About two dozen police officers from 14 countries gathered inside the cyber research lab in Interpol’s Singapore office one afternoon during this past July. They watched as Christopher Karam, a cyberthreat researcher, booted up a specially designed virtual drug market stocked with listings for cocaine, heroin and MDMA.
Karam asked for volunteers: So, who wants to be a seller, and who wants to be a buyer?
The meeting was the first of its kind.
In an effort to combat the increasingly complex web of crime that takes place on the so-called dark net, Interpol created a dark net drug simulator to train police on how to buy and sell drugs, find stolen information and use virtual cryptocurrencies.
“We realized it may not be a very good idea to do a training using PowerPoint [presentations] or other normal mechanisms” Madan Oberoi, the director of cyber innovation and outreach at Interpol and Karam's boss, said an in interview. "In order to train law enforcement personnel on dark net and virtual currencies...we started our own project."
Two years after the United States government shut down the dark net black market Silk Road, new marketplaces continue to thrive. One recent study, prepared by Carnegie Mellon researchers in August 2015, estimated that about 35 new sites have popped up in Silk Road’s wake -- and now traffic more than $100 million worth of drugs and illicit goods. "Even though anonymous online marketplaces are a relatively recent development in the overall online crime ecosystem...total volumes have reached up to $650,000 daily (averaged over 30-day windows) and are generally stable around $300,000-$500,000 a day, far exceeding what had been previously reported," the authors noted.
So far, the government's strategy has appeared to look a lot like whack-a-mole: Close one site, another pops up. For instance, Operation Onymous launched an international crackdown on dark net sites in November 2014. The effort, which involved law enforcement cooperation from nearly a dozen countries, closed more than 400 domains. And yet -- many of the biggest sites are still functioning. “What’s interesting is [these sites] have business continuity plans; they have a disaster recovery plans -- it’s like a normal firm that is operating,” Karam said.
Therefore, trying to close down each site “is not the solution,” Oberoi said.
Oberoi compares the dark net to bank robberies -- law enforcement shouldn’t focus on shutting down the banks. They key is to catch the criminals. “If we arrest the robbers, that will demolish the gang,” he said. “Otherwise what would happen is they will select another bank and launch another attack. The ultimate deterrence -- as in the physical world -- for cyber crimes also lies in successful prosecution. This is easily said but difficult to achieve.”
For the last three years, Oberoi’s unit at Interpol has been studying dark net markets and cryptocurrencies. The training seminars were opened up to police around the world who wanted to learn more about how these marketplaces operate. The first seminar was held in Singapore in July. The next will take place in Brussels in November.
“One strong message we got from police was that most of them were not adequately equipped to handle threats from the dark net,” said Oberoi, who started his career as an police officer in Delhi, India, in the early 1990’s. "With that in mind, in 2014, we started a project to prepare a simulated environment to build a darknet within our own lab, as well as a cryptocurrency system with no outside connections.”
The Interpol marketplace is the first of its kind. It was built using 25 Raspebrry Pis and code lifted from a free repository in GitHub. The system even has its own bitcoin-like cryptocurrency and the drug listings -- including pictures and prices -- were scraped from the Evolution marketplace, an illicit drug market that disappeared mysteriously last May.
For the nontechnical police officer, even getting access to dark net marketplaces can be difficult. This is no eBay, after all. To access dark net sites, one first must download Tor, a free software that lets users browse anonymously. Oberoi says that his team offered the training seminar to officers within Interpol’s 190 member countries. Not everyone was admitted -- over 100 applied, but only 25 made the cut. "We took people who had experience working in cybercrime units,” Oberoi said. “We wanted to build on those skills, rather than start from scratch, which would have taken unlimited resources."
The time is ripe for this sort of training. Earlier this summer, U.S. intelligence officials testified before Congress on the potential illicit uses of the dark net. Oberoi said that police are not just concerned about the drugs either. Kidnapping, he said, is a particular concern for many countries. He said that several police he's spoken with have said that ransoms are now being demanded in cryptocurrency -- in large part because they allow the kidnappers to remain anonymous.
“The ransom is being demanded in bitcoins,” Oberoi said. “The knowledge of cryptocurrency becomes very important when investigating these so-called physical domain crimes."
Still, it’s worth noting that even officers who know how these systems work might still be powerless against them. Sites on the dark net operate with a high level of sophistication, and, more importantly, anonymity. In other words, just because the officers are more familiar with the dark net because of training, it doesn't mean they'll necessarily be able to immediately shut down any illegal activity.
“The objective was to make them more aware of this and realize what are the activities happening in this domain,” said Oberoi. “The point is to create awareness, providing them tools to go into this domain safely, and carry out some basic investigations.”