Why Doesn’t Law Enforcement Shut Down the Underground Economy?
People often wonder why law enforcement doesn’t shut down the underground websites that facilitate cybercrime. On the surface, it does seem a bit strange. After all, the underground has been around for more than a decade. Law enforcement agencies know where these websites are hosted. So, why allow them to continue operating?
Here are three reasons underground sites are still running today.
1. Bullet-proof hosting services
Sure, today’s anonymity networks like TOR make it nearly impossible to figure out where a website is hosted. But these networks are relatively new, and long before they were around fraudsters had to find a way to mask site locations from law enforcement.
Their solution? Host their sites in places where law enforcement can’t touch them. Introducing: bullet-proof hosting services. These hosting services are basically hosting companies created for fraudsters by fraudsters.
Mostly located in Eastern Europe, former CCCP states and other countries that are not that eager to please the West, when these hosting companies get a “takedown” request from a foreign law enforcement agency or security company, they simply throw it away, offering some excuse as to why they can’t shut the illegal site down. Some of these companies even pay bribes to local law enforcement, making them completely untouchable.
And these companies play it smart, too. They have strict rules on what can and can’t be hosted on their sites. Obvious scams such as Phishing attacks and major crimes that can be easily proven to be hosted on their servers (like child pornography), for example, are not allowed on their servers. This way, these companies can ignore takedown requests and provide excuses, retaining a semi-legitimate image.
In essence, law enforcement simply can’t take down sites hosted in bullet-proof hosting services. And today, with the availability of TOR and other anonymity networks, the number of sites that are extremely hard to take down is substantially larger than it was in the past.
Contrary to popular belief, taking down an underground site doesn’t always have positive outcomes. When a site shuts down, its members simply disperse to other existing sites, and new sites are opened to fill the void. For example, with the takedown of Silk Road, other sites quickly popped up to attract Silk Road’s previous user base. With this, shutting down underground sites merely results in the cyber version of whack-a-mole; one site goes away and two more pop up in its place. And every new “mole” becomes more difficult to whack.
Black Market Reloaded quickly popped up to replace Silk Road after the latter was shut down.
Keep in mind, too, that underground sites have varying levels of just how “underground” they are. For example, whether their registration is open or closed, whether their links are easy to find, and whether there’s a strict rule of not publishing their link anywhere. When one site is shut down, the sites that surface to fill the void tend to be deeper underground, making it even more difficult for law enforcement to track their activities.
Sadly, the truth of the matter is that, with the amount of underground sites out there, shutting them down barely has any effect on the day-to-day levels of cybercrime.
A final point to consider when wondering why law enforcement doesn’t shut down underground sites is intelligence gathering.
Of course, law enforcement’s end goal is to put criminals behind bars. But in a world that revolves around monikers and anonymity, it’s even more challenging to gain enough evidence on who the cybercriminal is and what crimes he has committed in order to make an arrest. To that end, underground sites serve as an important resource for law enforcement agencies, and shutting them down doesn’t make much sense.
Yes, these sites do facilitate crime, but, as we’ve already shown, shutting them down wouldn’t have much of an effect. Putting their members behind bars, on the other hand, would.
Psst: Law enforcement does shut down underground sites from time to time!
Let’s not go about our days thinking cybercriminals have it easier than they would otherwise because law enforcement keeps their hands off their sites. In fact, despite how difficult it can be to take down a site, and how useful it may be to keep it running, law enforcement does sometimes shut down underground sites.
Underground sites usually get taken down by law enforcement when it seems there’s little additional intelligence that could be obtained from them, or when all the big players have been arrested. For example, the FBI shut down Silk Road, a major online black market. Silk Road’s owner and operator, Ross Ulbricht, is now behind bars, leaving no reason to keep the site operational. The FBI was also responsible for shutting down multiple credit card stores when the benefit from the shutdown appeared to outweigh the cost. They also shut down several underground forums such as Carders Market, again after its head, Max Butler, had been arrested.
Ross Ulbricht, the man behind Silk Road, is now serving a life sentence.
The FBI isn’t the only law enforcement agency that shuts down sites. The Secret Service shut down the grandfather of all cybercrime boards, ShadowCrew, and the UK’s Metropolitan Police Service’s Police Central e-Crime Unit (back when it was operational) was responsible for the take down of the largest English-speaking forum at the time, Ghost Market.
Law enforcement has also employed some interesting tactics to benefit from underground sites. For example, they turned major cybercrime forum Dark Market into a sting site. An FBI agent was able to get all the way to the site’s top, becoming the administrator and turning the site into a platform for collecting evidence on its many members. Most of these shut downs yielded dozens of arrests worldwide. Arrested fraudsters are often turned against their fraudster friends for a more lenient verdict.
So, while it may not seem intuitive, the underground economy will continue to exist for many years to come. However, you can rest assured that this isn’t because of carelessness or incompetence on the part of law enforcement. It’s simply a strategy to maximize their capabilities in a very complex situation.
Want to see more content like this? Subscribe to get a weekly roundup from BlogDOG.
The LogDog anti-hacking and privacy tool protects the most popular online account types including Gmail, Facebook, and Dropbox by detecting unusual access activity and alerting users so they can take control of their accounts before hackers do.
The service can be used across all devices and OS’s, so you’re always being protected. Here’s the Android and iOS links for you to check out.