UNODC Report: Darknet Cybercrime is on the Rise in Southeast Asia
25 February 2021
In a new report produced by The United Nations Drugs and Crime (UNODC) titled “Darknet Cybercrime Threats to Southeast Asia”, a first of its kind analysis of darknet-enabled threats in the greater Asian region. The report assesses the Darkweb from the viewpoints of users, criminals, and law enforcement with a particular focus on cybercrime targeting countries in Southeast Asia.
“The use of darknets and the Darkweb has increased in recent years, and the COVID-19 pandemic also appears to have further exacerbated the trend, including by criminals with no prior cyber experience. Darkweb forums normally dedicated to narcotics have begun offering COVID-19-related merchandise including fraudulent COVID-19 vaccines, hydroxychloroquine, and personal protective equipment. New users have also started seeking support from more experienced darknet criminals about criminal opportunities. The threat is increasing, and UNODC is committed to counter this criminality”, remarked UNODC’s Chief of the Cybercrime and Anti-Money Laundering Section, Neil J. Walsh.
Darknet criminal marketplaces have become more popular during the COVID-19 pandemic, due to a combination of technologies offering greater anonymization for both sellers and buyers. Features such as escrow payment systems and reputation metrics have increased. Cryptocurrencies are the payment method of choice, and while law enforcement tries to identify the criminal end-users, the use of crypto-mixers, tumblers, or laundry services break the link between the initial purchase of cryptocurrencies and the final payment destination. This makes it more difficult for law enforcement to follow the money and bring high-risk offenders to justice. Alexandru Caciuloiu, Cybercrime, and Cryptocurrency Advisor highlighted that Bitcoin remains the main cryptocurrency used on the Darknet, but privacy coins such as Monero, Litecoin, and Bitcoin Cash are perceived as offering greater anonymity to cybercriminals.
English tends to be the predominant working-language on darknets, but content in Southeast Asian languages has recently varied, indicating a diversified client base and possible attempts to obfuscate the origins of criminal marketplaces.
Drugs are still the most common category of illicit products available in darknet markets. The combined total number of items on sale in four dominant darknet marketplaces to the end of 2019 was just under 140,000 with almost 95,000 drug and drug-related items. The types of drugs most commonly available include methamphetamine, MDMA, amphetamine, cannabis, cocaine, heroin, opioids, LSD, psychedelic mushrooms, ketamine, and prescription drugs particularly benzodiazepines. Precursor chemicals to produce synthetic and semi-synthetic drugs are also traded on darknet sites catering to the region.
“Anonymous darknet marketplaces have provided safe havens for organized crime groups to openly advertise illicit commodities in recent years, and COVID has accelerated the trend. It is undeniable that a regional counter-darknet cybercrime strategy is needed that improves cross-border cooperation, law enforcement capacity and results”, noted Jeremy Douglas, UNODC Regional Representative for Southeast Asia and the Pacific.
He added, “We will be working with our ASEAN and international partners to build support for this to happen in the near to medium term.”
Percentage of drug types available on four popular marketplaces in December 2019.*
The report also offers insights into other categories such “cybercrime-as-a-service” (CaaS), wildlife trade, and online child sexual exploitation materials.
Percentage of products and services available on Darkweb marketplaces as of December 2019.*
Darknet-related arrests in Southeast Asia have increased in recent years, indicating that criminals perceive the region as a low-risk/high-gain operational environment where the likelihood of detection is relatively low. A prominent example is the arrest of the main administrator of the infamous darknet marketplace AlphaBay who was residing in Thailand when he was arrested in July 2017 following a coordinated effort of Thai and foreign law enforcement authorities. Similar arrests have been made in other Southeast Asian countries for the production, possession, and dissemination of online child sexual exploitation materials. These cases are the result of international investigations initiated outside of the region, with few originating within the region itself. Local capability is limited and specialist operational knowledge regarding darknet marketplaces, anonymizing technologies, cryptocurrency investigations, and intelligence-gathering need to be prioritized, ideally with a ministerial or senior official and lead agency for cyber affairs.
UNODC works closely with countries in the region to respond by increasing awareness, assisting with policy development and cross border cooperation, and improving the capacity for countries to conduct investigations, prosecutions, and adjudications of cybercrime, within a strong human rights framework.
Languages Used On The Darkwed
The United Nations Office on Drugs and Crime (UNODC) is proud to present this introductory analysis of darknet-enabled threats against Southeast Asian countries, which has been made possible through strong partnerships with global and regional law enforcement and justice authorities, together with private industry and academia.
The report was produced thanks to kind voluntary funding from the Government of Japan.
This report assesses the Darkweb from the user, criminal, and law enforcement perspectives with a particular focus on cybercriminality targeted at Southeast Asian countries.
Darknets (i.e. networks on the Darkweb) provide the ideal environment for a wide range of criminal activities. Just as new threats appear on the Clearnet (i.e. the regular Internet), darknets can facilitate similar attacks that provide perpetrators with a greater degree of anonymity. This anonymity makes investigation and prevention more challenging, but still possible.
There has been a consistent increase in darknet and Darkweb usage, both for legitimate and illegitimate reasons, whilst the COVID-19 pandemic also appears to
have given rise to darknet cybercrime, including by criminals with no previous cyber experience. Despite this, there is an overall paucity of darknet criminality data specific to Southeast Asia. There is little prioritization of darknet criminality in the region, either in policy or practice. This creates risk from the criminality itself, which is compounded by the limited political, policy, and law enforcement response. There is an absolute need for a ministerial lead on cyber affairs, in each country, to ensure that law enforcers receive the necessary political support to undertake the most challenging operations.
Many criminal activities conducted over darknets are predictable and preventable.
UNODC and its partners work hard to address these challenges by supporting and encouraging policy development, research, training, and capacity-building support in Southeast Asia.
Awareness is fundamental for addressing cybercrime. Given, however, the challenges posed by darknets, stakeholders must increase their commitment and cooperation to developing policy, sharing intelligence, and enhancing international cooperation to counter darknet crime nationally, regionally, and internationally.
This UNODC analysis will inform policymakers in Southeast Asia, including through the annual Senior Officials Meeting on Transnational Crime (SOMTC), as well as supporting law enforcement and judicial cooperation, and providing opportunities for darknet-focused crime prevention.
Jeremy Douglas, Regional Representative, Southeast Asia, and the Pacific
Neil J. Walsh, Chief, Cybercrime and Anti-Money, Laundering Section
How Cyberattackers Attack
Cyberattack: the deliberate exploitation of computer systems and networks to take over or cause damage to a victim.