UEL researchers say ‘Criminal oligarchy’ dominating the Dark Web is creating a dangerous supply for terrorists
Multi-million pound trade poses a global threat
A team of researchers at the University of East London (UEL) have found a ‘criminal oligarchy’ dominating the fake ID and drugs trade on the Dark Web.
Led by Dr Andres Baravalle, a senior lecturer in computing at UEL, researchers went undercover to investigate Agora - the ‘king of the dark web’ marketplace, between July and September 2015. They found over 30,000 products on sale, mostly IDs and drugs, worth at least 170691.12 BitCoins (£26 million).
A staggering 1,233 sellers spread across 20 countries were discovered operating on the secretive Agora marketplace, with the largest number located in the USA and UK. Yet 90 per cent of the market was dominated by the largest 10 per cent of sellers, suggesting a ‘criminal oligarchy’ controlling the trade.
IDs easily available – opportunity for terrorists?
The research team found a global business in passports, ID cards, and driving licences, which could allow terrorist from organisations such as ISIS to procure fake identities without police or military detection. Once purchased, the fake IDs would make it easier for terrorists to enter Europe and move freely towards their intended targets.
“During our research, 84 scans and photos of passports were on sale, with 12 physical passports also being offered,” revealed Dr Baravalle. “A physical UK passport can be bought as cheaply as £752, while scanned passports can be purchased for as little as £7, and can be bought in bulk, with a wide range of countries to choose from.”
The research reveals that fake EU ID cards can be bought for £142. Prices for EU driving license were slightly more expensive, costing up to £419. In one of the listings, the seller claimed that the license sold would be officially registered. A US ID card can be obtained for anything from £25-92, with driving licenses ranging from £51-300. The total market size of illegal documents found on Agora was 3747.85 BitCoins (£1.73 million).
“When it comes to illegal documents, it is important to mention that any EU ID card would allow the buyer to travel through any country in the EU, open bank accounts and in general create a new identity for himself or herself,” said Dr Baravalle. “This is definitely a concern following the spate of terrorist attacks carried out by ISIS, with the media reporting many more planned across Europe. Easily accessible IDs could allow terrorists to more easily travel across Europe and remain undetected until they’re ready to strike.”
On 18 January this year, EuroPol published its ‘Changes in modus operandi of Islamic State terrorist attacks’ report. The report said, “There is evidence of a level of technical knowledge available to religiously inspired terrorist groups, allowing them to make their use of the internet and social media invisible to intelligence and law enforcement agencies.”
And in July this year 18-year-old Ali David Sonboly went on a killing spree in Munich, killing nine people before turning the gun on himself. A month later German police arrested the man who sold Sonboly the gun used, which he purchased from him via the Dark Web.
Huge trade in drugs found
According to the new research, 80 per cent of the market share went to the selling and purchase of drugs. One seller, RADICALRX, was offering a cache of £10 million pounds worth of drugs, including Hydromorphone, Oxycodone, Fentanyl and Meth. A US-based supplier, HonestCocaine, boasted £1.24 million worth of cocaine for sale. Cannabis, LSD, speed, MDMA and hash were also among the dugs on offer.
The highest number of drug sellers were from the USA (388), Australia (138) and the UK (137), while top countries by market size were Germany (£7.8 million), USA (£6.06 million) and Netherlands (£2.9 million).
“Big players offering huge amounts of drugs strongly suggests we’re dealing with large organised gangs,” says Dr Baravalle. “They’re using the Dark Web to trade in drugs on a global scale, thanks to the anonymised world of the Dark Web and new virtual currencies like Bitcoin.”
The team were able to access the invite-only Agora Marketplace by scavenging the web for an invite to Agora by a user of the marketplace. They then developed a ‘spider’ computer programme which mimicked the human behaviours of someone in the Agora marketplace. Once in, they were able to introduce more spiders in the marketplace to gather intelligence over the three month period.
The researchers had to evade detection by the anonymous Agora administrators, who used a raft of security measures, including geolocation, session expiration and session management monitoring, Turing tests, user-agent identification and network traffic analysis.
Commenting on the hurdles they overcame, Dr Baravalle said: “A teenage computer enthusiastic, for example, would be able to find themselves in touch with organised criminals very easily.”
Agora went offline in September 2015, with administrators citing security and “anonymisation vulnerabilities” that needed shoring up. It follows the closure of Dark Web competitor Evolution, which went offline in March 2015, and the shutting down of Silk Road and Silk Road 2.0 by the FBI and Europol as part of Operation Onymous in 2014.
Dr Baravalle and co-researchers Dr Sin Lee Wee and Mr Mauro Sanchez Lopez will present their findings at the 16th IEEE International Conference on data mining later this year.