Sunday 30 April 2017

You are now entering the Dark Web: Adrian Weckler takes a tour of hotspots popular with Irish criminals

The dark web is a dangerous, depraved place where almost anything is available for sale. Our technology editor took a guided tour of some hotspots popular with Irish criminals

Technology Editor Adrian Weckler takes a tour of the Dark Web
Technology Editor Adrian Weckler takes a tour of the Dark Web
Adrian Weckler

Adrian Weckler

'So, what do you want to do - have someone beaten up?"

It's a Tuesday afternoon and I'm being guided through a part of the dark web most used by Irish criminals.

"Or are you looking for guns or explosives?"

My guide is Paul Dwyer, one of Ireland's most senior IT security experts. Having seen much of the worst of humanity online in order to help protect clients, he has to keep humour close by to stay sane.

The bit of the dark web we have landed in is called AlphaBay. It's laid out in a friendly fashion like eBay, but its content is deadly.

We look at some guns that are listed for sale in Ireland. We spot an AR-15 automatic assault rifle, The seller, GoblinKing96, is offering it for €3,000.

Independent.ie technology editor Adrian Weckler. Photo: Arthur Carron/Collins
Independent.ie technology editor Adrian Weckler. Photo: Arthur Carron/Collins

GoblinKing96 has a feedback rating of 92. I ask what that is.

"That's his review rating," says Dwyer. "The community dictates how successful somebody is. So if you're going to buy from some guy, you can see his reviews."

I ask to look at some of the review comments.

"Arrived a couple of days early, thanks friend," one says. "Super service," says another.

Just below this listing is another one for an Uzi machine gun with a silencer. And below that is a Mac-11 sub-machine pistol for €1,000 next to listings for C-4 explosives and a set of knuckledusters.

These can all be purchased in the Bitcoin virtual currency which, while tricky for first-time users, is increasingly straightforward as an alternative currency for those who know the system.

Policing the web: An Garda Síochána won't say much about dark web activity in Ireland
Policing the web: An Garda Síochána won't say much about dark web activity in Ireland

Dwyer isn't at all taken aback.

"There are AK-47s, AR-15s, it's all here," he says. "Look at that last listing there. Three Glocks."

AlphaBay is just one of many 'marketplaces' on the dark web. Almost anything can be bought or sold. Much of it is by order.

"If you want to order to have someone beaten up, you can do that," says Dwyer. "If you want to order something to be stolen like a Rolex watch, you can order to get one stolen. It's a bad town."

It is this element of the dark web - the ability to order specific crimes or actions on demand - that may be one of the most chilling aspects of its rise. It raises the prospect of all sorts of organised illegal activity, from theft and thuggery to stealing dogs or prostitution.

And as any IT-literate PC user knows, it's easy to stay hidden online if you know what you're doing: just pay your (untraceable) Bitcoin and take a chance on delivery of your illicit action.

I tell Dwyer that I don't want to go looking for child-abuse material, another thing the dark web is known for. He says that such materials are mainly traded on peer-to-peer services now, anyway, rather than openly on dark web 'marketplaces' such as AlphaBay.

What we call the dark web is a vast online area that sits below the so-called 'surface web' that is accessible by Google and Internet Explorer. To get to it normally requires the use of specialist internet tools such as Tor (The Onion Router). And because most of it is encrypted and hidden from normal internet access, it's a much more lawless, harsh place than what we normally see on our phones and laptops.

For those who want to use it to source things, there are several 'marketplaces'. The best known of these is probably the infamous Silk Road.

But for Irish criminals, AlphaBay is said to be one of the go-to places for trading and distribution purposes.

The motivation for going there includes searches for drugs and other illegal substances. Less common activities appear to include criminality as a service.

"There are people who offer services such as beating others up, hacking named individuals' accounts," says Dwyer. "Even raping someone. This is a bad place with bad people."

Just how bad it gets was illustrated in a recent criminal case of an Australian man called Peter Scully, jailed last year in the Philippines. From 2011, Scully ran a company called 'No Limits Fun', which produced videos of him raping and torturing young girls. In one instance, he filmed two young girls digging their own grave while they were being sexually abused.

An 11-year-old-girl was subsequently buried, with Scully now convicted of her murder. The court case heard that people from all over the world paid thousands of euro to watch these disturbing videos.

"The stuff that filters from the dark web to the surface web is always of a very extreme, horrific nature," says Dwyer. "It's things like boiling people in acid, all that sort of stuff."

And pornography? It's here, but not much by way of images and videos, which are all freely available on the surface web. Instead, stolen or hacked pornography passes are what is traded. There are several listed on the AlphaBay site still open in front of us.

"You're buying a porn pass," says Dwyer. "Or you're buying live access to porn. One of the biggest marketplaces is animals and porn. Typically, you might want to watch live animals being killed during porn."

As lawless as it is, the dark web still needs some sort of order to work as a trading marketplace. Sites like AlphaBay use a type of escrow system.

"It gives an element of trust, which is why things like Silk Road are so successful," says Dwyer. "These follow the same sorts of standards."

Ireland is no stranger to Silk Road, the notorious online dark web marketplace that is known around the world for trading in weapons, drugs and hacked accounts.

Right now, there's a major extradition tussle going on over 28-year-old Wicklow man Gary Davis, alleged to be an administrator of Silk Road. He's currently in custody in Ireland awaiting extradition to the US to face trial on charges of conspiracy to distribute narcotics, conspiracy to commit computer hacking and conspiracy to commit money laundering.

Facing a potential life sentence, Davis has appealed the High Court decision to extradite him, pleading depression and Asperger's syndrome.

The dark web has turned up in other parts of Irish life, too.

An inquest into the 2016 death of Cork teenager Alex Ryan found that he had ingested a drug called NBomb that was sourced on the dark web, allegedly imported from Thailand. He died at a house party, with several other people also ingesting the drug.

It's not just drugs, weapons or repellent videos that drive the dark web for Irish users. Hacked web accounts, including the most sensitive financial data, are traded online and are available to anyone who goes looking.

This is one area that Dwyer knows well, as his company's business lies partially in protecting corporate clients from hacking attacks and breaches.

Back surfing through AlphaBay, we look at data that appears to be for sale for $5. I ask Dwyer whether this is an individual's data or a dump of it.

"It depends," he says. "With a lot of these guys you can send in requests and say 'here's the name of someone I want, can you get into this person?'"

Just like the listings for guns and drugs, there appear to be scores that each seller has next to their name. One listing says 'vendor level 2, trust level 4'.

I ask what this means.

"That's the review system that they have," says Dwyer. "It's based on the internal algorithms that the websites run off. You're going to trust that guy who has a trust level 4 as he's less likely to scam you or sell you bogus data."

It all seems incredibly slick and organised, far from the anarchic vista one might have about the dark web.

It's also a very lucrative trade. While the size of this black economy has never been quantified, most credible organisations estimate that cybercrime accounts for up to 2pc of any given country's annual gross domestic product (GDP). In Ireland's case, that would amount to a figure in the region of €1bn.

Dwyer has been trying for a while to educate corporate clients about the scale of potentially damaging data and what's available on the dark web.

To do this, he sometimes sits a corporate client down and shows them exactly what level of data is being traded online, often concerning the company's own affairs or clients.

"In one example, we took some banking clients and went online with them to show them how you could buy and the extent to which their data was for sale. Within minutes, we were able to find Russian mafia operating in the Irish cyber market, selling this kind of information. Typically, we know that if you want Irish information, someone like him will either have it or will get it for you. There are go-to guys for stolen Irish information in here. And in many cases, they are harvested from an end user, not a bank."

Dwyer clicks on another screen to show me the type of data that is available with such financial records traded on the dark web. The information we are looking at on-screen comprises a form with a name, date of birth, address, email address, system username and home IP computer address.

With this level of information, Dwyer says, a criminal can defraud someone for weeks without them knowing or being alerted. This is because any sophisticated attacker can now use location information and IP addresses to fool anti-fraud systems into thinking that transactions are coming from their legitimate owner's typical physical whereabouts.

Software is used that makes sure stolen credit-card numbers are used from the IP addresses of other hacked computers close to the address of the card-owner's computer, to escape detection.

"It's not that someone cracks into some corporate database," says Dwyer. "Typically, it may be that the end user clicks on a piece of malware at some stage and it starts recording his information and pushes that information up into a server for the bad guy to have."

This is happening on a wide scale, Dwyer says. Many people simply do not know that their computer has malware on it and is being used to help in such scams.

An associated problem is people's own monitoring habits. Too many of us don't cast a proper eye on our financial and banking statements at the end of the month, let alone check in every week.

This means that any unauthorised usage in between bank statements, if undetected by anti-fraud systems, won't be caught in time.

"They have weeks to use the card before someone's going to cop on," says Dwyer. "The next time the bank knows that the card has been used is when someone reports it. But at that point, it's already been defrauded. The sooner that one of them, or both of them, know that their information is out there, the better."

We don't have to go too far to look for recent victims of mass hackings. Just about every big corporation or retailer has had a run-in of note over the last five years.

At the time of writing, there are still hundreds of millions of Yahoo and LinkedIn users details being bought and sold on the dark web after massive breaches affecting both organisations that were disclosed last year.

In Ireland, a massive hack on the Clare-based company Loyaltybuild, which saw the credit card details of over 70,000 SuperValu customers (and general personal information on 1.1 million people) stolen, was adjudged to be a professional cybercrime operation. The details are presumed to have been sold on, although no arrests were ever made.

Loyaltybuild suffered a near-mortal blow due to the incident, converting a €1m profit into an €18m loss. It also had to let 37 people go in a redundancy plan.

Cumulatively, we know that details, ranging from the generic to the financially specific, of thousands of Irish people are still floating around in databases for sale.

"In crime, the entry level was always based on violence," says Dwyer. "Now all you have to is know the websites."

What about ISIS and terrorism? It's there, says Dwyer, but not in anything like the same quantities as recreational narcotics, weapons or criminal content.

So-called 'peer-to-peer' technologies, hidden even from dark web scrollers, are where much of this subversive activity takes place.

The same can be said for child-abuse imagery.

"Most of the stuff with paedophiles seems to be around peer-to-peer networking," he says. "They don't really use this. To be honest, there's a lot of bullshit out there on this topic. The hardcore guys use peer-to-peer to try and stay even more anonymous."

The dark web has fundamentally changed the shape of the pornography industry, just as the surface web changed it a decade ago, Dwyer says.

"Gone are the days where the man comes in to fix the photocopier. Here, people want to see other people in real life. So there are people all over the world, whether it's men, women, boys or girls, on camera doing whatever they do, and getting paid. Some make a lot of money out of it."

With that - and with some relief on my part - we click the machine's screen off, closing our window into the dark web.

An Garda Síochána won't say much about dark web activity in Ireland. When I call them the next day, they reference cases like Gary Davis and Silk Road, but have little to say about how widely or deeply it is being used in the commissioning of crime in Ireland.

But it's clear that such platforms now exist and are in easy reach of just about anyone who knows how to use a computer and anonymising software such as Tor.

Not everyone thinks that utterly anonymous, untraceable internet systems are a bad thing. Despite the hives of depravity that exist in the dark web, some argue that it provides elements of privacy that are becoming increasingly rare in a monitored, tracked surface web.

The more we read about what the lengths to which US, British, Russian and Chinese security services will go to mine our information, the more it seems like an alternative communication system might work in our lives.

Just like the dark web itself, it's a debate that will probably get bigger very soon.

Indo Review

Promoted articles

Editor's Choice

Also in Irish News