Myth #05: Cybercriminals go free.
Amadeus Peters

Myth: Anonymity on the Internet is highly valued by criminals. To hide their identity they use anonymizers like the Tor browser, which also allows access to the darknet, and they ask to be paid in cryptocurrencies like Bitcoin. This makes it impossible for the police to catch cybercriminals.

 

Busted: Even though there are many good tools to disguise one’s identity, law enforcement agencies worldwide have caught many cybercriminals with low and high profiles. This also applies to customers, traders and platform administrators of darknet markets (#17), where drugs, counterfeit money, and weapons are traded like on Amazon.

A particularly good example is the multinational police operation “Bayonet” in 2017. The Dutch police received a tip from a company that had stumbled upon a server that was used to test a new feature for the darknet website Hansa. Hansa was the world’s third-largest darknet market at the time. The Dutch police monitored the connections established with the server and was thereby able to identify the server hosting the actual Hansa website. They secretly made a copy of the stored data and found very old chat logs with the real names of administrators.

For unknown reasons, the website was quickly moved to new unknown servers. The new hosting provider who had been identified in the data collected on the previous server was paid with Bitcoins. Since the transactions in the Bitcoin blockchain are public, the payments could be tracked until the bitcoins were exchanged into euros. The Bitcoin exchange then disclosed their customer, the new hosting provider, upon request.

The German police arrested the administrators, while the Dutch police secretly took control of the Hansa website and police officers pretended to be the administrators. The Dutch police made changes to the encrypted communications between customers and dealers, providing them with 10,000 delivery addresses. Simulating technical issues, they had all dealers re-upload product images to get the geolocations stored in the metadata, which put them on the trail of 50 sellers. In addition, they tricked 64 sellers into opening a file that would reveal their real IP address. After having collected all that data, the website was closed down and the police started prosecuting customers and dealers.

This example shows how law enforcement agencies can not only overcome anonymity but also benefit from it. Furthermore, to receive goods or money paid out in a conventional currency one has to leave the virtual world and thus relinquish anonymity at some point.

 

Truth: Cybercriminals get caught despite anonymization tools because human error and random events – which can provide the crucial clues to overcome anonymity – cannot be ruled out. Additionally, many popular cryptocurrencies do not anonymize transactions, but only pseudonymize them, allowing money flows to be analyzed and tracked. This allows police services to make arrests in the real world.

 


Source: Y. Danny Huang et al., Tracking Ransomware End-to-end, IEEE Symposium on Security and Privacy (2018), https://ieeexplore.ieee.org/document/8418627; Jonathan Lusthaus, Industry of Anonymity (Cambridge, MA: Harvard University Press, 2018).