Rihonna Scoggins 

ACFE Community Manager 

The 2023 ACFE Fraud Conference Europe featured a compelling session on "Dark Web Fraud Facilitation," presented by Costel Ion, CFE, regional head of Group Audit Investigations for Germany and EMEA Deutsche Bank. By attending this session, participants could expect to recognize fraud risks stemming from criminal activity on the dark web, identify negative impacts to their organizations and determine how best to monitor and control these risks to prevent and detect fraudulent activity. 

The dark web, often mistakenly referred to as the deep web, is a small collection of websites existing on overlay networks (dark net). It is also known as Onionland, and accessing it requires special software and configurations. The dark web relies heavily on encryption and decentralization (peer-to-peer decentralization) to maintain pseudo-anonymity. 

A staggering 95% of content on onion sites and other dark net sites consists of criminal activity. Illicit dealings on the dark web range from drugs and cybercrime to counterfeit money, child-abuse material, weapons and even hitmen.  

Telegram, a cloud-based messaging app, has become an appealing alternative to traditional dark web platforms. With its default encryption, wider reach and resistance to attacks and disruption, Telegram has emerged as a new dark web frontier. This shift highlights the need for organizations to be vigilant about new platforms that fraudsters may use to conduct their activities. 

The dark web has also facilitated insider trading, with exclusive forums requiring prospective members to share "intel" before gaining access. These forums often demand payment in Monero (XMR) for approved insider posts, with rewards depending on the significance of the shared information. 

Monitoring the dark web is a challenging task due to anti-crawling measures, user authentication, constant changes and an unstable environment. However, it is essential to monitor both the dark web and the surface web to the same extent, employing real-time monitoring and alerting for risk types such as data breaches, brand misuse and domain spoofing. 

To protect your organization from dark web risks, it is crucial to implement user awareness education, proactive threat intelligence and risk management strategies. Utilize automated solutions and manual validation to monitor marketplaces, vendor shops, blogs, forums, chans and paste sites. 

Investigators exploring the dark web can take advantage of a variety of tools and resources to stay informed and safe: 

• DNstats: This website publishes dark web market links, guides and other relevant information. It's essential to keep in mind that the dark web is volatile and unstable, and some sites may disappear within minutes. 

• DarkNetLive: This resource serves as a news site focused on the dark web, offering updates on various markets, recent events and law enforcement busts. 

• Reddit: Specific subreddits, such as /dreadalert, provide updates on the availability of the Dread forum, which is often unstable and prone to going offline. 

• The Hidden Wiki: This site displays links to various dark web resources, with users able to rate links to indicate their relevance or potential as scams. It also indicates if sites are live or down. 

• Forums and Chans: These discussion platforms allow users to exchange information, tips and experiences while navigating the dark web. 

• Paste Sites: Often used for sharing text-based information or code snippets, these sites can be a source of valuable intelligence on criminal activities and trends on the dark web. 

For those inexperienced in navigating the dark web, Costel, the session speaker, advised caution. He emphasized the importance of not clicking on specific links or downloading images or documents, as they may contain malware. If possible, he recommended using a separate computer when conducting investigations on the dark web. 

The dark web presents both significant risks and valuable opportunities for investigators. By understanding the inherent dangers and adopting a cautious approach, investigators can harness the power of the dark web to uncover crucial information and stay one step ahead of fraudsters. It is crucial for investigators to maintain a keen awareness of their digital footprint and take necessary precautions, such as using separate computers and avoiding suspicious links or downloads. In addition, staying up to date on the latest trends, platforms and technologies used by criminals on the dark web can greatly enhance the effectiveness of investigations. 

By carefully exploring the dark web and leveraging its wealth of information, investigators can play a pivotal role in combating fraud and protecting organizations from the ever-evolving threats lurking beneath the surface of the internet.