logo Cybercrime
Contact Us

Darknet Cybercrime
Threats to
Southeast Asia

2020

An introductory analysis of darknet-enabled threats against Southeast Asian countries

About the report

By Jeremy Douglas Regional Representative, Southeast Asia and the Pacific and Neil J. Walsh Chief, Cybercrime and Anti-Money Laundering Section

The United Nations Office on Drugs and Crime (UNODC) is proud to present this introductory analysis of darknet-enabled threats against Southeast Asian countries, which has been made possible through strong partnerships with global and regional law enforcement and justice authorities, together with private industry and academia. The report was produced thanks to kind voluntary funding from the Government of Japan.

This report assesses the Darkweb from user, criminal and law enforcement perspectives with a particular focus on cybercriminality targeted at Southeast Asian countries. Darknets (i.e. networks on the Darkweb) provide the ideal environment for a wide range of criminal activities. Just as new threats appear on the Clearnet (i.e. the regular Internet), darknets can facilitate similar attacks that provide perpetrators with a greater degree of anonymity. This anonymity makes investigation and prevention more challenging, but still possible.

Key findings

THERE IS A PAUCITY OF RELIABLE DATA REGARDING DARKNET-ENABLED CRIME IN SOUTHEAST ASIA

There is little evidence that countering darknet-enabled cybercrime is a policy or operational priority in the region. Consequently, there is an overall lack of consistent, quantitative and qualitative data upon which analyses can be drawn. This leads to a self-perpetuating cycle of policy gaps which limit law enforcement threat-recognition, prioritisation and resource mobilisation. Of greater concern, this creates opportunities for criminal exploitation with little recourse for victims.

DARKNET CYBERCRIME IS BELIEVED TO BE INCREASING IN SOUTHEAST ASIA

An increasing number of criminals in Southeast Asia are likely to be using the Tor darknet to engage in the full range of illicit activities available on the Darkweb. This includes the buying and selling of drugs, cybercrime toolkits, fake passports, fake currency, online child sexual exploitation material, stolen credit card details and personally identifiable information from breaches.

SOUTHEAST ASIAN LANGUAGES AND DIALECTS ON THE DARKWEB VARY OVER TIME

English is the primary working language for cybercrime on the Darkweb, although locally originated content in Southeast Asian languages is becoming a variable. There is, therefore, a customer base. And while this suggests a diversified cybercrime threat, it also creates the opportunity for proportionate, legal, accountable and necessary law enforcement infiltration and prevention activities that will require clear and robust legislative and human rights oversight frameworks.

CRYPTOCURRENCIES ARE THE PAYMENT METHOD OF CHOICE

Cryptocurrencies are the leading payment method on darknets. Cryptocurrencies and related laundering services are evolving as criminals seek to move towards more privacy-preserving currencies. Bitcoin remains the primary tool to exchange crypto to fiat (currency issued by a country). This presents policy, legislative and investigative opportunities. States are encouraged to engage with UNODC, the Financial Action Task Force (FATF) and industry to counter the threat posed by virtual-asset-based illicit financial flows and money laundering.

MOST LAW ENFORCEMENT DARKWEB OPERATIONS ORIGINATE INTERNATIONALLY. LOCAL CAPABILITY IS LIMITED

Although there have been law enforcement operations targeting darknet cybercrime in Southeast Asia, these operations are the result of international investigations initiated outside of the region, with only a small number of cases originating within the region itself. Cybercriminals are likely to perceive Southeast Asia as a relatively low-risk/high-gain operational environment as the likelihood of detection is relatively low. Prevention campaigns can have an impact.

The effects of cybercrime can ripple through societies around the world, highlighting the need to mount an urgent, dynamic and international response.

Recommendations

STATES SHOULD INCREASE SPECIALIST DARKNET POLICY AND OPERATIONAL CAPACITY

Each Southeast Asian country must increase specialist political, policy and operational knowledge regarding darknet networks, services, cryptocurrency investigations and intelligence gathering. This will increase national security, international cooperation and confidence building in preventive cyber-diplomacy.

A MINISTERIAL OR AMBASSADORIAL LEAD ON CYBER AFFAIRS, SUPPORTED BY SPECIALISED LAW ENFORCEMENT CAPACITY, IS ESSENTIAL

Law enforcement darknet operations require highly trained and specialised officers. These officers must have a strong understanding of law, the Internet, human rights, privacy, communication technologies, cryptocurrencies, encryption and anonymising techniques, including specialist investigative skills. Beyond the tactical capability, a Ministerial or Cyber Ambassadorial lead is required on all cyber affairs. This ensures cross-government policy coherence and the necessary mechanism for law enforcers to seek political oversight, challenge or support, for new methods of operating.

STATES SHOULD DISRUPT ASSOCIATED ILLICIT PARCEL DELIVERY AND TAKE A PROACTIVE MEDIA APPROACH

Darknet markets result in the sale of physical goods, such as drugs and weapons. Increasing local capacity and cross-border cooperation for detecting illicit parcels will disrupt the flow of illegal goods, as well as psychologically undermining the reputation of market sellers.

APPLY CRYPTOCURRENCY (VIRTUAL ASSET) POLICY AND REGULATIONS

The regulation of cryptocurrency users and exchanges, especially employing the FATF virtual assets risk-based approach guidelines, will significantly assist in reducing the anonymous transfer of funds.

CREATE A REGIONAL COUNTER-DARKNET CYBERCRIME STRATEGY

A plan and a regional strategy should be created for cooperation and response in conjunction with ASEAN Senior Officials Meeting on Transnational Crime (SOMTC) and other stakeholders.

CONTINUE RESEARCH

Cultivate local capabilities within the public, private and academic sectors to encourage continued research on darknet technologies, policies and investigation techniques which are proportionate, legal, accountable and necessary within a broad Human Rights framework.

Darknets in Southeast Asia

In Southeast Asia, the general public have mainly heard about the Darkweb on the news and through social media. It is assessed that only a minority have used it personally (see “Darknet Use in Southeast Asia” in Appendices). Even on the news, the Darkweb is generally not discussed in any great detail, with most stories relating to the arrest of cybercriminals who have used the Darkweb in some way.

Darkweb-related arrests in Southeast Asia have helped focus attention on how transnational organised crime groups and syndicates operate in the region. Illegal transactions are typically cross-border, emphasising the need for international cooperation, interoperability, and a mutual understanding of the threat. To help detect, investigate, prosecute and prevent this type of cybercrime, capacity building in law enforcement is vital.

Criminals seek to remain anonymous by hiding their operations and identity using technical methods such as encryption, and non-technical means such as communicating in English instead of their native tongue. Based on their communication alone, it is challenging to identify the whereabouts of specific perpetrators as many of the largest Darkweb marketplaces offer services and products worldwide.

Encryption: the process of encoding information into an alternative form that can only be ‛decrypted‘ by authorised individuals that possess the decryption key.

How darknet markets work

Source: Adapted from evidence entered into the record of Ross Ulbricht›s federal trial in the U.S. Southern District Court of New York, depicting a flowchart of Silk Road›s payment system, as envisioned by the U.S. Government.

Essential elements of darknet markets

An anonymous marketplace or darknet market needs four components to operate:

  • 1
    An anonymous, censor-resistant platform to operate from, e.g. an onion website.
  • 2
    An online (semi-) anonymous monetary system, i.e. Bitcoin.
  • 3
    An escrow payment system (internal escrow accounting).
  • 4
    Reputation and feedback (transparent reputation metric).

Cryptocurrencies

Fast facts

  • A cryptocurrency is a form of virtual asset based on a network that is distributed across a large number of computers. This decentralised structure allows them to exist outside the control of governments and central authorities.
  • Some of the cryptography used in cryptocurrency today was originally developed for military applications. At one point, governments wanted to put controls on cryptography, but the right for civilians to use it was secured on grounds of freedom of speech.
  • ‘Blockchains’ (organisational methods for ensuring the integrity of transactional data) are an essential component of many cryptocurrencies. Many experts believe that blockchain and related technology will disrupt many industries in the future, including finance and law.
  • Cryptocurrencies face criticism for a number of reasons, i.e. their use for illegal activities, exchange rate volatility, and vulnerabilities of the infrastructure underlying them. However, they are also praised for their portability, divisibility, inflation resistance, and transparency.
  • The first blockchain-based cryptocurrency was Bitcoin which still remains the most popular and most valuable. As of Nov. 2019, there were over 18 million bitcoins in circulation with a total market value of around US$146 billion.
  • Today, the aggregate value of all the cryptocurrencies in existence is around US$214 billion—Bitcoin currently represents more than 68% of the total value.

Cryptocurrencies

Cyberattack: the deliberate exploitation of computer systems and networks to take over or cause damage to a victim.

Source: Adapted from The Cyber Kill Chain® developed by Lockheed Martin.

Conclusion

While there is a paucity of data regarding Darkweb criminality targeting, and originating from, Southeast Asia, available information reveals that it does exist and is likely to grow in breadth and depth in the near-term. At the same time, COVID-19 has clearly confirmed that criminals will evolve their business models at pace in order to continue to make the greatest possible profit. States too must be enabled to rapidly assess, analyse and redirect operational resources to respond to evolving cyber threats.

It is essential that Southeast Asian countries take individual responsibility to address the overall political and policy issues raised in countering darknet cybercrime, but that they also invest rapidly in upskilling their criminal justice agencies. Darknet cybercrime is no longer an “unknown unknown” and requires dedication, expertise, specialist mentoring and financial resources to build the capabilities which will counter the threat. UNODC remains committed to supporting Southeast Asia with this vital work.