Home Secretary Amber Rudd has announced a £9m fund to crack-down on criminality on the dark web, with £5m devoted to local cyber crime units.
The money, pulled from a previously announced £50m pot for the Home Office to improve the UK’s cyber defences, will ‘enhance’ law enforcement’s response to criminals who ‘exploit the anonymity of the dark web’.
Due to this ease of anonymity, the dark web is often a place for trading drugs, guns and child abuse images. Rudd describes it as a “dark and dangerous place where anonymity emboldens people to break the law in the most horrifying of ways”, but what do experts from the UK tech scene think of her announcement?
Is the money enough?
Ross Rustici, senior director, intelligence services at Cybereason, said the money is not enough: “It isn’t £9m to start dealing with this issue, it is £9m to focus on a very specific task. Is it enough? No. Is it better than what they have now? Yes.
“There is no amount of money that will solve this issue. It is transnational and ever evolving,” he added.
Rudd divulged the extent of the issue in the UK, stating that the nation has faced 49 cyber incidents related to Russian actors in recent times.
Exactly how Rudd will use this money to clean up the dark web and help law enforcement officers to catch criminals has not been disclosed for ‘operational reasons’. Rustici has some ideas.
“Getting more beat police officers involved will help with the low level cyber crime, which, in turn will free up resources to go after harder problems,” he said.
Matt Walmsley, EMEA director at Vectra, agrees that supporting law enforcement is important, but like Rustici doesn’t think the monetary pledge is enough. “Giving police additional resources to investigate and bring cybercriminals to justice is a laudable goal, but £5m alone isn’t going to scratch the surface.
“Even if you get over the significant barriers of accurate attribution of the cybercrime, it’s more than likely the suspects will be outside of UK legal reach, and so challenging to bring to justice,” he added.
‘Lack’ of strategy
Rustici also has doubts in regards to Rudd’s strategy and desire to eliminate the “keyboard warriors”.
“Black markets on the dark web is less of a hydra problem than one might expect. Fundamentally, the market places have to operate on a basis of trust. If criminals don’t believe that they are anonymous while conducting the illegal activity they are unlikely to conduct it in that forum.”
Rustici went on to mention the take down of Alpha Bay and how, if Interpol/Europol can take down a few more of the major markets, the ones that replace them will be less robust and trafficked.
Essentially, removing the platform won’t eliminate the crimes.
“This doesn’t solve the problem, but it increases the cost of conducting the illegal activity which will hopefully serve as another deterrent,” Rustici added.
On the contrary, Gerhard Giese, security solutions engineering manager, Akamai Technologies, feels that this is an important problem to tackle.
“Whilst the dark web has many sides, and not all of them are bad, a growing use is as an ecommerce platform for criminals to shop around for the tools they need to commit cybercrime. Even those with fairly low technical skills are now able to buy pre-configured apps to attack businesses as well as individual consumers.”
Giese goes on to describe the state of play on the dark web: “By visiting other pages on the dark web, they can then simply and cheaply acquire stolen log-in credentials that someone else has collated – or even rent a botnet that someone else has built. Most people would be amazed at how little this costs: your bank details might sell for just a couple of pounds.”
The fact that most poeple could access the software needed to use the dark web, it can actually facilitate crime, Giese says. “Most criminals lack the technical wherewithal to create the code they need to launch an attack but, if they can get that cheaply and easily on the dark web, then anyone can become a cybercriminal.”
Whilst the criminality of the dark web is apparent, Walmsley casts Rudd’s announcement as more smoke and mirrors than pushing for actual change.
“Talking of cleaning up the dark web is more political rhetoric rather than practical reality,” he said.
“If the government seeks to impose UK access controls to the dark web, then aside from technical workarounds for the more online savvy, we’re going to be reopening the net-neutrality debate.”
He goes on to say that investments in the UK’s own cyber defences are still extremely welcome. “However, ultimately UK organisations can’t rely on legislation, policing, or the government to minimise their cyber risk, instead they need to take direct ownership,” he countered. Rudd herself did state, according to the BBC, that she expects businesses to protect themselves online as much as they would from burglary with locks, alarms and security guards in shops.
Yet with nearly seven in 10 businesses have been affected by cyber crime, according to Rudd herself, this is quite a big ask, Walmsley said. “It’s tough for UK organisations as they have limited time, and finite human and technical resources and capabilities with which to protect themselves.
“Artificial intelligence can now bear the load of automated threat hunting, which empowers human security analysts and allows them to prioritise responding to real threats,” he added.
No one can say for sure whether this new funding boost will suffice and help permeate the deep, dark web and the crimes that take place, but it is certain that the money alone is no use to companies’ who are being urged to protect themselves.