Just do it and learn from your mistakesTheo van der Plas, Director of Cybercrime & Digitalization at the Dutch Police
In July 2017, following 10 months of investigations, the Dutch police working in collaboration with law enforcement agencies (LEAs) in Germany, Lithuania, the United States and Europol, took control of the Hansa Market, one of the largest market places on the dark web facilitating trade in drugs. By identifying, arresting and hijacking the accounts of two of the market administrators, the Dutch police gained full control over the market place. But instead of taking it down immediately, police decided to run the site for another 27 days. This enabled them to collect (in secret but in close cooperation with and following legal input from the Dutch Public Prosecution Service) significant amounts of incriminating data about the site’s administrators, sellers and buyers. At the same time and in an unplanned coincidence, the FBI was about to take down Alphabay, at the time the largest dark market. A smart deal was made with the FBI so the by keeping the reason for its downing secret, many of Alphabay’s users flood to Hansa market, right into the hands of the Dutch Police.
This example further highlights why only an integral approach based on public-private collaboration can stop dark web crimes. With this in mind, a high level delegation of directors, Members of Parliament and other experts gathered at the head office of the Dutch National Police on the 4thof September to discuss the outcome of the MEDI@4SEC workshop “Policing the Dark Web”. The goal of the evening was to increase awareness on the risk that crime on the Dark Web poses to public securityand highlight its undermining effect on society at large.
During the evening of September the 4th, the police gave the audience a unique insight in the behind-the-scene of this unprecedented and innovative operation:
“We realized that we could do serious damage to the trust of users in the so far anonymously deemed ecosystem.”
The disruptive effect was also reported by TNO, who researched the effect the takedowns had on the behavior of users on the dark web. Many lessons can be learned from this successful case. Perhaps the most important is that close international collaboration between LEA’s is required to fight the internationally organized crime on the dark web. Silo working by police departments needed to be broken. But any response also requires the involvement of other, non-LEA stakeholders. In the case of Hansa, coordination with the postal services to intercept drugs purchased in the market before they reached their buyer.
To take forward the discussions and develop a follow-up strategy a panel representing the main Dutch stakeholders was formed1.The panelists unanimously endorsed the actions recommended by the MEDI@4SEC workshopheld last year. They see public safety and security as a joint responsibly of public and private partners and citizens at large.
The Dutch Association for Transport and Logistics argues that the drugs trade puts at risk the Netherlands’ excellent reputation as logistical hub;
International banks run the risk of unintentionally facilitating crime by money laundering, which became painfully clear by the recent scandal at the ING bank;
Mayors of Dutch and Belgium cities suffering from a growing underground drugs business state that:
“If not stopped, the trade in drugs undermines our rule of law, and eventually large parts of our social and political society.”
The panelists concluded that an integral approach – from awareness, prevention, disruption to prosecution, from public to private and from municipalities up to the international level – is needed to fight crime on the dark web. Mutual trust and new smart mechanisms to share information are crucial to the success of it. Privacy regulations are often mentioned as barriers to share information, but according to the public prosecution office much more can be done before privacy regulations come into play.
But crucially it is action rather than inaction that is required. As Theo van der Plas, director Cybercrime and Digitalization at the Dutch police, concluded:
“Just do it, and learn from your mistakes.”
Further details of the workshop, the reports published from it and the online discussion it prompted can be viewed at media4sec.eu/workshops/darkweb/.
1 Among others this included: the Team High Tech Crime and the Dark Web team of the Dutch National Police; the Public Prosecution Service; the investigation department of the Tax Office; a large international bank; the Dutch Association for Transport and Logistics; the head of international cyber policy of the Ministry of Foreign Affairs; and an expert from INTERPOL