Three Best Practices When Accessing the Dark Web for Investigations
I’m Nick Finnberg, the tradecraft training lead here at Authentic8. I started my career as an Army All-source intelligence analyst, and then transitioned to the National Guard Counter-Narcotics Task Force, supporting the Illinois State Police in counter-narcotics and anti-money laundering investigations.
My first experience with the dark web was when we arrested an individual selling Fentanyl. We knew he was buying the drugs off the dark web, but at the time, we didn’t have the tools, policies or knowledge on how to conduct investigations on the dark web. We didn’t know how to access it, or what we might find there. We just heard that it’s a dark and scary place, and that it’s used for the sale of many illicit goods and services.
Today, the dark web is a topic that I’m very passionate about, and I try to help others, especially law enforcement investigators, understand what the dark web is all about, and how it can be an invaluable resource for tracking down criminals.
Understand the different levels of the internet
Let’s first make sure that we are on the same page when it comes to understanding the different layers of the internet.
- The open web is really anything that is readily available and regularly indexed by mainstream search engines, like Google.
- Then there’s the deep web, where information is not indexed, but you can still access the content that you need if you have an account or are paying a subscription fee. Certain government reports, directories, and even commercial services, like Netflix, are considered part of the deep web.
- And then there’s the dark web — a completely separate section of the internet that was originally created by the U.S. government as an anonymous communication platform, and then opened to the public in 2004.
It’s the anonymity behind it that’s making the dark web such a hotspot for criminal activity. When you access the dark web, you first hit an entry node, which is just for getting you onto the server. Then you advance to a middle node, which is used for additional security, and only then you finally hit an exit node, which is delivering you to that actual dark web site. All this jumping around to multiple locations, bouncing between thousands of dark web servers all over the world, is what makes it so hard to track someone on the dark web.
Learn how criminals operate by listening in on dark web forums
There’s a lot of activity taking place on the dark web, and much of it is going to be of interest to an investigator. There’s trafficking of illicit goods and services, cybercrime, cryptocurrency, money laundering, child exploitation, and much more.
But where I see the most value for law enforcement is in monitoring the dark web communications channels. Every major marketplace has its own forum, where people go to talk about… well, anything, including crimes that they are about to commit and how they plan to go about it. So, as a law enforcement agent, you can learn a great deal about how criminals operate by just going to these forums and listening in, as criminals talk freely about their activities and plans because they feel protected by the dark web’s vastness and obscurity.
CASE STUDY: “I find [Silo] to be very beneficial if you need to take screenshots to present to a prosecutor.”
Stay safe – the fundamentals of investigations don’t change
The same principles that you use by investigating someone on the open web apply to dark web research. Following up on leads, evaluating information, collecting evidence, and combining different data sets – all of it is still relevant, and by having access to the dark web, you have a very rich new source that could yield a lot of useful intelligence.
But diving into the gloomy depths of the dark web has its dangers. Despite its secrecy and anonymity, the dark web has a way of tracking someone down. Just like on the open web, sophisticated adversaries can use it to launch counter surveillance or booby-trap their sites with malware.
There are reports that criminal organizations are hiring their own analysts to investigate who’s looking into them. So, law enforcement agents who traverse the dark web have to be extra careful and take measures to protect themselves, their missions, and their organizations.
Manage your attribution
Silo for Dark Web Research allows you to access the dark web via the cloud, completely isolating all your browsing activity from your local machine and the network. Even if you run into some type of malicious code, it’s not going to infect your devices, while you still have access to sites.
With shared storage and built-in audit capabilities, Silo allows law enforcement agents to safely collect evidence on the dark web, share them with their colleagues, and preserve the chain of custody. With Silo’s managed attribution, investigators can customize their location, time zone, IP address or language, to disguise their mission and throw counterintelligence efforts off their scent.
WEBINAR: Naked & Exposed: Stop Investigating Online without Managed Attribution
At Authentic8, we often talk about moving at the speed of criminals. With cloud-based browsing, managed attribution, automated collection capabilities and safe dark web access, Silo helps you do even more – you can stay one step ahead of the criminals.
To learn more about Silo and how it can help law enforcement agents navigate the dark web, contact us, or watch this on-demand webinar, 5 Strategies for Effective Investigations for State and Local Law Enforcement (registration required).
*** This is a Security Bloggers Network syndicated blog from Authentic8 Blog authored by Nicholas A. Finnberg. Read the original post at: https://blog.authentic8.com/accessing-dark-web-safety-three-best-practices/
