Leveraging the dark web in financial crime investigations

Using the dark web in financial crime investigations has the potential to speed up time-to-insight and improve caseload efficiency — something financial crime analysts need dearly. According to a recent survey conducted by Authentic8 and the Association of Certified Financial Crime Specialists (ACFCS), 57 percent of respondents reported declining or stagnant caseload productivity compared to the previous year. As the threat of financial crime continues to increase, the productivity issue could put organizations at risk of prolonged exposure to adversaries, compliance violations and monetary loss due to money laundering and reputation damage.

To avoid these risks, organizations need to properly equip their analysts for dark web access where appropriate, ensuring the access itself doesn’t introduce new risk or management burdens.

How are Organizations Leveraging the Dark Web in Financial Crime Investigations?

According to the survey, about a third (29 percent) of analysts say they don’t need to research and follow leads in the dark web in financial crime investigations; however, 25 percent say they need to at least 1-3 times per year and 46 percent say they see value in this capabilities if it can be done securely and with proper auditing.

This last group is of particular interest and shows the desire of nearly half of analysts to uncover any and all evidence that could improve the quality and efficiency of their case. Yet their organizations haven’t properly enabled them to responsibly and safely access the dark web.

IT and risk management teams are understandably concerned about granting access to the dark web. Like all web access, it has the potential to introduce new risks to the organization, and when it comes to the internet, the deeper you go, the greater those risks become. Amateurs to the most elite criminals hide their activities within the corners of the dark web, and if they catch on that they’re under investigation they can retaliate against the analyst and their organization through cyberattacks or misinformation to spoil the case, or they may seek retribution in the real world.

Safely Using the Dark Web in Financial Crime Investigations

To safely enable analysts to access the dark web in financial crime investigations, the following capabilities are critical:

• Isolation: A guaranteed layer of separation needs to exist between the corporate network and the analysts’ browser session to isolate both the web traffic and any potentially malicious content such as images, documents and related payloads
• Managed Attribution: To avoid detection by the investigative targets’ webmaster, analysts need to misattribute their online fingerprint by manipulating attributes such as geographical location, browser and operating system to blend in with other site visitors
• Audit and Policy Control: IT and risk management teams must also fulfill their obligations and maintain auditability of analyst activity in their web session and enforcing security policies during those sessions to maintain compliance

Some organizations choose a do-it-yourself approach to achieving these capabilities through a mixture of “dirty” networks and machines, VPNs, incognito mode and other means. However, these homegrown environments often contain gaps that result in data leakage, attribution or compliance violations. They are often incredibly difficult to maintain and costly to operate both in terms of infrastructure/equipment and personnel. Whats more, the process of accessing and using these environments can further hamper analyst productivity, further extending the time-to-insight.

Utilizing cloud services to execute all web code off-network is a way to guarantee 100-percent isolation between the browser session and the corporate network. When selecting a cloud service, though, ensure it provides the needed audit and policy control administration to satisfy compliance requirements. Purpose-built solutions for managed attribution can also give analysts the tools they need to tailor their online identity for any investigative target site and maintain anonymity.

With these precautionary measures and tradecraft tools, organizations can deliver the needed capability of leveraging the dark web in financial crime investigations while protecting themselves and their analysts from risk. These capabilities will also help to improve caseload productivity, reducing the potential for greater monetary loss.