its-vital-we-clamp-down-on-online-terrorism-but-is-arderns-christchurch-call-the-answer-117169">launching</a> at a global summit in Paris last year, the Christchurch Call has generated some momentum – including the relaunch of the <a href="https://www.gifct.org/">Global Internet Forum to Counter Terrorism</a> as a staffed and funded independent legal entity, with an expanded mandate to counter extremism as well as terrorism. </p>
<p>A new crisis response protocol now encourages quick and effective cooperation between the tech sector and governments in responding to terrorist incidents. </p>
<p>And global support for the Call has grown: as Ardern has <a href="https://www.scoop.co.nz/stories/PA2002/S00178/jacinda-ardern-speech-at-lautoka-mosque.htm">highlighted</a>, it’s now backed by <a href="https://www.opengovasia.com/significant-progress-against-terrorist-and-extremist-online-content/">48 countries</a>, three international organisations and eight online service providers.</p>
<p>But there’s clearly a long way to go in building a truly inclusive, effective international framework, especially because of the three critical nations that are not involved: the US, Russia and China.</p>
<p>The Trump administration’s refusal to sign the Christchurch Call weakened it from the start. Some major US tech firms signalled their support – including Microsoft, Facebook and Google – but the absence of the world’s leading nation was a major blow.</p>
<p>One might be tempted to blame President Trump himself, but the US approach was founded in concerns about the impact on the first amendment to the US constitution, which guarantees freedom of speech, and a broader historical and cultural reluctance to regulate the private sector. </p>
<p>The decision was also made against a political backdrop in the US, in which right-wing voices complained about being <a href="https://torontosun.com/news/world/big-tech-censors-social-media-companies-continue-to-gag-conservative-voices">shut out of mainstream and new media</a>. In a thinly veiled reference to the Christchurch Call, <a href="https://www.whitehouse.gov/briefings-statements/remarks-president-trump-74th-session-united-nations-general-assembly/">President Trump said</a>:</p>
<blockquote>
<p>A free society cannot allow social media giants to silence the voices of the people. And a free people must never, ever be enlisted in the cause of silencing, coercing, cancelling or blacklisting their own neighbours. </p>
</blockquote>
<p>Russia and China are also notably absent. Without some of the <a href="https://www.stuff.co.nz/national/christchurch-shooting/112284082/how-can-upcoming-social-media-efforts-be-global-if-they-ignore-asia">world’s non-western media companies</a>, such as Weibo and WeChat, the initiative is unlikely to succeed.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/its-vital-we-clamp-down-on-online-terrorism-but-is-arderns-christchurch-call-the-answer-117169">It's vital we clamp down on online terrorism. But is Ardern's 'Christchurch Call' the answer?</a>
</strong>
</em>
</p>
<hr>
<h2>Algorithms are not up to the task</h2>
<p>A second more technical problem relates to the algorithms used to search for hate speech, violence and terrorist content. </p>
<p>Social media companies rely on these algorithms to funnel content to their users, but they aren’t effective yet in quickly identifying violent extremist content. Facebook <a href="https://about.fb.com/news/2019/09/combating-hate-and-extremism/">has indicated</a> that automated processes still struggle to distinguish between real violence and other content, including footage of real military operations and movies that depict violence.</p>
<p>Reports suggest Facebook is using military footage to <a href="https://www.stuff.co.nz/technology/115862252/facebook-announces-extremist-content-policy-changes-ahead-of-christchurch-call-stock-take?rm=a">train its algorithms</a> to identify terrorist violence online. But the technical capacity to <a href="https://parispeaceforum.org/publication/digital-platforms-and-extremism-are-content-controls-effective/">monitor vast amounts</a> of user-generated data is not there yet.</p>
<p>Last year, Facebook’s chief AI scientist Yann LeCun said artificial intelligence is years away from being able to moderate this type of content, particularly when it comes to <a href="https://www.theverge.com/2019/5/20/18632260/facebook-ai-spot-terrorist-content-live-stream-far-from-solved-yann-lecun">screening live video</a>.</p>
<p>A third problem is the ongoing <a href="http://visionofhumanity.org/app/uploads/2019/11/GTI-2019web.pdf">growth of right-wing violence and hatred</a>. If social media is a reflection of society, then it is no surprise that extremism continues to flourish online. </p>
<h2>Dark social media</h2>
<p>The good news is that globally, terrorist incidents have reduced by 52% since 2014, largely due to successes in fighting groups like ISIS and Boko Haram. But far-right violence continues to flourish, with a <a href="http://visionofhumanity.org/app/uploads/2019/11/GTI-2019web.pdf">320% increase over the past five years</a>. </p>
<p>High-profile attacks inspired by extreme far-right ideology have also continued, with one gunman killing 22 people in El Paso in Texas in August 2019, and an <a href="https://www.theguardian.com/world/2020/feb/19/shooting-germany-hanau-dead-several-people-shisha-near-frankfurt">attack in Hanau</a>, Germany, that killed nine people in February this year. </p>
<p>Social media companies are ill-equipped to counter far-right narratives that feed these attacks by distorting perception, sowing division and feeding confirmation bias. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/four-lessons-we-must-take-away-from-the-christchurch-terror-attack-113716">Four lessons we must take away from the Christchurch terror attack</a>
</strong>
</em>
</p>
<hr>
<p>The problem is compounded by the growth in “dark social” networks, including applications like WhatsApp and Snapchat, where users share content without any information provided about the source. </p>
<p>Recent research shows that <a href="https://whatsnewinpublishing.com/77-5-of-shares-are-on-dark-social-only-7-5-on-facebook-and-other-trends-publishers-are-in-the-dark-about/">77.5% of shares are on dark social media</a>, as opposed to 7.5% on Facebook. </p>
<p>The dark web continues to proliferate too, with the controversial 8Chan site, which was regularly used by hate groups, moving to a network of <a href="https://theconversation.com/8chans-demise-is-a-win-against-hate-but-could-drive-extremists-to-the-dark-web-121521">inaccessible and encrypted servers</a>.</p>
<p>Countries shouldn’t shy away from advocacy on these issues. Small states can be successful <a href="https://journals.sagepub.com/doi/abs/10.1177/0010836702037001689?journalCode=caca">advocates for responsible standards</a> and social behaviours. But we’re only at the beginning of a long and complex process of change. </p>
<p>To measure progress, we need to develop clear metrics based on online patterns and trends to assess and sustain the Christchurch Call. This means including a wider range of tech providers and countries – and, just as importantly, dark social and dark web services.</p><img src="https://counter.theconversation.com/content/133159/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Joe Burton receives funding from the European Union’s Horizon 2020 research and innovation programme under the Marie Sklodowska-Curie grant agreement No 844129. He is affiliated with Universite libre de Bruxelles.</span></em></p>The US, Russia and China haven’t backed the NZ-led Christchurch Call to crackdown on online extremism. Without them, and key non-western media, the initiative is unlikely to make enough difference.Joe Burton, Senior Lecturer, New Zealand Institute for Security and Crime Science, University of WaikatoLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1325792020-03-04T19:08:52Z2020-03-04T19:08:52ZDark web, not dark alley: why drug sellers see the internet as a lucrative safe haven<figure><img src="https://images.theconversation.com/files/318530/original/file-20200304-66078-1tv9x30.jpg?ixlib=rb-1.1.0&rect=43%2C137%2C5708%2C3690&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption"></span> </figcaption></figure><p>More than six years after the demise of Silk Road, the world’s first major <a href="https://journals.sagepub.com/doi/pdf/10.1177/1748895813505234?casa_token=xjYBG0jb8Y8AAAAA:8NyrWITwd0jAIZxW-ZDyIoWGbdiTG34kkYpibnTX6blXkZOtApmx4Mmf-wCeBqIUGU9DbRFwKors8A">drug cryptomarket</a>, the <a href="https://theconversation.com/explainer-what-is-the-dark-web-46070">dark web</a> is still home to a thriving trade in illicit drugs. </p>
<p>These markets host hundreds, or in some cases thousands, of people who sell drugs, commonly referred to as “vendors”. The dark web offers vital anonymity for vendors and buyers, who use cryptocurrencies such as Bitcoin to process transactions. </p>
<p>Trade is booming despite <a href="https://www.sciencedirect.com/science/article/pii/S0376871617300741">disruptions</a> from law enforcement and particularly “exit scams”, in which market admins abruptly close down sites and take all available funds. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/explainer-what-are-drug-cryptomarkets-64596">Explainer: what are drug cryptomarkets?</a>
</strong>
</em>
</p>
<hr>
<p>Why are these markets still seen as enticing places to sell drugs, despite the risks? To find out, our <a href="https://academic.oup.com/bjc/advance-article-abstract/doi/10.1093/bjc/azz075/5645405">recent study</a> surveyed 13 darknet drug vendors, via online encrypted interviews. </p>
<p>They gave us a range of reasons.</p>
<h2>More profitable</h2>
<p>First, selling drugs online is safer and more profitable than doing it offline:</p>
<blockquote>
<p>Interviewer: So you still sell on DNMs [darknet marketplaces], and prefer that to offline. Correct?</p>
<p>Respondent: YES. Selling offline is borderline stupid. You can make so much more money online, the risks [in selling outside cryptomarkets] aren’t even remotely worth it.</p>
</blockquote>
<p>Both of these claims correspond with <a href="https://www.sciencedirect.com/science/article/abs/pii/S0955395913001722">previous research</a> showing that the dark web is perceived to be a safer place to buy and sell drugs.</p>
<p>Regarding profits, darknet vendors do not have to limit their trading to face-to-face interactions, and can instead sell drugs to a potentially worldwide customer base. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/explainer-what-is-the-dark-web-46070">Explainer: what is the dark web?</a>
</strong>
</em>
</p>
<hr>
<h2>Less violent</h2>
<p>Encryption technologies allow vendors to communicate with customers and receive payments anonymously. The drugs are delivered in the post, so vendor and customer never have to meet in person. </p>
<p>This protects vendors from many risks that are prevalent in other forms of drug supply, including undercover police, predatory standover tactics where suppliers may be robbed, assaulted or even killed by competitors, and customers who may inform on their supplier if caught. </p>
<p>Other risks, such as frauds perpetrated by customers and exit scams, were considered inevitable on the dark web, but also manageable. </p>
<p>Some respondents said that being protected from physical risk on the dark web is not only a benefit for existing drug suppliers, but may also make the activity attractive to people who would not otherwise be willing to sell drugs.</p>
<p>While some of our respondents had previously sold drugs offline, others were uniquely attracted to the perceived safety and anonymity of the dark web:</p>
<blockquote>
<p>I hadn’t ever thought about selling drugs in any capacity because I dislike violence and it just seemed impossible to be involved in selling drugs in “real life” without running into some sort of confrontation pretty quickly… I was always too scared and slightly nerdy to do that and never really contemplated it seriously until the dark web.</p>
</blockquote>
<h2>More customer-focused</h2>
<p>Some vendors told us the feeling of safety and control lets them focus on providing a more courteous service to their customers or “clients”:</p>
<blockquote>
<p>I try to provide the best products and service I can, when someone has a problem or claims [their order was] short on pills (as long as they have ordered from me before) I usually take them at their word.</p>
</blockquote>
<p>This is a stark contrast with perceptions of the street trade, which some of our respondents perceived not only as “small-time”, but also rife with danger and potential violence: </p>
<blockquote>
<p>The street trade is a mess. I wanna provide labelled products, good advice and service, like a real business. Not sit in a shitty car park selling $10 bags from a car window all day.</p>
</blockquote>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australia-emerges-as-a-leader-in-the-global-darknet-drugs-trade-73125">Australia emerges as a leader in the global darknet drugs trade</a>
</strong>
</em>
</p>
<hr>
<h2>Not just about profit</h2>
<p>Dark web vendors also pointed out the various non-material benefits of their work. These included feelings of autonomy and emancipation from boring work and onerous bosses, as well as excitement and the thrill of transgression. One respondent described it as:</p>
<blockquote>
<p>Exhilarating … and nerve-wracking. Seemed so alien. “Drugs? Online? In the post? Naaaah surely not.” Plus if I’m honest, my inner reprobate buzzes from it. The rush of chucking a grand’s worth of drugs into post boxes… unreal, man.</p>
</blockquote>
<p>Interviewees rationalised their participation in the dark web drugs trade in a variety of ways. These included pointing out the <a href="https://files.transtutors.com/cdn/uploadassignments/1509030_1_article-1-seminar.pdf">relative safety</a> and medicinal benefits of some illicit drugs, and the <a href="https://journals.sagepub.com/doi/pdf/10.1177/0004865814524424?casa_token=P1q12ppNwlIAAAAA:iRe-gQHWLKsD0fqCl45Bj7ms1eRqCHY6sa0zYtMjoyuORRQBfj_7A0JLub2FZCt65-u2UjxXCnQzBQ">dangers associated with drug prohibition</a>.</p>
<blockquote>
<p>Let’s face it, a LOT of people like getting high… It’s human nature, but to ban it and make it criminal so that it’s hard to get, then you get poison and people die… I can tell you that the use of darknet protects users from buying products that during traditional prohibition would likely kill much more people. It also takes drugs off the street, reducing some violent crime.</p>
</blockquote>
<p>These insights help us understand why the dark web is increasingly attractive, not only to consumers of illicit drugs but to the people who supply them. </p>
<p>For those who are averse to confrontation, and who are sufficiently tech-savvy, the dark web offers an alternative to the risk and violence of dealing drugs offline.</p><img src="https://counter.theconversation.com/content/132579/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>James Martin receives funding from the Australian Institute of Criminology, who funded this particular study, as well as the National Health and Medical Research Council. </span></em></p><p class="fine-print"><em><span>Monica Barratt receives funding from Australian (National Health and Medical Research Council, the Australian Institute of Criminology, the National Centre for Clinical Research into Emerging Drugs) and international (US National Institutes of Health, NZ Marsden Fund) funders. She has recently conducted commissioned research for the NSW Coroner's Office, the WA Mental Health Commission and the Victorian Department of Health and Human Services. Monica also volunteers for not-for-profit harm reduction organisations: The Loop Australia and Bluelight.org</span></em></p>The illicit drug trade is thriving on the dark web because it’s seen as safer and more profitable than street dealing, according to encrypted interviews with people who sell drugs online.James Martin, Associate Professor in Criminology, Swinburne University of TechnologyMonica Barratt, Vice Chancellor’s Senior Research Fellow, Social and Global Studies Centre, RMIT UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1319332020-03-02T14:52:57Z2020-03-02T14:52:57ZDark web: Study reveals how new offenders get involved in online paedophile communities<figure><img src="https://images.theconversation.com/files/317801/original/file-20200228-24672-eqy00l.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/internet-crime-concept-hacker-working-on-591402104">Alexander Geiger/Shutterstock</a></span></figcaption></figure><p>The “<a href="https://theconversation.com/what-is-the-dark-web-and-how-does-it-work-63613">dark web</a>” – a collection of heavily encrypted websites, forums and social networks – notoriously provides spaces for illegal activities. It’s where child sexual offenders meet to support each other and <a href="https://www.nationalcrimeagency.gov.uk/news/337-arrested-after-takedown-of-horrific-dark-web-child-abuse-site-welcome-to-video">share indecent images</a> and advice on abuse techniques – with near-complete anonymity. This provides a resource for individuals to learn the “skills” to become more dangerous offenders.</p>
<p>In response, some law enforcement agencies <a href="https://www.theguardian.com/society/2017/oct/07/australian-police-sting-brings-down-paedophile-forum-on-dark-web">deploy undercover officers</a> to enter these spaces posing as offenders to gather intelligence. But we don’t hear much about these communities. When it comes to online child abuse, it is largely stories of <a href="https://www.telegraph.co.uk/news/2016/09/08/online-paedophiles-can-groom-a-child-in-less-than-20-minutes-stu/">online grooming</a> that dominate the press. As part of my recent PhD research, however, I offer an insight into dark web communities of sexual offenders <a href="https://publications.aston.ac.uk/id/eprint/39062/1/Chiang_E._2018_Redacted.pdf">by analysing their language</a>.</p>
<p>Interactions between offenders have a devastating impact on victims. We need to understand them better, especially if this helps police to disrupt offending communities. Given that the online activities are almost exclusively linguistic, a good way to do this is with language analysis. This can help us understand how an officer might “authentically” portray an offender online. </p>
<p>Abusive communities are governed by strict rules – for example, not giving out personal information – to preserve security. Invariably, they are made up of members with varying levels of offending experience and expertise. An interesting subgroup are those who identify as “newbies”, with little or no experience of abusing or interacting in dark web environments.</p>
<p>Understanding newbies can help determine offenders’ experience levels. It is the first step to tracking how offenders progress to become more experienced and prolific. It can also help undercover police to portray realistic identities. When interacting with offenders who are often extremely distrustful and keenly aware of possible police presence, posing as the newbie might in fact be the easiest way to enter an offending community. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/318041/original/file-20200302-18287-xfxi6r.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/318041/original/file-20200302-18287-xfxi6r.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=411&fit=crop&dpr=1 600w, https://images.theconversation.com/files/318041/original/file-20200302-18287-xfxi6r.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=411&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/318041/original/file-20200302-18287-xfxi6r.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=411&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/318041/original/file-20200302-18287-xfxi6r.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=517&fit=crop&dpr=1 754w, https://images.theconversation.com/files/318041/original/file-20200302-18287-xfxi6r.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=517&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/318041/original/file-20200302-18287-xfxi6r.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=517&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Police are targeting the dark web to catch sex offenders.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-illustration/hacker-over-screen-binary-code-251313145">adike</a></span>
</figcaption>
</figure>
<p>So how do self-identifying newbies approach and attempt to join established offending communities online? To answer this, I took a look at the rhetorical moves – chunks of text <a href="https://www.researchgate.net/publication/282600729_Genre_performances_John_Swales'_Genre_Analysis_and_rhetorical-linguistic_genre_studies">with distinct communicative functions</a> – in newbies’ initial forum posts.</p>
<p>Through a manual analysis of 71 posts from six child abuse forums, I found 12 different moves. Aside from typical features of instant messaging such as “greetings” and “sign offs”, some of the most common are listed below.</p>
<p><strong>1. Expressing motivations.</strong> Newbies state their reasons for wanting to join the community. This involves expressing interests in specific age groups or types of indecent imagery, or hopes of finding other likeminded people to talk to.</p>
<p><strong>2. Demonstrating alignment.</strong> Newbies highlight their existing alignment or affiliation with the community, its interests and ideals. This often involves stating a sexual interest in children and sharing experiences of abusing. A <a href="https://www.researchgate.net/publication/221184392_De-Lurking_in_Virtual_Communities_A_Social_Communication_Network_Approach_to_Measuring_the_Effects_of_Social_and_Cultural_Capital">common strategy is “de-lurking”</a>, whereby newbies reveal that they have been passively present in the community for a while but have now decided to participate. This allows them to demonstrate their prior exposure to the community, and their understanding of its rules and practices. </p>
<p><strong>3. Expressing appreciation</strong> This group of offenders show their appreciation of individual members and the community as a whole. This is done through praise, compliments and expressions of gratitude.</p>
<p><strong>4. Demonstrating newness</strong> Newbies openly refer to their newbie status. Aside from explicit statements about being new to the community, they often do this by stating that they lack offending experience. They therefore often request tolerance from the other members.</p>
<p><strong>5. Demonstrating value</strong> Offenders also tend to demonstrate how they can benefit the community. For example, they may offer indecent imagery or demonstrations of specific skills or services. This may include drawing hyper-realistic indecent images. </p>
<p><strong>6. Stating limitations</strong> Newbies explain how they might be unable to meet community expectations or requirements, often by stating a lack of specific skills or possession of indecent images – something they may be apologetic about.</p>
<p><strong>7. Seeking support</strong> New offenders sometimes seek help or guidance about a particular problem regarding online or offline offending. Support often concerns accessing children, solving technical issues to do with sharing imagery online, and moral guidance. </p>
<p>Different combinations of moves suggest there’s no one “type” of newbie offender; they approach the community for a range of reasons and use different tactics in the process. A common general strategy is to assume a kind of hybrid role – the “competent newbie” – by being forthcoming about lacking offending experience and, at the same time, demonstrating an understanding of the community norms and the behaviours expected of its members. Even the self-imposed label “newbie” positions them not as outsiders looking in, but as already part of the community, albeit in a low-status role. </p>
<p>The anonymity afforded by the dark web naturally makes these communities difficult to police – but not impossible. Linguistic analysis of dark web spaces like this can further help unpack the communicative strategies of offenders, identify those more and less experienced and assist police in assuming offender roles online. </p>
<p>Online child sex abuse is diverse and complex, and linguistic insight has and will <a href="https://www.theatlantic.com/technology/archive/2018/07/tim-grant-forensic-linguistics-child-predators/564671/">continue to help police</a> identify and catch offenders.</p><img src="https://counter.theconversation.com/content/131933/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Emily Chiang does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Language analysis may help police catch offenders.Emily Chiang, Research Associate, Aston Institute for Forensic Linguistics, Aston UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1196062019-07-01T13:24:52Z2019-07-01T13:24:52ZLibra, Iran and the potential end of cryptocurrencies as we know them<figure><img src="https://images.theconversation.com/files/282022/original/file-20190701-105195-fy7bwr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-illustration/libra-concept-coin-design-onscreen-laying-1429773065?src=cvqScd5qlPnYCUJF0e2XRA-1-6&studio=1">Wit Olszewski / Shutterstock</a></span></figcaption></figure><p>Facebook’s new cryptocurrency, libra, is being heralded as the moment that cryptocurrencies and blockchain, the technology that supports them, <a href="https://edition.cnn.com/2019/06/18/tech/facebook-libra-cryptocurrency/index.html">become truly mainstream</a>. A notable <a href="https://coinmarketcap.com/">rise in the price of bitcoin and many other cryptocurrencies</a> in the run up to the libra announcement on June 18, and since, suggests a market directly responding to this possibility and bolstered by it.</p>
<p>Of course, the price of bitcoin is known to rise and fall sharply <a href="https://www.investopedia.com/articles/investing/052014/why-bitcoins-value-so-volatile.asp">on a fairly regular basis</a>. Yet there is no doubt that having one of the world’s largest and most influential corporations throwing its weight behind the technology will calm nerves and build confidence.</p>
<p>More importantly, it gives legitimacy to the idea that cryptocurrencies and blockchain are here to stay. And, as I have argued in my research, must be <a href="https://link.springer.com/article/10.1007/s10978-018-9226-y">taken seriously</a>, not least by <a href="https://www.routledge.com/Regulating-Blockchain-Critical-Perspectives-in-Law-and-Technology-1st/Herian/p/book/9781138592766">regulators</a>.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/facebooks-libra-has-staggering-potential-state-control-of-money-could-end-119434">Facebook's libra has staggering potential – state control of money could end</a>
</strong>
</em>
</p>
<hr>
<p>In the same moment the world is introduced to libra, tensions between the United States and Iran continue to grow, with <a href="https://www.theguardian.com/us-news/video/2019/jun/24/donald-trump-announces-new-sanctions-targeting-iranian-leader-video">President Donald Trump</a> increasing US sanctions against Iran. The two are not directly connected, but libra (or other cryptocurrencies) could offer Iran a route round its sanctions. This, of course, is not something Facebook intends – but Iran’s interest in cryptocurrencies could have a serious influence on libra’s future.</p>
<h2>A troubled past</h2>
<p>In their contemporary forms, bitcoin and blockchain have been around for <a href="https://theconversation.com/bitcoin-turns-ten-heres-how-it-all-started-and-what-the-future-might-hold-105782">roughly ten years</a>. In this time cryptocurrencies have proliferated wildly. According to the cryptocurrency platform, <a href="https://coinmarketcap.com/">CoinMarketCap</a>, there are now at least 2,248 different kinds of tokens. Many of these are actively and enthusiastically exchanged and traded by a growing number of people.</p>
<p>The recent history of cryptocurrencies, and bitcoin specifically, has not been all that positive. Famously, in 2013, the <a href="https://theconversation.com/the-fall-of-silk-road-isnt-the-end-for-anonymous-marketplaces-tor-or-bitcoin-42659">illicit darknet marketplace Silk Road was shut down</a> following an FBI investigation. The site’s founder, Ross Ulbricht, was imprisoned for life. Silk Road users relied heavily on bitcoin to ensure anonymity, and the libertarian ethos underpinning bitcoin appeared to fit well with Silk Road’s rejection and evasion of authority and regulation. </p>
<p>What was so attractive for many about Silk Road, bitcoin and aspects of blockchain technology in general, was the fact that together they enable people to side step the usual legal constraints and regulations that apply online and offline when it comes to financial transactions. The anonymity bitcoin offers enables people to buy and sell <a href="https://www.complex.com/pop-culture/2013/10/silk-road/atm-hacking-tutorial">just about anything</a> without detection. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-fall-of-silk-road-isnt-the-end-for-anonymous-marketplaces-tor-or-bitcoin-42659">The fall of Silk Road isn't the end for anonymous marketplaces, Tor or bitcoin</a>
</strong>
</em>
</p>
<hr>
<p>Silk Road offered a form of freedom to its users they were unlikely to have enjoyed previously. But this, of course, put it at loggerheads with laws and regulations in most countries and jurisdictions. While the Silk Road marketplace is now gone, cryptocurrency and blockchain are attracting more interest than ever before. At the same time governmental oversight of the technology <a href="https://theconversation.com/libra-four-reasons-to-be-extremely-cautious-about-facebooks-new-currency-119123">continues to lag behind</a>. Although things may be about to change <a href="https://www.coindesk.com/the-cat-and-mouse-game-of-crypto-regulation-enters-a-new-phase">on that front</a>.</p>
<h2>Crypto-Iran</h2>
<p>Iran has long recognised the benefits of <a href="https://www.nytimes.com/2019/01/29/world/middleeast/bitcoin-iran-sanctions.html">developing capabilities</a> around crypto-assets and blockchain technology to counter US sanctions. This has included attempts to develop its own <a href="https://www.coindesk.com/iran-blockcain-bank-bitcoin-crypto-token">state-backed cryptocurrency</a>. </p>
<p>That Iran might use Facebook’s new cryptocurrency libra to dance around US sanctions, a la Silk Road, is entirely speculative. Given Facebook’s contentious track record on the management of <a href="https://www.bbc.co.uk/news/technology-43649018">user data</a> in recent years, and the fact that it is yet to convince <a href="https://cointelegraph.com/news/us-house-of-representatives-to-hold-hearing-on-facebooks-libra-in-july">US lawmakers and financial regulators</a> of the legitimacy of its project, Iran, let alone billions of Facebook users, may not even get a chance to use libra at all.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/us-iran-tensions-no-route-for-de-escalation-in-sight-119416">US-Iran tensions: no route for de-escalation in sight</a>
</strong>
</em>
</p>
<hr>
<p>However, the potential for Iran to use libra raises serious questions about the level of control that should be demanded over cryptocurrency use. Robust state or corporate oversight of the technology (or perhaps a troubling blend of the two, <a href="https://www.theguardian.com/commentisfree/2019/jun/19/facebook-cryptocurrency-libra">as some have argued</a>), could kill, once and for all, the <a href="https://theconversation.com/bitcoins-strength-lies-in-its-libertarian-status-24982">libertarian dream</a> that blockchains and cryptocurrencies have long encapsulated. </p>
<p>Facebook may well find stiff opposition to libra based on the vagaries of financial regulations. But it could well face stiffer opposition both politically, from governments who don’t want their foreign policies undermined – and commercially, from users not getting the empowering financial infrastructure <a href="https://libra.org/en-US/white-paper/">they were promised</a>, but, instead, a heavily controlled one.</p>
<p>Iran’s interest in cryptocurrencies encapsulates how, in today’s world, the empowerment and transparency that many advocates of cryptocurrencies and blockchains like to think is only a piece of code away is little more than a <a href="https://www.researchgate.net/publication/332208849_Blockchain_GDPR_and_Fantasies_of_Data_Sovereignty">fantasy</a>. Something always seems to spoil the party. </p>
<p>Blockchain has been celebrated as a technology to circumvent authority and regulation – the role of bitcoin in Silk Road and its continued <a href="https://thenextweb.com/hardfork/2019/05/03/wall-street-market-silkkietie-valhalla-dark-web-drug-monero-bitcoin-cryptocurrency/">use on the “dark web” since</a> is evidence of this. Put simply, Iran is just another example of wanting to avoid the authorities. </p>
<p>But this could be a step too far for authorities. And this could have a serious effect on all cryptocurrencies – not just Facebook’s libra. If the perception in the US and elsewhere is that Iran intends to use the technology, this could require a significant rethink regarding the future of cryptocurrencies and blockchains. </p>
<p>It won’t mean the end of them, certainly not. But if this is the moment the technology truly became mainstream, then it could equally be the moment it finally yields to control and regulation – and the end of founder “<a href="https://bitcoin.org/bitcoin.pdf">Satoshi’s vision</a>”. Libra could be a solution, but for some it may also look a lot like a problem.</p><img src="https://counter.theconversation.com/content/119606/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Robert Herian does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Iran has long recognised the benefits of using cryptocurrencies to counter US sanctions.Robert Herian, Senior Lecturer in Law, The Open UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1137162019-03-18T01:43:22Z2019-03-18T01:43:22ZFour lessons we must take away from the Christchurch terror attack<figure><img src="https://images.theconversation.com/files/264260/original/file-20190317-28479-10a290i.jpg?ixlib=rb-1.1.0&rect=81%2C300%2C4308%2C2696&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Across the world, marches took place during a UN anti-racism day, condemning the attacks on muslims in New Zealand this week.</span> <span class="attribution"><span class="source">EPA/Andy Rain</span>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p>In the aftermath of the tragic loss of life in Christchurch on Friday, the focus needs to be on supporting those who have lost their loved ones and on fostering a sense of national unity in the face of an heinous act of terrorism.</p>
<p>At this early stage we know the perpetrator of the most devastating terrorist attack in New Zealand’s history was a white supremacist. We know he accessed and stockpiled firearms over a long period of time, and that his racist beliefs motivated his actions. </p>
<p>But there are other lessons and important points to make about the attack. These should shape the longer-term response by the New Zealand government.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/christchurch-attacks-are-a-stark-warning-of-toxic-political-environment-that-allows-hate-to-flourish-113662">Christchurch attacks are a stark warning of toxic political environment that allows hate to flourish</a>
</strong>
</em>
</p>
<hr>
<h2>1. Muslims the biggest victims of terror across the globe</h2>
<p>The first is a more sustained governmental and societal focus on right-wing extremism. It may turn out that the extremist who committed this attack acted alone, but the ideology that motivated him has spread around the globe and is infecting our politics and discourse. </p>
<p>We know right-wing radicals have committed atrocities before. The most notable perhaps was an extremist who killed 77 people in Norway in 2011. But this is part of a long history of extremist violence on the right.</p>
<p>According to <a href="https://www.adl.org/news/press-releases/right-wing-extremism-linked-to-every-2018-extremist-murder-in-the-us-adl-finds">research</a> by the Anti-Defamation League, over the last decade, 73.3% of all extremist-related fatalities in the US could be linked to domestic right-wing extremists, while 23.4% were attributable to Islamist extremists. We should pay attention to these statistics in New Zealand. The fear that jihadist terrorism will occur sometime in New Zealand is real, but we haven’t adequately recognised the threat from neofascist ideology. </p>
<p>It is a tragic footnote to this story that globally Muslims have been by far the most victimised group by terrorism in the post-9/11 era. In a <a href="https://fas.org/irp/threat/nctc2011.pdf">2011 report</a>, the US government’s National Counter-Terrorism Center (<a href="https://www.dni.gov/index.php/nctc-home">NCTC</a>), <a href="https://www.bbc.com/news/magazine-30883058">said</a>:</p>
<blockquote>
<p>In cases where the religious affiliation of terrorism casualties could be determined, Muslims suffered between 82% and 97% of terrorism-related fatalities over the past five years.</p>
</blockquote>
<p>Clearly, we need to do more to protect Muslim communities from acts of violence and to focus more tightly on the ideology of fascism, which underpins both right-wing groups and those who commit violence in the name of Islam. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/264259/original/file-20190317-28479-3tpag9.jpg?ixlib=rb-1.1.0&rect=66%2C66%2C4360%2C2773&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/264259/original/file-20190317-28479-3tpag9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=413&fit=crop&dpr=1 600w, https://images.theconversation.com/files/264259/original/file-20190317-28479-3tpag9.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=413&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/264259/original/file-20190317-28479-3tpag9.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=413&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/264259/original/file-20190317-28479-3tpag9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=518&fit=crop&dpr=1 754w, https://images.theconversation.com/files/264259/original/file-20190317-28479-3tpag9.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=518&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/264259/original/file-20190317-28479-3tpag9.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=518&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">In cities across New Zealand and the world, people have gathered at prayer services and vigils to honour victims of the Christchurch mosque terror attack.</span>
<span class="attribution"><span class="source">(AAP/Jono Searle</span>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<h2>2. Extremists share a lot in common</h2>
<p>A second lesson relates to the process of radicalisation. We need to better understand why people who commit mass murder fall into a set of hateful beliefs. This is clearly a serious social problem caused by many variables, including demographic change, inequality, poverty and lack of education. </p>
<p>The latest research on radicalisation suggests many of those responsible for “lone wolf” acts are socially illiterate and <a href="https://link.springer.com/chapter/10.1007/978-981-13-1999-0_7">have fallen out of the mainstream of society</a>. They often indicate these beliefs via social media, suggesting we could do more to report these viewpoints to authorities.</p>
<p>Radicals also tend to share a set of psychological or cognitive traits that underpin their actions. According to <a href="http://www.eip.org/en/news-events/eip-explainer-understanding-radicalisation">recent reports</a> by the <a href="http://www.eip.org/">European Institute for Peace</a> these include grievances that are galvanised by a unifying ideology, a process of cognitive “de-pluralisation”, in which they tend to focus on a very limited set of ideas to interpret the world, and confirmation bias, where events are re-packaged into existing beliefs and assumptions. </p>
<p>Other <a href="http://fathalimoghaddam.com/wp-content/uploads/2013/10/1256627851.pdf">research shows</a> radicals climb a “staircase” to violent acts involving a series of incremental steps over a period of years. This suggests earlier intervention will be the key to having people back away from violence. </p>
<p>The social and cognitive alienation of young people in contemporary society is a growing problem. Radicalisation expert <a href="https://www.washingtonpost.com/opinions/dont-denounce-radicalized-youth-engage-with-them/2017/08/15/2e514cfa-81d8-11e7-902a-2a9f2d808496_story.html?utm_term=.ead1290c2c40">Scott Atran</a> <a href="https://www.washingtonpost.com/opinions/dont-denounce-radicalized-youth-engage-with-them/2017/08/15/2e514cfa-81d8-11e7-902a-2a9f2d808496_story.html?utm_term=.ead1290c2c40">says</a>: </p>
<blockquote>
<p>Violent extremism represents not the resurgence of traditional cultures, but their collapse, as young people unmoored from millennial traditions flail about in search of a social identity that gives personal significance and glory. This is the dark side of globalisation.</p>
</blockquote>
<h2>3. The dark web is a breeding ground for hatred</h2>
<p>A third lesson is that global communications technology is providing a breeding ground for extremism and hatred. In this sense “lone wolves” aren’t acting alone. They are connected to a structured and well-financed global neo-Nazi ideology that uses the internet to propagate its beliefs.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/why-news-outlets-should-think-twice-about-republishing-the-new-zealand-mosque-shooters-livestream-113651">Why news outlets should think twice about republishing the New Zealand mosque shooter's livestream</a>
</strong>
</em>
</p>
<hr>
<p>According to a <a href="https://datasociety.net/pubs/oh/DataAndSociety_MediaManipulationAndDisinformationOnline.pdf">recent report</a> by the <a href="https://datasociety.net/">Data & Society Research Institute</a>, far-right actors are regularly spreading white supremacist thought, Islamophobia and misogyny on the internet through sites such as 4chan and 8chan. </p>
<p>Right-wing groups have regularly circulated propaganda within social media channels and have sown racial and ethnically charged divisions within society through memes and disinformation. This was a tactic of the far right in the US elections in 2016, and has been used regularly since, including in the Brexit debates. </p>
<p>These websites aren’t easy to take down. As recent efforts by Google show, neo-Nazi sites that are blocked or banned “go dark” behind encrypted platforms that are <a href="https://www.theverge.com/2017/8/15/16150668/daily-stormer-alt-right-dark-web-site-godaddy-google-ban">out of reach of tech companies and security services</a>.</p>
<p><a href="http://timothysnyder.org/">Timothy Snyder</a>, a renowned holocaust historian, notes this form of “<a href="https://www.washingtonpost.com/news/posteverything/wp/2018/05/21/fascism-is-back-blame-the-internet/?utm_term=.12fc7e529eb3">mass manipulation</a>” is based on appealing to emotions rather than reason. The spread of fake news and propaganda on the internet creates a perfect platform to increase fear, anger and anxiety. These are the psychological conditions from which acts of violence are committed.</p>
<h2>4. New Zealand does have a right-wing problem</h2>
<p>The final lesson is a wider, political one for New Zealand. There has undoubtedly been a tendency in some quarters of New Zealand politics to assume we are living in a largely benign international environment. This is part of a troubling isolationist tendency in New Zealand politics that contributes to us not taking security seriously and investing in it accordingly. The Christchurch attacks have shattered these illusions. </p>
<p>The right-wing problem in New Zealand has historical roots. White pride marches have taken place in Christchurch on numerous occasions. A <a href="http://www.stuff.co.nz/national/politics/2998598/Far-right-leader-Kyle-Chapman-returns">far-right candidate</a> who was convicted of firebombing a marae (Māori meeting place) stood for mayor three times in recent years, most recently in 2013 when he received a small but significant number of votes. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/christchurch-mosque-shootings-must-end-new-zealands-innocence-about-right-wing-terrorism-113655">Christchurch mosque shootings must end New Zealand's innocence about right-wing terrorism</a>
</strong>
</em>
</p>
<hr>
<p>On the international stage we need to stand up against the beliefs that underpin right-wing extremism. Jacinda Ardern’s call to Donald Trump to be <a href="https://www.stuff.co.nz/national/politics/111331484/pm-jacinda-ardern-told-donald-trump-send-love-to-muslims-after-mosque-shooting">compassionate to Muslims</a> was a good start and reminds us racism at the top of society can create a permissive environment for extremism.</p>
<p>We also need to reorient our foreign and security policy towards de-radicalisation processes both domestically and internationally. The UK’s <a href="https://www.theguardian.com/uk-news/2018/mar/27/far-right-referrals-prevent-programme-up-by-more-than-a-quarter-counter-extremism">Prevent programme</a>, which has seen a big increase in efforts to prevent right-wing extremism, may be a good model to follow.</p>
<p>New Zealanders now know the fear and chaos that follows terrorism. But the goal of terrorism is to use that fear to undermine our democracy and way of life. So we need to channel our response in a way that protects our values. </p>
<p>We must be aware of the perils of over-reacting, but nevertheless need to redouble our efforts to create multi-level, evidence-led strategies to target radicalism, recognising global and local drivers of extremism.</p><img src="https://counter.theconversation.com/content/113716/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Joe Burton does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Globally, Muslims have been by far the most victimised group by terrorism in the post-9/11 era.Joe Burton, Senior Lecturer, New Zealand Institute for Security and Crime Science, University of WaikatoLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1103192019-01-23T14:39:07Z2019-01-23T14:39:07ZInstadrugs: new research reveals hidden dangers when young people use apps to buy illicit substances<figure><img src="https://images.theconversation.com/files/255145/original/file-20190123-135157-70hoja.jpg?ixlib=rb-1.1.0&rect=0%2C4%2C3000%2C1693&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Quick, easy – and very, very risky. </span> <span class="attribution"><span class="source">The Conversation UK.</span></span></figcaption></figure><p>Markets for illicit drugs are constantly evolving to increase profits and reduce risks to suppliers in response to law enforcement tactics. New technologies have been taken up with enthusiasm: from the use of <a href="https://www.nytimes.com/1988/09/25/us/schools-responding-to-beeper-tool-of-today-s-drug-dealer-by-banning-it.html">pagers</a> and mobile phones in the 1990s, to the more recent growth of online pharmacies and <a href="https://theconversation.com/explainer-what-are-drug-cryptomarkets-64596">drug cryptomarkets</a>, which host large numbers of illicit drug vendors operating in the hidden portion of the internet known as <a href="https://theconversation.com/digital-refugees-flee-via-silk-road-to-black-markets-in-drugs-31465">the “dark net”</a>. </p>
<p>The most recent trend – which, until now, has only been recognised through anecdotal evidence and <a href="http://www.bbc.co.uk/newsbeat/article/40601036/teens-found-selling-drugs-on-snapchat-and-instagram-bbc-three-investigation-finds">media reports</a> – is the use of common social media and encrypted messaging apps, such as Instagram, Snapchat, WhatsApp and Wickr, to supply and access illicit drugs. Our <a href="https://www.sciencedirect.com/science/article/pii/S0955395918302111">latest research</a> provides the first exploration of this new market, analysing people’s motivations, methods, experiences and perceptions in relation to buying illicit drugs via apps. </p>
<p>We found that, for our participants, apps offer an intermediary option between street-level and online drugs markets, as they offer a quick, convenient and “secure” method for buying illicit drugs – especially since many of these apps are already installed on their phones. Snapchat, Instagram, Wickr and Kik were the preferred apps, while cannabis, LSD and ecstasy were the most common drugs purchased. </p>
<p>People use apps in different ways to buy and sell drugs, depending on the original purpose of the app. For example, Instagram is more likely to be used as a commercial marketplace, where a potential buyer could locate a dealer by searching and browsing their products. But when it comes to making a deal, users are more likely to move across to an encrypted messaging app, such as Wickr or WhatsApp, to establish a physical meeting place. </p>
<p>Inbuilt security features can also make a difference to the way people use an app for this purpose – Snapchat, for example, provides a platform for connecting buyers with a seller, but with the additional feature of being able to receive self-deleting snaps.</p>
<p>Dating apps, meanwhile, rely on a mobile phone’s location service to connect people, and required users to swipe through profiles looking for particular emojis, which indicate a potential dealer – for example, the use of the maple leaf emoji to signify cannabis. </p>
<h2>Welcome to the 21st century</h2>
<p>Social supply – that is, buying from friends or acquaintances – remains the most popular method of supplying drugs. But apps are increasingly being used because of their convenience and speed, which circumvents the need to hassle friends, seek out a street dealer or use the complex technology related to dark net markets.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/not-all-drug-dealers-are-the-same-its-time-to-ditch-outdated-stereotypes-93773">Not all drug dealers are the same – it's time to ditch outdated stereotypes</a>
</strong>
</em>
</p>
<hr>
<p>The wide range of substances available for purchase also motivated our participants to use apps, as they thought prescription medicines such as Xanax and codeine would be more readily accessible on those platforms. Because apps are so commonplace in modern society, some participants felt that buying drugs in this way was a simple matter of “moving with the times” – one participant said: “I felt like I’d woken up in the 21st century.”</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/255137/original/file-20190123-135160-1cpexp0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/255137/original/file-20190123-135160-1cpexp0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/255137/original/file-20190123-135160-1cpexp0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/255137/original/file-20190123-135160-1cpexp0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/255137/original/file-20190123-135160-1cpexp0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=502&fit=crop&dpr=1 754w, https://images.theconversation.com/files/255137/original/file-20190123-135160-1cpexp0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=502&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/255137/original/file-20190123-135160-1cpexp0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=502&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Know what you’re looking for?</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/grumpy-puddin/5161814652/sizes/l">Grumpy Puddin/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<p>While dark net markets <a href="https://journals.sagepub.com/doi/abs/10.1177/1748895813505234">use feedback systems</a> to establish the quality of the products being sold and the trustworthiness of the dealer, app-based drug markets cause potential buyers to rely on photos and videos of products as assurances that the seller is legitimate and the substance is safe to consume. </p>
<p>One participant thought “it was a better idea to buy it that way because I could look to see if it seemed cut with anything”. This flies in the face of <a href="https://www.sciencedirect.com/science/article/pii/S2211266915300050">pharmacological evidence</a> showing that the quality and safety of drugs can only be measured through forensic testing. Any belief that it’s possible to discern the quality and safety of a particular substance is problematic – if not downright dangerous. </p>
<h2>Gateway apps</h2>
<p>The security of encrypted messaging has been <a href="https://www.engadget.com/2018/09/03/five-eyes-countries-anti-encryption-policy/">called into question</a> in the UK and abroad, as <a href="https://theconversation.com/the-devil-is-in-the-detail-of-government-bill-to-enable-access-to-communications-data-96909">new laws require</a> companies to proactively assist law enforcement agencies in collecting information. Although our participants felt comfortable with the security provided by apps, and did not believe that they would be personally targeted by law enforcement, it is not yet apparent whether these new measures will have an impact on the popularity of these new forms of drug supply.</p>
<p>Apps have changed the drug supply landscape by providing a route to an illicit drugs market that is easy to access, and giving drug users with a means of connecting directly with commercial drug suppliers and substances that may otherwise remain elusive. The vast majority of participants in our research who had used apps to buy drugs were 18 years old, so the potential for apps to trigger a “<a href="https://www.ncbi.nlm.nih.gov/pubmed/28766792">supply gateway effect</a>” – whereby the search for one substance leads to others on the new platform – warrants further investigation. </p>
<p>As app-based drug markets continue to grow, experts and health professionals must work to demystify common assumptions that apps are “secure” and that being able to “see” the drug promotes safer purchasing practices – this could change the behaviour of prospective users and help protect them from danger. And with increasing law enforcement crackdowns likely, leaders need to provide a balanced approach which prioritises reducing harm.</p><img src="https://counter.theconversation.com/content/110319/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Monica Barratt receives funding from the National Health and Medical Research Council, the National Institutes of Health, the Australian Institute of Criminology and the Marsden Fund. She is also the Director of Research at Bluelight.org</span></em></p><p class="fine-print"><em><span>Ross Coomber receives funding from the National Health Medical Research Council and the Australian Institute of Criminology</span></em></p><p class="fine-print"><em><span>Andrew Childs and Leah Moyle do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Buyers think you can tell the purity of a substance by looking at on an app – evidence shows they’re mistaken.Andrew Childs, Doctoral Candidate, Griffith UniversityLeah Moyle, Lecturer in Criminology, Royal Holloway University of LondonMonica Barratt, NHMRC Post-Doc Research Fellow, National Drug and Alcohol Research Centre, UNSW SydneyRoss Coomber, Professor of Criminology and Sociology, University of LiverpoolLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1055422018-10-30T10:46:09Z2018-10-30T10:46:09ZIlluminating the ‘dark web’<figure><img src="https://images.theconversation.com/files/242822/original/file-20181029-76402-1x7avti.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">It might sound scary, but the 'dark web' is not much different from the rest of the internet.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/pretty-scary-frightening-spider-web-halloween-151934447">Willequet Manuel/Shutterstock.com</a></span></figcaption></figure><p>In the wake of recent violent events in the U.S., many people are expressing concern about the tone and content of online communications, including talk of the “dark web.” Despite the sinister-sounding phrase, there is not just one “dark web.” The term is actually fairly technical in origin, and is often used to describe some of the lesser-known corners of the internet. As I discuss in my new book, “<a href="https://mitpress.mit.edu/books/weaving-dark-web">Weaving the Dark Web: Legitimacy on Freenet, Tor, and I2P</a>,” the online services that make up what has become called the “dark web” have been evolving since the early days of the commercial internet – but because of their technological differences, are not well understood by the public, policymakers or the media.</p>
<p>As a result, people often think of the dark web as a place where people sell drugs or exchange stolen information – or as some rare section of the internet Google can’t crawl. It’s both, and neither, and much more. </p>
<h2>Seeking anonymity and privacy</h2>
<p>In brief, dark websites are just like any other website, containing whatever information its owners want to provide, and built with standard web technologies, like hosting software, HTML and JavaScript. Dark websites can be viewed by a standard web browser like Firefox or Chrome. The difference is that they can only be accessed through special network-routing software, which is designed to provide anonymity for both visitors to websites and publishers of these sites.</p>
<p>Websites on the dark web don’t end in “.com” or “.org” or other more common web address endings; they more often include long strings of letters and numbers, ending in “.onion” or “.i2p.” Those are signals that tell software like <a href="https://freenetproject.org/">Freenet</a>, <a href="https://geti2p.net/en/">I2P</a> or <a href="https://www.torproject.org/">Tor</a> how to find dark websites while keeping users’ and hosts’ identities private. </p>
<p>Those programs got their start a couple of decades ago. In 1999, Irish computer scientist Ian Clarke started Freenet as a <a href="https://doi.org/10.1145/1831407.1831427">peer-to-peer system</a> for computers to distribute various types of data in a decentralized manner rather than through the more centralized structure of the mainstream internet. The structure of Freenet <a href="https://doi.org/10.1007/3-540-44702-4_4">separates the identity of the creator</a> of a file from its content, which made it attractive for people who wanted to host anonymous websites. </p>
<p>Not long after Freenet began, the <a href="https://www.torproject.org/">Tor Project</a> and the <a href="https://geti2p.net/en/">Invisible Internet Project</a> developed <a href="http://doi.org/10.1109/NSS.2010.47">their own distinct methods</a> for <a href="https://doi.org/10.1016/j.comcom.2013.04.009">anonymously hosting websites</a>.</p>
<p>Today, the more commonly used internet has billions of websites – but the dark web is tiny, with tens of thousands of sites at the most, at least according to the <a href="https://www.dailydot.com/layer8/best-deep-web-search-engines/">various indexes and search engines</a> that crawl these three networks.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/242816/original/file-20181029-76390-1uarw29.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/242816/original/file-20181029-76390-1uarw29.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/242816/original/file-20181029-76390-1uarw29.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=497&fit=crop&dpr=1 600w, https://images.theconversation.com/files/242816/original/file-20181029-76390-1uarw29.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=497&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/242816/original/file-20181029-76390-1uarw29.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=497&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/242816/original/file-20181029-76390-1uarw29.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=625&fit=crop&dpr=1 754w, https://images.theconversation.com/files/242816/original/file-20181029-76390-1uarw29.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=625&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/242816/original/file-20181029-76390-1uarw29.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=625&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">The Tor Project promotes and encourages online anonymity.</span>
<span class="attribution"><a class="source" href="https://www.torproject.org">Screenshot by The Conversation</a>, <a class="license" href="http://creativecommons.org/licenses/by-nd/4.0/">CC BY-ND</a></span>
</figcaption>
</figure>
<h2>A more private web</h2>
<p>The most commonly used of the three anonymous systems is <a href="https://theconversation.com/securing-web-browsing-protecting-the-tor-network-56840">Tor</a> – which is so prominent that mainstream websites like Facebook, The New York Times and The Washington Post operate versions of their websites accessible <a href="https://theconversation.com/tor-upgrades-to-make-anonymous-publishing-safer-73641">on Tor’s network</a>. Obviously, those sites don’t seek to keep their identities secret, but they have piggybacked on Tor’s anonymizing web technology in order to allow users to connect privately and securely without governments knowing.</p>
<p>In addition, Tor’s system is set up to allow users to anonymously browse not only dark websites, but also regular websites. Using Tor to access the regular internet privately is much more <a href="https://www.wired.com/story/the-grand-tor/">common than using it to browse the dark web</a>.</p>
<h2>Moral aspects of ‘dark’ browsing</h2>
<p>Given the often sensationalized media coverage of the dark web, it’s understandable that people think the term “dark” is a moral judgment. Hitmen for hire, terrorist propaganda, child trafficking and exploitation, guns, drugs and stolen information markets do sound pretty dark.</p>
<p>Yet people commit crimes throughout the internet with some regularity – including trying to <a href="https://www.cnet.com/news/its-still-not-a-good-idea-to-hire-a-hitman-on-craigslist-powerpoint/">hire killers on Craigslist</a> and <a href="https://www.cnet.com/g00/news/how-to-get-caught-buying-drugs-on-venmo-this-twitter-bot/">using Venmo to pay for drug purchases</a>. One of the activities often associated with the dark web, terrorist propaganda, is <a href="https://doi.org/10.1080/00396338.2016.1142085">far more prevalent on the regular web</a>.</p>
<p>Defining the dark web only by the bad things that happen there ignores the <a href="https://ahmia.fi/">innovative search engines</a> and <a href="http://journals.sagepub.com/doi/10.1177/1461444814554900">privacy-conscious social networking</a> – as well as important <a href="https://thetinhat.com/blog/else/new-tin-hat-portal.html">blogging by political dissidents</a>.</p>
<p>Even complaining that dark web information isn’t indexed by search engines misses the crucial reality that search engines never see huge swaths of the regular internet either – such as email traffic, online gaming activity, streaming video services, documents shared within corporations or on data-sharing services like Dropbox, academic and news articles behind paywalls, interactive databases and even posts on social media sites. Ultimately, though, the <a href="https://theconversation.com/searching-deep-and-dark-building-a-google-for-the-less-visible-parts-of-the-web-58472">dark web is indeed searchable</a> as I explain in a chapter of my book.</p>
<p>Thus, as I suggest, a more accurate connotation of “dark” in “dark web” is found in the phrase “<a href="https://theconversation.com/real-security-requires-strong-encryption-even-if-investigators-get-blocked-84252">going dark</a>” – moving communications out of clear and public channels and into encrypted or more private ones.</p>
<h2>Managing anxieties</h2>
<p>Focusing all this fear and moral judgment on the dark web risks both needlessly scaring people about online safety and erroneously reassuring them about online safety. </p>
<p>For instance, the financial services company Experian sells services that purport to “<a href="https://www.ispot.tv/ad/w_5i/experian-dark-web-scan-protect-yourself-featuring-rudy-giuliani">monitor the dark web</a>” to alert customers when their personal data has been compromised by hackers and offered for sale online. Yet to sign up for that service, customers have to <a href="http://www.experian.com/blogs/ask-experian/what-is-the-dark-web/">give the company all sorts of personal information</a> – including their Social Security number and email address – the very data they’re seeking to protect. And they have to hope that Experian doesn’t get hacked, as <a href="https://money.cnn.com/2018/02/09/pf/equifax-hack-senate-disclosure/index.html">its competitor Equifax was</a>, compromising the personal data of <a href="https://www.zdnet.com/article/us-government-releases-post-mortem-report-on-equifax-hack/">nearly every adult in the U.S.</a></p>
<p>It’s inaccurate to assume that online crime is based on the dark web – or that the only activity on the dark web is dangerous and illegal. It’s also inaccurate to see the dark web as content beyond the reach of search engines. Acting on these incorrect assumptions would encourage governments and corporations to want to monitor and police online activity – and risk giving public support to privacy-invading efforts.</p>
<p>
<section class="inline-content">
<img src="https://images.theconversation.com/files/248895/original/file-20181204-133100-t34yqm.png?w=128&h=128">
<div>
<header>Robert Gehl is the author of:</header>
<p><a href="https://mitpress.mit.edu/books/weaving-dark-web">Weaving the Dark Web: Legitimacy on Freenet, Tor, and I2P</a></p>
<footer>MIT Press provides funding as a member of The Conversation US.</footer>
</div>
</section>
</p><img src="https://counter.theconversation.com/content/105542/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>MIT Press provides funding as a member of The Conversation US.</span></em></p>Begun as part of efforts to preserve online anonymity and privacy, Freenet, Tor and the Invisible Internet Project are, like the rest of the web, home to both crime and free expression.Robert W. Gehl, Associate Professor of Communication, University of UtahLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/888222018-01-02T11:26:10Z2018-01-02T11:26:10ZHow the ‘Original Internet Godfather’ walked away from his cybercrime past – interview<figure><img src="https://images.theconversation.com/files/200529/original/file-20180102-26142-1fetqwo.png?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Brett Johnson tears up when he mentions the FBI special agent who helped him quit online fraud.</span> </figcaption></figure><p>It’s 7am and I’m driving down Hull city centre to pick up Brett Johnson, known in cyberspace by the alias Gollumfun and dubbed the “Original Internet Godfather” by the US Secret Service.</p>
<p>Johnson was on the notorious US Most Wanted list in 2006, before being arrested for cybercrime and laundering US$4m. I’ve never met anyone whose name has been on that list, and so our encounter comes with some level of subliminal intimidation. Turns out, he’s both casual and friendly and I’m keeping an open mind. </p>
<p>But I also have to remind myself that he’s a former cybercriminal, who invented a “popular” online tax-return fraud scheme, plenty of identity theft variants and ShadowCrew – the precursor to the dark web. </p>
<p>We’re scheduled to spend two days together. I invited Johnson to give a talk at the Business School of the <a href="http://www.hull.ac.uk/Home.aspx">University of Hull</a> and, some weeks after his talk – in partnership with the FBI – at the University of Tulsa in Oklahoma, he flies over for his first trip to the UK.</p>
<p>Johnson – who over the course of the next 48 hours takes me through his former criminal mindset blending cybersecurity and money laundering (a topic that I’ve spent more than a <a href="https://demetis.wordpress.com">decade researching</a>) – exudes confidence, but admits that being involved in cybercrime was the biggest mistake of his life.</p>
<p>He has nothing but good words for US Secret Service agents, but he did disappoint them when they let him out of prison on the understanding that he would work as an informant (he carried on committing fraud from within their premises). </p>
<p>Johnson praises the FBI, as we walk along campus, and tears well up when he mentions the name of special agent K.M, who guided him in dropping cybercrime for good. His sister Denise and wife Michelle always come up when discussing how he turned his life around. They “saved my life”, he says, while recalling the hardships of his formative years when he felt pushed into skulduggery at the age of ten: the family fraud ring was led by his mother who also convinced Johnson’s grandmother to join in.</p>
<p>“It was almost written in stone that I was going to end up in some sort of fraud,” he says.</p>
<p><audio preload="metadata" controls="controls" data-duration="594" data-image="" data-title="Discussion between Dionysios Demetis and Brett Johnson." data-size="14647213" data-source="" data-source-url="" data-license="CC BY" data-license-url="http://creativecommons.org/licenses/by/4.0/">
<source src="https://cdn.theconversation.com/audio/992/brett-formative.m4a" type="audio/mp4">
</audio>
<div class="audio-player-caption">
Discussion between Dionysios Demetis and Brett Johnson.
<span class="attribution"><a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a><span class="download"><span>14 MB</span> <a target="_blank" href="https://cdn.theconversation.com/audio/992/brett-formative.m4a">(download)</a></span></span>
</div></p>
<p>His first marriage in 1994 was paid for courtesy of insurance fraud. Johnson staged a fake car accident to finance his wedding day. By the time he started using the web, it was a natural progression to shift his fraudulent behaviour online. </p>
<p>He started by scamming eBay buyers. Then he exploited a loophole when a Canadian judge ruled that satellite dishes can be “pirated” legally (in Canada but not the US). Johnson reprogrammed the transmission cards for his Canadian customers and discovered he couldn’t fulfil the orders fast enough. Soon enough, he thought: “Why send them the product altogether? Who are they going to complain to?” </p>
<p>Clearly, Johnson made many, many mistakes. He’s the first to admit it and often points to himself as “this idiot” who broke the law, then broke it again, and took quite some time in prison (including eight months of solitary confinement) to come to terms with what he had done. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/198400/original/file-20171209-27698-nww1a7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/198400/original/file-20171209-27698-nww1a7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=338&fit=crop&dpr=1 600w, https://images.theconversation.com/files/198400/original/file-20171209-27698-nww1a7.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=338&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/198400/original/file-20171209-27698-nww1a7.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=338&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/198400/original/file-20171209-27698-nww1a7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=424&fit=crop&dpr=1 754w, https://images.theconversation.com/files/198400/original/file-20171209-27698-nww1a7.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=424&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/198400/original/file-20171209-27698-nww1a7.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=424&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Brett Johnson, a.k.a. Gollumfun, taking questions from the University of Hull audience.</span>
<span class="attribution"><span class="source">Nadia Samara & Mohammad Al Shammari</span></span>
</figcaption>
</figure>
<p>More than a decade later, he now channels his expertise in darknet intelligence gathering, blackhat auditing, penetration testing and social engineering into his consultancy firm, <a href="https://www.anglerphish.com">Anglerphish Security</a>. Johnson, who now advises Fortune 500 companies, seems confident that he has turned his back on crime. He tries, he says, to convince young cybercriminals – who contact him online – to quit their deceptive ways. </p>
<h2>Schooled in the dark (web) arts</h2>
<p>Cybercriminals are deluded when it comes to sidelining the consequences of their actions, Johnson explains. They repeatedly deny negative outcomes and, later on, accept they’ll carry on committing crime no matter what. Cybercriminals focus on the joy of their dark craft, harvest interconnected practicalities and exploit subtleties that stretch way beyond the confines of a computer screen and escalate to geopolitics. </p>
<p>As a simple example, Johnson used to hijack IP addresses in Eastern Europe when committing identity fraud as they were less likely to be reported to the US, due to the deteriorating political relationships between the countries. Everything matters. Detail matters most. That’s why, he explains, in the context of “friendly fraud” (or refund fraud), miscreants do their homework. </p>
<p>“Really, criminals are the only people on the planet who read the Terms of Service on websites. No one else reads them,” he says. They do it, he adds, to “get an idea of how that website operates.”</p>
<p><audio preload="metadata" controls="controls" data-duration="263" data-image="" data-title="Johnson describing 'Terms of Service' with Dionysios Demetis.." data-size="6490238" data-source="" data-source-url="" data-license="CC BY" data-license-url="http://creativecommons.org/licenses/by/4.0/">
<source src="https://cdn.theconversation.com/audio/994/brett-terms.m4a" type="audio/mp4">
</audio>
<div class="audio-player-caption">
Johnson describing ‘Terms of Service’ with Dionysios Demetis..
<span class="attribution"><a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a><span class="download"><span>6.19 MB</span> <a target="_blank" href="https://cdn.theconversation.com/audio/994/brett-terms.m4a">(download)</a></span></span>
</div></p>
<p>Time, he says, is also critical and “if you wait out a victim long enough then they’ll go away exasparated” – a lesson he learned early from his first eBay scam. Online victims rarely report a crime to the cops. It’s a trend that frustrates cybercrime police units. Worse still, some companies decline to report cyberattacks and can – as was recently <a href="https://www.theguardian.com/technology/2017/nov/21/uber-data-hack-cyber-attack">revealed with the latest Uber scandal</a> – go to extreme lengths to conceal a system hack affecting customer data. </p>
<p>When it comes to cyber-enabled financial crime, Johnson says, hijacking identities remains central to the process. It was this knowledge that, in 2004, led him to take over Counterfeitlibrary.com: the site that attracted cybercriminals who wanted a fake identity.</p>
<p>One of the cornerstones of cybercrime is “networking between individuals to realise maximum success or potential for financial crime”, he explains. The vast majority of online fraudsters aren’t “professionals”. Instead, they feed off each other: publishing manuals, guides, notes and helping out in forums wherever possible. If one cybercriminal finds a loophole in a multinational’s system, then it’s all hands on deck. The <a href="https://www.theguardian.com/business/2016/nov/08/tesco-bank-cyber-thieves-25m">£2.5m stolen from Tesco Bank</a> in the UK last year started from a single forum post of someone claiming that they had taken out £1,000.</p>
<p>That’s exactly why monitoring what’s going on in the dark web is so important for companies. But it’s not just potential corporate victims who are being trained in this dark art. Top cybercriminals charge wannabe scammers hundreds of dollars for six-week online courses on how to commit fraud. They also protect each other; giving advice on how to maintain and secure their own anonymity online. Back in the day, Johnson did the same thing for free for ShadowCrew members. Now, everything is monetised.</p>
<h2>Chasing shadows</h2>
<p>Johnson ran the ShadowCrew network, where he sold fraudulent bank accounts, prepaid debit cards and collaborated extensively with others to combine phishing scams and the <a href="http://www.cbc.ca/news/technology/new-credit-cards-pose-security-problem-1.904220">CVV1 hack</a>. ShadowCrew moderator <a href="http://www.nytimes.com/2010/11/14/magazine/14Hacker-t.html">Albert Gonzalez</a> was sentenced to 20 years for masterminding the online theft of 170m card numbers. And it was that network that eventually landed Johnson behind bars.</p>
<p><audio preload="metadata" controls="controls" data-duration="808" data-image="" data-title="Brett Johnson discusses the CVV1 hack and the fall of ShadowCrew with Dionysios Demetis." data-size="19914034" data-source="" data-source-url="" data-license="CC BY" data-license-url="http://creativecommons.org/licenses/by/4.0/">
<source src="https://cdn.theconversation.com/audio/995/brett-cvv1hack-shadowcrew.m4a" type="audio/mp4">
</audio>
<div class="audio-player-caption">
Brett Johnson discusses the CVV1 hack and the fall of ShadowCrew with Dionysios Demetis.
<span class="attribution"><a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a><span class="download"><span>19 MB</span> <a target="_blank" href="https://cdn.theconversation.com/audio/995/brett-cvv1hack-shadowcrew.m4a">(download)</a></span></span>
</div></p>
<p>But it doesn’t end there: Johnson also established online tax fraud based on hijacked identities – a highly lucrative criminal activity. It became central to the illegal flow of money that he’d set up. He used the California Death Index and filed tax returns for the dead; surprisingly, it worked. He could file one tax return every six minutes but couldn’t open online bank accounts fast enough. Over the course of his cybercriminal activities, Johnson had opened “hundreds of accounts”. Some weeks he claims he was “pulling out US$160,000 in cash.”</p>
<p><audio preload="metadata" controls="controls" data-duration="264" data-image="" data-title="Brett Johnson describing web-based tax fraud with Dionysios Demetis)" data-size="6521090" data-source="" data-source-url="" data-license="" data-license-url="">
<source src="https://cdn.theconversation.com/audio/993/brett-on-tax.m4a" type="audio/mp4">
</audio>
<div class="audio-player-caption">
Brett Johnson describing web-based tax fraud with Dionysios Demetis)
</div></p>
<p>Despite being an early architect of online crime, even Johnson is amazed by the scale of it today. ShadowCrew had 4,000 members, he says, whereas AlphaBay boasted 240,000 users before it was shutdown by the FBI. But with what appears to be an ongoing multi-state orchestrated distributed denial of service (DDoS) attack on major darknet forums, cybercriminals quickly flock elsewhere. Bitcoin, Johnson adds, is an almost perfect tool for cybercrime. </p>
<figure class="align-left ">
<img alt="" src="https://images.theconversation.com/files/198234/original/file-20171207-11282-1sy0oyr.JPG?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/198234/original/file-20171207-11282-1sy0oyr.JPG?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=784&fit=crop&dpr=1 600w, https://images.theconversation.com/files/198234/original/file-20171207-11282-1sy0oyr.JPG?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=784&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/198234/original/file-20171207-11282-1sy0oyr.JPG?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=784&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/198234/original/file-20171207-11282-1sy0oyr.JPG?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=986&fit=crop&dpr=1 754w, https://images.theconversation.com/files/198234/original/file-20171207-11282-1sy0oyr.JPG?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=986&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/198234/original/file-20171207-11282-1sy0oyr.JPG?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=986&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Brett Johnson, a.k.a. Gollumfun, presenting at the University of Hull.</span>
<span class="attribution"><span class="source">Dionysios Demetis</span></span>
</figcaption>
</figure>
<p>Banks, companies and many different institutions routinely adopt anti-fraud tools to prevent their systems from being vulnerable to hacks and scams but – at the same time – fraudsters embrace them, too. They test the tools to make sure that their activity avoids detection. They also purchase off-the-shelf software that blocks detection attempts altogether and scrambles behavioural detection efforts. </p>
<p>Another tool he demonstrates allows anyone to buy hijacked IP addresses from a wide list of countries, including the UK, and costs around 30p per IP address. It also calculates, for a further 15p, a risk score for the fraudster of the probability of detection/blocking of that IP address by commercial anti-fraud and anti-spam software. </p>
<p><audio preload="metadata" controls="controls" data-duration="869" data-image="" data-title="Brett Johnson talking about the tools that fraudsters use with Dionysios Demetis." data-size="21432924" data-source="" data-source-url="" data-license="CC BY" data-license-url="http://creativecommons.org/licenses/by/4.0/">
<source src="https://cdn.theconversation.com/audio/997/brett-tools-of-fraudsters.m4a" type="audio/mp4">
</audio>
<div class="audio-player-caption">
Brett Johnson talking about the tools that fraudsters use with Dionysios Demetis.
<span class="attribution"><a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a><span class="download"><span>20.4 MB</span> <a target="_blank" href="https://cdn.theconversation.com/audio/997/brett-tools-of-fraudsters.m4a">(download)</a></span></span>
</div></p>
<p>I find it difficult to get past the subtle irony of IP risk scores informing the decisions of cybercriminals. Then again, if they’re doing their own operational security, fraud-based “risk management” seems a natural next step in this evolving tango. </p>
<p>There’s so much to discuss with Johnson that our allotted two days go by very quickly. After his visit, we connect online and he suggests renaming my long lost Unix alias from carlito, which is a moniker now reserved by someone else, to carl1to – with the number “1” denoting the first Carlito in a nod to a 90s mobster movie starring Al Pacino. Somehow, it feels like a fitting end to my time with the Original Internet Godfather. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/198905/original/file-20171213-31684-56s7p9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/198905/original/file-20171213-31684-56s7p9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=600&fit=crop&dpr=1 600w, https://images.theconversation.com/files/198905/original/file-20171213-31684-56s7p9.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=600&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/198905/original/file-20171213-31684-56s7p9.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=600&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/198905/original/file-20171213-31684-56s7p9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=754&fit=crop&dpr=1 754w, https://images.theconversation.com/files/198905/original/file-20171213-31684-56s7p9.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=754&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/198905/original/file-20171213-31684-56s7p9.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=754&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Dionysios Demetis (left) with Brett Johnson (right)</span>
</figcaption>
</figure>
<p><em>For the long form discussion between Demetis and Brett Johnson, listen to the audio file below.</em></p>
<p><audio preload="metadata" controls="controls" data-duration="6747" data-image="" data-title="Brett Johnson (a.k.a. Gollumfun) in discussion with Dionysios Demetis" data-size="215917976" data-source="" data-source-url="" data-license="CC BY" data-license-url="http://creativecommons.org/licenses/by/4.0/">
<source src="https://cdn.theconversation.com/audio/998/brettjohnson-drdemetis.mp3" type="audio/mpeg">
</audio>
<div class="audio-player-caption">
Brett Johnson (a.k.a. Gollumfun) in discussion with Dionysios Demetis.
<span class="attribution"><a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a><span class="download"><span>206 MB</span> <a target="_blank" href="https://cdn.theconversation.com/audio/998/brettjohnson-drdemetis.mp3">(download)</a></span></span>
</div></p><img src="https://counter.theconversation.com/content/88822/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Dionysios Demetis does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Two days with former online fraudster, Brett Johnson, who once made it onto the infamous US Most Wanted list.Dionysios Demetis, Lecturer in Management Systems, University of HullLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/870812017-11-12T18:59:57Z2017-11-12T18:59:57ZSmall potent doses of illegal drugs are evading authorities but having a huge impact<p>Small quantities of synthetic opioids such as fentanyl are being smuggled past customs barriers and used to create recreational drugs, which are spreading at an alarming rate with the help of cryptocurrencies.</p>
<p>Fentanyl, for example, has a massive multiplier effect – a mere 10 grams could produce as much as three kilograms of 33% pure synthetic heroin valued at about US$150,000 <a href="http://www.havocscope.com/black-market-prices/heroin-prices/">in the Australian illicit market</a>. </p>
<p>United Nations illicit drug user surveys and seizures suggest recreational drug use is <a href="http://www.unodc.org/wdr2016/">on the rise</a>. This is especially so with synthetic opioids and <a href="https://www.unodc.org/LSS/Page/NPS">new psychoactive substances</a> such as fentanyl derivatives and synthetic cannabinoids (for example, Kronic). </p>
<p>Fentanyl and its derivatives not only pose a risk to recreational drug users, but are also increasingly controlled by organised crime.</p>
<p>A fatal dose of fentanyl can be as little as two milligrams; the equivalent of four grains of salt. Other versions of fentanyl are even more potent. For example, carfentanyl is 10,000 times more potent than morphine – a fatal dose is invisible to the naked eye.</p>
<p>Misuse of drugs, including opioids, is a serious public health issue in Australia, with 1,808 drug-induced deaths <a href="http://www.abs.gov.au/ausstats/abs@.nsf/Lookup/by%20Subject/3303.0%7E2016%7EMain%20Features%7EDrug%20Induced%20Deaths%20in%20Australia%7E6">recorded in 2016</a>, the highest number in 20 years. Such a high rate of drug-induced fatalities has not been recorded since the 1990s heroin epidemic. </p>
<h2>How the spread of synthetic opioids is changing</h2>
<p>Offshore dark net vendors shipping drugs to Australia generally offer 20-50% cheaper prices than those offered by their domestic counterparts. </p>
<p>Precursor chemicals for methamphetamine and new psychoactive substances are being produced on an industrial scale in China and India, and shipped into North America via Mexico. Significant quantities are diverted to the small but lucrative Australian illicit market.</p>
<p>Dark net vendors use stealth packaging and rely on huge postal volumes to camouflage deliveries and overwhelm detection methods. </p>
<p>Chinese and South American crime groups dominate the <a href="https://ssrn.com/abstract=2842099">transcontinental supply</a> of these illicit products, and have adapted to the opportunities of the online market place offered by dark net markets.</p>
<p>In October 2015, China started to control export on previously under-regulated pharmaceutical and new psychoactive substances production. In 2017, the highly potent version of fentanyl, <a href="https://theconversation.com/weekly-dose-while-the-media-panic-about-ice-we-should-worry-about-carfentanil-73270">carfentanyl</a>, was <a href="https://www.uscc.gov/Research/fentanyl-china%E2%80%99s-deadly-export-united-states">prohibited</a>. Industrial production of this drug then moved to under-regulated states.</p>
<p>Recent seizures show the <a href="https://info.publicintelligence.net/DEA-FentanylGuide.pdf">attraction</a> of this illicit market. In August 2017, <a href="https://americansecuritytoday.com/dea-nj-nypd-seize-32m-fatal-doses-fentanyl/">New York police</a> seized 88.4 kilograms of fentanyl and fentanyl-laced heroin. This seizure included 63 kilos of pure fentanyl, which would have yielded 32 million potentially lethal doses of the drug.</p>
<p>There’s also been a number of <a href="http://www.abc.net.au/news/2017-02-17/lethal-drug-carfentanyl-found-brisbane-mail-centre-qld/8280790">recent seizures</a> of fentanyl and carfentanyl arising from dark net purchases in Australia. </p>
<h2>The role of the dark net markets</h2>
<p>The Australian National Drug and Alcohol Research Centre <a href="https://ndarc.med.unsw.edu.au/sites/default/files/ndarc/resources/DNeT%208th%20Buletin_WEBSITE.pdf">began monitoring dark net market drug trends</a> in July 2016, noting the most common drugs on offer were cannabis, pharmaceuticals, MDMA, cocaine and methamphetamine. In 2016, two opioid versions appeared in the top ten new psychoactive substances on sale for the first time.</p>
<p>Australia’s isolated and lucrative drug market has encouraged users to turn to online sources to access drugs. Dark net markets created by the union of Tor (The Onion Router) and the convenience of <a href="https://en.wikipedia.org/wiki/Cryptocurrency">anonymous e-currencies</a> provide eBay-style sites that enable users to purchase products anonymously. </p>
<p>The Australian National University Cybercrime Observatory identified Dream Market as the largest English language dark net market in the world. It’s also resilient, withstanding distributive denial of service <a href="https://doi.org/10.1177/0002764217734269;%20http://journals.sagepub.com/doi/abs/10.1177/0002764217734269">attacks by competitors or extortionists</a>, while avoiding seller scams that have plagued other markets.</p>
<p>In October 2017, 100,722 products involving 1,900 vendors were listed on Dream Market. Drugs account for half of all products. Within this, the most sold is cannabis, followed by amphetamine, opioids, psychedelics, benzodiazepines and steroids.</p>
<p>Of the 4,500 opioid products for sale, fentanyl comprises 10% of the drug make-up. Compared to a <a href="https://www.gwern.net/DNM-archives">May 2015 data-capture</a> substantially more opioids are now listed (a 24-fold increase).</p>
<h2>Fighting the spread</h2>
<p>In targeting domestic vendors, police are trying to gain a better understanding of the business models employed by drug vendors and the nature of the criminal networks involved. </p>
<p>Synthetic opioids and other new psychoactive substances are redefining the traditional high-value – low volume or low value – drug market. These drugs change the distribution method, enabling highly potent, low quantity drugs to be posted or shipped across frontiers with a frequency that recalls the Chinese idiom “ants moving houses”. </p>
<p>Underground digital markets are volatile and constantly shifting, with an <a href="https://www.gwern.net/DNM-survival">operational lifespan</a> of around 18 months. Larger markets attract unwanted attention from law enforcement and competitors.</p>
<p>Peer-to-peer marketplaces such as Open Bazaar 2.0 offer an alternative to avoiding disruption by law enforcement and competitors. A peer-to-peer approach does not rely on a single traditional host server, but on distributive hosting that reduces the impact of arrests, exit scams or extortion.</p>
<p>Australia can’t escape the uptake of these new psychoactive substances and synthetic opioids, but might still have time to avoid a US-scale epidemic. Novel ways to disrupt dark net sources, operations, and the immunity of crime networks will be critical to solving this problem.</p>
<hr>
<p><em>Julian Slater, Assistant Commissioner with the Australian Federal Police has contributed his expertise to this article.</em></p>
<p><em>This article has been corrected since publication to use the correct term – new psychoactive substances.</em></p><img src="https://counter.theconversation.com/content/87081/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Roderic Broadhurst receives funding from the Korean Institute of Criminology, Criminology Research Council, Australian Federal Policing and National Security Program to support some of the work of the ANU Cybercrime Observatory. </span></em></p><p class="fine-print"><em><span>David Lord does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Small quantities of drugs are getting past customs and then being used to create much bigger batches of illegal drugs like synthetic heroin.Roderic Broadhurst, Chair Professor, Australian National UniversityDavid Lord, Research Assistant, Cybercrime Observatory, Australian National UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/828332017-09-06T20:10:28Z2017-09-06T20:10:28ZPoisoned water holes: the legal dangers of dark web policing<p><em>This article is part of a series on how law enforcement is fighting crime across digital borders. You can read the rest <a href="https://theconversation.com/au/topics/fighting-crime-across-digital-borders-42662">here</a>.</em></p>
<hr>
<p>Australian police are using <a href="http://www.csoonline.com/article/2614643/security/watch-out-for-waterhole-attacks----hackers--latest-stealth-weapon.html">“poisoned watering holes”</a> to investigate crime on the dark web. By taking over illegal marketplaces that traffic in child pornography or drugs, law enforcement are collecting information about criminals all over the world.</p>
<p>Of course, crimes that occur on the internet often cross international borders, but this situation is creating troubling new standards in transnational policing. </p>
<p>Research, <a href="https://eprints.qut.edu.au/102299/">including our own</a>, indicates that as police operations move into online environments, new rules for digital evidence collection and exchange must be developed to assist prosecutions while preserving due process and <a href="https://necessaryandproportionate.org/">human rights</a>. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/spyware-merchants-the-risks-of-outsourcing-government-hacking-80891">Spyware merchants: the risks of outsourcing government hacking</a>
</strong>
</em>
</p>
<hr>
<p>Investigations on the <a href="https://theconversation.com/explainer-what-is-the-dark-web-46070">dark web</a> readily transcend geographic demarcations fundamental to the use of search warrants and the admissibility of evidence.</p>
<p>Some enforcement agencies have <a href="https://www.eff.org/deeplinks/2016/08/illegal-playpen-story-rule-41-and-global-hacking-warrants">conducted online investigations</a> and attempted to <a href="http://epublications.bond.edu.au/law_pubs/761/">access or transfer information</a> outside existing domestic and transnational legal frameworks. This is common <a href="https://motherboard.vice.com/en_us/article/mg79nb/australian-authorities-hacked-computers-in-the-us">in cases</a> involving dark web sites that distribute child exploitation material (CEM). </p>
<p>Without proper checks, police could have significantly expanded scope to search homes and computers around the world, even in cases not involving CEM.</p>
<h2>Watering holes and network investigative techniques</h2>
<p>The techniques used in online investigations can have potentially problematic legal standing.</p>
<p><a href="https://arstechnica.com/tech-policy/2017/05/creator-of-infamous-playpen-website-sentenced-to-30-years-in-prison/">Playpen</a> was a dark web site used to distribute CEM. The FBI seized the site in 2015, and obtained a warrant to continue its operation on a government server. </p>
<p>The FBI used a Network Investigative Technique (NIT), also known as <a href="https://policyreview.info/articles/analysis/computer-network-operations-and-rule-law-australia">Computer Network Exploitation</a>, to identify Playpen users. This distributed <a href="https://theconversation.com/after-wannacrypt-should-governments-stockpile-software-vulnerabilities-experts-respond-77717">malware</a> onto any computer used to log into the site. </p>
<p>The NIT enabled the FBI to identify the IP addresses, log-in times, and operating systems of around 150 computers located in the United States and more than 8,000 computers <a href="https://motherboard.vice.com/en_us/article/53d4n8/fbi-hacked-over-8000-computers-in-120-countries-based-on-one-warrant">located in 120 countries</a>. Up to <a href="https://www.casemine.com/judgement/us/5914abd5add7b049347399fb">215,000 registered Playpen users globally</a> could be affected.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/oqqIdRFeu24?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">A Fast Explainer Of The Dark Web.</span></figcaption>
</figure>
<p>According to the Electronic Frontier Foundation, Playpen is the largest known <a href="https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-unprecedented-and-illegal-hacking-operation">US government hacking operation</a>. But it was authorised by a single warrant issued in Eastern Virginia. </p>
<p>Specialist online units in Australia, such as <a href="https://www.theguardian.com/society/2016/jul/13/shining-a-light-on-the-dark-web-how-the-police-ended-up-running-a-paedophile-site">Task Force Argos</a> in the Queensland Police Service, have also used “poisoned watering hole” tactics. </p>
<p>Australian convicted child sex offender <a href="http://www.abc.net.au/news/2016-02-26/paedophile-shannon-mccoole-gives-evidence-at-royal-commission/7203970">Shannon Grant McCoole</a>, who administered “The Love Zone” site, was apprehended after a tip from Danish police. Task Force Argos investigators then <a href="https://www.cdpp.gov.au/news/record-sentence-head-administrator-paedophile-site">effectively ran the site</a> “while feeding information to international law enforcement colleagues”.</p>
<p>The investigation identified many users located in other countries, including several who were <a href="https://motherboard.vice.com/en_us/article/mg79nb/australian-authorities-hacked-computers-in-the-us">prosecuted in the United States</a>.</p>
<p>Details of the warrant used in this investigation are unclear, which is common in cases involving CEM that result in guilty pleas.</p>
<h2>Darkweb investigations and the law</h2>
<p>There are some established methods for law enforcement sharing information across borders.</p>
<p><a href="https://mlat.info/">Mutual Legal Assistance Treaties (MLATs)</a> are similar to extradition treaties. States seeking access to digital evidence located offshore must first issue a formal request.</p>
<p>MLATs aim to protect the legal rights of people suspected of transnational or offshore offending. However, available US cases <a href="https://motherboard.vice.com/en_us/article/mg79nb/australian-authorities-hacked-computers-in-the-us">involving The Love Zone</a> do not appear to mention MLAT procedures. </p>
<p>This has troubling implications for the right to a fair trial.</p>
<p>It’s possible Task Force Argos informally communicated the IP addresses of US-based site users directly to US authorities. Queensland Police declined to comment on the warrant.</p>
<p>The geographic scope of the Playpen NIT warrant, on the other hand, is extremely unclear. <a href="https://www.aclu.org/report/challenging-government-hacking-criminal-cases?redirect=malware-report">Some US courts</a> have declared the NIT warrant to be valid only within Eastern Virginia. </p>
<p>At least one US court has ruled that warrants to search homes and seize computers outside of this district produced evidence viewed as the <a href="https://assets.documentcloud.org/documents/3533838/2017-03-23-44-US-v-Carlson-DMN.pdf">“fruit of the poisonous tree”</a>.</p>
<p>In other words, because the dark web’s infrastructure could only enable law enforcement to uncover the locations and identities of suspects through the defective NIT warrant, any physical evidence seized from a subsequent warrant to search a home was inadmissible.</p>
<p>However, some US courts seem willing to admit evidence from the Playpen NIT because the FBI is regarded by the courts as acting in <a href="https://www.ca10.uscourts.gov/opinions/16/16-1401.pdf">good faith</a> in both seeking and executing it. </p>
<h2>Legal geographies of online investigations</h2>
<p>Law enforcement agencies are keen to maintain secrecy of dark web CEM investigations. But there is concern from legal experts that informal police networks routinely operate outside of established MLAT procedures.</p>
<p>The MLAT process is slow, technical <a href="https://www.accessnow.org/whats-wrong-system-cross-border-access-data/">and cumbersome</a>. This may fuel the acceptance of questionable NITs and exchange of data between police to streamline transnational dark web investigations. But it could also undermine complex cyber-prosecutions and the fairness of criminal trials that rely on electronic evidence.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/inside-the-fight-against-malware-attacks-81433">Inside the fight against malware attacks</a>
</strong>
</em>
</p>
<hr>
<p>The informal exchange of criminal intelligence and use of malware is understandable where child welfare is at stake. But these investigative methods <a href="https://publicpolicy.googleblog.com/2015/02/a-small-rule-change-that-could-give-us.html">undercut current attempts</a> to preserve due process and digital security standards.</p>
<p>Success in these types of investigations cannot solely be measured by prosecution and conviction rates. It should also be measured by the legality, ethics and transparency of transnational investigative procedures and the rules that underpin them.</p>
<p><em><strong>Read other stories in this series:</strong></em></p>
<ul>
<li><em><a href="https://theconversation.com/police-want-to-read-encrypted-messages-but-they-already-have-significant-power-to-access-our-data-82891">Police want to read encrypted messages, but they already have significant power to access our data</a></em></li>
<li><em><a href="https://theconversation.com/its-too-hard-to-get-the-data-of-australian-criminals-when-its-stored-overseas-82828">It’s too hard to get the data of Australian criminals when it’s stored overseas</a></em></li>
<li><em><a href="https://theconversation.com/virtual-child-pornography-could-both-help-and-hinder-law-enforcement-82746">Virtual child pornography could both help and hinder law enforcement</a></em></li>
</ul><img src="https://counter.theconversation.com/content/82833/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Ian Warren is affiliated with the Australian Privacy Foundation.</span></em></p><p class="fine-print"><em><span>Adam Molnar is a Board Member of the Australian Privacy Foundation and is on the Advisory Council of Digital Rights Watch Australia.</span></em></p><p class="fine-print"><em><span>Monique Mann is a Board Member of the Australian Privacy Foundation and is on the Advisory Council of Digital Rights Watch Australia. While at the Australian Institute of Criminology, she consulted for the Australian Criminal Intelligence Commission on information systems and cybercrime. The views expressed here are those of the author and do not represent the views of any Commonwealth agency.</span></em></p>Without proper checks, police could have significantly expanded scope to search homes and computers around the world.Ian Warren, Senior Lecturer, Criminology, Deakin UniversityAdam Molnar, Lecturer, Criminology, Deakin UniversityMonique Mann, Lecturer, School of Justice, Researcher at the Crime and Justice Research Centre and Intellectual Property and Innovation Law Research Group, Faculty of Law, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/781982017-05-25T03:29:46Z2017-05-25T03:29:46ZFrom live streaming to TOR: new technologies are worsening online child exploitation<figure><img src="https://images.theconversation.com/files/170897/original/file-20170525-13199-1c8rmty.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Australia must develop an effective national response to the sharing and creation of child exploitation material online.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/russian-hacker-hacking-server-dark-532748287?src=lV9GWh3o4dqE3EEQROArZQ-1-0">www.shutterstock.com</a></span></figcaption></figure><p><em>This story contains detail of child abuse some readers may find disturbing.</em></p>
<p>Ease of access to technologies such as live streaming is increasing the production and spread of child exploitation material online.</p>
<p>Our report, <a href="http://www.antislavery.org.au/newsflash/286-new-report-launching-soon-behind-the-screen-online-child-exploitation-in-australia.html">Behind the Screen: Online Child Exploitation in Australia</a>, brings together cases and data from international and Australian law enforcement agencies, as well as interviews with government, police and non-governmental organisations, to provide an alarming snapshot of the challenge we face.</p>
<p>Tens of thousands of images and video are already available online, and the problem is likely to worsen without comprehensive action.</p>
<h2>New technologies and child exploitation</h2>
<p>In Australia and around the world, rates of live-streamed child abuse via webcam, video footage and image capture are growing.</p>
<p>Figures from the Internet Watch Foundation support this trend, showing that reports of child sexual abuse imagery rose by <a href="http://www.antislavery.org.au/images/behind%20the%20screen%20-%20report.pdf">417% between 2013 and 2015</a>. The Australian Federal Police <a href="http://www.antislavery.org.au/images/behind%20the%20screen%20-%20report.pdf">received 11,000</a> online child exploitation reports in 2015. </p>
<p>Technological advancements including anonymising programs <a href="https://www.torproject.org/">such as TOR</a>, peer to peer networking technology and the capacity for increased online file storage and sharing, has facilitated the widespread sharing and storing of harmful material.</p>
<p>This view was shared by a senior officer from the Queensland Police Project “Argos”, which investigates online child exploitation. He told us,</p>
<blockquote>
<p>Back in the early 2000s we were dealing with kilobytes and megabytes. Now we are dealing with petabytes, mainly terabytes when we do our seizures… [T]he cheaper cost of storage whether it be cloud based or hard disk based is creating obviously, larger seizures on our front.</p>
</blockquote>
<p>Responding to new technology is challenging. Online child exploitation crimes are difficult to track and measure, given the spread of more secure technologies, such as streaming services, the anonymity provided by <a href="https://theconversation.com/what-is-the-dark-web-and-how-does-it-work-63613">the “dark web”</a> and less traceable payment systems <a href="https://theconversation.com/what-is-bitcoin-it-is-not-that-complicated-if-you-ignore-the-geek-speak-46512">such as Bitcoin</a>. </p>
<p>In the words of a senior officer with Argos,</p>
<blockquote>
<p>How difficult is it? Look, if they are using TOR and they are set up and don’t make mistakes, it’s impossible. We’re reliant on some fairly innovative law enforcement techniques and them making errors… if they’re using proxies or anonymising services using encryptions and using the so-called Darknet or TOR, it would be very tough… the hidden web is very, very challenging, but you know that doesn’t mean we give up. We keep trying. </p>
</blockquote>
<h2>The cases of Shannon McCoole and Matthew Graham</h2>
<p>The production and sharing of child exploitation online was key to two recent Australian criminal cases.</p>
<p>In 2016, Matthew Graham <a href="https://www.cdpp.gov.au/sites/g/files/net391/f/MR-20160317-Child%20Exp-Graham-FINAL.pdf">was sentenced</a> to 15 years imprisonment for distributing child exploitation material.</p>
<p>Graham administered online websites and forums between 2012 and 2014. He shared hundreds of thousands of images, including videos of the torture and rape of a young child in the Philippines, and in one instance, encouraged the rape and murder of a child in Russia. </p>
<p>The United States Federal Bureau of Investigations described Graham’s network as “one of the largest and most extreme in the world”. </p>
<p>In 2015, Shannon McCoole <a href="http://www.abc.net.au/news/2016-02-26/convicted-paedophile-shannon-mccoole-to-give-evidence/7193462">was sentenced</a> to 35 years imprisonment with charges related to his role as head administrator of a global online network with 45,000 members. </p>
<p>The sentencing judge in the McCoole case drew attention to the challenges posed by secretive computer networks and websites created for the specific purpose of distributing exploitative material.</p>
<blockquote>
<p>The network allowed communication between individuals in a secure fashion that enabled them to contact each other and share data without necessarily identifying themselves. It was highly sophisticated, elaborate, organised and controlled.</p>
</blockquote>
<p>The McCoole case also showed that Australian law has not kept pace with the scale and nature of the crimes. While McCoole was based in Australia and operated the network here, our research found there are no federal legislative provisions dealing with the administration of online child exploitation material networks where the administrator is based in Australia. </p>
<p>In contrast, a few state jurisdictions have introduced provisions, although the effectiveness of these new laws has not been tested.</p>
<h2>What Australia should do</h2>
<p>Australia must confront the rapid increase of gravely exploitative material online.</p>
<p>We need to review the effectiveness of our existing regulatory frameworks, including those governing internet service providers, search engines and social media services. </p>
<p>We recommend the following steps be taken, among others:</p>
<ul>
<li>Outdated industry codes must be changed. Particularly, there is a lack of clarity relating to the legal obligations of internet service providers to report child exploitation material that is hosted on their networks.</li>
<li>A peak national body with representatives from government, law enforcement agencies and other key stakeholders at state, territory and commonwealth levels should be established to review all relevant legislation. </li>
<li>The Broadcasting Services Act must be amended so instances of online child exploitation material on servers hosted in Australia are identified and investigated. </li>
<li>Sentencing outcomes for online exploitation offences should be researched to further explore the relationship between human trafficking and online child exploitation. </li>
</ul>
<p>Offenders are routinely caught with thousands of images. A coordinated and powerful response is necessary if we are to protect children.</p>
<p><em>Anyone can report abuse or illegal activity online to the Australian Federal Police using a form <a href="https://www.afp.gov.au/what-we-do/services/child-protection/online-child-sex-exploitation#report-suspicious-behaviour-online">available here</a>. To report emergencies, such as a child who is in immediate danger or risk, call 000, Crimestoppers on 1800 333 000 or your local police station.</em></p>
<p><em><strong>Correction:</strong> The Internet Watch Foundation <a href="https://www.iwf.org.uk/news/iwf-announce-record-reports-of-child-sexual-abuse-online">has found</a> that reports of child sexual abuse imagery rose by 417% between 2013 and 2015. This figure was originally incorrectly credited to the Australian Federal Police.</em></p><img src="https://counter.theconversation.com/content/78198/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The research received funding from the Rainbow Fish Foundation. </span></em></p>The Behind the Screen: Online Child Exploitation in Australia report provides an alarming snapshot of a growing crime.Jennifer Burn, Professor, Faculty of Law and Director of Anti-Slavery Australia, University of Technology SydneyLicensed as Creative Commons – attribution, no derivatives.