Darknet Cybercrime Threats to Southeast Asia 2020 Copyright © 2020, United Nations Office on Drugs and Crime (UNODC)
Total Page:16
File Type:pdf, Size:1020Kb
Darknet Cybercrime Threats to Southeast Asia 2020 Copyright © 2020, United Nations Office on Drugs and Crime (UNODC). This publication may be reproduced in whole or in part and in any form for educational or non-profit purposes without special permission from the copyright holder, provided acknowledgement of the source is made. UNODC would appreciate receiving a copy of any publication that uses this publication as a source. Disclaimer This report has not been formally edited. The contents of this publication do not necessarily reflect the views or policies of UNODC, Member States, or contributory organizations, and neither do they imply any endorsement. The designations employed and the presentation of the material in this publication do not imply the expression of any opinion whatsoever on the part of UNODC or the Secretariat of the United Nations concerning the legal status of any country, territory, city or area or of its authorities, or concerning the delimitation of its frontiers or boundaries. Darknet Cybercrime Threats to Southeast Asia Foreword The United Nations Office on Drugs and response. There is an absolute need for a Crime (UNODC) is proud to present this ministerial lead on cyber affairs, in each introductory analysis of darknet-enabled country, to ensure that law enforcers receive threats against Southeast Asian countries, necessary political support to undertake the which has been made possible through most challenging operations. strong partnerships with global and regional law enforcement and justice authorities, Many criminal activities conducted over together with private industry and academia. darknets are predictable and preventable. The report was produced thanks to kind UNODC and its partners work hard to voluntary funding from the Government of address these challenges by supporting and Japan. encouraging policy development, research, training and capacity building support in This report assesses the Darkweb from user, Southeast Asia. criminal and law enforcement perspectives with a particular focus on cybercriminality Awareness is fundamental for addressing targeted at Southeast Asian countries. cybercrime. Given, however, the challenges Darknets (i.e. networks on the Darkweb) posed by darknets, stakeholders must provide the ideal environment for a wide increase their commitment and cooperation range of criminal activities. Just as new to developing policy, sharing intelligence threats appear on the Clearnet (i.e. the regular and enhancing international cooperation to Internet), darknets can facilitate similar counter darknet crime nationally, regionally attacks that provide perpetrators with a and internationally. greater degree of anonymity. This anonymity makes investigation and prevention more This UNODC analysis will inform challenging, but still possible. policymakers in Southeast Asia, including through the annual Senior Officials Meeting There has been a consistent increase in on Transnational Crime (SOMTC), as well darknet and Darkweb usage, both for as supporting law enforcement and judicial legitimate and illegitimate reasons, whilst cooperation, and providing opportunities for the COVID-19 pandemic also appears to darknet-focused crime prevention. have given rise to darknet cybercrime, including by criminals with no previous cyber Jeremy Douglas experience. Despite this, there is an overall Regional Representative, paucity of darknet criminality data specific Southeast Asia and the Pacific to Southeast Asia. There is little prioritisation of darknet criminality in the region, either in Neil J. Walsh policy or practice. This creates risk from the Chief, Cybercrime and Anti-Money criminality itself, which is compounded by the Laundering Section limited political, policy and law enforcement i Darknet Cybercrime Threats to Southeast Asia ii Darknet Cybercrime Threats to Southeast Asia Contents Foreword i Acknowledgements iv Abbreviations v Executive summary 1 Key findings 3 Recommendations 4 Introduction 5 Aim 5 Methodology 5 Darknets and the Darkweb 7 The Darkweb and cybercrime 12 Darknets in Southeast Asia 14 Context 14 Success: a patchwork response? 15 Triaging the highest risk international offenders: live-streaming 16 Profit and loss 16 The impact of COVID-19 17 Darkweb structure and crime areas: a deeper dive 18 A. Illicit marketplaces 18 B. Cryptocurrencies 20 C. Illicit products and services 24 Conclusion 33 Appendices 34 A1: Darknet use in Southeast Asian countries 34 A2: Darkweb technical analysis 41 A3: Technical analysis results 41 Glossary 45 References 52 iii Darknet Cybercrime Threats to Southeast Asia Acknowledgements UNODC thanks the Governments of Southeast Asia – Brunei Darussalam, Cambodia, Indonesia, Lao People’s Democratic Republic, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam for their support throughout the development of this report. Preparation of this report would not have been possible without their assistance. UNODC gratefully acknowledges the financial contribution of the Government of Japan which enabled this research. This study was conducted by the UNODC Global Program on Cybercrime through its regional component based in the Regional Office for Southeast Asia and the Pacific (ROSEAP). Supervision Jeremy Douglas, Regional Representative, Southeast Asia and the Pacific. Neil J. Walsh, Chief, Cybercrime and Anti-Money Laundering Section. Core team Alexandru Caciuloiu (coordination, analysis, review and drafting) Pawinee (Ann) Parnitudom (data collection) Mikko Niemelae, Joshua James (analysis and drafting) Juha Nurmi, (research and data) Praphaphorn Tamarpirat (administrative and logistical support) This report also benefited from the valuable input of many UNODC staff members and external experts and organizations who reviewed or contributed to various sections of the report, including, Live Brenna, Kamola Ibragimova and Himal Ojha. iv Darknet Cybercrime Threats to Southeast Asia Abbreviations APT Advanced Persistent Threat ASEAN Association of Southeast Asian Nations ATM Automated Teller Machine CaaS Crime/Cybercrime-as-a-Service CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart CSE Child Sexual Exploitation CSEM Child Sexual Exploitation Material DoS Denial of Service DDoS Distributed Denial of Service FATF Financial Action Task Force IP Internet Protocol IRC Internet Relay Chat MaaS Malware-as-a-Service NCMEC National Center for Missing & Exploited Children OCSE Online Child Sexual Exploitation PGP Pretty Good Privacy PoS Point of Sale RaaS Ransomware-as-a-Service SOMTC Senior Officials Meeting on Transnational Crime Tor The Onion Router UNODC United Nations Office on Drugs and Crime 12P Invisible Internet Project v Darknet Cybercrime Threats to Southeast Asia The Price of Crime on the Darkweb DDOS attack Ransomware from $50 Trojans from a day $490 Hacking Stolen credit website from card number $150 from $9 Password stealing Stolen payment malware from data from $150 $270 Targeted Hacking email attack from from $40 $490 Source: Positive Technologies https://www.ptsecurity.com/ww-en/analytics/darkweb-2018/ vi Darknet Cybercrime Threats to Southeast Asia Executive summary People from all Southeast Asian countries use which drives a wide range of cyberattacks and darknets, the most popular being The Onion cybercrime. It is this leaked data that often leads to Router, more commonly referred to as Tor. attacks such as specific victim targeting, phishing, Although it is possible to provide a rough estimate fake invoicing, credit card theft, impersonation and of the number of darknet users in a country, it is selling confidential documents. not feasible to precisely identify their reasons for using darknets. Salient motivating factors appear The number of marketplaces in the Tor network to be the protection of privacy and circumventing has increased from one in 2011 to 118 in 2019. online censorship in addition to those who commit There has also been a large increase in the number cybercrimes. Cybercriminal use of darknets and variety of products for sale. For example, and the Darkweb (i.e. all the hosted content on the number of unique products available on the darknets) varies. For some it is a springboard to popular Darkweb marketplace, Valhalla, increased launch cyberattacks, for others it is a place to from 5,000 in 2015 to 13,000 in 2018. access illicit products and services, whilst for others it is a place that provides legitimate privacy Products available include drugs (including and anonymity from corporations who are tracking cocaine, heroin, and opioids), firearms and and using their personal data. ammunition, hacking tools and services, and a wide variety of other products. Some marketplaces also There is little evidence that countering darknet- specialize in the trade of payment card information enabled cybercrime is a policy or operational priority and counterfeit documents. in the region. Consequently, there is an overall lack of consistent, quantitative, and qualitative data The UNODC World Drug Report 20191 estimates that upon which analyses can be drawn. This leads to people who purchased drugs over the Darkweb a self-perpetuating cycle of policy gaps which limit doubled from 4.7 per cent in January 2014 to 10.7 law enforcement threat-recognition, prioritization per cent in January 2019. The purchase of drugs and resource mobilization. Of greater concern, this over the Darkweb is still a recent phenomenon creates opportunities for criminal exploitation with with nearly half of those