Detecting and Countering Dark Web Money Laundering Risks

February 1, 2021

Law enforcement agencies around the world are stepping up their efforts to take action against buyers and sellers of illicit drugs, false identification and other illegal activities on dark web global marketplaces. Most recently, 179 people across 6 countries were arrested from the takedown of the seized Wall Street Market. There also have been a number of dark web-related arrests in Canada, including the arrest of a vendor known as “Mr. Hotsauce” who brazenly offered to sell a variety of illegal drugs to customers globally.

So how can financial institutions assist in the detection, prevention and reporting of illicit dark web transactions that may be flowing through their organization?

In this webinar, Joseph Iuso, Executive Director of the Canadian MSB Association and a seasoned Chief Compliance Officer, shares his personal experience in investigating transactions being conducted over the dark web and strategies to unmask criminal enterprises and transactions.

Topics covered include:

  • Common criminal typologies and indicators of dark web affiliation
  • How financial institution can incorporate dark net indicators into AML models
  • Technology and strategies to investigate dark web activities
  • How to use oversight tools, such KYC, EDD and transaction monitoring, to flag and resolve/report suspicious activities

 

Here are the answers to the questions asked during the session.

Q: So, when there’s a transaction happening, do they display the wallet to which the funds are moved?

A: So, they’re now encrypting. So, what they’re asking you to do is, “Here’s an encrypted message using their private key and your public key.” Remember, the first step is to do it for your address. The next is the reverse of that. So, they’ll ask you to take that encrypted message and then use your PGP tool to decrypt it, and that’s where you saw the message with the address and everything. So, they’re not actually displaying it anymore in the website, so it’s another way of obfuscating.

 

Q: Can PGP be used in blockchain tech?

A: Actually, PGP is used in blockchain, or the philosophy of it. Basically, it’s what’s called a public/private key infrastructure. Back in the ’90s, we called it PKI, when everybody was trying to be the certificate authority and stuff like that, but it’s basically a method of you keeping your private key. So, if you think about crypto, you have your own private key, and then you publish a public key to send the money to. And then, you use your private key to sign and send stuff out or receive things in. So, it’s just what they call pretty good privacy, and it’s one of the core concepts that are used in crypto currencies as well.

 

Q: If they use this messaging, where they can send a BTC directly to the BTC address, how does escrow come into play?

A: So, that’s a great question. So, that address that you’re sending to when you’re in a dark net site, is actually the address of the dark net operator, so he’s acting as the escrow service. And then, once the transaction is done, the dark net operator takes his fee and releases the funds to the seller, right, to another Bitcoin address. So, the address that you’re actually seeing in the dark net marketplace is not that of the seller. You’re seeing the address of the escrow service that’s run by the dark net operator.

 

Q: Is there a way to rate dark websites by their risk level and use AI to inform the different crypto issuers, coins, of the risks?” So, if the site sells drugs and it would be considered a high-risk site, and if a person tries to use Bitcoin to buy from the site, the coin would not work because this site is high-risk. So, in this case, the issuer would have to verify the activity and unblock the transaction or simply not allow it.

A: So, that’s an interesting question. I don’t know if you need AI yet, although that would be a pretty interesting concept. But most of those chain tools have rules in them and the rules that you could set to say, “If you see like $100… For example, chain analysis, if you see a dark net direct transfer and it’s $100 or less, mark it as medium. If you see a dark net address that’s an identified dark net service, meaning they have an actual name, and it’s over $500, make it high.” And then, when the exchange actually goes to send it, they first test the address to see if it’s already in that high-risk, and if it is, then it’s up to the exchange to determine, “Okay, do we stop it or do we let it go through?”

So, those tools are very effective, not only in investigating. They’re also good at blocking, so they sort of solve that problem in the sense of, you’re able to check first, before you send it, to see if that’s an identified dark net address. And then, you can have different risk levels based on amount and the type of dark net, and stuff like that. So, it’s out there. I don’t know if there’s a need for AI, though, yet. I’d have to think about that.

 

Q: How is it that, these dark net sites are allowed to operate if there’s so much illicit activity happening?

A: It’s not that they’re allowed to operate. It’s because the Tor net, which was created by the U.S. government, by the way, is so strategically designed to obfuscate where the actual website or hosting service is. So, if you think about… And that’s why they call it an onion. If you think about an onion, it’s got multiple layers. You keep peeling back the layers, and every time you do, you’re crying. And the Tor net works sort of the same thing. It’s lots and lots of layers. So, you may click on a button and it goes through this path, and then you click on another button and it goes through another path. So, the Tor net is inherently designed to obfuscate the two end points, so it’s very hard to track where things came from and where they’re going.

 

Q: When the German man got caught, were they able to get all the 500,000 people as well, or at least the names?

A: They haven’t said anything, but if they’ve identified 500,000 people, they’ve probably identified 500,000 handles and accounts, and maybe IP addresses, because how would you know there’s 500,000 if you don’t even actually have the server. And that’s the part about that German guy. He had hundreds of those sites, and the law enforcement’s going to have its field day for the next couple of years just sifting through that data and finding all the people, and charging the big ones, or even launching other investigations. So, I think this year will be the year where a lot of dark nets are going to get caught, especially from this takedown.

 

Q: If they are able to identify the individuals, would they be identified in any of the third-party lists as someone who uses dark web or dark net services?

A: That’s an interesting thing. I think that’s one of the reasons why the regulators want the travel rule enforced, coming in June 1st, because right now, there’s no way to identify a wallet address to a person except through some sort of investigation or request through an exchange. Otherwise, you can’t tell who owns what address. So, they’ll probably have a link to an address, to a handle, but then that handle’s probably got a private email address, and that private email address is protected by some service provider that doesn’t give out that kind of information because they’re in a jurisdiction that doesn’t do that.

But I’m sure there’s ways that they might entrap them, or anything like that, but I’m not a law enforcement person, so I don’t know exactly what they do with the information once they get it. I’m more of just, pass the information, find it interesting, and see what I can get. But those criminal cases give you some insights into that.

 

Try Alessa