5 minute read

Based on the BBC News article "Dark net used by tens of thousands of paedophiles" (2014), one might wonder what "Dark Net" is, and why Police are having such a hard time catching criminals.

To understand "Dark Net" you first need to understand a little bit about how the Internet works. As an example, think about how you are connecting to this blog. Your computer has to have an IP address, that is used as a unique indicator to identify you online. This IP address is normally assigned by your Internet Service Provider. When you want to connect to this blog, you are sending information back-and-fourth from your IP address to the IP address of the server.

This is good, however, whenever I get an IP address to connect to the Internet, everyone else can also connect back to me. It is similar to having a phone number. You need a phone if you want to call someone else's phone, but that means that anyone who finds your number can also call you whether you want them to or not.

The result of this is that when we send information on the Internet, it is possible for other people on the Internet to copy our information. For this reason, many services use different types of encryption to hide the information going from one point to another. Many critical services use (or should use) encryption (like Banks) to protect your information. Because people need to protect their legitimate information - like banking transactions, credit cards, emails, etc. - the Internet has to support mechanisms to protect this information.

Dark Nets
Dark Nets like Tor and FreeNet take advantage of two things that also make the Internet work. First, it uses Public IP addresses to connect other computers that are also running the program. This means that a computer is connected to several other computers on the network.

Once connected with a public IP address, the computers encrypt the connections between all computers. In this way, no one can see what information is being sent between the two computers, this is what we call an encrypted "tunnel".

Then Dark Net usually does two things. First, if there are a lot of computers connected to the network, then they each connect to a few other computers. They use these encrypted tunnels to route traffic through other computers before coming to the final destination.

For example, if I am computer A, and I want to access a resource at computer D, normally I would try to make a direct connection A->D. If police investigate computer D, they can normally find information about computer A directly connecting. Dark Nets (or Onion Routing) would instead use other computers to hide my request. If I am computer A, and want to reach a resource at computer D, a Dark Net may send my request through C, then B, then to D [A->C->B->D]. The next time I make a request, it may change its path [A->B->C->D]. What's more, other computers requests will be coming through MY computer. In this way, it is very difficult to determine if MY computer is making a request, or if it was someone else. And since all this traffic is encrypted, to investigate the traffic you must be in the network. So routing traffic through different computers over encrypted networks can be used to hide information and make it very difficult to determine which computer actually sent the request. These cannot be blocked, otherwise you would also block all the good uses of encryption.

But many Deep Net clients go a step further. When you install a client like FreeNet, it will allocate a part of your hard drive to store data (also encrypted). If every computer on the network gives a small part of their hard drive space, then the network has a lot of distributed storage. This storage can only be accessed if you are inside the encrypted network. This means that people can host blogs, web pages... basically any service they want on this encrypted space. The data will be spread across many computers in many different countries, none of which will know exactly what information they are sharing on this allocated space (since they cannot access it themselves).

What Can Police Do About It?
Now that you know some of the things that Dark Nets do (different networks do different things), why is it such a challenge for Police?

First, consider that cybercrime investigation is a relatively new field. Except for officers that enjoy self-study, most Police update knowledge only when the amount of cases requiring new knowledge get past a certain threshold. Granted, there is just too much to learn - too many types of cybercrime to focus on one area. And Dark Nets (until now) are too difficult a problem with too little return to seriously invest much time in. That being said, people are working on the problem, and other government organizations are also throwing a lot of resources at the problem of crime on Dark Nets.

Another problem is jurisdiction. Police, at most, have jurisdiction only at a national level. Since all governments have budgets, they don't usually investigate other countries' criminals (unless there is some benefit). Since it is difficult to establish where a criminal on a dark net is located, they take a risk of investigating thousands of people that are not in their country, not a citizen, etc, etc (investigation dead-end). This implies not only a waste of time, but a waste of resources - including taxpayer money. Since taxpayers usually want a visible 'return on investment', many forces think it is better to go after the easy cases that can make quick headlines and better statistics.

Establishing reliable information takes time. In most countries that I have worked with, they do not have the ability (or desire) to consistently conduct cyber operations. Working on dark nets requires long term operations and planning that many countries would not be capable of executing.

Countries like the U.S. and U.K. are quite obsessed with the investigation of child exploitation material (rightly so, IMO), but for many other countries it is hardly a consideration. Even if the talk is of protecting children, the resources and planning dedicated to the task reflects how low-priority it actually is.

And finally, hundreds of thousands of pedophiles on news groups, websites, peer to peer networks, chat programs, etc. Indeed, Dark Net is a problem, but it is just one (more) problem. Police have no shortage of pedophile-related cases, and they won't until we take a look at the social problems are causing them. Focusing on one network wont solve the problem, and until that network becomes the primary sharing method it wont be a major focus.