Investigating the Dark Web – The Challenges of Online Anonymity for Digital Forensics Examiners

The recent rise in the number of people who suspect they may be being tracked on the internet, whether by government agencies, advertisers or nefarious groups, has led to increased interest in anonymising services such as TOR.

TOR, or The Onion Router, conceals a user’s identity and network activity from others who wish to uncover information about them. It has been used by journalists and individuals working under strict regimes, and by whistleblowers and others who need to be able to disseminate information both safely and anonymously.

Of course, TOR also has its applications in the criminal world, and it is perhaps for this that it is most well known. Silk Road, one of its largest sites, found itself under press scrutiny when the FBI shut it down in October 2013. Silk Road (later relaunched as Silk Road 2.0) is a marketplace where users can buy anything from art to books to computer equipment; but it also provides a large range of illegal items, the most famous of these being its extensive drugs collection.

But Silk Road is just one small patch of the dark net, and recent investigations by the BBC have made the general public aware of an even darker area: people who are using anonymising services to trade indecent images of children.

We caught up with Greg Virgin, an ex-NSA engineer and CEO of software company Redjack, to talk about the extent of the problem and what, if anything, can be done about it.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

Describing the scope of the problem, Virgin explains:

“Tens of thousands of predators use the dark web every day as an exchange for media and information as well as a support group. More concerning than the current size and scope of the activity is the current growth, which has expanded dramatically in the past year. The dark net is also the location where the most extreme activity takes place.”

It is certainly easier to access indecent images of children and similar illegal content on the dark net. While most common search engines will block access to images of child abuse, and will only return news items or academic research surrounding the area if someone searches for these, the dark net places no such restrictions on its users. The recent increase in publicity of services such as TOR has brought the dark net to people who were previously unaware of its existence, and made it easier for those who begin with a casual interest in underground activities to find more hardcore content than they were perhaps expecting.

So why don’t we just shut down the people who run these dark net sites? Virgin elaborates:

“The difficulty in analysing the activity on the dark net is that all of the users and services are anonymous. It is impossible for location or ownership to be established for any computer or person on the dark net, which is incredibly problematic for law enforcement who need to establish jurisdiction in order to act.”

In other words, even if law enforcement agents know that these people are there, knowing where they are and acting upon it is another matter, and one fraught with difficulties. For one thing, knowing which law enforcement agency is required to act is a question of jurisdiction: someone in Michigan may have noticed the problem, but is it being perpetrated in Beijing? What about networks of people who operate internationally?

Several charitable organisations and task forces are being formed to address this problem, including the International Justice Mission, who partner with law enforcement in communities throughout the developing world to rescue victims and bring criminals to justice. Such organisations often provide a vital point of liaison for law enforcement around the world, but the amount they can do is limited. As previously mentioned, one of the main problems with the dark net is working out where people are operating from in the first place, in order to be able to assemble the necessary task force and enact justice.

Is there any way of tracing users of the dark net back to their actual locations? Greg Virgin outlines one possible approach:

“We address these challenges by applying advanced analytics to the communications and information we find on the dark net. While computers may not be traceable or attributable, users often inadvertently provide information in whom they communicate with and how.”

In other words, there are investigative techniques that can be used to trace purveyors of child abuse images on the dark net, but finding them and tracking them down is not an easy task. Still, investigators and digital forensics professionals around the globe are working to uncover as much of the dark net’s deepest underworld as possible, in order to create a safer internet for everyone.

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles