Book a demo
Get Trial

Taking off the mask: the new investigative methods within
the darknet

The main advantage of the darknet from the viewpoint of criminals is anonymity. Therefore, the efforts of those who search and aim to stop these criminals are focused on deanonymization, at tearing off these digital masks, and at establishing connections between anonymous Darknet characters and real people.
This is not an easy task but it is not impossible. One of the most striking examples is the ability to identify a specific individual conducting transactions with cryptocurrency and proving that the goods or services were actually paid for or sold by this person. Such cases are still few in number, but investigators do manage to crack them so it is not outside the realms of possibility.

Establishing a connection between Darknet vendors and postal parcel delivery in the real world allows you to arrest drug manufacturers and shut down their online stores. In any case, the key task is to connect the world of the Darknet with their offline identities.
OSINT specialists sometimes avoid the Darknet because the investigative techniques in this environment are not well known and it is really difficult to search and find specific information in the darknet.
You need to look for missing items or clues not only where they are clearly visible, «under the streetlights», but where they are lost or hidden including in the dark.

Some of the search methods in the Darknet are based on the fact that all people, including criminals, sooner or later make mistakes, however small and seemingly insignificant. The story surrounding the closure of the Alphabet marketplace is a great example of this: one of the administrators left his real e-mail visible, which got linked to a PGP key. An open email made it possible to find this person on a forum in the public part of the Internet.

An email could be the key to a whole chain of investigations. The specialists at Social Links have discovered a method that allows you to link a Darknet PGP key to a FB account, based on the found email addresses.

Crafty individuals create a separate email account for registering the PGP key and do not use it for anything else, but even this well-known rule is sometimes violated. It makes sense to specifically study and classify errors made by Darknet users in order to use them to find and establish connections.

A separate difficulty is the collection of evidence in the network in a form suitable for filing in the courts. Compiling the content of web pages should be done in such a way that it is clear when the information was collected, where exactly, and most importantly, judges and experts should have full confidence that the information was not changed or distorted during the collection and storage process.

Collecting such evidence in a large volume and / or regularly constitutes a separate significant problem. It can be solved by automatically archiving web pages according to certain principles and in strictly defined formats. Automatically creating an archive of a Darknet resource will soon be possible using Maltego and Social Links.
The operation of this utility in its trial phase will be demonstrated at our open webinar.
The main part of the webinar will be directly related to investigation technologies in Darkweb, analysis of errors made by users and methods of using such errors to find criminals.
Start your investigation now
Get in touch and get a free consultation on your specific cases
Thank you for reaching out to us!
Please leave your contact details. Social Links team member will contact you back in next 24 hours on business days.