How can law enforcement provide a more effective response to crime on the dark web?

DARKNETAs we continue to live more of our day-to-day lives online, criminals continue to focus more of their activities on the virtual world. The arrival of the dark web has made it difficult for law-enforcement officers to detect, monitor and investigate criminal activities.

The dark web provides anonymity and encryption, both of which significantly complicate the processes of identifying suspects and gathering evidence. To gain a better understanding of these challenges, the RAND Corporation and the Police Executive Research Forum (PERF) in the name of the National Institute of Justice (NIJ), held a seminar which brought together a diverse group of professionals and investigators. Their task was to identify, as a matter of urgency, problems and potential solutions relating to evidence from the dark web. Attention focused on developing a research and development programme to improve the understanding and investigation of illicit activities on the dark web. The participants in the seminar identified 46 potential solutions and needs, including better training for law-enforcement agencies, information sharing between all jurisdictions and researches into the loopholes and shortcomings of current dark web legislation

Main conclusions

  • Better training for professionals and information sharing could have a significant impact.
  • There is a lack of knowledge about what the dark web is, and how criminals use it to their advantage.
  • Law-enforcement agencies often overlook physical indications of dark web usage when gathering evidence for criminal investigations. These indicators could include notes on cryptocurrency portfolios, encryption keys or dark-web addresses.
  • The anonymity and encryption provided by the dark web make it extremely difficult for investigators to prove a crime has been committed.


  • Invest in training at all levels, from entry-level professionals to the highest-ranking officers. Lower ranks should know which elements of everyday life could be relevant to an investigation and higher ranks must ensure training courses equip officers and investigators with the necessary skills and knowledge.
  • Invest in improvements to information sharing between agencies, both within the United States and internationally.
  • Consider the advantages of increased investment in cross-organisational structures to facilitate cooperation and information sharing.
  • Encourage organisations to develop new testing standards for forensic tools used to collect evidence from computers that use dark web software.
  • Research the modernisation of legislation surrounding the inspection of elements transmitted by email and similar services in the USA.
  • Investigate the increasingly interconnected nature of offences and criminals to ensure that law-enforcement agencies can focus on both the ‘tip of the iceberg’ (traditional crimes), as well as the less visible but extremely significant portion below the surface (electronic crime), which can affect the health and wellbeing of society.


Aquest apunt en català / Esta entrada en español / Post en français

The homicide rate continues to rise in Mexico

May 2019 ended with another increase in the number of homicides in Mexico(1). With a total of 2,979 (and femicides) this month it is slightly higher than the number corresponding to the same month last year (2975). Therefore, it does not seem that that the major political campaign being applied with the new Guardia Nacional and its mainly ex-military composition have served as a deterrent in this field.

If we do an analysis in terms of semesters, between December 2018 and May  2019, over seventeen thousand five hundred homicides were recorded in the country, a figure that amounts to a new six-month record in recent times. The growth, however, has been uneven. The states with the biggest increase have been: Nuevo León (72%), Tabasco (50,7%), Mexico City (43,2%), Sonora (43,1%) and Morelos (42,5%). States experiencing a decrease in the homicide rate include South Baja California (-78,3%), but it still boasts the highest rate per thousand inhabitants (33,9), Nayarit (-69%) and Guerrero (-30,8%).

In this context, the Government seems to focus everything on the recently created Guardia Nacional. This was introduced via a constitutional reform and has been a source of controversy due to its evident militarisation. The new drafting of the Mexican constitution(1) foresees, in article 20, in an exhaustive manner, that “the Federation will have a police institution of a civil nature known as the Guardia Nacional”. On the other hand, the second transitional provision foresees that the new Guardia Nacional will comprise officers from three different backgrounds: the current federal police force, members of the armed forces, both the army and the navy, meaning that two thirds of its components have a military background, which calls into question its stated civil nature.

If we observe the reality, the surprise is even greater given that the members of the new police force wear military uniforms, are trained in military institutions and their command is also of a military origin. Moreover, members who were formerly in the old Federal Police are publicly undermined in favour of those trained in military institutions. What appears to be the underlying idea is that, faced with the ineffectiveness of civil institutions (the police and public authorities) regarding organised crime and the sustained increase in violence, the only factor that can save the country is discipline and loyalty to the armed forces(1). This takes place within a framework where military involvement has been evident, at least since Felipe Calderón was made President, starting back in 2006, and the number of homicides, rather than go down, has increased continuously and steadily, actually peaking at a historic level during the last semester (December-May).

Although official discourse talks of including social measures to help with the fight against crime, the only evident measure has been the militarisation of the (recently created police force at a constitutional level despite its, in formal terms, civil nature.


[1] Vid.

[1] Vid.


Aquest apunt en català / Esta entrada en español / Post en français

Europol has requested the elimination of internet content in almost 100,000 cases

The German Federal Criminal Police Office–the BKA– has also created a contact office, which has sent almost 6,000 reports since it was created and is in close collaboration with Europol regarding “the contraband of crime”.

The BKA has opened a registration office to eliminate internet content. The German National Unit of Internet Reference has been in operation since October 2018. Since then, the BKA has already sent 5,895 reports with suspicious criminal content to Internet companies.

With the new department, the German government precedes the UE regulation aimed at preventing the spreading of online terrorist content. The legislative proposal was presented by the UE Commission in September 2018. The objective is to adopt the regulation as soon as possible after the election of the new EU parliament.

A central component of the regulation put forward is the very brief term in which Internet companies have to remove content. Furthermore, the Commission demands ​​filters of supplies of already known “terrorist” material, as well as “proactive measures” of the operators to detect this content independently in advance.

The German National Unit of Internet Reference is part of a European network in which each member of the EU has to design a point of contact in accordance with the Regulation. Europol, which has also administered this office in The Hague since 2015, acts as the central headquarters. Since its foundation four years ago, the Europol Unit of Internet Reference has sent 96,166 reports to Internet companies. In 84% of cases, the content or the accounts were disconnected afterwards.

Europol stores all the links, whether they are eliminated or not, in a separate file called “Internet References Management application ” (IRMa). With this application, the police want to detect which batches have been sent to suppliers of Internet services for their elimination, so that a second report is no longer necessary for another authority. The BKA has also been connected to IRMa since 1st January. The audio, video and text files that they have to remove are stored in a separate file “Check the Web” for further investigation.


Aquest apunt en català / Esta entrada en español / Post en français

The homicide rate rises again in Colombia

After a continual fall over seven years regarding homicides, in 2018 there was a setback for murder prevention policies, according to Ministry of Defence figures and from the foundation Ideas for Peace (FIP).

According to a report published by the Ministry of Defence, in 2018 a total of 12,311 people were murdered in Colombia. This means about 500 homicides more than in 2017 when 11,831 people were murdered, about 4% more.

Of the total, 3,780 (30.34%) took place in a rural environment and the rest, 8,678 (69.66%) in urban areas.

The most worrying aspect is that according to official data, only 189 people were arrested and deprived of freedom as authors of a homicide and another 102 were taken to court for having connections with a murder.

To address this increase in homicides, authorities suggest an increase in pressure and control in 4 or 5 municipalities of the Bajo Cauca, Tumaco and “la Comuna 13” of Medellín.  But this strategy of focusing on critical areas contrasts with the report of the FIP which states that although giving priority to some territories is important, other territories cannot be overlooked as they may become areas with a high homicide rate.

Moreover, on the part of the FIP it is considered that the increase in homicides responds to several causes and modalities: the incidence of homicides involving knives, the increase in violent deaths of adults, and the existence of 24 municipalities where only women have died violently, implies a differential response in order to control such a phenomenon.

On the part of another association, the Development and Peace Programmes Network (Prodepaz), the consultant Luis Eduardo Celis believes that the departure of the ex-guerrillas from the FARC from the armed conflict avoided between 500 and 800 homicides a year. But in 2018 multiple causes cropped up:

  • The continuation of the conflict and the illegal incomes dispute, as well as the lack of a rule of law that works all over the territory. There are 150 critical municipalities and zones where the conflict is more intense.
  • The partition of land that affects social leaders and public policies to deal with issues related to conflict and insecurity on the part of the region generated the increase in homicide in Colombia.
  • The lack of public tolerance in order to manage conflict, added to social leaders that supported a peace process that has not achieved the expected results neither in terms of cultivation nor in terms of land restitution.
  • The lack of academic and professional opportunities for the young continues to make the population vulnerable to be drawn into mafias and illegal armed groups.

The Ministry stresses that it is necessary to make steady advances in equity policies, that there are many urban conflicts where security and peace strategies have to focus on each region in order to distinguish its current situation, and finally actions involving peace and coexistence strategies are required.

As Eduardo Celis sees it, in Colombia, there is very strong culture of indifference because of the long-term armed conflict and this has generated a culture-based complicity.

Links of interest


Aquest apunt en català / Esta entrada en español / Post en français

Efforts from different sectors to combat phishing

At the end of March this year, Europol  hosted a joint meeting of the advisory groups of The European Cyber Crime Centre-EC3- about financial services, Internet and communications security suppliers, where they met with representatives of the industry to discuss the cybernetic threat posed by phishing.

Phishing is a persistent cyber criminal threat to data protection, used by everyone, from basic criminals to very sophisticated competitors.

Over the two days, global financial institutions, internet security companies and telecommunications suppliers shared information about the phishing that affects their respective industries and what can be done together with law enforcement agencies to combat this type of cyber crime.

The meetings also relied on basic observations related to phishing and automatic learning and an email service for companies, as well as group debates about possible solutions to this problem. Focusing on operative, technical, awareness-raising solutions, operatives to mitigate phishing, police agents and experts from the industry presented a series of recommendations and conclusions related to what can be done collectively:

  • Improve information exchange between industries, as well as with law enforcement agencies and other organisations from the pertinent public sector.
    • Implement basic concepts of secure authentication, a black list of domains and a blockade of common exploitations.
    • Train and educate users permanently and not as a sole force.
    • Adopt innovation such as automatic learning to automatically detect phishing emails.
    • Regularly review anti-phishing measures to stay up-to-date with criminals that are constantly evolving.

This transversal Europol forum is a unique meeting of assessment groups of security, banking and Internet infrastructures aiming to improve awareness and share the best cyber security practices.

EC3 established the Advisory Groups for Financial Services, Internet Security and Communications Suppliers to encourage trust and cooperation between the main industries of the private sector and police authorities in their joint fight against cyber criminals.


Aquest apunt en català / Esta entrada en español / Post en français

An increase in over-the-telephone fraud

As society evolves, dependence on telecommunications technology is on the increase. Cybernetic criminals take full advantage of electronic devices and continually look for new ways to exploit vulnerabilities and access information. Therefore, cooperation and information exchange between the different police forces and the private sector have become an essential element in the fight against this type of crime.

An example of this collaborationis the joint Cyber-Telecom Crime 2019 report, published byEuropol andTrend Micro. The report offers a general vision of how telecommunications fraud works and serves as a technical guide for groups of interest for the telecommunications industry.

This report reveals that fraud in the field of telecommunications is becoming a low-risk alternative to the traditional financial crime model. Its reduced cost and the increase in the availability of computer piracy teams mean that this type of fraud is on the increase. It is calculated that the cost of fraud in the world of telecommunications is 29,000 million Euros annually.

The main objective of criminals is to access customer or company accounts, where the debt can be generated in the criminal’s favour.
The most common methods can be divided into different categories that range from fraud to highly sophisticated scams:

Vishingcalls–a combination of the words Voice and Phishing–is a telephone scam involving fraudsters deceiving victims into giving their personal, financial and security information or simply forcing them to transfer money to them.

A ring or JapanesWangiri is a telephone scam where criminals deceive victims by dialling special rate numbers. A fraudster sets up a system to dial a long list of random telephone numbers. Each call rings only once and is then hung up, leaving the lost call on the potential victims’ telephones. Often, users see a lost call and, thinking that it is valid, call the number at the fraudulent rate.

– International fraud for the distribution of income has been the most damaging fraud scheme to date. This involves transferring the monetary value of one operator to another, based on trust between telecommunications operators. Fraudsters wait for for records to expire before taking other steps to launder money.

The work team Europol EC3 CyTel, created in 2018, brings together over 70 police experts and global members of the telecommunications industry, with the aim of sharing information, knowledge and experiences and the necessary techniques to combat this type of fraud.


Aquest apunt en català / Esta entrada en español / Post en français

The European Union prepares for possible large-scale cyber attacks

It is no longer unthinkable for a large-scale cyber attack to have serious repercussions on the physical world, paralysing an entire sector or certain sections of society. To prepare for the main cross-border cyber attacks, the European Council has adopted a response protocol to address emergencies in the European Union. This Protocol assigns a central role to the European Cyber Crime Centre(EC3) and is part of the EU plan to provide a coordinated response to incidents and large-scale cross-border cyber security crises.

This Protocol serves as a tool to provide support to police authorities in the EU when giving an immediate response to the main cross-border cybernetic attacks, with a rapid assessment, safe and timely sharing of high-value information and effective coordination of international aspects of investigations.

In 2017, cybernetic attacks without precedent from WannaCry and NotPetya stressed to what point responses caused by incidents and reactions were not enough to effectively address the cyber criminal modus operandi that is evolving very quickly.

The response Protocol to European Union emergencies determines procedures, roles and responsibilities of key actors within the EU and beyond: secure channels of communication and points of contact 24 hours for the exchange of vital information, and with general coordination.

The Protocol details the complementing of current mechanisms for crisis management in the EU with the rationalising of transnational activities and facilitating collaboration with the pertinent European and international actors, taking full advantage of Europol resources. Moreover, it facilitates collaboration with the web and information security community and members of the relevant private sectors.

Only cybernetic security events of a suspicious and criminal nature are within the scope of the Protocol; it does not include incidents or crises caused by a natural disaster, a mistake caused by man or a failure in the system. Therefore, in order to determine the criminal nature of the attack, it is vital that the first reactions involves all the necessary measures to preserve electronic tests that could be found in the computer systems affected by the attack, which are essential for any penal investigation or legal proceeding.

Being an Agency of the EU for cooperation in police matters, Europol is obliged to provide support for member states in order to effectively detect, investigate, interrupt and deter large-scale cyber crime, if it appears to be of a criminal nature.


Aquest apunt en català / Esta entrada en español / Post en français

Europol coordinates an operation against international and illegal trafficking of medication

MedicamentsAn operation carried out by police authorities, the customs and the healthcare community of 16 European countries has meant the apprehension of over 13 million medical doses, with a market valueof over 165 million Euros.

These confiscations are part of the coordinated operation carried out by Europol MISMED 2 against the illegal trafficking of medication across Europe.

The operation directed by the Gendarmerie Française and the Finnish Tulli (customs), with the support of the Intellectual Property Crime Coordinated Coalition(IPC3), MISMED 2 carried out  435 arrests and confiscated articles with an approximate value of 168 million Euros , including 13 million units and 1.8 tons of medication. 24 organised criminal groups were intervened and criminal assets with a value of 3.2 million Euros were retrieved.

These joint actions were carried out over seven months (April-October 2018).

Since the operation began last year, the number of countries that participated in MISMED grew substantially, reflecting the growing commitment of many states to address this threat. With this operation, 7 new countries (Belgium, Bulgaria, Cyprus, Lithuania, Portugal, Serbia andthe Ukraine) have joined the new EU member states (Finland, France, Greece, Hungary, Ireland, Italy, Romania, Spain and theUnited Kingdom).

Misuse of certain medication is a serious and growing problem to be addressed at a European level. Organised criminal groups increasingly engage in this field of crime, as it provides very significant profits for the authors and the risks are relatively low regarding detection and associated penal sanctions.

The latest investigations revealed that trafficking not only involves opioid medication, as it also includes pharmaceutical products used in the treatment of serious illnesses, such as cancer and heart conditions, as well as drugs to enhance performance and image. The number of falsified products on the market is also on the increase, as displayed by the number of medications intervened in the 2018 MISMED edition, representing over half of the 13 million units confiscated.


Aquest apunt en català / Esta entrada en español / Post en français

Cross-border cooperation against international drug trafficking

The National Polish Police Investigation Centre, with the help of the Dutch Police Force and the German Police Force, have identified and closed an important supplier of chemical products intended to manufacture synthetic drugs in the Netherlands.

The cross-border operation, executed thanks to cooperation between the different police forces, was able to intervene tons of chemical products, arrested members of a centre producing medication and closed laboratories producing medicine. Over 300 police officers participated in a day of joint action planned with the support of Europol.

From the start of the investigations, Europol helped Germany, the Netherlands and Poland with their enquiries, while providing analytical and specialised support, as well as organising operational meetings.

The Netherlands police force carried out searches in 17 different localities, arresting seven suspects and closing equipment in three laboratories. They also intervened: over 100 kg MDMA crystals, a dozen or so litres of MDMA compound, 1,000 litres of BMK and 30 litres of PMK (precursors of amphetamines), 67 tons of different non-programmed chemical substances, 4 weapons ready for use and numerous stolen vehicles.

In Poland, the police arrested 8 suspects and confiscated 17 tons of chemical products and 4 kg of amphetamine paste. In Germany, 7 tons of chemical products intended to manufacture synthetic drugs were also confiscated. Some of the codified telephones used by traffickers were also confiscated to continue investigating without ruling out further detentions.

The Polish police had been gathering information about drug traffickers since 2016. During the investigation it was discovered that traffickers were transporting about two tons of chemical products from Poland to different addresses in the south of the Netherlands up to three times a week, to places where synthetic drugs were being produced illegally.

The suspects acquired chemical products legally, like sodium hydroxide, formic acid, phosphate and acetone in Poland. These chemical products can be used for the illegal production of amphetamines, MDMA and methamphetamine. Then, they acquired additional chemical products and stored them temporarily in  Germany.

In April 2018, after a long investigation and the gathering of evidence against the organised crime group mainly active in the Netherlands, Poland and (to a lesser extent) in Germany, the joint police operation was launched. The Dutch, German and Polish police forces carried out searches simultaneously in identified locations, and detained traffickers in the respective countries.

Europol provided direct support to dismantle one of the illegal laboratories discovered in the Netherlands, and also analytical support with a mobile office in Poland.


Aquest apunt en català / Esta entrada en español / Post en français

International operation against the sale of counterfeit goods on Internet

As part of an international operation, the Coalition coordinated by the crime against intellectual property department of Europol (IPC3) confiscated 33,654 names of domains that distribute pirate and falsified online articles.

The websites distribute different product typologies, such as falsified pharmaceutical products, pirate films, television programmes, music, programmes, electronic goods and other fake products. The joint international operation also included the Centre of Coordination of Rights to Intellectual Property in the United States and police authorities from 26 countries, including member states of the EU and third countries, all coordinated by INTERPOL.

• Countries both within the EU and beyond worked together to intervene domains that sold false products.
• Twelve suspects were arrested and accounts with an estimated value of 1 million Euros were intervened.
• The iOS operation, now in its ninth year, was the most successful edition.
The iOS operation is a continuation of a joint global recurring operation, which was launched in 2014 and which, since that time, has greatly increased year after year.

The ninth edition of this worldwide operation in 2018 saw an even larger number of associations involved in combating fake goods, representing owners and police chiefs that participated to facilitate international cooperation and provide support for countries involved in this initiative. This year’s IOS IX operation has experienced a noteworthy increase in comparison with the previous edition, in which 20,520 domain names that sold illegal goods unlawfully online were confiscated.

This is the result of the global focus of Europol to make Internet a more secure place for consumers, and encourage more countries and members of the private sector to participate in this operation and provide references.

As well as the domain names intervened, officials also arrested 12 suspects, blocked operational devices, identified and froze over 1 million Euros in several bank accounts, online payment platforms and a virtual currency bank used by organised crime groups.

Europol, in cooperation with European Union Intellectual Property Office(EUIPO), continues to improve its efforts giving successful support to many top priority investigations related to online crime, providing training related to online investigations and organising lectures about crime against intellectual property.

To continually provide awareness of this growing threat, Europol’s IPC3 launched the campaign Do not F *** (ake) Up”. The campaign informs citizens of the risks of buying fake online products and provides direct advice to help to identify illegal websites that sell counterfeit articles, as well as other means used by counterfeiters, like false social media accounts and false applications.


Aquest apunt en català / Esta entrada en español / Post en français