Effective Strategies For Combating Crime On The Dark Web

Written by: Nearchos Nearchou



Time to read 10 min

Access to the Dark Web is necessary for law enforcement organizations to track criminals’ digital traces and learn more about their networks, transactions, and accomplices. However, Dark Web scanning to gather and evaluate massive data from Dark Web markets, forums, blogs, online message boards, and social media is time-consuming and difficult. Therefore, to detect and discover connections between offenders and different identities, investigators and analysts need OSINT technologies for Web scanning. For useful insights, the outcomes of the examined OSINT data sources must be displayed in graphs and maps. To put it another way, a top-notch Dark Web scanning service is required.

To solve and prevent crimes such as cyber threats, investigators and analysts use Dark web monitoring technologies to identify threat actors, track the Bitcoin money trail, and map links between threat actors, their affiliates, and group members. Tools for monitoring the Dark Web can also be used to identify and stop insider threats. Such internet monitoring software can look for specific assets (such as research papers, private memos, or drafts of patents) or specific organizations (such as banks or research labs) that are directly mentioned to determine whether someone is being targeted or whether a breach may have occurred.

Since many Dark Web forums and message boards are in different languages, including English, Arabic, Russian, and Chinese, the top Dark Web monitoring systems employ clever algorithms, particularly natural language processing (NLP). Language limitations can be surmounted while gathering and evaluating intelligence with the use of a Dark Web scanning service. In addition to digital forensics and other technologies often used to investigate and prevent crimes such as cyber threats, law enforcement and security organizations need the best Dark Web monitoring services on the market. Internet surveillance tools give law enforcement personnel a proactive, cutting-edge way to track down heinous Dark Web activity, identify it, and put a stop to it.

Traffic confirmation attack

Internet communication traffic is usually encrypted to hide its contents. However, encrypted traffic is vulnerable to traffic analysis since it does not hide the metadata of the packets—that is, the time a packet was sent or received, and the packet’s size. A traffic confirmation attack works by observing both ends of a communication channel and trying to find patterns in the traffic to match incoming and outgoing data.

In the case of the TOR network, a traffic confirmation attack is possible when police take control of the relays on both ends of a TOR circuit. By doing this, the police can compare traffic timing, volume, and other characteristics, and eventually determine that the two relays are indeed in the same circuit. If the circuit’s first relay knows the user’s IP address, and the last relay in the circuit knows the destination the user is accessing, then law enforcement can deanonymize the user and reveal their identity. The following diagram shows a clear representation of how a TORtraffic confirmation attack works. SIGINT (signals intelligence) is information gathered by collecting and analyzing the electronic signals of a given target:

On July 4, 2014, the TOR project team found a group of relays that were trying to deanonymize users. They seem to have targeted users or operators of TOR hidden services. To conduct traffic confirmation attacks, the assault entailed altering TOR protocol headers. According to reports, the FBI gave instructions to a university-based research institute to identify criminal suspects on the so-called DarkWeb. Circumstantial evidence suggested that the organization was Carnegie Mellon University (US)and, specifically, the Software Engineering Department. Following a media frenzy, the university issued a press release that was extremely carefully written and suggested that it had received a subpoena for the IP addresses it had collected throughout its investigation.


Techniques such as OSINT and a proper understanding of how the Dark Web works are crucial steps in combating crime and abuse in this hidden part of the internet. OSINT is derived from information and data that the general public can access. Collecting and possessing vast amounts of data promptly is not humanly possible without the aid of OSINT tools. By following the OSINT approach and applying several detection algorithms, law enforcement can uncover potential avenues for investigating Dark Web crime more effectively.

Openly available tools, such as NodeXL and Gephi3, facilitate both network analysis as well as network visualization. The OSINT approach can be an excellent method for gathering important information about the criminality that occurs on the Dark Web and prosecuting criminals more easily. The following diagram shows OSINT’s life cycle:


Nowadays, web searches use a centralized, one-size-fits-all approach that crawls the internet with the same tools for all queries. Although this model has been widely successful commercially, it seems not to work well for governmental use cases. To overcome this challenge, DARPA, also known as the Defense Advanced Research Projects Agency, launched the MEMEX project in September 2014. MEMEX is a highly sophisticated search tool that goes beyond the realm of Google, Bing, and Yahoo. The following screenshot shows some of the most significant domains that the MEMEX team is working on:

The MEMEX project aims to move to the next level: the art of content indexing and web searching. Over the years, the MEMEX team has released new tools that enable the quick and thorough organization of the internet’s content. This has led to more comprehensive and relevant domain-specific indexing and domain-specific searching capabilities. One of MEMEX’s main goals is to shine a light on the Dark Web and uncover behavioural tactics and relationships that can help law enforcement disrupt large human trafficking gangs.

The MEMEX project has been in the works for years and is being developed by 17 different contractor teams across the world. Conventional search engines, such as Google and Bing, show results based on popularity and ranking and are only able to index approximately 5 per cent of the World Wide Web. On the contrary, MEMEX can scrape web pages that get ignored by commercial engines, as well as show hidden sites on the Dark Web. MEMEX’s creators do not want just to index web content about previously undiscovered sites. They aim to use automated methods to identify behavioural patterns of how human traffickers operate on the Dark Web (Zetter, 2015). The inventor of MEMEX, Chris White, said that this tool could revolutionize law enforcement investigations and give a new positive perspective on combating human trafficking on the Dark Web.

According to reports, on numerous occasions, MEMEX’s artificial intelligence (AI) has helped several police investigations all over the world. With the aid of MEMEX tools, law enforcement is now able to quickly strengthen newly discovered cases and construct sex trafficking investigations from hazy leads. These technologies—such as TellFinder (created by MEMEX contributor Uncharted Software)for indexing, summarizing, and querying sex ad data—have been used, for instance, to find more victims from information in a single online prostitution advertisement.


Undercover web investigations are one tactic that law enforcement agencies all over the world frequently use. Enforcement officers have used investigation chat rooms and other peer-to-peer (P2P) networks to pose as criminals or participants in illegal activity during such investigations. The following are some recommendations that will help to mitigate crime on the Dark Web:

1. Crime identification: Line officers need to become educated on the sorts and extent of illegal activity taking place on the Dark Web. A good initiative is new state task teams that may share information on the Dark Web among organizations and jurisdictions.

2. Privacy protection: The need for advice from federal partners on how to handle privacy concerns during investigations. There is a need for research to determine how much privacy people would be willing to give up in exchange for security.

3. Suspect identifications: Officers responding to criminal activity need to learn to identify elements such as login information that may be used to connect offenders to Dark Web sites.

4. Evidence identification, access, and preservation: Law enforcement may find it challenging to compile pertinent technical data and translate it into evidence that members of the general public who serve on juries that determine whether or not people accused of Dark web violations are guilty or innocent can understand. The evidential conundrum is a result of the increasing volume of data, the complexity of the forms, and the need for cross-jurisdictional cooperation. In light of the difficulties posed by the encryption and anonymity features of the software used on the Dark Web, the delegates advised law enforcement to employ the best standards, instruments, and techniques available to acquire evidence. To that aim, encouraging the adoption of standards for new techniques used to gather evidence from the Dark Web was identified as a high priority.

As cybercriminals become increasingly tech-savvy, law enforcement must keep up with the new trends and activities related to crime on the Dark Web. The US National Institute of Justice(NIJ) created a guide with high-level recommendations for conducting forensic investigations on the Dark Web. The guide was produced with the help of experts from state, federal, and local agencies, civil rights advocates, and academic researchers (US National Institute of Justice, 2020). Here are some significant points from this guide, including crucial Dark Web challenges:

Training: Train investigators and officers to spot relevant Dark Web evidence.

Partnerships: Build cross-jurisdictional partnerships.

New forensic tools: Develop new forensic tools for collecting Dark Web evidence on computers and mobiles.

Information sharing: Improve information sharing among agencies, both on a domestic andan international level.

New structures for cooperation: Examine the advantages of building cross-organisational structures for cooperation.

New laws for package inspection: Research methods to modernize laws related to the inspection of packages shipped by mail or other services.

Hardening the device identification for law enforcement units: A Trusted Platform Module(TPM) is put inside modern IT systems to grant security-by-design features for users. It can be leveraged to identify internet users and make it harder to anonymize and hide from law enforcement. Blockchain can be used as an immutable ledger to track devices from the manufacturer to the end user. New systems unique to investigators can pave the way to combating crime on the Dark Web.

Research on crime connections: To assist law enforcement authorities in identifying and combating both highly visible traditional crime and less obvious criminality on the Dark Web, research the increasingly interrelated nature of traditional crime.

In recent years, law enforcement agencies all over the world have started to rely on the use of hacking to track down online criminals who operate in anonymity. Internet thieves are now better protected because of the growth of the Dark Web, which obscures digital footprints left by third parties, leaving traditional surveillance measures obsolete. Enforcement agencies have started implementing hacking techniques that run surveillance software over the internet to directly access and control criminals’ computers to circumvent Dark Web defences.

General needs and challenges

Even while the Dark Web may be untraceable, there is some chance of uncovering criminals using it. In other words, no crime is perfect, and criminals frequently make mistakes or leave unintentional clues:

• Rapid changes in the volume of use: Although there is evidence of a constant increase in Dark Web activity, law enforcement lacks the quantitative information necessary to respond to these activities effectively.

• Globalization: Activity on the Dark Web transcends regional, governmental, and international barriers. Because the Dark Web spans jurisdictions, investigators from different agencies must work together. Participants warned that Dark Web operators would be emboldened by the lack of enforcement to conduct more unlawful activities via the Dark Web if agencies shun the Dark Web due to its cross-jurisdictional character.

• The need to demystify the Dark Web: Some law enforcement participants expressed worry that should they take action against Dark Web interests, harmful online users would retaliate against them and their departments. The research noted that there was a need to demystify the Dark Web for law enforcement, stating that law enforcement is expected to respond without comprehensive information regarding what works and what is required to solve these Dark web difficulties. Participants indicated that police instructors may emphasize the similarities between standard investigations and plain old police work, or Dark Web investigations.

• Command buy-in for additional training: Participants emphasized the importance of persuading law enforcement command staff to begin Dark Web training and investigations. Command buy-in may be required to make financial and training time commitments.

• Training: There is a requirement for two different types of training - Courses for line officers to gain a basic understanding of digital evidence discovered on the spot - Targeted training on the preservation of evidence as well as sophisticated instruction on the techniques employed by criminals on the Dark Web is recommended for specialist units.

Law enforcement authorities identified priority needs for investigating criminal activity on the Dark Web:

• Educating state and local officials about the Dark Web.

• Establishing cross-jurisdictional alliances between agencies.

• Providing more and better training to better prepare police officers to recognize Dark activity and evidence.

• Providing superior knowledge of Dark Web techniques and operations to special investigating groups. Due to the Dark Web’s secrecy, many state and local law enforcement authorities are generally ignorant of its presence and its potential to fuel crime in their areas.


Investigators can explore the Dark Web using advanced systems by gathering, examining, and keeping track of data in a tactical timeframe. The internet surveillance software and Dark Web monitoring instruments on this cutting-edge web intelligence platform are intended to speed up web investigation procedures. The powerful web engine analyzes gathered data using sophisticated AI algorithms and provides in-depth insights in real-time. A cybercrime inquiry can also be started by investigators using any minor piece of digital forensics data, such as a suspect’s identity, location, IP address, or image, thanks to Dark Web monitoring services. Law enforcement and governmental agencies will be able to scour and monitor the Dark Web with sophisticated technologies to gather and analyse pertinent big data that will provide streamlined, automated insights for prompt action.

Nearchos Nearchou

Nearchos Nearchou is a determined person and 1st Class BSc (Hons) Computer Science and MSc Cyber Security graduate. He is a big tech-lover and spent several years exploring new innovations in the IT field. Driven by his passion for learning, he is pursuing a career in the Cyber Security world. Passionate about learning new skills and information that can be used for further personal and career development. Finally, he is the author of the book   “Combating Crime On The Dark Web”.

Leave a comment