Category: Litigation

How Law Enforcement Uses The Dark Web

Have you ever had your identity stolen? If you haven’t, consider yourself lucky. On a daily basis we hear reports of someone stealing a credit card, hijacking bank accounts, or creating false online profiles. One thing is clear: Cyber criminals are constantly trying to steal our personal information…and this information often ends up on a place called the Dark Web.

So what exactly is the Dark Web?

The dark web is a portion of the internet that can only be accessed by using certain browsers and software.

NBC10 Boston Investigators sat down with Andrei Barysevich, the director of advanced collection for Recorded Future, a Somerville-based cyber intelligence company. “You can pretty much find anything,” Barysevich said. “Stolen identities, credit card numbers, compromised data or weapons and drugs.”

In the past two years, Barysevich has gone from a team of one to a team of several dozen cyber intelligence analysts, combing through more than 2 million Dark Web sources per week. His employees, typically fluent in several foreign languages, act like “flies on the wall” in Dark Web online forums, Barysevich said, attempting to gather information about what’s being bought and sold.

On one disturbing site, Barysevich showed NBC10 Boston Investigator Ryan Kath how easy it is to buy the Social Security number of almost anyone in the United States. Using one of Recorded Future’s accounts to pay the $3 charge, Kath plugged in his name. After a search that only took a few seconds, Kath’s personal information appeared on the screen. Barysevich said everyone should assume their information was at one point stolen and is available on the Dark Web.

Christopher Ahlberg, CEO of Recorded Future said, “Cyber security has grown incredibly in the past few years. It’s the idea of being able to catch cyber threats before they hit you. To do that, you need to infiltrate the places that bad guys hang out.” When valuable information is uncovered, Recorded Future shares the details with the pertinent parties, whether it’s a government agency, financial institution or law enforcement. One notable example was when the company spotted a hacker selling sensitive documents about military drones.

Mark Turnage is another investigator who is familiar with the dark web. Turnage’s company, DarkOwl, helps law enforcement and cyber security firms monitor the criminals who lurk in the dark web. “The dark net is appealing to criminals because it completely anonymizes their presence,” Turnage explained. There are no IP addresses. There is no way to trace the person on a keyboard to a physical location. All law enforcement can do is wait for criminals to slip up.

Luckily, that happened in the case against Danny McLaughlin. The Colorado man is accused of attempting to hold a 13-year-old girl captive for sex and trying to hire a hitman to kill his wife. The criminal complaint filed against McLaughlin says his crimes started on the dark web on a site for people who enjoy torture and killing.

McLaughlin was only identified and caught when investigators say he agreed to meet at a Centennial hotel with the person who had agreed to murder his wife. That person was really an undercover detective.

“Thank goodness he made that mistake and was arrested. Had he not gone to that hotel room, it would have been near impossible for them to figure out who this person was,” said Turnage.

Recently, International police group Interpol arrested nine people in Thailand, Australia, and the U.S. and 50 children had been rescued after investigators took down an online pedophilia ring. Police in nearly 60 countries combined efforts in this Interpol operation launched two years ago into a hidden “dark web” site with 63,000 users worldwide. Fifty children were rescued following the arrests.

Interpol said its Operation Blackwrist began after it found material that was traced back to a subscription-based site on the dark web, where people can use encrypted software to hide behind layers of secrecy. Interpol enlisted help from national agencies worldwide, with the US Homeland Security Investigations (HSI) department eventually tracking the site’s IP address, where new photos and videos were posted weekly.

The first arrests came in early 2018, when the site’s main administrator, Montri Salangam, was detained in Thailand, and another administrator, Ruecha Tokputza, was captured in Australia. Salangam, whose victims included one of his nephews, was sentenced in June last year to 146 years in prison by Thai courts. Interpol said children were lured to Salangam’s home with the promise of food, internet access and soccer games.  

One of his associates, a pre-school teacher, got 36 years. Tokputza was handed a 40-year prison term at his trial in Australia last Friday, the longest ever for child sex offences in the country. The Australian Associated Press reported that Tokputza, 31, pleaded guilty to 50 counts of abuse of 11 babies and children — one just 15 months old — between 2011 and 2018. The HSI’s regional attache in Bangkok, Eric McLoughlin, said in the statement that “numerous arrests” had been made in the US. Some held “positions of public trust,” he said, and one individual was abusing his two-year-old stepbrother.

“Operation Blackwrist sends a clear message to those abusing children, producing child sexual exploitation material and sharing the images online: We see you, and you will be brought to justice,” Interpol’s Secretary General Juergen Stock said.

What Can You Do to Avoid the Dark Web?

To reduce your risk of being hacked or having information stolen, Barysevich offers these tips:

• Freeze your credit report, something that can be done for free

• Activate text and email alerts for activity on your bank accounts

• Question why you need to provide a Social Security number or copy of your driver’s license when you visit the doctor, dentist, or other professional office

• Don’t use the same password for multiple online accounts

While some consumers might want to throw up their hands in frustration, Ahlberg — the Recorded Future CEO — said not to give up the fight. The goal is to decrease the odds that you’ll be cyber thieves’ next target.

But That’s Not Our Guy – Why Social Media & Online Research Can Be Frustrating

DIY platforms and other data gathering programs are great, but before you consider them to be inaccurate or not helpful, keep in mind that they are only as good as the person using them for research.

For many professions, including private investigators, law firms, and insurance companies, social media and online research on individuals has opened a new venue for assisting with investigations into court cases, insurance fraud, and other situations.

While it can be done, it can also be time consuming and frustrating. The more common the name, and the less information that is being used to search for a person’s online activity, the longer it can take. One roadblock is information that does not actually belong to the person you’re looking at – their information is getting mixed up with someone else with the same name.

In talking with folks in the industry, this is a pain point that not only makes it more difficult to search for people online, but it also gives the impression that the quality of such searches is not great. This can make investigators leery and question the benefit of conducting such research.

It’s important to remember a few key points when considering options for conducting social and online research:

1. Software is good, but will never be perfect. Whether it’s a DIY online search platform or TLO/Tracers/IDI report, there is a chance that information will be provided that does not in fact belong to the individual you’re interested in, whether it’s a phone number, email address, or social site. The opportunity for false positives is there no matter what platform is being used.

It’s important to utilize multiple software platforms – what one will pick up, another will miss, and what one provides as a “false positive” another will not pick up at all. Each platform works off its own algorithm, or process for producing search results based on what information is provided about an individual.

If an investigator is using such programs to conduct a search, they can be very valuable. However, it is important to keep in mind that not all information provided will be accurate; these are meant to be used as a starting point in an online investigation – manual research & identification will be needed to confirm whether a piece of information really belongs to the person you’re looking at. Typically, if it’s not readily clear from the initial search, a good rule of thumb is to find three pieces of confirmation to ensure it’s the person’s social account or site.

Here’s an example: if you find a Facebook page that you think belongs to the individual, but perhaps it’s not really clear just from looking at the user name or “About” section, take a look at their friends list, places they’ve checked in, “About section” to see if birthdays or employers are listed, etc. If you can identify the location of the individual whose Facebook page you’re looking at, or maybe confirm that some of their Facebook friends are relatives that correspond with findings from a TLO report, then you can be more certain that it’s the right account.

2. What may seem to be inaccurate information can actually be a key to what you’re looking for. Sometimes people will see social reports and say something like, “That phone number for Joe is so old and hasn’t been used in years. This report isn’t accurate at all. I want his current phone number.” Valid point, but here’s something to keep in mind: Joe may have accounts, comments, or forum membership tied to these old numbers. While he’s not currently using the phone number, the accounts still live online and are easier to tie to Joe. Sometimes these old accounts are long forgotten, which means they’re not being scrubbed if they are involved in a situation where a lawyer tells them to “clean up their online presence.” This means that there could be valuable information to find based on what seems to be inaccurate information.

3. DIY programs are great, but they are called DIY for a reason. There are many companies who will allow you to purchase a subscription to an online search product to find content posted by or about an individual. As this type of research has evolved, the services have greatly improved. There is definitely a place for do it yourself search programs – but you have to do it yourself. No matter what the company claims, it will not be as simple as entering some information about an individual and being presented with all of the person’s online activity without any false positives or inaccurate information. It’s going to take you (the “yourself” part in DIY) to validate, investigate, and determine the validity of the results. Before deeming a DIY program as not useful, remember its actual purpose and that it is not meant as a be all end all service. And, if the company is promising that it is, you may want to reconsider using it.

4. There is no magic bullet – online research takes a lot of time. There’s no way around it. While we all wish a software platform would be created to give us instant and completely accurate results, this will likely never happen. Why? Things are changing all the time, whether it’s social media privacy laws, Google algorithm updates, or any number of things that can change in an instant. This is where online and social media research gets tricky and frustrating, leaving people to give up easily. Software can not be relied on as a standalone product – manual research is needed to confirm the validity of the information provided, and then take that information as a starting point and fleshing out what can be found through manual searching. When multiple platforms and other similar products are used simultaneously, the time spent can be greatly reduced. This is why it can be useful to turn to a full-service social media and online research service – they often have efficiencies in place to search quicker and provide more accurate results, which saves a lot of time for those needing to conduct investigations.

DIY platforms and other data gathering programs are great, but before you consider them to be inaccurate or not helpful, keep in mind that they are only as good as the person using them for research. Take them for what they are and realize that they will not be the magic bullet to quickly investigate an individual’s online activity.

Open Source Network Tools for Investigations 

What is Open Source Intelligence (OSINT)?

Open Source Intelligence (OSINT) is defined as data and information that is collected legally from open and publicly available resources. Obtaining the information doesn’t require any type of secretive method and is retrieved in a manner that is legal and meets copyright requirements.

 The Internet has all the information readily available for anyone to access. Collection of information using these tools are referred to as open source intelligence. Information can be in various forms like audio, video, image, text, file etc. A few of the data categories available on the internet include:

  1. Social media websites like Twitter, Facebook, Instagram, etc.
  2. Public facing web servers: Websites that hold information about various users and organizations.
  3. Mass media (e.g. newspapers, TV, radio, magazines and websites)
  4. Code repositories: Software and code repositories like Codechef, Github hold a lot of information but we only see what we are searching for.
  5. Public records databases
  6. Government reports, documents and websites
  7. Maps and commercial imagery
  8. Photos and videos
  9. The dark web

Who Engages in Open Source Intelligence gathering and analysis?

Anyone who knows how to use the tools and techniques to access the information is said to have used the process. However, the majority is used formally by the United States intelligence community, the military, law enforcement, IT security professionals, private businesses and private investigators.

Gathering the information manually can eat up a lot of time, but now there are tools that can help collect the data from hundreds of sites in minutes, easing this phase. Let’s say, for example, you want to identify whether a username is present and if so, on which/all social media websites. One way is to log in to all the social media websites (and there are more than you know!) and test the username. Another way is to use an open source tool that is connected to various websites and check the usernames presence on all the websites at once. This is done just in seconds using OSINT.

List of Open Source Intelligence Tools

The tools and techniques used in Open Source Intelligence searching go much further than a simple Google search. Following is a list of helpful, time-saving open source intelligence tools. Note: most are free, although some have advanced features available for a fee.

Email Breach Lookup – Have I Been Pawned

This site allows you to find out if a particular email address was affected by one of the many data breaches that have occurred over the years

Fact Checking Websites – Hoaxy, Media Bugs, PolitiFact, SciCheck, Snopes, Verification Junkie

Hacking and Threat Assessment – Norse

OSINT Image Search – Current Location, Image Identification Project, TinEye

Public Records (Property) – Melissa Data Property Viewer, Emporis Building Search

Sites like Zillow, Trulia, Realtor.com, etc. are always useful and should be a part of your investigative toolbox. But the two mentioned above provide various twists on property records searching and are definitely worth checking out.

OSINT Search EnginesGoogle Correlate, Google Search Operator Guide, Million Short, Shodan, TalkWalkerAlerts

OSINT Social Media Search ToolsFacebook Search Tools, TweetBeaver

OSINT Tool WebsitesIntelTechniques

SoftwareHunchly, Maltego, SearchCode

Surveillance CamerasEarth Cam, Insecam

Username CheckCheckUserNames, Knowem.com, Namech_k

Virus ScannerVirusTotal

Website Analysis – BuiltWith.com

The main benefit of OSINT is how the technology can help us in our day to day tasks. With all that information freely available multiple actors can accomplish various tasks. A security professional can use the information for data protection, security testing, incident handling, threat detection, etc. A threat actor, on the other hand, can gain information to perform phishing attacks, targeted information gathering, DDOS attacks and much more. The key is to select the right tools and techniques. Since this is all free, users can make their decision regarding how best to access the information they need.

Do You Speak Emoji?

Emojis are now a part of our culture and are being used as a way to communicate everything from emotions to soliciting drugs. Marketers are going as far as to mine emojis in social media the same way they mine data; to determine the emotion behind a brand. Some speculate it will morph into a language in and of itself. This is certainly true among criminals and drug dealers as we have seen first hand in our social media investigations. As we dig deeper into this subject, it is important to establish some baseline knowledge.

Let’s start with some history.

The most current statistics I have found on Emojis shows that there are now 2,623 official unicode emojis. Each day 5 BILLION emojis are used in Facebook Messenger alone and 60 million are used daily in Facebook.

Emojis were first used in Japan (the country where it originated) somewhere around 1997. In 1999 Shigetaka Kurita created the first widely-used set of emoji.

Emoji usage in marketing messages has rapidly increased at an annual growth rate of over 775 percent.

Can Emojis Be Used In Court?

We will be hearing much more on this subject, no doubt. Currently, this has been looked at by several law professors as well as attorneys and law enforcement. What if emojis have multiple meanings? How can one be sure it was meant for criminal purposes?

Between 2004 and 2019, there was an exponential rise in emoji and emoticon references in US court opinions, with over 30 percent of all cases appearing in 2018, according to Santa Clara University law professor Eric Goldman, who has been tracking all of the references to “emoji” and “emoticon” that show up in US court opinions. So far, the emoji and emoticons have rarely been important enough to sway the direction of a case, but as they become more common, the ambiguity in how emoji are displayed and what we interpret emoji to mean could become a larger issue for courts to contend with.

Still, it’s rare for cases to turn on the interpretations of emoji. “They show up as evidence, the courts have to acknowledge their existence, but often they’re immaterial,” Goldman says. “That’s why many judges decide to say ‘emoji omitted’ because they don’t think it’s relevant to the case at all.” But emoji are a critical part of communication, and in cases where transcripts of online communication are being read to the jury, they need to be characterized as well instead of being skipped over. “You could imagine if you got a winky face following the text sentence, you’re going to read that sentence very differently than without the winky face,” he says.

The Verge: Emoji are showing up in court cases exponentially, and courts aren’t prepared

For now Emojis can be used by investigators through investigative consultants and software platforms as a “tip” that there may be something illegal going on. Like anything in social media, it is a piece of a larger puzzle, but one in which needs to be understood.