Inside the dark web: ‘The truth is there is a lot of evil out there’

Conor Pope on the Irish people fighting crime on the internet, and how to protect yourself

A “regular” murder can be arranged for $45,000, while making a victim disappear without a trace costs $60,000. A straightforward crippling is $12,000 but if the aim is to “uglify” a person – or have acid thrown in their face – the price rises to $18,000. A beating costs $3,000. A rape is $8,000.

This menu of murder and mayhem is among the more distressing things cyber-security expert Paul Dwyer summons from the dark web from his darkened office outside Malahide, but it's by no means the only indication of just how vile people can be.

Millions of images of children being abused constantly change hands in this murky marketplace, and websites aimed at encouraging vulnerable teenage girls to starve themselves before committing suicide are easy to find.

A handful of cannabis-infused gummy bears costs €18, while a gram of MDMA is €12 and half a gram of cocaine is €55

Dwyer veers away from the most distressing content – "the Petri dish of hate and evil", as he calls it – and returns to the drug bazaars and the pages selling counterfeit cash, email addresses, credit card numbers and Tesco vouchers.


The drug market’s design is clunky and its pages load slowly – because re-routing web traffic in such a way as to hide who’s who takes time – but apart from that it could be any online retail space and even includes reviews of all the virtual dealers.

“Old and dry, and nothing like the pictures. If you want decent weed you need to find another source,” says one assessment of a dealer who gets a solitary star. Just under that he has a five-star rating from a happy customer blown away by “the quality and the stealth and the speed of delivery”.

All the drugs come priced in the crypto currency Bitcoin. The virtual money is entirely legal and is easily bought on the regular web (or “surface web”) and uses a system called tumbling to ensure purchases cannot be connected to purchasers. There are many legitimate reasons someone might wish to trade in Bitcoin. And almost as many illicit ones.

A handful of cannabis-infused gummy bears costs 0.003097 BC – or €18 in real money – while a gram of “quality MDMA” is €12 and half a gram of cocaine is 0.10026 BC or €55.

Dwyer is a cyber-security expert whose job it is to ensure companies have measures in place to protect themselves from hacks and attacks. He also helps pick up the pieces when things go wrong.

Separately – but not entirely unconnected – he is behind the Cyber Summit taking place in the Helix Centre on October 24th. As part of it he will conduct a public interview – over the internet – with Edward Snowden, the former CIA analyst who exposed the scale of US online surveillance in 2013 and was forced into exile in Moscow for his troubles.

Dwyer clicks on the counterfeiting section where someone is selling a thousand €50 notes for €10,000 with the promise that they’re watermarked and will pass all sorts of tests. He says the claims are likely to be right on the money. “If a guy has a good rating, he’s not going to risk it by selling dodgy merchandise. The rating is just too important to him.”

He admits that trawling the dark web can be “madly entertaining” but cautions against it, saying people can easily get detached from reality very easily in the online space, “as if they are watching the television or playing a computer game”. But, as he repeatedly stresses, it is all too real. “I could make you physically sick in minutes by showing you stuff now, but the second or the third or fourth time you see it you can get desensitised to it all. It happens to a lot of people.”

He suggests that the dark web “has normalised the abhorrent” and sees people get “detached from what they do and what they see. There’s a total lack of empathy because what happens is happening in the online space”.

Who has the dubious honour of creating this citadel of cybercrime? We have the US navy to thank. It created the Onion Router, which anonymised its spying

But where did this dark web come from? Who has the dubious honour of creating this citadel of cybercrime? We have the US navy to thank for it. It runs cyber command in the US and had thousands of analysts spying on people online. But it was easy for criminals to track it so it created the Onion Router (Tor), which anonymised where it was coming from.

Tor bounces users' communications around a global network of relays, making it almost impossible to work out who a person is, where they are or what they are doing. The US Naval Research Laboratory knew it couldn't be the only one using such a network or it would be easily identifiable so it released the open-source software into the online space.

Tor serves many useful purposes and allows people who wish to remain anonymous for totally legitimate reasons – journalists working on unearthing dark secrets, political dissidents living in fear of their lives – to exchange information without fear of retribution.

But clued-in criminals can use it too, and the world’s paedophiles “rubbed their hands with glee once they saw it as they quickly recognised it was something they could use to shield themselves,” Dwyer says.

While the exchange of abusive images of children and the buying and selling of illegal drugs attract the most attention – from the authorities and the public – Dwyer points out that the big sellers are a lot more mundane.

"The most popular thing sold on the Dark Web last year in the UK was Tesco discount vouchers," he says. "There was also big demand for Netflix codes, passwords for other content services and counterfeit money. This is a $1 trillion economy and if you were getting into crime, why would you risk getting your head blown off in the real world when you can do it all safety of your own bedroom?"

While the authorities – in Ireland and elsewhere – police the dark web as best they can, Dwyer describes criminality online as being like whack-a-mole and says cyber police are typically starved of resources.

Last July Gary Davis, of Kilpedder, Co Wicklow, was extradited to the US to face charges that he helped run the Silk Road marketplace

That is not to say there have been no successes.

Just over five years ago, a team of federal agents descended on a San Francisco library and arrested an innocuous-looking 29-year-old man who had spent the morning staring into his laptop.

He was Ross William Ulbricht but the online world knew him as Dread Pirate Roberts, the man behind dark web marketplace The Silk Road. According to the FBI, his Silk Road had recorded over a million drug deals in 2½ years and had earned him $80 million worth of bitcoin in commission. In 2015 he was sentenced to life in prison.

Earlier this month Irishman Gary Davis (30) pleaded guilty in a New York court to a narcotics conspiracy connected to the Silk Road just months after he was extradited to the United States from Ireland. Davis, from Wicklow went by the name “Libertas” on the Dark Web and worked as a Silk Road administrator until his arrest in 2013.

He fought a lengthy battle against his extradition saying he suffered from Asperger Syndrome, depression and anxiety and arguing that incarceration in the US could hurt his mental health and endanger his life. The Supreme Court rejected his arguments. He is likely to spend at least 10 years in prison following his guilty plea.

Just over a year ago a 26-year-old Canadian man called Alexandre Cazes was found dead in a Thai prison cell. He had hanged himself hours after being arrested in connection with a dark web marketplace called Alphabay. It was more than twice the size of the Silk Road was at its very peak and had revenue of almost $1 million every day. The day Cazes died, it disappeared. But it too was soon replaced.

Cyber crimes are frequently detected much closer to home too. Dissident republicans have been caught using the dark web to try and buy explosives, and cannabis is now routinely discovered at Irish sorting centres, with more than a dozen such packages being found each week.

The packages are detected by sniffer dogs, the gatekeepers of the postal network but they can only do so much, and while detection rates rise, a huge volume of contraband is most likely reaching destinations across the country undetected.

In 2015 Eric Eoin Marques, an Irish-American man described in court as the "largest facilitator of child porn on the planet" by the FBI, was arrested in Dublin where he ran a web-server company called Host Ultra Limited.

He was accused of operating Freedom Hosting, a “hidden services” provider that by some estimates hosted nearly half of the content on the Tor network, including the Silk Road and numerous sites containing child abuse images. Marques, with an address at Mountjoy Square, Dublin 1, remains in custody in Ireland and is fighting his extradition to the US.

Dwyer has moved away from the drug dealers and on to to other troubling material. His face darkens when he starts talking about pro-anorexia sites aimed directly at teenage girls. These sites encourage children to eat less and less and “when they get down to 500 calories a day they are driven towards suicide websites on the dark web”, he says.

“ ‘Starving yourself is so bad’ is the most annoying thing anyone wants to hear. This blog is to encourage you to starve yourself beautiful,” starts one such site he points to. It goes on to list 70 reasons why someone should not eat, including “you’ll be perfect” and “bones are beautiful” and “guys want you” and “you don’t need food” and “people will remember you as the beautiful girl”.

When asked why anyone would put such material in the public domain – or any domain – Dwyer shakes his head. "I don't know what drives people to do it. It's just pure evil. Why does someone want to boil a puppy alive and film it? Why does someone want to watch that. The uncomfortable truth is there is a lot of evil out there. Tim Berners Lee [the inventor of the internet] said his worldwide web was humanity connected, but this is all the darkest sides of humanity exposed."

As he talks he looks at three photographs of his Burmese Mountain dogs. “I suppose I would get desensitised in the sense that I know what to expect when I’m on the dark web, but it doesn’t make it any more palatable when I see it. Walking the dogs in the evening keeps me sane.”

While the trade in drugs and child abuse is huge, the big draw for many criminals is data. “It is the new cash,” Dwyer says. “If you can access data you can sell it many times, but if you have money you can only use it once.”

He clicks on a link offering more than 640,000 Eircom email addresses for €46. Another seller is offering what he promises are active credit cards from Irish banks. “The card holders or the banks probably don’t even know the numbers are compromised yet,” he says.

We want to hear about these crimes. If crime goes unreported then we can't investigate and we can't warn other people about emerging criminal activities

While Dwyer sees all sorts on the dark web, he does not take on criminals. Det Supt Michael Gubbins of the Garda Cybercrime Bureau does. He has been a garda since 1995 and has worked on computer forensics and cybercrime investigation since 1997.

“Everything you don’t want people to be able to get their hands can be found on the dark web,” he says.

He accepts that the cross-border and virtual nature of the 21st-century criminal makes detection difficult, but his unit works closely with Europol’s cyber arm and the banks “and while it is a constantly moving target, we have to do what we have to do”.

Repeatedly, he stresses the importance of reporting cyber crimes and when asked how prevalent it is, he says it is impossible to know for sure “because so much of the crime goes unreported. Sometimes people think there’s no point, sometimes they are embarrassed [in cases of blackmail or extortion] but we need to hear about these crimes. We want to hear about these crimes. If crime goes unreported then we can’t investigate and we can’t warn other people about emerging criminal activities.”

Gubbins says sometimes criminals deploy high-tech techniques to steal from the unsuspecting but sometimes we hand it to them on a plate. People can lose control of their credit cards by falling for a simple phishing scam or sometimes they “buy something online from a less than reputable source because it is much cheaper than elsewhere and that’s where their data is compromised.”

There are other ways we can be targeted. “Imagine you are on the phone to your bank and you’re getting bored and tired of waiting, so you contact them via Twitter. Then the criminals see that and they seek out information about you. If they can find your contact details they can make contact and say they have identified the problem and need your bank details. There are any number of avenues they can go down but rather than be alarmed, people need to be vigilant. We used to be good at minding our own business; now we tell everything to everybody.”

Keith Gross, the head of Financial Crime and Security with the Banking and Payments Federation of Ireland (BPFI) follows the money trail.

The banking industry is on the front line in the fight against cybercriminals, and he says that while they are “getting more clued-in”, so too are the criminals.

“Banks are getting better at detecting fraudsters and examining ways to protect their customers and themselves with artificial intelligence and biometrics but criminals are using these technologies too. This is an arms race and criminals are always looking to weaponise, so we have to stay ahead of them.”

Gross says malware – or malicious software – used for financial fraud, which was once hard to obtain and very expensive, is now cheap and readily available. “If you click on the wrong link in the wrong email, you could download malware, which can record every keystroke and give a criminal control of your computer and access to everything happening on your screen,” he says.

In September a Limerick man in his 70s was duped into moving €10,000 from his bank account to the alleged safety of an account in Dubai. It vanished

But a more commonly travelled road for financial cyber criminals is social engineering which relies more on human interaction. “That is a huge problem, Gross says. “Criminals are targeting customers and garnering as much information as they can.”

Criminals use spam mails and “phishing attacks” to get access to names, addresses, bank account details and more and also trawl social media to find their marks.

Sometimes it seems too easy. In September a Limerick man in his 70s was telephoned by man claiming to be from a broadband provider.

The caller said the victim's bank account had been hacked and he would have to be transferred to the company's cybercrime section. The pensioner then gave permission for €10,000 to be moved from his bank account to the alleged safety of an account in Dubai. The money simply vanished.

While that was simple theft, sometimes cybercriminals want to hijack bank accounts to launder money. Last month, gardaí moved on a west African fraud and cyber-crime cartel with members in Ireland. They controlled more than 300 Irish bank accounts here and had stolen at least €15 million, gardaí believe.

One of the simplest ways criminals can get to hijack a bank account is by recruiting money mules enticed by posters offering them the chance to earn money from home.

“Sometimes people will start working for what they believe is a legitimate organisation only to find their bank account is used to transfer money from one jurisdiction to another,” Gross says. “It is very difficult to police someone who goes rogue or allows somebody else to use their bank account to transfer money.

“We have seen a huge increase in the number of money mules and a lot of the time people don’t even realise they’re involved with criminals.”

Troublingly, Gross says cyber criminals also use social engineering and social media to stalk vulnerable people in the real world too. “It is frightening but it happens. Criminals target vulnerable older people, or millennials, who are perhaps a little promiscuous when it comes to sharing information online. Remember these criminals have more time on their hands than we do, and this is their business. It important that we do whatever we can to protect ourselves.”

Five scams to watch out for

The bitcoin blackmail email Scammers send emails to victims containing details of actual passwords belonging to them and claim they have infected their computer with malware and recorded the victim watching pornography and will widely distribute the recording unless bitcoin is transferred.

The invoice scam Criminals send apparently innocuous mails to companies, which look like they come from regular suppliers. The email seeks no money and is an administrative alert letting the recipient know the bank details for the supplier have changed. Payment systems are updated. Weeks pass before a legitimate invoice from the supplier arrives and is paid, but to the wrong bank account.

The chief executive scam Scammers use social media to find out who the chief executives and senior financial staff are in companies and send bogus emails purporting to be from bosses to financial staff instructing them to transfer money into numbered bank accounts.

The Wangiri fraud This sees scammers leaving missed calls from mysterious numbers on mobile phones. When calls are returned they are diverted to premium rate numbers overseas, to the victim's cost.

Phishing scams Any email from a bank, the National Lottery, Netflix, Revenue or Ebay or whoever asking for key details, such as passwords or bank account numbers, so they can update accounts with enhanced security features or send money should be treated with extreme caution. No reputable organisation will ever contact anyone in such a way.