Bureau-wide cybercrime strategy would be more efficient, audit concludes

The FBI should establish a “formalized bureau-wide dark web strategy” to address operational shortcomings in how it tackles illegal darknet activities, a Department of Justice (DoJ) audit has recommended.

The DoJ’s Office of the Inspector General (OIG) concluded that the status quo – whereby FBI units involved in dark web investigations develop their own strategies in isolation – led to inefficiencies, overlaps in remit, and misallocated resources.

Following the audit (PDF), the OIG has issued five recommendations that should clarify “investigative responsibilities among operational units, lead to more efficient and cost effective approaches to investigative tool development and acquisition, provide strategic continuity during periods of turnover, and provide baseline data collection guidelines that will enable the FBI to better report its dark web accomplishments.”

Investigative shortcomings

Highlighting the urgency of the proposals, the redacted report said that darknet marketplaces used to sell and distribute malware, data breach records, drugs, firearms, and child sexual abuse material are “one of the greatest impediments to [the bureau’s] efforts to disrupt cybercriminal activities”.

The OIG found that operational units’ siloed strategies had “varying degrees of comprehensiveness” and some were not even documented, with the Hi-Tech Organized Crime Unit’s strategy for pursuing opioid traffickers credited as “the most comprehensive”.


RECOMMENDED Tor security: Everything you need to know about the anonymity network


The Hi-Tech Organized Crime Unit and Major Cyber Crimes Unit, meanwhile, had “overlapping strategies” that could lead to “redundancies, inefficiencies, or investigative assignments that are not properly aligned with skillsets, capabilities, tools, and resources”.

The OIG also noted that the Remote Operations Unit’s efforts to develop and acquire investigative tools had been hamstrung by budgetary cuts, and that the team had prioritized tools used for national security investigations, leaving operational units “without a mechanism” for pooling technologies used for dark web investigations.

Deconfliction

The failure of FBI officials to consistently log data gathered during investigations could lead to investigative inefficiencies “or even the misidentification [among anonymous darknet actors] of other government operations as criminal”, said the report.

Of data items tested by the OIG, only 47% had been entered into the DoJ’s investigation deconfliction system, used by law enforcement agencies to “ensure agent safety, preserve the integrity of ongoing investigations, and to identify targets of common investigative interest”.


Read more of the latest dark web security news


As for the cryptocurrency support strategy currently under evaluation by the agency, this “should be done in concert” with the wider strategy in order to help the FBI’s two cryptocurrency-focused teams better prioritize resources.

Finally, a harmonized strategy would remedy the “decentralization and compartmentalization” of the bureau’s dark web training materials, whose existence some officials had been unaware of.

Darknet disruption

The blueprint for a more coordinated FBI dark web strategy comes at a time when underground vendors are experiencing their own operational challenges precipitated by the Covid-19 pandemic.

In research published in May, cybersecurity firm Trustwave found that vendors trafficking visas, money launderers leveraging services disrupted by national lockdowns, and vendors experiencing service disruptions because of supply problems or changed working practices, were recalibrating their business models accordingly.

However, many scammers were also having a field day promoting fake Covid-19 tests, vaccines, and cures, and mounting phishing campaigns related to the mass cancellation of vacations, flights, and rentals.

“Those that skim credit card information from people that are buying online” are also thriving “now as more people are using the internet,” Ziv Mador, who manages SpiderLabs, Trustwave’s global security research team, told The Daily Swig at the time.


RELATED Network hacking and ransomware fuelling cybercrime surge