Upload
trinhnhan
View
215
Download
0
Embed Size (px)
Citation preview
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
Co-funded by the Horizon 2020 Framework Programme of the European Union
Workshop3Report
PolicingtheDarkWebDeliverable2.5
TNO
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
VersionControlSheet
Title Workshop3Report:PolicingtheDarkWeb
PreparedBy SerenaOggero(TNO)
ApprovedBy
VersionNumber MEDIA4SEC-D2-3-OCT17-E1-Workshop3DarkWeb
Contact [email protected]
RevisionHistory:
Version Date SummaryofChanges Initials ChangesMarked
0.1 24/10/17 DraftversionforTNOreview SO No
0.2 30/10/17 CommentsofMarijnimplemented SO No
0.3 07/11/2017 CommentsbyMark,Eva,Myassa MvS,EK,MD Yes
0.4 09/11/2017 Final version from TNO, reviewed byEFUSandEOS
SO No
1.0 13/11/2017 SubmittedVersion RR No
Author:SerenaOggero
Withcontributionfrom:MarijnRijken,MarkvanStaalduinen,PilardelaTorre,MyassaDjebara,KlaudiaTani,EvaKyriakou,JonCoaffee,RobRowlands,CarmenCastro,RianneDekker,SebastianDenef,JordieDiego,KatHadjimatheou,ManolisKermitsis,AlbertMeijer,NikosMoustakidis,JolandaModic,WilmaRooney,TomSorell,MarcSteen,PetraVermeulen,AnžeŽitnik.
CoverImageSource:adike/Shutterstock.com
TheresearchleadingtotheseresultshasreceivedfundingfromtheEuropeanUnion’sHorizon2020ResearchandInnovationProgramme,underGrantAgreementno700281.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
ContentsExecutiveSummary............................................................................................................................................i
1. Introduction................................................................................................................................................1
1.1 TheDarkWebinthecontextofMEDI@4SEC.....................................................................1
1.2 Workshopgoalandscope............................................................................................................1
1.3 Workshopquestionsandmethod............................................................................................2
1.4 Zoom-in:questionsandmethodforthegroupdiscussions.........................................3
1.5 Participantsandexposure...........................................................................................................5
2. DarkWebactorsandresponsibilities:astakeholderanalysis.............................................7
3. WeaknessesandthreatstoDarkWebpolicing........................................................................10
3.1 Strategicinvestigation...............................................................................................................10
3.2 Identificationofasuspect........................................................................................................12
3.3 Prosecutionofsuspects.............................................................................................................13
3.4 Conclusionofweaknessesandthreatsanalysis.............................................................14
4. Opportunitiesandstrengthstobuildupon................................................................................15
5. Needsforfuturepolicing....................................................................................................................17
6. Proposedactions....................................................................................................................................21
7. Concludingremarks..............................................................................................................................23
Appendix1 –Participantlist(anonymised)....................................................................................24
Appendix2 –WorkshopAgenda(anonymised)............................................................................26
Appendix3 –WorkshopEvaluation....................................................................................................27
Appendix4 –Glossaryofterms............................................................................................................28
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
i
ExecutiveSummary
ThisreportpresentstheresultsfromtheworkshopPolicingtheDarkWeb,thatwasheldas part of theEuropean researchprojectMEDI@4SEC, on September26, 2017 inTheHague,TheNetherlands.Theworkshopbroughttogether65internationalprofessionalsactively policing crime on the Dark Web, of which 40 external delegates, and theremainingfromtheprojectconsortium.Thegroupwasadiversemixofrepresentativeoflawenforcementorganisations,governmentsandresearchandtechnologyexperts.
The workshop was hosted by the consortium partner TNO and took place in theframework of the international Cyber SecurityWeek. The goalwas to create an opensetting to sharechallenges,bestpracticesand lessons learnedwhenpolicing theDarkWeb.Additionally,aimwastodevelopacommonvisionandactionableperspectivesforthefuturepolicingoftheDarkWeb.
Basedontheoutcomeoftheday,wehavederivedaSWOTanalysis,adescriptionofthestakeholders and their present and potential roles in Dark Web policing, and mostimportant,alistofneeds,recommendationsandactionsforthefuture.
Thekeyfindingsderivedduringtheworkshopareheresummarizedschematically:
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
1
1. Introduction
1.1 TheDarkWebinthecontextofMEDI@4SEC
TheMEDI@4SECproject enhancesunderstandingof theopportunities, challengesandethicalconsiderationofsocialmediause forpublicsecurity: thegood, thebadandtheugly. The good comprises using social media for problem solving, fighting crime,decreasing fear of crime and increasing the quality of life. The bad is the increase ofdigitisedcriminalityand terrorismwithnewphenomenaemerging through theuseofsocialmedia.Theuglycomprisesthegreyareasoftrolling,cyberbullying,threats,orlivevideo-sharing of tactical security operations. Leveraging the possibilities that socialmedia offer, while respecting privacy, legislation, and ethics, becomes the key focus.MEDI@4SEC explores this through a series of communication and disseminationactivities,includingtheworkshop“PolicingtheDarkWeb”whichissubjectofthisreport.
HowdoestheDarkWebfitaprojectaboutsocialmediaforsecurity?TheDarkWebhasemergedasanonlinespacewherecontenthasbeenintentionallyconcealedanduserscansurfanonymously.Despitebeingabroaderdigitalspacethanwhatastrictdefinitionof‘social media’ entitles, the Dark Web is still based by user-generated content andfacilitatesthedevelopmentofonlinesocialcommunities,anexamplebeingdarkmarketsanddarkfora. It isusedforseveral legitimatepurposes,suchastoperformmarketingtracking, to circumvent censorship and to conduct research on topics that might besensitiveincertaincountries.Atthesametime,theDarkWebfacilitates“hightech”andorganized crime thanks to its anonymous characteristics.Anonymity is in fact thekeyelementattractingillegalactivitiesontheDarkWeb,whichincludechildsexabuse,tradeofdrugs,stolendocuments, firearms,offerofservices fosteringviolentextremismandcybercrimeas-a-service.WecanthereforeseetheDarkWebasanexampleofboththe‘bad’ and the ‘ugly’ of thedigitalworld of socialmedia, and althoughbasedondigitalcommunication and digital transactions, it may have a strong negative effect on thephysicalpublicsafetyandsecurity.
ThepolicingofcrimeontheDarkWebraisesanumberofchallengesthatareuniquetothis digital space. To name a few: the wide variety of crimes facilitated calls for adiversifiedrangeofapproaches;thespeedofdevelopmentofthecybercrimecommunityfacilitatingthesecrimescallsforfast,flexibleandinnovativemeasures;thecomplexityofthe technology at the base of the Dark Web requires complex as well as creativecountermeasures.Finally,thedoublenatureoftheDarkWeb,wherelegitimateactivitiestakeplaceinparalleltocriminalones,requiresabalancebetweenindividualfreedoms,suchasfreedomofspeech,andtheneedtofightcrime.
1.2 Workshopgoalandscope
In this convoluted context, it is of extreme importance to facilitate the identification,sharing and discussion of current lessons learned and best practices among lawenforcement experts. It is also important todo soby involving thewidestmajority ofactors involved on policing crime on the Dark Web, considering the borderless andinternationaldimensionofitsecosystem.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
2
For thesereasons, thegoalof theworkshopwas tobring togetherabroadrangeofinternationalprofessionalsactiveinthis fieldand,together, tocreateacommonvisionandactionableperspectivesforthefuturepolicingoftheDarkWeb.
InthespectrumofillegalactivitiesfacilitatedbytheDarkWeb,theworkshopparticularlyfocusedontheso-calledcryptomarkets,ordarkmarkets.Thesearedigitalmarketplacesfostering tradeof awide rangeofusually illegalproducts.Drugsare thepredominantproduct, but counterfeitedmedicines,weapons,malware and criminal services canbeeasilyboughtaswell–seee.g.,Figure1.1.
Figure 1.1: Screenshots from (now seized) dark markets.
1.3 Workshopquestionsandmethod
The question at the core of the workshop was the following: how to reduce, andpotentiallyeliminate,criminalbehaviourontheDarkWebwithafocusoncriminalbehaviourondarkmarkets.
Themorningprogramoftheworkshopexploredthecontextandtheproblem.Throughasequenceofshortpresentations,thisparttackledthequestions:
• whathappensontheDarkWeb?whataspectschallengepublicsecurity?• whataretoday’sbestpracticesofpolicingtheDarkWeb?
First law enforcement professionals shared theirmost recent policing experiences ondark markets, from the different perspectives of international, national and local
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
3
(regional) policing operations. Secondly, research and technology professionalspresentedexamplesofstate-of-the-artpractices,toolsandmethods.
Theafternoonprogramaimedatanopenaninteractiveexchangeofideasconcerningthequestions:
• howdoesourcommonfuturevision look like?-designanddeveloptogetherastrategytopolicetheDarkWeb;
• howcanwegetthere?-actionsidentification.
Allparticipantswereinvitedtoaddressthesequestionsingroupsofabout5persons,foratotalof10tablesofdiscussion.Seethefollowingsectionformoreinformationonthemethodadoptedinthispartoftheworkshop.
Thegroupdiscussionsleadtoinputforafutureagenda,onthebaseoftheparticipants’ownexperiencesandinspiredbythegoodpracticesandlessonslearnedsharedduringthemorningprogram.Thisinputwasformulatedintheformofneededactions.
Inthelastpartoftheworkshop,themostimpactfulactionswerepresentedinaplenarysessionandfurtherdiscussedwithapanelformedbyparticipantsfromthepolicymakingsector.
The theme defining the workshop method took inspiration from the Principles ofAppreciativeEnquiry,adoptedinpreviousMEDI@4SECworkshops.Themorningsessionaimedatdefiningthecontext,discoveringtheissuesathandandexistingbestpractices,and focusing on new possibilities. The afternoon session aimed at building upon thisinspirationtodesignanddevelopnewsolutions.
1.4 Zoom-in:questionsandmethodforthegroupdiscussions
Asmentionedbefore,during theafternoonprogrameachparticipant tookpart in tworoundsofdiscussion,withthegoaltoaddresstheworkshop’scentralquestionsinmoredetailandbuildingtogetheranagendaforthefuture.
Anadditionaldimensionwasaddedduringthisphaseoftheworkshop:the‘type’ofillegalproducttraded.Fouroutoftentableswereinfactdedicatedtoaddressthescopeofdrugs
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
4
trade,threetablesforterrorism-relatedtrade(suchastradeinstolenIDsorweapons),and finally three tables for trade in cybercrime products (such as malware orcybercrimeas-a-service).
TheframeworkofquestionsshowninFigure1.2wasusedtofacilitatethediscussionateach table. This guided the participants through three different phases of a policingoperation:astrategic(typicallyinternational)investigation,aimingatunderstandingthecriminal lead and localizing suspects involved in the trade, an operation (typicallynationalorregional)aimingatidentifyingthesesuspect,andaprosecutionphaseaimingatbringingthenecessary‘beyondreasonabledoubt’proofstocourt.
Table:Round:Hosts:
1.InternationalOperation:Whatneedstobeinplacetoconductasuccessfulinternationaloperation(oncriminaltradeofproductX)?
2.National/RegionalIdentification:Whatneedstobeinplacetoconductasuccessfullocalidentificationoperation?
3.FromProsecutiontoCourt:whatshouldbeinplacetobesuccessfulateverystepoftheprosecutionoftheidentifiedsuspect?
Whichactorsshouldbeinvolvedandwhichresponsibilitiesshouldtheyassume?
Whichworkingprocesses,information,methods,practicesshouldbeinplace?
Whichtools,capabilities,capacities,knowledgeshouldbeinplace?
Onwhichopportunities,strengthswecanbuildupontorealizethis?
Whichweaknesses,threatsdoweseeasbarriersandhowtoaddressthose?
Whatethicalandlegalconsiderationsarise?
Figure 1.2: Framework of questions used to guide the group discussions.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
5
The method adopted to guide the discussions took inspiration from the World Cafémethod adopted in the previous MEDI@4SEC workshops. Following this method,maximal change in thegroupscompositionwasensuredbetween the firstandsecondround, while two table hostsremained fixed per table. Thishelped to collect a broaderperspective of inputs and toguaranteemaximal interactionbetweenparticipants.
Additionally, criteria toenhance the diversity of thegroups where used to groupparticipants; in this waydifferent type of stakeholdersand organisations met at eachtable.Finally,theroleoftablehostswascoveredbyrepresentativesoftheMEDI@4SECconsortium, covering the different expertise’s of the project. This brought slightlydifferentprerogativesonthetableandallowedforadynamicdiscussion.
1.5 Participantsandexposure
TheworkshoptookplaceonSeptember26,2017,inTheHague,TheNetherlands.ItwashostedbytheMEDI@4SECpartnerTNOintheframeworkoftheCyberSecurityWeek.
Participation was limited and interested parties needed to apply explaining theirprofessionalexperienceconcerningtheDarkWebandtheirmotivation.Morethan120
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
6
professionalsapplied,ofwhich40peoplewerecarefullyselectedonthebaseofanumberof criteria: motivation, professional affinity with the topic, and diversity, in terms ofstakeholder type, nationality, gender and background. Selected applicants andconsortium representatives formed a total of 65 participants who took place in theworkshop.
About 70% of the participants represented law enforcement organizations, includingInterpolandEuropeannationalpolicingunits.Theremainingparticipantsrepresentedinequal parts academia and research institutions, businesses and policy makers. AnanonymizedlistofparticipantscanbefoundattheendofthisdocumentinAppendix1.
NotselectedparticipantsandthegeneralpubliccouldfollowthedevelopmentsofthedaythroughaTwitterinteractionfacilitatedbytheMEDI@4SECconsortium.Animpressionof this interaction can be seen on the project website (see the Storify summary athttp://media4sec.eu/workshops/darkweb). Since the workshop took place in thecontext of the CyberSecurityWeek, theuseofthe hashtag #csw,together with the projecthashtag #media4sec,increased the event’sdigital exposure.Additionally, theMEDI@4SEC LinkedIngroup was used beforeandisbeingusedaftertheworkshop toenhance theinteractionanddiscussiononthetopic.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
7
2. DarkWebactorsandresponsibilities:astakeholderanalysis
Duringtheworkshop,participantsdiscussedtherolesofthedifferentstakeholderswhenPolicing theDarkWeb.Wehaveanalysed their roles from theperspectiveof thedarkmarketsduringtherecentinterventions.Wefocusedontheroleplayedbythe ‘classic’actors, governmental organizations and national and international law enforcementagencies.Considering theonline illegal trade fromabusinessperspective though, less‘usualsuspects’emerge.Theresultsofthediscussion,withafocusontherolethatthedifferentcategoriesofactorsshouldplayinthefuture,aresummarizedinthetablebelow.
Actors Role/responsibility
Nationalgovernments Governments may play an important role on multiple axes:empowering investment and initiatives for targetedtakedowns, investing funds against cybercrime, exercisingpolicingpressureonprivatesectors(seebelow),lobbyingfora cross-sector collaboration, as well as raising awarenessamongcitizensontherisks.
Localgovernments Local governments such as municipalities can also play animportant role in educating citizens against the risks ofcybercrimeandintakingresponsibilityagainstillegalcontent.
Privatesector:banks,fintech/moneytransactionsandcryptocurrencyproviders
Bankscanplayanimportantrolebecausetheyholdpersonaldataofcriminalsinvolvedinillegalfinancialtransactions.
Cryptocurrencyprovidersandfinancialtransactionbusinesses(e.g., providing online payment services) might indirectlyfacilitateillegaltransactionsorcybercrime.
All should be stimulated to proactively increase riskassessment initiatives and to share information with lawenforcement agencies. The latter should always dedicateattentiontothefinancialdimensioninalltypesofdigitalcrimeinvestigations.
Privatesector:logisticscompanies
Postal companies hold responsibility when facilitatingshippingofillegalproducts;thisisparticularlyrelevantforthetradeofdrugswhichbenefitsfromalargenumberofshippingsallovertheworlds.
Privatesector:internetproviders
Tier-1ISP(internetserviceproviders)empowertheindistinctflowofanytypeofinformation,henceindirectlyfacilitatingthespreadofillegalcontentaswell.Morepressureshouldbeputonthesebusinessesby internationalpoliciesandagencies infavourofamoreseveremonitoringandstrictercontrol.
Privatesector:techandinternetservicesproviders
Businesses empowering internet services on the ‘openweb’,such as search engines also play an indirect role, especiallywith respect to the problem of terrorism content. Themorepeople searching for terrorist content on the clear web, theeasierandfastersuchcontentwillbesurfaced.Thisprocessisa‘collateraleffect’ofsearchenginesalgorithms,whichshouldbetherescrutinized.
Privatesector:insurancecompanies
Insurance companies are stakeholders of the ecosystem,especiallywhendealingwiththeeffectsonsecurityofthetradeofmalwareandcybercrimeservices.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
8
InternationalLawEnforcementOrganisations:Interpol,Europol
Thestrategicroleofinternationallawenforcementagenciesisfundamental to centrally coordinate investigations, identifykeyactors,establishandrunacommoninternationaldatabase,bankof tools, centreof excellence, and supportnational andlocaloperations.
Lawenforcement:nationalagencies
Thenationalandregionallawenforcementagencieswillkeepplayinga fundamentaloperational role.There isnoneed foradditionalspecialunits,butforagreaterandmoretransversalcoordination among agencies, both at the international andnationallevel.Lawenforcementagenciestoooftenstillworkin‘silo’s’–e.g.,counter-terrorismversusorganizedcrimeversusnarcotic units. They should work towards a fused andtransversal approach.Thiswouldhelp, for instance, toavoidduplicationofefforts,reducingcostsandfocusingexpertise;itwould decrease competition between agencies and wouldfavoursharingofpracticesandknowledge.
Abetter coordinated lawenforcementecosystemwouldalsohelp to form a compact ‘front’ to collaborate with privatebusinesses.
Nationalprosecutors Expert specialized prosecutors should be in place andworktowards international coordination and a commoninternationallegislation
Academia,knowledgecentres,research&technologyorganisations
Scientist and researchers are responsible for increasing thesharing of knowledge, methods and tools with lawenforcement, and for stimulating capacitybuilding.A specialroleisplayedbyexpertsabletotranslatetechnicalinformationintointelligencecomprehensiblebylawenforcementandthejustice system.Another special role lieswith experts able tocopewiththeethicalandlegalchallengesinternationally.
Citizens Finally, also citizens are responsible to report and counterillegalcontent,suchas terrorism-related,andtobeeducatedabouttherisksofbecominga‘client’ofillegaltrade.
Citizensshouldbemoreactivelyinvolvedasactorswhocouldfacilitate bottom-up countering initiatives, if properlyeducated to spot and report digital crime.Online ‘digilantes’could collaborate with law enforcement and effectivelydisincentivecrime.
Journalistsandmediaservices
ThereisaroleformediaprofessionalstoeducateandsensitizethelargepubliconcrimeontheDarkWeb,andpotentiallytoundermine its culture of trust. Should dark markets bepopulatedbymoreuserswithlegalgoals,thecriminalbusinessmodelofillicittradewouldbeindirectlydisrupted.
Oneofthemainconclusionsofthisanalysisitthatthewholedarkmarketsecosystemrevolvingaround thebusinessvalue chainacquiresapotential responsibility inreducingcrime.Thisincludesprivatesectoractorssuchasfintechandfinancialservices,logisticsproviders,internetservicesproviders,andcitizensatlarge.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
10
3. WeaknessesandthreatstoDarkWebpolicing
Part of the discussions during the World Café were dedicated to identify StrengthsWeaknessesOpportunitiesandThreats(SWOT)forPolicingtheDarkWeb.ThecoreideaofaSWOTassessmentistolookatboththeinternalandtheexternalperspectiveofthisphenomenon,inthiscasepolicingillegaltradeondarkmarkets.
Inthissectionwelistthemajoridentified(external)weaknessesandthreats;intheopticof threatsmitigations,anumberofneedswere formulatedaswell,andwillbe furtherdiscussedinsection5.Thefindingsareorganizedperinvestigationphase,accordingtotheframeworkfordiscussionshowninFigure1.2.
3.1 Strategicinvestigation
Howsuccessfulthefirststrategicphaseofdarkwebpolicingwillbe,dependseitheronintrinsiccharacteristicsof the technologyandenvironmentof thedarkmarkets,oronorganisationalandgovernanceaspectsofthebroaderecosystemwherelawenforcementneedtooperate.
The weaknesses and threats to the success of this policing strategic phase are listedbelow:
- thecultureoftrusttheDarkWebcommunityisbuiltupon;- the intrinsic nature of cryptocurrencies, which are not centrally controlled or
‘deposited’atfinancialinstitutions;- thehugeamountandcomplexnatureofdatawhichneedtobeanalysedtobuilda
solidlead;- the possibility that different products and criminals interact on the Dark Web
strengtheningtheirassets;anexampleisthecaseofcyberservices,whichcouldbeexploitedbyterroriststocreategreaterdamage,ortheexploitationofdrugstradetoraisefundsforterrorism;
- the limitation in information sharing between parties involved; this is especiallyrelevant between the EU governments and the US, where information flow issometimes a ‘oneway street’, and between governments and private companies -whichdonotnecessarilycollaborate;oftentheprocessingtimeofassistance/sharingrequestsisalsoquitelong;
- the lack and internationallyinhomogeneousdistributionofskillsoflawenforcementprofessionals,especiallywithrespect tohigh techknowledge (examplesare the lack of expertise on ransomwareandcyberattacks,whendealingwithcybercrime,orthelackofskillsinanalyzinglargeamount of data, when dealing with drugtrade); LEA agencies in particular do notsucceed in the market competition toemploy technical experts often becausethey cannot compete in term of salaries,
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
11
this meaning that agencies become increasingly dependent on private companieswhoseservicestheyhavetopaydearlyfor;
- theinternationalnatureofalltypeofcrimesfacilitatedbytheDarkWeb,exceedingtheauthority,legalandculturalframeworksofanysinglestate;inthiscontext,abiglimitation is the lack of a consistent and homogenous legal framework at theinternational level;differencesbetweenstateposebureaucratic andcultural slow-downstoacooperativeapproach;inthiscontext,seizuresofcryptocurrencycapitalsbecomesaproblem;
- the capability of criminals to exploit these organisational weaknesses: as soon ascriminalsseespecificcountriesclampingdownsuccessfullyontheiractivities,theymovetheirserverselsewhere,tocountrieswithaweakerlawenforcementcapabilityorknowhow;
- the lack of trust between law enforcement organisations at an international level,againposingagreatlimittocollaborationandoftenleadingtoduplicationofexpertiseorinefficientresourcedeployment;
- thelackofresourcesandfundingtohavesurveillanceoperationsondarkmarketsinplace;inthiscontext,nationalprioritiesdiverge,soit’sdifficulttogetbuy-intoanEU-widefundoranEU-setrequirementtocooperativelyfocusinvestmentsonthedarkweb; for countrieswhere crimeon thedarkweb isnot currentlyamajornationalconcern,it isnowhardtogetpoliticalsupportformorefundinginthisarea;whendarkmarkets’crimewillbecomeaconcern,itwillbeinvaluabletotapintoexpertisefromcountriesthatareaheadofthegame;
- theslowtempoofinnovations,duetolimitedfinancingforresearchers,investigatorsanddevelopersoftools;
- the too often passive attitude of governments and companies, trying to avoidresponsibilitiesandplacingownershipoftheissueontheoppositeparty;
- for the specific of terrorism-related trade, the current ‘tunnel vision’ focus onreligiously-motivated terrorism (e.g., Jihad), too often discarding othermotives aspoliticalleft-orright-wingterrorism.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
12
3.2 Identificationofasuspect
Ifacriminal investigationsupposedly lead toageographicalarea, forexamplewhenaserverhostingdarkmarketservicesislocated,alocaloperationistypicallysetup.Thegoalcanbethatofsurveillanceofsuspectstoresearchtheiridentityandresponsibilityinthecrime.Thefollowinglistsummarizethemainthreatsandweaknessesposedtothesuccessofthistypeofoperations.
- The intrinsicanonymousnatureofdarkmarketcrimes,whichmakesveryhard toidentifyandseizecriminals
- Thetoooftenstilltraditionalapproachtoinvestigations;atanorganisational level,thismeansa‘vertical’approachbasedontraditional‘silo’s’,atanindividuallevelthismeanstraditionallawenforcementresearchtechniquesandreluctancetoworkwithdataanalysismethodsorscientists;
- Thesmalleffectreachedonalocalscale- Thelackofworkforceandcapabilitiesindataanalyticstosupportthisphaseofthe
operations- The lackofawarenessofnationalgovernmentson thedarkweb facilitatedcrimes
which interest their country, this leading to scarce investment in investigationsofthesecrimes;
- Thejurisdictionallimitationsandsilo’sapproachtoinvestigations,whichpresentata local scale similar issues to those at the international scale;when for instance aserver changes location, the investigationmightbe stoppedand limited sharingofinformationor collaborationwith the agencies responsible for thenew location isfavoured; another example is the duplication or incoordination of interventiontargetingthesamecriminal(whileoneinterventionmightbemonitoringundercovera specific dark market, another might be scraping data from it, a third trying toactivelydisruptit,andallthreeeffortsmightbeunawareofeachother).
- Onthespecificaspectofshippingofproducts,thepostalpackagescanningandisacostlyanddifficultoperation,duetothelargeamountoftraffic,tothechallengeofinterceptinganonymousdeliveriesandtothestrategiessendersadopt(forexample,inthecaseofweapons,thoseareoftenshippedindifferentsmallpartsthatthebuyerwillre-assemble).
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
13
3.3 Prosecutionofsuspects
Onceaninvestigationsuccessfullyleadtoanarrest,sufficientlysolidproofsneedtobeinplacetobringthecasetocourt.Additionalthreatsandweaknessesunderminethesuccessoftheprosecutionphase:
- The digital literacy of criminals, in contrast with that of the average prosecutor,lawyeror judgeonmattersofdarkweb;criminalsareoftensophisticatedusersorevendevelopersofhightech,henceoftenwalk‘astepahead’oftheirprosecutors.Inthiscontext,tracing/loggingeverydigitalstepofacriminaltobuildacasewithstrongenough confidence becomes even more challenging; seasoned criminals areexperiencedinevadingdetection(forexample,bycontinuouslychangingtheironlineidentity,theirphysicalserver,theirIPaddresses),whiletheirprosecutorsmightlackexpertiseorresourcestodealwiththebottleneckofhugamountof(noisy)data;
- Theuseofanonymousdatacentresthatsafeguardsclientinformationandtheweakcollaborationofprivatepartieswithpolice;
- Inthespecificcaseofterrorism-relatedtrade,thedifficultytolinkveryindividualizedactivities on dark market to financing or acting of terrorism ‘beyond reasonabledoubt’;
- The reluctance of prosecutors to information sharing beyond jurisdictions and toinformationsavingforfutureoperations;prosecutorsandpolicecannotbefullyopenabout the techniquesused and relationshipsdrawnupon, because todo sowouldcompromise futureuseof thosetechniquesorrelationships;at thesametime, thiscreatesapotential conflictwith transparencyand fairness incourtcasesand limitlegalcooperationbeyondjurisdictions.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
14
3.4 Conclusionofweaknessesandthreatsanalysis
ThemainweaknessesandthreatstothesuccessofDarkWebpolicingoperationsfollowfromtheinternationaldimensionofthecrimesandfromthehighlytechnicaldimensionoftheplatformsexploitedbycriminals.CrimeontheDarkWebisaglobaldigitalproblemand relies on techniques and tools -such as cryptocurrencies, that are not centrallyregulated.Ontheotherside,crimeispolicedbyagenciesandorganisationsthat,althoughincontactwitheachother,stillneedtocomplytolocallegislationsandoftenoperatein“silo’s”. The sometimes stronger high tech literacy of criminals with respect to lawenforcementanalysts,andthelackofawarenessonthedimensionoftheproblemfromsomegovernments,mayweakenthesuccessofpolicingefforts.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
15
4. Opportunitiesandstrengthstobuildupon
ThroughtheSWOTanalysis,thegroupdiscussionsalsolookedatbestpractices,methods,organisations, tools, and knowledge already in place. These constitute a base ofopportunitiesandstrengthsthatcanbeleveragedupontoimprovepolicingofcrimeondarkmarkets. Inthissectionwesummarizethefindingsconcerningopportunitiesandstrengths.
The experiences shared by law enforcement showed that some behavioural andtechnical elements characterizing crime on dark markets can be exploited forsuccessful policing operations. A first, apparently trivial, but recurring point forexploitationisthat‘criminalmakemistakestoo’.Forexample,criminalsmightfocustheireffortsonhidingtheiridentityonthedarkmarkets,butatthesametimeleavingtraceson their real world identity. These can be recovered through the observation ofbehavioural patterns or technical faults. Criminals also follow business strategies andpatterns.Keepingrecordofthehistoryofonlineprofiles,althoughanonymous,givestheopportunity to track, categorize and profile customer behaviours possibly related tocybercrimeactivitiesandtransaction.Thisleadstoanadditionalpoint:moneyflowsarekey in any organised crime enterprise, from drug traders to terrorism. Violentorganisationswill, forexample, remainactiveonvariousonline ‘businesses’ toensurefinances, such as drug trade, human trafficking, online pornography. Also, a lone-wolfterroristmay rely on darkmarkets to build thatnetworkor support that islacking in the physicalworld. In both cases,disrupting the financialsource of organised crimecan prevent terroristactions.
Some techniques exploitedby criminals could beleveraged by lawenforcement as well. E.g.,theuseofmisinformation,fakenewsandDDStechniques,ortheadoptionofundercoverinitiativestodisruptthereputationofdarkmarketvendorsordarkmarketsservices(e.g.,fakingorders).Anotherexampleistheuseofcryptocurrencies:despitetheiranonymousdimension,itisinprinciplepossibletorelateandquantifyallcriminalprofitsofasingleperson(whileintraditionalphysicalcurrencies,lackofinformationwouldbecommon,since policewould only have access to the cash encountered during operations). Thechallengehereliesincorrectlylinkingallcryptocurrencyaccountstotheindividual.
Anotherdimensionforsuccessrelatestointernationalorganizationalpracticesanddigitalexpertise(ortheopennesstocollaboratetothosewhohaveit).Successfuloperationsinvolveinfactcollaborationofexpertswithdifferentbackgroundsandfrom
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
16
different law enforcement ‘silo’s’ (for example, involving tax authorities as well astraditionalinvestigationinoneteam),coordinationatastrategiclevel,leadsorsupportfrom international agencies as Interpol and Europol, a combination of traditionalintelligenceand(physical)surveillanceoperationswith(digital)innovativeapproaches.Expertiseoropennesstocollaboratewithexpertsinthecyberdomainareimportanttocombine these approaches. Theongoing establishment of EU centres of excellence forspecific types of expertise (e.g., EU national Cybercrime Centres of Excellence) willprovide a good pooling of knowledge and resources to get the best expertise aroundEuropeatalowercost.TheENLETnetworkfostersgoodinterpersonalrelationsbetweenexperts,andaddsanotherdimensiontothenetworkscreatedbyInterpolandEuropol.The Information Sharing and Analysis Centers (ISACs) provide support to criticalinfrastructureownersandoperatorsfromcyberthreats,hencecanbeexploitedasabaseforstandardisationofprocessesandtools.
Athirdopportunity isrepresentedbythe interestsofprivatecompanies,asfintechand Internet companies. On the one side, they own data and strong analyticscapabilities.Ontheotherside, theymightbe interested insafeguarding theirbusinessfrom criminal exploitation. This could be exploited to enforce a greater collaborationbetweenlawenforcementandprivatebusiness,andnotonlyinapassiveform(reactivetoLEAsrequests).
Finally,apoolofknowledgeandresearcheffortsformtodayabaseofstrengthtobuildupon. European researchprojects are bringingnew research areas to the surface anddevelopingnewtechniques–thinkaboutbigdatatoolingforintelligenceoperationsandmethodsforautonomousinformationextractionbasedonAI,trainingforinvestigationon theDarkWeb, counternarrativesagainst terrororviolentspeech,…Theyarealsocreatinganetworkforcollaborationandknowledgeexchangebetweenexpertsandlawenforcementprofessionals.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
17
5. Needsforfuturepolicing
Themeasuresneededtomitigateweaknessesandthreats(seesection3)andtoleveragethecurrentopportunitiesandstrengths(seesection4)allowedtofurtheridentifyalistofneedsandrecommendations.Theseconcernabroadrangeofaspects:knowledgeandresearch needs, tools and technology needs, education, capacity and expertise needs,practice,legal,organisationalandproceduralneeds.
Thisanalysisalso focusedonthespecificsof thedifferent typesof trade.Forexample,illegal trade in drugs-related products, which is quite well understood by lawenforcementandsuccessfullypolicedinthelastyears,callsforneedsconcerningamoresystematicapplicationofbestorganizationalpracticesandtactics.Ontheotherside,thelink between illegal trade on dark markets and financing or supporting of terrorismactivities, is still lesswellunderstood; this leads toresearch,knowledgeandexpertiseneeds.Alltheidentifiedneedsarediscussedindetailsinthetablebelow.
Knowledgeandresearchneeds
Understandingandmethodstodisruptthecultureoftrustofdarkmarkets(disruptionofthe‘criminaltop’ofthepyramidprovedifficulttoachieveandnotnecessarilysuccessful).Real, rigorous, scientifically sound knowledge of how bitcoin andblockchain are used by criminals, going beyond the current ‘anecdote-level’.Betterunderstandingoftherelationbetweendarkmarketactivitiesandterrorism, for example on the aspects of recruitment, publicity/communication,propagandaoffear,moneylaunderingandfinancing.Especially to counter terrorism-related activities, methods to operateundercover investigations (infiltration of groups), expand the counternarrativesknowledgeandresearch theeffectivenessofknowncounter-strategiesforotheronlinevenues(e.g.,Facebook,Instagram)ondarkwebspaces.Methodstolinkthedigitalandphysicalpatternsofsuspectswiththeaimtoultimatelycatchsuspects‘red-handed’,whileactingontheircomputeronadarkmarket(cyberforensicsresearch).
Toolsandtechsneeds
Toolsforautomaticcollection/crawling,fusionandvisualisationofdata,with theparticulargoal to increasestatistics (quantitative focus), relatetheanalyseddatatophysicalworldentities,de-anonymise,andprovideadegreeoftrustworthinessforevidenceofprosecution.Inparticular,toolsto combinedifferent typesof evidenceonline (e.g., fromclear-web, e.g.,Reddit,andfromdark-web,e.g.,darkmarkets)withreal-worldevidence,e.g.,envelopes,mailbox,licenceplates.Toolstotrackandfollowmonetarytransactionsofunexplainablesource,atbothnationalandinternationallevelEspeciallyforterrorism-relatedtrade,tools/methodstosoundlyrelatethepurchaseaspecificitemtoterroristaims.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
18
Tools/methodstoautomaticallytrackparcelsandshipping,especiallyforsmallobjects.AcentralEuropeanrepositoryfordata,informationandpracticessharingacrossLEAsandadatalabforexperimentation.Inparticular,-adatabaseoncryptocurrency-relatedcases,withalinktosharedpractices,toolsandprosecutors;-arepositoryoftechniquesusedtopursuecriminalsontheDarkWebincludingsuccessrates;-adatabaseshowingwhichLEAshaveliveoperationsonwhichonlinemarketorforum.Procurementof technological infrastructure to enhance interoperabilitybetweendifferentorganisations.
Education,capacityandexpertiseneeds
Educationand trainingofLEA investigatorsat an international levelondataanalyticsliteracy.Commercialtoolscanprovideshorttermsolutions,butareoftennotflexibleenoughtothefastchangingneeds(canbecomeobsoletequitequickly);additionally,publicprocurementproceduresareoftenlengthy.Therefore,dataanalyticsliteracyandexpertisebuildingisneededdirectlyby theLEAs . Ideally, LEAs in the futurewill be able todesign,develop theirown toolsorat least closely collaborate ina teamwithdevelopers.LEAswillneedindividualswhoarebothtechnologicallyand‘streetwise’literate.Capacity building at academic level on cyber and digital matters, toincreasethepullofexpertsthatwillcollaboratewithLEAs.Education and awareness campaigns to keep LEAs up-to-date oninternationalcyberthreats.Awarenesscampaignstoeducatecitizensontherisksandresponsibilityofbuyingproductsondarkmarkets.Training of judges and prosecuting/defending lawyers would helpunderstandcaseswithasignificantcyberelement.Specialistcybercrimeprosecutorialunitsandjudges,whoareexpertsintheareaandcandealwith the technical complexity, should be in place and train colleaguesacrossborders.
Process,governanceandculture-relatedneeds
Better coordinated actions between LEAs in different countries, andwithinthesamecountrybetweendifferentagencies.ExistinginternationalnetworksofLEAsandcentresofexcellencecanhelpinthisdirection.Simplemechanismstofacilitatesharingofinvestigationexperiencesanddata analytics tools, for example through existing networks (Europol,ENLETS,EUJointResearchCentre).TeamsbasedondifferentexpertiseacrossLEAs‘silo’s’andacrossdifferentorganisations (LEAs, academy, knowledge institutions, private sectors).Teamswithaproactiveapproachtoinvestigation(focusingonpreventioninsteadofprosecution).Fosteringof a cultureof intelligenceandbest-practices sharing , andofopenness/flexibilitytoafastpaceofinnovation.Mechanismstofacilitatepublicauthority-industryinformationexchanges.In particular, protocols and methods regarding the exchange ofinformationamongfiscalauthorities(taxoffice),banks,andLEAs.Theseareinplacetosomeextent,butshouldbecomemoreautomatic.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
19
Develop templates for use in prosecutions for risk-assessment ofcryptocurrency transactions, for instance, to explain to unexperiencedjudges the difference between compliant and criminal uses ofcryptocurrencyandenablejudgestounderstandthebasisfordecisionstoinvestigate.Unifiedinternationallegislationondrugsclassification.Unifiedinternationallegislationoncybercrimes,startingfromacommonEUlegalframework.Unifiedinternationallegislationoncryptocurrencyuseandexploitation.Updated legal frameworks at national level to empower intelligencegathering operations (intelligence-led investigations prove generallymore successful than reactive investigations responding to bits ofevidence).Updated legal frameworks at an international level to allow LEAs tocollaborate on other jurisdictions, to empower multilateral processcollaborationsandspeedupaccesstodataandcommunication.Following dark web activities as standard activity of usual de-radicalisationeffortsbynational/regionalgovernments.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
21
6. Proposedactions
The diverse set of identified needs lead to a number of actions, which were furtherprioritised on the basis of their estimated impact. We list those below and in theschematicsinFigure7.1.
1) A commonplatform should be in place and accessible by all (at least European)LEAs, and it should store not only criminal data and information, but alsoinvestigation practices, tools and methods, current focus of operations,criminal profiles, contacts of investigation and prosecution experts. This isnecessarytoleveragecoordination,reducedoubleeffortandstimulateasharingandinnovativeculture.Creative technical solutions (e.g., ablockchain approach) could beexploited to overcome sovereigntyobstacles when sharing sensitiveinformation across nationaljurisdictions.EuropolandInterpolshouldplayarole in setting up this repositoryand centrally stimulate acollaborativeculture;atthesametime, decentralized initiatives(e.g.,existingcentreofexcellenceandtaskforces)shouldbeempoweredtobecomereferencepointsbeyondborders.
2) Creativetacticstodisrupttrustindarkmarketsshouldbedevelopedandtested;examples include undercover operations of LEAs creating fake market places,distributionof‘legaleffectdisclaimers’onproducts,cyberactionstocreatepeaksinordersfromadealer,useofcounter-speechtodisruptamarketreputation.Adigital-legalsandboxshouldbeinplacetotestoffensivescenario’s.
3) Methodsshouldberesearchedtolinkopensourcewithdarkmarketinformation,and to link thedigital andphysicalpatternsofusers. Investigationapproachesshouldbreakthesecyber-physicalsilo’s.
4) Atleast,EuropolandCepolshouldbecomethemandatedbodiestointernationallytrain/capacitybuildingallLEAsonarangeofexpertise, fromtechnologyanddataliteracytojurisdictionalaspects,andtopromoteamajordigitalanddataliteracyamonginvestigators.
5) Acommoninternational(European)regulationandlegalframeworkshouldbe
established, in particular tackling the responsibilities and role of the privatesector.Biginternetserviceprovidersdonotonlyhavedata,techniques,capacityandglobaloutreachtooffer,butalsohaveadirectinterestforacleaninternet.Therefore,thebusinessinterestoftheprivatesectorshouldbeaddressedandexploitedas
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
22
well.Standardcyberriskassessmentsshouldbecomemandatoryforallbusinessesand proactive collaboration should be stimulated, especially from Internet serviceprovidersandbusinessesrelyingoncryptocurrencies.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
23
7. Concludingremarks
Darkmarkets create a transnational andhighlydynamic context,where criminals caninnovate very fast. This requires anincreased coordination both at a strategicinternationallevel,leveragingontheexistingnetworksofEuropol,Interpol,Cepol,JRC,andatanational/regionallevel,leveragingonrunninglocalefforts.Alotofgoodworkisinfactalreadyinplace.Togrowinefficiencyandlimitduplicationsandcosts,weshouldincreasetheexchangeofexperienceandstimulateacultureofcollaboration,innovationand digital literacy. Teams should break the traditional “silo’s” of law enforcement,combininginvestigativeexpertisewiththoseofresearchersandprivatesectors.ExistingDarkWebpolicingtrainingshouldbepromotedandacommoninternationalrepositoryforinvestigatorsandprosecutorsshouldbeinplace.
Homogeneitybecomesakey-wordat the legalandregulatory levelaswell:weshouldcreatea common international legal framework, comprising Internet as well ascryptocurrency regulations, and stimulate a proactive collaboration from the privatesector,especiallyserviceprovidersandbusinessesrelyingoncryptocurrencies.
Finally, disrupting the dark markets requirescontinuous innovation at the researchlevel.Knowledgeinstitutionsandprivatecompaniesshouldplayanincreasingroleandbe stimulated to conductR&Don the still existing gaps.Weneed to keep researchingautomaticdatainvestigationtools,digitalforensicsmethods,cyber-forensicsapproaches,andtacticsforcounteringthevoicesontheDarkWeb.Atthesametime,digitalliteracy,dataanalytics literacyandcyber literacyshouldbecome inhousecapabilityofLEAsaswell,tofavourtheco-existenceofdifferentcapabilitiesintheagencies.ThefutureDarkWeb crime investigator will understand both data matters and intelligence matters.
Figure 7.1 Schematics summarising the main findings of the workshop.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
24
Appendix1 –Participantlist(anonymised)
Category Country Organisation MEDI@4SECConsortiumorexternaldelegate
Police,ENLETS NL DutchPolice externaldelegate
Police,ENLETS NL DutchPolice externaldelegate
Police,ENLETS NL NationalGovernment externaldelegate
Police,ENLETS DK DanishPolice externaldelegate
Police,ENLETS GR HellenicPolice externaldelegate
Police,ENLETS NL Dutchtaxoffice externaldelegate
Police,ENLETS UK UKNationalCrimeAgency externaldelegate
Police,ENLETS UK UKMetropolitanPolice externaldelegate
Police,ENLETS IT NationalGovernment externaldelegate
Government NL DutchProsecutionservice externaldelegate
Research DE AIT;CentreforDigitalSafety&Security
externaldelegate
Police NL DutchPolice(exEUROPOL) externaldelegate
Industry USA Chainalysis externaldelegate
Government NL NationalGovernment externaldelegate
NL NationalGovernment externaldelegate
Research UK CENTRIC externaldelegate
Government(EU) FR EUCouncil/OfficeoftheCounterterrorismCoordinator
externaldelegate
Research IT UNICRI externaldelegate
Industry NL FIODFinancialAdvancedCyberTeam externaldelegate
Research UK UniversityEssex externaldelegate
Police FI PoliceofFinland externaldelegate
Police BE FederalJudicialPolice externaldelegate
Police DE StateofficeofcriminalinvestigationRhineland-Palatinate
externaldelegate
Police RO CentralCybercrimeUnit-RomanianNationalPolice
externaldelegate
Police SP PoliciadelaGeneralitat-Mossosd'Esquadra
externaldelegate
Police NL NationalPolice externaldelegate
Industry P INOVInescInovacao externaldelegate
Police P PolaciaJudicia¡ria externaldelegate
Other SI SI-CERT(SlovenianComputerEmergencyResponseTeam)
externaldelegate
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
25
Police/Research UK CAST(UKHomeOffice) externaldelegate
Industry/Research A SYNYOGmbH externaldelegate
Government NL Dutchpolice,DarkWebteam externaldelegate
Police DE PoliceLowerSaxony externaldelegate
Research GR CERTH externaldelegate
Police BE FederalComputerCrimeUnit externaldelegate
Police CY INTERPOL externaldelegate
Research NL TNO consortium
Research NL TNO consortium
Research NL TNO consortium
Research NL TNO consortium
Research NL TNO consortium
Research NL TNO consortium
Industry BE EOS consortium
Industry BE EOS consortium
Research DE FHG consortium
Government FR EFUS consortium
Government FR EFUS consortium
Research NL UU consortium
Research NL UU consortium
Research UK UoW consortium
Research UK UoW consortium
Research UK UoW consortium
Research UK UoW consortium
Research SI XLAB consortium
Research SI XLAB consortium
Police UK PSNI consortium
Police UK PSNI consortium
Police ES PLV consortium
Police ES PLV consortium
Research GR KEMEA consortium
Research GR KEMEA Consortium
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
26
Appendix2 –WorkshopAgenda(anonymised)
PolicingtheDarkWebWorkshopAgendaTheHagueSecurityDeltaTheHague,26September2017
09.45-10.15Registration(groundfloorhall)andWelcomewithcoffeeon7thfloorHSDPlaza10.15-10.30Welcome(InnovationRoom,7thfloor)
• IntroductiontotheWorkshop(SerenaOggero,TNO-NL)• Medi@4secProject(JonCoaffee,UniversityofWarwick-UK)
10.30-11:30“Settingthescene”Presentations(InnovationRoom)
• Settingthescene(MarkvanStaalduinen,TNOSingaporeandINTERPOL)• OperationBayonet:Communication&disruptionstrategy(PublicProsecutionService–
NL)• DarkwebandOrganisedCrime(CentralCybercrimeUnitRomanianNationalPolice–RO)• HowlawenforcementtacklesillicitdrugtraffickingviatheDarkWeb(StateOfficeof
criminalinvestigationRhineland-Palatinate–DE)11:30-11:45CoffeeBreak(Plazafoyer,7thfloor)11.45-12:45“Discoveringgoodpractices”Presentations(InnovationRoom)
• ExploringtheForensicPowerofImmutableLedgers(INTERPOL)• InsightintoVirtualCurrenciesandDarknetMarketTransactionactivities(PublicSafety,
AIT–AT)• CryptocurrencyinvestigationsandCases(Chainalysis–DK/USA)• HowtoexposeaDarknetcriminalin15min?(FiscalinformationandInvestigation
Service–NL)• From"classical"to"classy":alive-journeythroughdangerousplaces(SecurityBrokers–
IT)12.45-13.45Lunch(Plazafoyer)13.45-13.55Kick-offafternoon(InnovationRoom)13.55-15.25FocusGroupDiscussionsonthemes:Drugstrade,Terrorism-relatedtrade,Cyber-servicestrade
13.55-14.40Round1(differentrooms,7thfloor)14.40-15.25Round2(differentrooms,7thfloor)
15.25-15.40CoffeeBreak(Plazafoyer)15.40-16.10PresentationofThemeSessions:identifiedactions(InnovationRoom)16:10-16:50“Prioritizationandthewayforward”Paneldiscussion(InnovationRoom)with:UnitedNationsInterregionalCrimeandJusticeResearchInstitute,MunicipalityofRotterdam,NL,EUCouncilOfficeoftheCounterterrorismCoordinator;EuropeanCommissionResearchExecutiveAgency;TeamHighTechCrimeDutchPolice,NL.16:50-17:00Workshopclosure17:00-18:00Drinks-EndoftheWorkshop(Plazafoyer)
ThisprojecthasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchandinnovationprogrammeundergrantagreementNo700281
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
27
Appendix3 –WorkshopEvaluation
Allparticipantswere asked to complete an evaluationquestionnaire at the endof theevent.Anoverviewwiththeaveragescores(n=25)isprovidedinFigureA3.1(below).
Figure A3.1: Summary of Evaluation Scores.
Overall, this workshop received very positive feedback. The overall rating of theworkshop,onascaleof1(verypoor)to10(excellent)was9.0.
Furthermore, various very positive commentswere received from delegates inwhichtheyexpressed theirgreatenthusiasmabout theworkshopprogramandorganisation.Amongothers,theyappreciatedthequalityofthepresentations,theinteractivityofthegroupdiscussions, thediversityof thedelegatesand thewideoptions fornetworking.Alsoafewpracticalsuggestionsforimprovementweregiven.
Inaddition,theconsortiumhasundertakenadebrieffollowingtheevent.Theinformationcollatedthroughthisexercisehasbeenusedintheplanningofthenextworkshop.
MEDI@4SECTheEmergingRoleofNewSocialMediainEnhancingPublicSecurityGrantAgreementno700281
28
Appendix4 –Glossaryofterms
DARKWEB:Theinternetconsistsofseverallayersofaccessibility.ThefirstlayeriscalledtheClearweborSurfaceweb.Thispartisaccessiblethroughregularsearchengines,suchasGoogleorYahooandiswheresocialmediaplatformsreside.Thesecondlayer,calledtheDeepwebconsistsofallthedatanotindexedbytraditionalsearchengines;thesedatacanrangefrombanktransactionstoclosedWhatsAppgroups.AsmallpartoftheDeepWeb is called theDarkweb (DW).Here content has been intentionally concealed anduserscansurfanonymously.InordertoreachtheDWandtoaccessitscontent,oneneedstoinstallacertainprogramwhosefunctionissimilartothatofawebbrowserorsearchengine. The most commonly known program is The Onion Browser (TOR); similartechnologiesareI2PandFreenet.
CRYPTOCURRENCY:anunregulated,alternativemethodofexchangeforonlinepayments,based on cryptography technology to secure financial transactions and to verify thetransfer or the assets used. For this reason, cryptocurrency are classified as a type ofdigitalorvirtualcurrency.Amigrationfromtraditionalonlinepaymentmechanismstocryptocurrency-basedismainlyduetothedegreeofanonymityofferedbythelatter.ThemostusedcryptocurrencyisBitcoin.Bitcoinisanon-government-controlledpeertopeeranonymouscryptocurrency,createdin2009andsincethentopicofmuchmedia,internetandpolicydiscussion.
DARKMARKET:orDarkWebmarketorcryptomarket,isacommercialwebsiteoperating(‘localised’)ontheDarkWeb,thereforestronglyrelyingoncryptocurrencypaymentsandon anonymised access. Similarly to Clear web digital markets such as Amazon, darkmarketsoffervendors’revieworreputationsystems.