This book series addresses the urgent need to advance knowledge in the fields of cybercrime and cybersecurity. Because the exponential expansion of computer technologies and use of the Internet have greatly increased the access by criminals to people, institutions, and businesses around the globe, the series will be international in scope. It provides a home for cutting-edge long-form research. Further, the series seeks to spur conversation about how traditional criminological theories apply to the online environment. The series welcomes contributions from early career researchers as well as established scholars on a range of topics in the cybercrime and cybersecurity fields.
More information about this series at http://www.palgrave.com/gp/series/14637
The Darknet and Smarter Crime
Methods for Investigating Criminal Entrepreneurs and the Illicit Drug Economy
This Palgrave Macmillan imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Dr. Kimberley Masson whose input has been fundamental to the development and final version of this book and the thinking behind it, and for many more reasons besides.
I would like to thank Liam and Palgrave for giving me the opportunity to write this book and their patience.
My deepest acknowledgements to co-author Peter Scott Reid. Versions of Chapters 9 and 11 were published with him in two journals. Without him, none of the research for this book would have begun.
A version of Chapter 3 was published in the International Journal of Drug Policy and of Chapter 9 in Health, Risk and Society .
Thank you to those who have contributed to the research and thinking behind this book: Alex Voss, Ilia Lvov, Rebecca Hewer, Andreas Zaunseder, Ben Collier, Daniel, Shivina, Fia, Francesca and Amy.
Inspiring authors and guiding lights: Monica Barratt, David Décary-Hétu, Sarah Jamie Lewis. The many contributors to Cryptomarkets Research Hub. Their passion, tenacity and creativity have opened new ground.
In this book, I explain why criminals would benefit from having fewer friends and more acquaintances (the strength of weak ties in cybercriminal networks), why drug dealers are best working in open online spaces (when and why anonymity technologies fail), why cybercrime is sometimes moral (how criminal markets regulate and limits criminal behaviour), why internet scams need helplines (criminals and victims need to obtain expertise), and why more digital engagement means less knowledge (trust interferes with quality signalling).
This book draws on research into illicit online drug markets to examine themes of cybercrime, security, and privacy as well as the changing nature of digital societies and of drug use. Digitally mediated societies share a general problem in common: there is a range of emerging threats towards individuals and societies conducted by organisations and individuals that use digital means as their attack vectors. What these threats are, where they come from, how they are motivated and what to do about them is an area of contention. Citizens, states, non-governmental organisations and private corporations are often at a loss as to how to attribute threats to variously the effect of existing and developing technologies, the enhanced organisational capacity of malicious actors, and the weakness of existing societal institutions and norms. There are concerns about the loss of privacy and autonomy in the face of state surveillance and corporate digital feudalism, the capacity of Artificial Intelligence (AI) to be misused and of technology generally to make harmful actions low cost or costless. At the same time, societies face the creation of ungovernable spaces and the facilitating of terrorism, drug dealing and interpersonal harassment. There is at best limited agreement on what secure digital spaces mean and how safety can be improved without effectively ending liberty. Solutions are often proposed in the technical arena, such as that traceability can substitute for trust.
There are a growing number of conflicts around digital security that combine technical challenges with competing political and public agency priorities. For example, increased online surveillance might mean decreased technical security in cases where it is proposed that encryption is weakened to facilitate law enforcement surveillance. Competing demands are not necessarily reducible to a single concept of what digital security should be, nor can they be dealt with effectively on a purely technical or system level. These differences and disputes highlight the dual nature of the internet. The internet both allows new publics to emerge and also creates opportunities for state and private domination through control of the data infrastructure.
Fear of crime can mislead. The internet has its dangerous spaces, and some lawless spaces, which are not the same thing. The ungoverned and ‘dark’ parts of the internet can be functional and community creating. We can learn from illicit groups and the techniques used by them. Sometimes illicit groups are trying to solve the same problems the rest of us are regarding how to verify and trust information and motives, how to avoid exposure, how to validate the data infrastructure and how to assess risk. Therefore, some of the same tools can be used to assess the extent and intent of illicit activity. It also leads me to question the direction in which the internet and digital culture is changing, towards something more governed and watchful, where principles of personal ownership and control are replaced with those of rental and licensing. As digital societies change, so do the structured opportunities for criminal activity. At the moment, they are changing away from seeking out and exploiting vulnerabilities in the technical infrastructure, and towards making use of the developing social media infrastructure.
Chapter 1 sets out why we should think about criminological risks more in terms of digital crime rather than cyber crime. ‘Cyber’ implies a set of rules and spaces separate from the real. ‘Digital’ shows how embedded the internet infrastructure is with day-to-day life and other systems. This means that costs and risks of crime are distributed more widely throughout society. Work is increasingly distributed through digital platforms designed for the purpose or repurposed from other platforms. This creates opportunities for new forms of work and reward, and risks of exploitation and scamming.
Chapter 2 introduces the main case used in the book: darknet cryptomarkets. Cryptomarkets are one way in which the illicit drug market is mediated through a digital platform. The cryptomarket case is unusual because it is one area where the groups supporting the market control the backend, the front and the content. This is very different from dealers and drug users who arrange deals through social media applications where people meet and communicate such as WeChat, Snapchat or Tinder where they have a much more precarious and contingent position. The benefits lie in the development of an information-driven community of illicit drug users.
Chapter 3 discusses the context of digital drug research. The internet is a fractured place with varying, incompatible structures. The abundance of data is tempting for drug research and it must be tempered by an understanding that the digital is not society, and that there are challenges to social science norms of what makes quality research. Two developments are relevant here. There is the emergence of a citizen science movement that collects and analyses data on digital security, privacy and drug issues. Community members develop effective tools for data collection and analysis. Next, there is the development of a private data infrastructure. The latter is sometimes available to researchers, but is often opaque in terms of how it produces its results. These present opportunities and challenges for digital social science in terms of ethically navigating the data landscape and embedding itself in a community of public science.
Chapter 4 presents cryptomarkets and drug supply chains as political economies. This means understanding how harm and benefits are distributed by processes external to the criminal group or act. The changing global power structure, the emergence of regionally dominant digital payment platforms, the gig economy, the international division of labour and the deformation of the international liberal order all affect how crime is done and where it happens. These changes also affect relationships between states, law enforcement, and citizens and the sphere of criminal activity. They lead much more to semi-licit or semi-criminal activity that is not wholly distinguishable from lawful enterprise.
Chapter 5 examines how drug markets are embedded culturally and institutionally. Digital life has provided new capacities for criminal action and new ways of monitoring and surveilling criminals. In terms of the control infrastructure, it has produced new capacities for law enforcement, security services and private agencies to intervene, coerce and disrupt the activities of criminals and others outwith the normal workings of criminal justice. On the other side, cultures of crime have changed. Successful illicit markets require the creation of mutually intelligible cultural forms and scripts which I outline.
Chapter 6 sets out the different business models present in the cryptomarkets and the basis on which participants are driven towards selecting one over another. The market confers advantages on big players; thus, there is a tendency towards market concentration. Some drug vendors, however, deliberately limit the size of their business. Vendors take on bigger risks when expanding their business. Employing more people, having to deal with larger throughputs and engaging in greater blockchain exposure are all factors pushing people to limit their business size. Therefore, the market logic and the business logic tend to work against each other in many instances. The way in which business and market logics work out point to ways in which crime is structured without being organised. Organised crime implies the existence of a well-organised command system that coordinates different actors. Such mafia-like organisation is relatively rare and tend—even in those cases—to consist of coalitions of convenience rather than hierarchal power. Digital crime, however, does confer a greater ability to coordinate remote actors and resources and increases the power that small groups or individuals have. Different modes of criminal action are created. A botnet—an array of compromised computing devices—can be rented to launch an attack on public infrastructure, potentially creating significant havoc for a small outlay of time and resources. Markets also provide a way in which illicit labour and capital can be coordinated more effectively and help resolve some challenges involved in the economics of criminal activity such as coordination and price setting.
Chapter 7 examines how trust is built between users and the faith that users put into technology. There has been a significant focus on what is called trustless technology, systems that in theory allow users to make agreements enforceable by software. The blockchain used by the bitcoin cryptocurrency is a trustless technology. An core implementation of trustless technology is writing smart contracts with arrangements adjudicated by blockhain software. Venture capitalists have been keen to pour money into this area. This shows a level of faith in computer code to solve problems and allow otherwise distant or uncooperative actors to reach agreement. However, the working of trustless technologies relies on a rich lattice of communicative individuals in order to make it happen. Shared culture and meaning are needed, not only for people to comprehend machines, but for machines to talk to each other.
Chapter 8 develops the theme of faith being put in technology over community to consider the differences between automatic trust systems and drug users’ and vendors’ own judgements when it comes to drug quality. The chapter explores the different kinds of knowledge that are employed to assess and ensure drug quality. Some of this knowledge can be reflected in published market ratings but much has to be developed and shared between users. Drug quality is not a single attribute that can be measured by one metric. It is a multivariate element that changes depending on the purpose for which it is being used and the context in which it is being taken.
Chapter 9 examines the possible benefits that cryptomarkets have for harm reduction. The cryptomarkets are often claimed as promoting transparency about drug quality and therefore benefits both harm reduction in illicit drug use and the establishment of a model for a legalised drug market. To that end, many market players seek to promote a rational, risk-reducing consumer orientation to their actions. This chapter explores the significance for peer-supported harm reduction. As with drug quality, risk and health are not agreed-on standards, but are dependent on how the drug is used. Some users do not seek to reduce their risk to the lowest possible level. Instead harm is expected and anticipated as a ‘necessary’ and even beneficial cost of drug use.
Chapter 10 considers another claimed benefit of cryptomarkets, the feature that is seen as most threatening: anonymity. This chapter argues that anonymity is not the dangerous quality it appears to be. Most malicious activities do not take place using a darknet-provided cloak of anonymity. Communities can benefit from anonymity and pseudonymity. In any case, anonymity is neither an inherent quality of the darknet nor the cryptomarkets. Anonymity must be produced by the user. Even then, anonymity is contingent and temporary. It is contingent on the ability of the user to hide in the crowd, and it is temporary because of the growing capacity for various organisations to de-anonymising using blockchain analysis and other kinds of machine learning and standard investigation techniques.
Chapter 11 concludes by arguing that digital crime is something society is increasingly exposed to and, as such, it is treated as a normal threat. The changing configuration of the digital society is changing the capacity and autonomy of the citizen. Our digital lives are increasingly ‘modded’ by systems that have characteristics governed by the interests of the owner rather than the user (and the ‘owner’ and the ‘user’ are separate). Platforms tell us what we may say, who we may connect with, and assess us on our worth. It could be argued that this is the price of participating in a digital society. It is certainly a price that is being paid however much we may be aware of it while it is happening. In contrast, the most successful criminal markets tend to eschew some of the techno-fixation of wired culture and rely on social interaction to maintain resilience.