Cyber crimes & the dark web, the good, the bad & the ugly
The dark web is probably one of the most mysterious universe to us all. Often considered infamous due to the number of illegal transactions undertaken, the dark web remains unknown to most internet users yet generates an awful amount of interest.
We asked EJ member Willem Timmers to enlighten our lanterns on the subject. Willem is a lawyer in the field of intellectual property, ICT and privacy law at Marree en Dijxhoorn Advocaten in the Netherlands. He also has a background in IT and has great interest in new technologies, privacy and online security.
Willem, tell us first a little more about yourself
I graduated from Leiden University having specialised in intellectual property law, with special attention to copyright law, and both trademark and design law.
During my studies I volunteered for several years as a legal advisor (legal aid) in the field of consumer law. After my graduation, I worked as a jurist in the field of intellectual property law and IT law for a large bank/insurer and later at a (IP/media) boutique law firm in Amsterdam. For 13 years – alongside my studies and subsequent work – I ran an IT-company. It was an obvious choice to actually start one. I grew up at the start of the Internet era and saw opportunities to create something digital from scratch, actually being worth quite something today. So I started to learn programming/coding whilst having a lot of fun and serving a wide variety of great clients.
Later on, I combined this experience with law such as privacy and IT law. This currently contributes for around 40% of my daily work. I think this is a great combination and I must admit I really love to work with programmers/coders. They think efficiently and aim to solve problems. Not much different from most lawyers I would say.
I also love running, sailing, skiing, and creating things (e.g. photography, drawing and programming).
How would you describe the dark web to us ?
I would say that the dark web is a part of the so called “deep web”. The deep web is the part of the internet that is not shown in the search results of search engines. This is one reason why most internet users have not (accidentally) seen or experienced it. The dark web is the more evil part of the deep web and is aimed at illegal/criminal activities. The deep web, on the other hand, is much more versatile. Its main purpose is to safeguard privacy. For instance, political safe heavens, meeting points for journalists (of suppressed nations), diplomatic activities, social media and yes also the dark web users.
What do you know about the transactions made on this hidden platform ? How do you get access to it ?
A big part of the dark web are black markets. Silk Road was such a multimillion black market which offered its users a trading platform for virtually anything one can imagine. Payments on these markets are usually made in crypto currencies, such as bitcoin. This allows users to maintain an even higher level of anonymity than normally would be the case.
To get access to the dark web/deep web, one would usually require special software. A common mistake, however, is to think that the dark web/deep web is only a browser based phenomenon, which it’s not. There are many platforms on the internet that offer users a sense of privacy such as in-game communications. Although one would not expect criminals in private chat lobbies in a child’s game, it is quite likely they are there.
A popular way to access parts of the dark web/deep web is usage of the so called TOR Browser (The Onion Router). Just like any browser such as Firefox, Chrome or Safari you can use this one to browse the internet. Nevertheless, the technology this browser uses doesn’t directly connect you to the host of a website. Instead the TOR Browser reroutes and encrypts small data packages your computer sends and receives via a network of computers (so called nodes). As the data package hops from one node to another, it is encrypted in a way that each relay only knows about the computer that sent the package and the computer the package is being sent to. The TOR Browser can even be installed on a USB-stick to carry along. I actually have one, but I must say I never use it.
In theory, this TOR Browser offers a high standard of anonymity. I say in theory, because there are ways to monitor nodes, especially starting and exit nodes. This however requires one to own a node in the network. One can expect that governments are “contributing” to TOR with their own nodes. It is therefore vital to use additional encryption methods such as a secured VPN (virtual private network) in order to obtain an even higher level of anonymity.
Is cyber crime often trialled in European Courts? If yes, how do you build your cases?
I am afraid I have no data on criminal court cases nor is criminal law my expertise. However, from a civil law point of a view, protection of rights such as IP should be exactly the same as any case despite the practical issues one will definitely face.
Catching dark web users is complex. In principle it is not clear where a user is located due to the nifty (TOR) rerouting of data packets or similar technologies. There are ways to locate someone on the dark web, but this requires advanced techniques and/or stupidity/ignorance of said users which reveals their trails. The founder of Silk Route got caught simply because he used a similar username on some forum a long time ago. I doubt he was ignorant, but it shows that a simple mistake can get you caught. Another more obvious mistake one can make is to order something and get it delivered at your home address. In order to build a case I would say one has to rely heavily on creativity in order to set up a trap.
Can you tell us about the Insofar Governing Body & the EU Regulations applicable here?
Assuming that you managed to identify the user in Europe, which is a best case scenario, the following regulations are probably useful for civil lawyers:
- Directive 2004/48/EC on the enforcement of intellectual property rights
- Regulation (EC) No 864/2007 on the law applicable to non-contractual obligations
- Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters
How do you see the dark web in 5 to 10 years from now ?
I think in time, technology such as TOR will become even more robust and most likely more people will use it. Consequently I expect the deep web and its dark web to expand much more. I also I expect that users of the internet will in time understand the need to encrypt their data. Using technology as TOR helps, but it is not bulletproof.
We thank Willem for his precious collaboration on this article and wish the best in his future endeavours.