European police say today’s criminals have gotten better than ever at using technology to hurt people — and escape justice by hiding in the shadows.
In its new report, the European Cybercrime Centre paints a stark picture.
We’re witnessing “the increased professionalization of cybercriminals,” writes European Police Office director Rob Wainwright.
First of all, when dirty money exchanges hands, it’s harder to track. Crooks are increasingly using electronic money, such as Bitcoin, which is hard to trace. There’s no middleman, no central player like a bank tracking customer transfers by name.
Second, underground marketplaces online are getting smarter. They’re now decentralized too. No one person is in control. There’s no single computer server to shut down, no dragon’s head to chop off.
Third, it’s harder for police to eavesdrop on criminals, because they now regularly encrypt their conversations. Email, online chats — everything is encoded.
“The speed at which society and crime ‘cyberize’ exceed the speed at which law enforcement can adapt,” the Europol report states.
Digital money
Criminals love using electronic cash. Bitcoin only got popular in 2013, but it already makes up 40% of all criminal-to-criminal payments online, according to Europol.
Bitcoin is also used in 33% of all online extortion cases, such as when hackers lock personal computer files and demand a ransom.
“Although there is no single common currency used by cybercriminals across the EU, it is apparent that Bitcoin may gradually be taking on that role,” the report says.
What’s surprising is that Bitcoin isn’t exactly anonymous. Every transfer is recorded publicly. Attaching a transaction to a name, however, is difficult.
And when they don’t use digital money, criminals rely on other hard-to-trace options. They trade computer viruses with stolen credit cards. They rent out corporate computer servers with prepaid debit cards. They cash out with Western Union wire transfers.
Underground markets
Kill one black market, and the next one pops right up.
In late 2013, the FBI shut down Silk Road, a massive eBay for drugs. Shortly thereafter, someone launched an identical Silk Road 2.0.
It’s been a cat-and-mouse game ever since. The latest major operation was in November 2014, when Europol teamed up with the FBI and took down 33 illegal marketplaces. They arrested 17 people and seized $1.3 million worth of Bitcoin, cash, drugs and gold.
But now police are starting to see marketplaces like OpenBazaar. It’s a peer-to-peer operation, just sellers and buyers. There’s no kingpin to arrest. Europol compares OpenBazaar to BitTorrent, where people trade pirated movies and music.
The fight against OpenBazaar is going just about as well as the fight against illegally copied media (not well).
The best thing going for law enforcement? A lack of honor among thieves. The black market site Sheep Marketplace shut down in 2013 when its founders skipped off with $48 million in customers’ bitcoins. The same thing happened to mega-marketplace Evolution in March of this year, with the site’s operators stealing $12 million.
“Exit scams … create an additional dimension of distrust,” which helps scare some would-be criminals away from online black markets Europol noted.
Private conversations
It’s also easier than ever to disguise conversations. The best smartphones now automatically protect data by encoding it. Devices wipe themselves clean if anyone tries to break in. These features protect consumers but also shield criminals.
“Encryption, anonymization and anti-forensic tools … use of these methods among offenders is no longer the exception but the norm,” the Europol report says.
Cybercrime investigators run into encryption more than 75% of the time. They’ve also seen a noticeable increase in the use of PGP, a method that makes emails unreadable unless you know a passcode.
Breaking encryption isn’t easy. It’s a task better suited to spies than police.
The FBI is currently asking U.S. companies to insert backdoors that give the agency quiet access to people’s private devices (and Sillicon Valley has pushed back hard). European police are not advocating such an aggressive policy — acknowledging that encryption keeps the public safe from hackers.
But Europol is asking politicians and academics to propose solutions.
“The right to privacy is gaining ground at the expense of the right to protection,” Europol says in the report.