The pandemic gave a welcome boost to digital transformation, but it also generated an epidemic of cyber-crime, with ransomware attacks driving its staggering growth.
The true cost of these attacks, where access to company data is blocked and only returned on the payment of a ransom, is hard to assess thanks to victims often opting for paying the ransom secretly to fend off reputational damage. Recent estimates for 2020, however, have put a $170 billion (£120 billion) price tag on ransomware attacks globally.
What needs to be factored in too is the negative effect the news of recurring large-scale cyber-attacks have on the fastening pace of digitalisation. Businesses that were under pressure to digitise in a world where physical contact is kept to a minimum are likely to slow down or scrap digital projects once they have been scarred by a cyber-attack.
Similarly, clients, both private and corporate, may become warier of digital services and solutions again, especially when hearing news of cyber-security companies, the guardians of the digital space, falling themselves victim to attacks.
The dark web: the backbone of illicit online activity
Illicit marketplaces on the dark web offering anonymity provide the key infrastructure for hackers and those hiring them.
The technology behind the dark web was originally conceived by the US Naval Research Lab as a platform for the anonymous and untraceable communication of US intelligence. It was opened to the public a couple of years later, the idea being that this would generate “noise” that would draw attention away from secret government communications.
Although there exist other browsers as well, the Dark Web is closely associated with – but not identical to – the most popular one, Tor (The Onion Router), the tool that makes it accessible for practically anyone.
Apart from the nature of the products sold on them, these black markets in several respects mirror the operation of the marketplaces that law-abiding, less privacy-conscious citizens roam on the everyday internet, or “surface net”. They offer discounts, bundles and 24-hour support. A robust feedback system ensures that products, illegal though they may be, are of the best quality.
The Dark Web also has its own digital payment system, with Bitcoin at its centre, although Monero, a more privacy-focused cryptocurrency, is regarded as a serious rival.
Ironically, though, the Tor network, itself a distributed network operated by voluntary computer nodes, seems to be resistant to the adoption of blockchain or smart contracts. It still relies on the escrow system bitcoin was designed to replace, where digital wallets are controlled by administrators and funds are released on condition that the buyer has received the type and quality of product they were promised. If the product traded fails to meet the buyer’s expectations, the ringfenced funds can be retrieved from the escrow account.
But the real game-changer that enabled the spike of ransomware attacks during lockdown was probably the adoption of the as-a-service model by the dark web. The rise of ransomware-as-service meant that not only a select few but anyone vengeful or greedy enough could buy turnkey solutions and infect and breach data systems, as well as exfiltrate sensitive information to their heart’s content.
Ransoms are typically collected in bitcoin, and as crypto-laundering – euphemistically also known as “mixing services” – is rife on the dark web, marked coins deriving from illegal activities can be easily exchanged for unmarked ones.
The existence of these mixes is a blow to both anti-money-laundering (AML) regulations and legitimate crypto communities. Indeed, the efficacy of the present AML framework is already in question given that only an estimated 0.15 to 0.22 per cent of criminal funds are seized as a result.
Cash has obviously a much bigger role to play in AML’s inefficiency than crypto-mixing. However, trying to find ways of intercepting mixing services may be a better approach to fighting this new type of money laundering than burdening financial institutions with yet more know-your-customer regulations with regards to cryptocurrencies.
Can the dark web be seen as a force for good?
There have always been attempts to contain the more heinous aspects of the dark web. Silk Road, the first modern dark marketplace, was operational for two years before it was shut down and its founder arrested by the FBI in 2013. In 2018 Europol set up its dark web team, which, in its latest major, internationally co-ordinated operation in January, took DarkMarket, the world’s then-largest dark web marketplace, offline.
But studies tracing the dynamics of the dark web show that fighting these markets is just another example of playing Whack-a-Mole. Research suggests that on the first week after a closure, one marketplace absorbs about 66 per cent of all users migrating from the site, while new marketplaces will spring up like weeds. These cycles of busts and resurgences has meant that at any given time there are around 40 dark markets in operation, despite efforts to curb them.
But what makes closing down the Dark Web in its entirety unviable is that it isn’t just used for nefarious, anonymouse transactions. It’s also regarded by human rights advocates as the safest way to circumvent censorship in despotic countries and share documents with whistleblowers. But although the Arab Spring made a forceful case for its use in this way, since then some anti-liberal regimes have found ways of either blocking Tor or using it for their own purposes.
Moreover, the argument that dissidents need the dark web to fight their oppressors is somewhat discredited by the study on the potential harm wreaked by the Tor anonymity network referenced earlier. Its findings suggest that Tor is significantly more likely to be used in illicit ways on the dark web in more democratic countries, whereas users in more repressive regimes tend to be far more likely to use it to access legitimate surface-web content anonymously.
The new equation
Before the explosion of ransomware and other types of cyber-attack, the costs and benefits of the dark web as a platform for criminal activity on the one hand and as a privacy protection tool for dissidents and whistle blowers on the other, seemed to strike a fine balance.
But now, as a small business in the UK is successfully hacked every 19 seconds and health services and schools are disrupted by cyber-attacks, this balance has ceased to exist. Finding ways to deal with this space where hackers are recruited, data breaches are orchestrated and outsourced, stolen data is exposed and ransoms are demanded and paid needs to rise to the top of regulators’ and law enforcers’ priority lists.
Although Tor is one of the most effective anonymity tools, it is already almost 30 years old. Its association with the dark net, which has the potential to undermine the digital economy and halt the progress of digital transformation, can’t be maintained in the long run. At some point it will need to be either removed entirely, or be replaced by other, more advanced solutions with better credentials.