The cryptographic and anonymity features of the Dark Web create severe difficulties for law enforcement agencies to investigate, monitor, control, prosecute, and prevent a range of criminal events. This article describes the steps for developing an efficient system for preventing/mitigating crime on the Dark Web. The system could be utilized as a real-life paradigm by law enforcement, cybersecurity researchers, and local police agencies that will help them to study and combat crimes on the Dark Web.
In this article, we will cover the following topics:
• Problem identification
• Problem handling
• The feasibility of creating a universal system
• Steps to creating a system
• Final system proposal
• Centralized system design—International Data Hub (IDH)
Problem identification
Through the extensive literature examination, several problems regarding efforts of combating crimes on the Dark Web have been identified. Currently, there are numerous entities/tools/methods that are used to combat these kinds of crimes, such as the MEMEX project, traffic confirmation attacks, Oracle’s advanced technology, and so on. However, all these entities are not succinctly in line with one another. This means that Entity A may have different information than Entity B and Entity C. There is a lack of a consolidated platform where investigators can put all this information together, process it, and interact with it. Another significant issue is the lack of real-time insights. This kind of insight can help investigators to visualize data and take prompt actions to help crime victims. Based on all the aforementioned, this research has concluded that the ultimate goal of the system is the following:
• Preventing Dark Web-related crimes
• Prompt identification and prosecution of criminals
• Helping crime victims and their families
• Providing awareness among the public about how crimes can be mitigated
Problem handling
The system aims to create a fully integrated platform to face the problem of crimes on the Dark Web. A way to handle the problem is prevention, across and throughout all industries, building communities resilient to crimes. Taking the decentralized databases and forcing them into a single source of an independent database can be a significant step forward. This provides one centralized, secure place for all data. The system’s purpose is to develop a platform that gets real-time information and then, by using advanced cloud software, integrate this information into an autonomous data warehouse. Through radical information sharing and collaboration, the system aims to build a global picture of crime hotspots/trends and empower individuals, organizations, and law enforcement agencies to make more informed decisions.
The feasibility of creating a universal system
The analysis of the literature suggests that the current methods of combating crimes on the Dark Web are not adequate for the needs of digital forensics’ fast-paced and quick-changing environment. One of the most significant problems of modern law enforcement investigations is that they lack adequate efficiency. This is evidenced by the fact that this kind of crime continues to be a very serious problem for societies all over the world. To maintain a reliable forensic platform, it is necessary to figure out the problem or area of opportunity. This is where systems come in—they help to comprehend the problem in a new way. Before prototyping, testing, and launching, the problem should be framed in an approachable way.
The digital forensics field has been expanding dramatically and continues to advance quickly. The challenge with the system proposed is to present evidence with a reliable method to meet all current and future requirements. This section will concentrate on two topics:
• Existing models used by investigators
• The choice of the most appropriate approach for the system
The following diagram shows the simplest digital forensics model in existence, developed by the National Institute of Standards and Technology (NIST) in 2006:
The process of doing a digital forensic investigation involves the following:
• Collection: This is the procedure of identifying any potential sources of data relevant to an incident and then accurately labelling and recording that data. Subsequently, the data located in these sources must be acquired while preserving the integrity of the sources.
• Examination: This phase involves assessing the data acquired from the previous procedure and extracting data that is relevant to the incident while preserving the data’s integrity and validity.
• Analysis: This phase has to do with the study of the information extracted by the examination phase. It can only be done by using legal/justifiable methods, procedures, and techniques.
• Reporting: This phase involves the process of presenting, in a structured manner, the methods, procedures, and tools used in the previous phases. Additionally, the reporting process provides recommendations for improvement to the tools, policies, and other aspects of the forensic process.
Cybersecurity functions include protection, detection, response, and investigation. Digital forensics systems are essential because they can help in mitigating damages and maturing future prevention approaches. Nowadays, investigating Dark Web crimes has evolved more than ever, combining intelligent tools and sophisticated forensic processes. Digital forensic processes have been able to aid investigations by identifying and analyzing the facts related to a crime incident. Additionally, automatic processes would allow for bigger volumes of evidence to be processed more intelligently and accurately. The following list describes the characteristics of traditional digital forensic systems:
• Provide a clear definition of standard technological terms
• Allow individuals to train at the same level of knowledge and expertise
• Ensure that evidence is not misused or mishandled
• Give confidence to the system consumer
• Ensure that the industry has integrity
• Update systems regularly to keep pace with new trends
Steps to creating a system
This research has concluded that prevention may be more effective than investigating individual crime incidents themselves. This can be achieved by creating an international database/system to facilitate information sharing (across all industries and sectors) about crimes on the Dark Web. This international system aims to partner with various organizations and agencies, including financial institutions, international law enforcement, non-governmental agencies, the UN, local and federal police authorities, the public, and many others.
By using advanced cognitive technologies, the proposed centralized system will focus on facilitating information sharing easily and quickly and combining several datasets in one secure database. Additionally, artificial intelligence (AI) can play a significant role and help to analyze and process large volumes of data quickly, while ensuring the data’s security and integrity. Additionally, predictive policing can look at vast data on crimes in a certain area and make predictions about when and where crimes will happen in the short and long term.
By thoroughly examining the literature, three entities have been identified that can play a vital role in combating crimes on the Dark Web. These entities are the following:
• Law enforcement: This term describes some members of the government who are responsible for enforcing laws, managing public safety, and maintaining public order. The term law enforcement includes agencies such as the FBI, Europol, Interpol, CIA, and the British Secret Intelligence Services.
• Private sector: This term refers to the part of society that is not controlled by the government. It includes private banks, for-profit businesses, corporations, charities, non-government agencies, and many others.
• Community: This term mainly refers to ordinary people living in cities, suburban areas, and villages. It may also include the municipal police, county sheriff’s departments, and local law enforcement agencies.
Developing an information-sharing system will help to achieve the following:
• Streamline information sharing between all the involved parties
• Create better crime investigation practices
• Allow each entity to understand the requirements, limitations, and procedures related to information sharing
• Provide the opportunity to address some of the challenges that emerge in regard to shared information across partners and disciplines
Information sharing among the entities mentioned earlier is essential to establish solid partnerships and address the issues of crimes on the Dark Web. A successful collaborative approach to identifying, investigating, and prosecuting criminals will require information to be shared between partners about cases, victims, and traffickers. By creating an IDH, the police can support and engage with a victim, as well as disrupt large well-organized crime organizations. The data collected by this hub will help to identify trends and develop appropriate, data-driven, well-informed forensic models. Based on all the aforementioned, an initial design for the system has been created.
The following screenshot shows three entities sharing information with the IDH:
It has been recognized that only when everybody comes together, practical solutions that break the cycle of crimes on the Dark Web can be created. Through extensively researching and reviewing the literature, numerous tools/methods/techniques that are being used to combat Dark Web crimes have been identified. All these tools belong to the three entities that were mentioned previously: 1) law enforcement, 2) the private sector, and 3) the community. In the following table, all the tools/methods/techniques are categorized based on the three entities:
Final system proposal
The previous sections outlined several important factors to consider when creating a digital forensics system. The aim of this section is to merge all the aforementioned to compile a reasonably complete platform. All the entities/tools/methods/techniques mentioned in earlier sections will be incorporated into this system. The system’s goal is to establish a clear picture of the steps that should be followed when investigating Dark Web crime cases. The proposed system is scalable and can be easily expanded in the future, and include any necessary additional phases.
Police and community stakeholders must cooperate effectively by delegating tasks, allocating resources, and making decisions jointly. Therefore, collaboration entails coordinated actions with shared responsibility and decision-making rather than just outreach or information sharing. Addressing a problem demands proactive cooperation between the police and the community to uncover underlying issues that can be resolved to eradicate the root causes of crime. The following diagram shows a clear representation of the final system proposal:
The system design shown above focuses on combating crimes on the Dark Web by engaging positively and collaboratively with law enforcement, the private sector, and the community. This system aims to encourage greater sharing and better collaboration and fight crimes by cooperating with various entities. The system can be the basis for combating crimes on the Dark Web more effectively. Through the availability of data, the system’s goal is to make crimes and exploitation highly transparent. In this way, every party, in every sector, can see the data in its own context and then make a decisionon how it engages with it.
Centralized system design – IDH
The following points provide a list of items that anti-crime law enforcement should consider when developing an information-sharing system. This list can be used as an advanced guide for the development of a robust and reliable system. While it is not compulsory to include all items, lawenforcement members must discuss and agree on what must be included and what not. The following is a list of what is needed for the IDH:
Introduction to the IDH:
- The rationale for the information-sharing system
- Individuals who helped in designing the system (including representatives from the private, law enforcement, prosecution, and trafficking victims’ support services)
- Schedule periodic updates and reviews of the system
Specific information to be shared in the IDH:
- Where the information is being stored at the moment. (For example, is the information safely maintained in a specific database?)
- Trafficking the victim’s permission regarding sharing their personal data, records, type of trafficking, and so on.
- Information that will be shared, in detail. (That is, will de-identified data*, sensitive information or tips about victims be shared? If yes, what will be shared, by which entities, under what protection rules, and what role does confidentiality play?)
- Who will be providing all this information and to whom?
- Considerations for information sharing with broader law enforcement members. (That is, community members, non-case holding members, and so on.)
- Circumstances in which various information will be shared and different exceptions that may preclude information sharing. (That is, understanding law enforcement partners that have privileged communication relationships with victims and are limited in what they can share.)
Requirements related to information sharing for the IDH:
- Requirements for information sharing as ordered by the local, state, and federal governments for each discipline participating in the system.
- Steps that must be followed to meet all the requirements necessary for information sharing.(That is, how will the victims be informed of information shared about their cases? What kind of information will be shared with victims?)
- Requirements for information sharing for each entity involved in the system. (That is, does a trafficking victim have to sign a release of information form, or are internal procedure approvals needed to share de-identified data*?)
- Considerations related to information sharing for law enforcement to have in mind. (That is, which principles should be incorporated to make information sharing trauma-informed and victim-centred?)
- Requirements for information sharing in case the victim is unable to be located. (That is, what steps should be followed to meet the requirements needed for information sharing?)
Processes related to information sharing for the IDH:
- Who is responsible for managing/collecting information? (That is, will there be a central department at each agency?)
- How will confidentiality be maintained?
- Where will the information be securely stored? (That is, who manages the IDH database, what steps should be followed in discovering a secure platform, and so on?)
- How will information be shared? (That is, does a data warehouse need to be created or purchased? If so, how will it be created and who will maintain it?)
- What is the process in case a breach of data occurs? (That is, who will be notified and how will people be held accountable?)
- Limitations to sharing information via the Internet
*De-identified data refers to data that is distributed without any information that would allow anyone to know to whom the data is connected. For example, data where names, addresses, birthdates, and other personal information are removed.
Considerations for Central Intelligence Hub System Design
A centralized database management system, also known as a central computer database system, is a platform in which all of an organization’s data is safely stored and managed in a single unit. This kind of platform is primarily used in governmental organizations, large companies, or private institutions to centralize their activities. A mainframe computer is an example of a centralized database management system. The basic function of such a system is to provide advanced facilities and give access to all the connected computers that fulfil all requirements requested by any single node. The following are some of the main benefits of having an information-sharing centralized database:
• More accurate and reliable information
• It helps to make fast decisions and take prompt measures
• Find information quicker
• Eliminate redundant records about victims and offenders
• More effective collaboration
Furthermore, Dark Web criminal offences are difficult to take to court for some of the same reasons that they are challenging to investigate. The frequent urge to rely on evidence collected abroad, as well as the potential for victims to be traumatized and intimidated, creates some difficult and complex challenges to the judiciary. Effective collaboration with victim assistance services, enhanced international judicial cooperation, and the development of more powerful witness protection measures must be part of any strategy to address these challenges.
Stakeholders planning to utilize advanced technologies to enhance the efforts of combating crimes on the Dark Web should take into consideration some significant aspects related to data privacy, ethics, and informed consent. Managing risks related to ethics, data privacy, and informed consent is hugely important in criminal cases because of the subjects of the data—the victims of exploitation. Victims could become even more severe if their personal data and stories are accessed by irrelevant people. This would lead to an opposite effect than the one intended when developing the proposed IDH.
The IDH aims to enable law enforcement to combine both raw and processed data from multiple sources and formats to allow investigators to draw on an even richer pool of data. In this way, analysts will be better positioned to identify crime patterns, networks, and hotspots, as well as to focus on the right anti-crime resources in the right way. The IDH should be hosted in a combination of centralized and cloud environments and utilize highly advanced technologies, such as AI, data visualization, machine learning (ML), and data analytics.
Furthermore, the IDH can play a vital role in providing guidance, developing best practices, and ensuring uptake. In collaboration with global institutions, such as the FBI, Europol, and Interpol, the hub can become a proactive generator of self-regulation and good practice. Several recommendations have emerged from the discussion in this research. These recommendations are extracted from the text and reproduced as follows:
• The hub should adopt a targeted approach to policing crimes on the Dark Web, focusing on exposing, disrupting, and prosecuting criminals.
• The hub should put in place long-term and strategic provision of psychological, moral, and professional support for both officers and victims involved in operations.
• Research should be carried out to map law enforcement’s reliance on the private sector. This will help to assess law enforcement’s needs and to anticipate how this is likely to develop in the future. The outcomes of such research should be used to plan and invest, in a strategic way, inlaw enforcement’s capabilities.
• The hub should ensure that means used by private enterprises are lawful and that evidence collected is admissible in court.
• To develop responsible and accountable practices, private sector companies offering services or tools for Dark Web crime investigations should develop, publish, and abide by digital forensics codes of conduct.
Hub control
This kind of hub brings together all of a company’s controls, monitoring, and documentation into one platform to deliver a real-time management information system. Data is easily portable and scalable because it is stored in the same place. Also, the centralized database approach is cheaper than other types of databases as it requires less maintenance and power. All information in the centralized platform can be easily accessed from the same location and at the same time. The following screenshot describes the advanced features that a control hub/platform can have:
The following list describes some of the hub’s primary goals:
• Planning and implementation: For the proposed IDH, defining a mission and establishing goals are insufficient. To accomplish and carry out its objective, the hub must act. Significant choices regarding employment, staffing, fundraising activities, and volunteer recruitment will be made by the hub’s board. The board must also oversee and keep an eye on events and activities to make sure they continue to be in line with the hub’s standards and objectives.
• Financial matters: Even though a project such as the proposed IDH isn’t about making money, it nevertheless needs funding to run. The board is responsible for creating and approving the organisation’s annual budget as well as making sure that it abides by all applicable rules and laws.
• Legal responsibilities: Each board member has a fiduciary duty to the other board members and the hub. The board members have a fiduciary duty to act honestly. The board shouldn’t take any actions that are against the hub’s goals and objectives or indulge in self-dealing. Making sure the organization has a capable chief executive officer (CEO) and selecting a seasoned board that reflects a variety of interests in the community are two responsibilities that fall under this category.
Hub functions
In a conventional database system, data is stored in multiple files—for example, each trafficking victim’s data may be stored in a separate file. On the other hand, a centralized database stores all the data in one file. This makes it more efficient to manage the data, and it is also easier to search the database, as they are all stored in the same place. In the case of the proposed IDH, all data gathered from various entities will be stored in a combination of central and cloud databases. The following list describes some of the hub’s main functions:
Distributed query processing: The primary function of the proposed IDH is to provide suitable facilities and give access to all connected entities that fulfil all requirements requested by any single node.
Single central unit: All the data will be stored in a single centralized and cloud database system. The computer system that fulfils the requirements of all the connected computers is known as a server, and other computers are defined as clients.
Transparency: There is no irrelevant or duplicate data stored in the system. All connected computers have access to the central system for their query processing and requirements.
Scalable: More computers can be added to this database management system. These computers are connected to the system through a network.
These databases will be easily accessible by authorized parties and categorized into various sections.
Summary
In the last few decades, pressure on organizations to maintain robust internal controls has increased dramatically. Audit committees, stakeholders, and boards expect management to provide not only transparency and accountability over internal controls but also real-time updates on their effectiveness. Additionally, with an ever-changing regulatory environment, increased remote working, and greater operational complexity, more pressure is put on already stretched management teams. Control hubs/central platforms have been designed to help alleviate this burden.