The Internet may, at first, seem like a safe haven as it makes it easier for all of us to share the most personal information. But it’s really a double-edged sword, where the opportunity cost of convenience is cascading risks of crimes; around 400 children are victimised by cyber-crime per day in Bangladesh, as reported by human rights NGO, Ain O Salish Kendra, on May 19 this year. Put another way, the advancement of the legitimate World Wide Web has also led the illegitimate world of unethical “hackers” to mushroom on the other side. Since more people are increasingly using the internet (BTRC reported in 2018, that around 90 million people in Bangladesh use it), we need to thoroughly understand this electronic universe, spotlighting the cautionary tales.
To begin, the World Wide Web is divided into three layers; most of us “surf” only on the “Surface Web” (the one we see when we use Google). Everything on the Internet that cannot be found using public search engines is tucked in a private repository “Deep Web,” estimated to be around 400 to 500 times larger than the Surface. The chunk of cyber-assisted offline crimes (where victimisation isn’t merely virtual but rather in-person) cooks in the smaller (and shadier) subset of Deep Web called the “Dark Web”—also a treasure trove for illegal activities, such as trading all drugs imaginable, malware markets, guns, child pornography, and chillingly, hit-men hiring networks. These aspects should be enough for law enforcement agencies, especially counter-terrorism forces, to seriously keep an eye out on what’s happening on the Dark Web. To shrug this off would be a grave mistake. A 2018 report by a foreign policy think tank, Henry Jackson Society, entitled “Terror in the Dark,” revealed the growing usage of Dark Net by terror groups to recruit militants.
To those who are uninformed about it, the mysterious Dark Web may seem like it requires top-secret codes to enter. But it’s simply done by using a special software, TOR browser (The Onion Router), well-known for its ability to prevent online surveillance, which can be downloaded in a matter of 5 minutes without a fee. And this means vulnerable youth, face no issues finding their way to this dangerous land. But here’s the paradox: all websites on the dark web use .onion—instead of .com—encrypted to circumvent maximum user anonymity, and in turn privacy. So the dark web is by nature, more secure for everyone. And that’s a wrath-triggering drug for hackers, because it means they can commit crimes and the Internet will protect their worst interests.
Interestingly, since 2014, Facebook has had its own onion server, adopted for the added “security” that comes from hiding your IP address and location. If you open Facebook from Bangladesh using “facebookcorewwwi.onion”— it can appear that you’re in Sweden. Sounds like a great way to keep out the stalkers right? It’s ironically ear-candy for hackers, which inflates their self-confidence to a bullet-proof status. One such criminal, from Bangladesh—or perhaps a group of them but let’s pretend he’s one person and call him “Z”—has been chronically victimising many young adults with invincible crutches in the Dark Web.
Deploying a method called “phishing,” Z sends a malicious link to female victims, that opens a masquerade Facebook page, and then as the real account owners are about to login, he uses a “python script” to hijack the personal information and snatch control of the accounts. After phishing into the profile of A, a 17-year-old girl, who was one of his victims—Z entered her Facebook messenger chat thread with her boyfriend, B, also 17, and began blackmailing him (in Bangla) to send Tk 10,000 by 9pm. Or else, he threatened to publicly post—on A’s Facebook page, where her family and teachers could see—their intimate photos and videos which he had retrieved from the media shared between the two. Z quickly switched to messaging B on WhatsApp and the number he was using had a Latvian area code, meaning it was a “proxy” sim, that can be bought from the Dark Web to mask one’s footprints.
He even provided precedence, in screenshots, of the damage he had done earlier to a previous female victim who failed to meet his demands. This form of cybercrime where the perpetrator threatens to release sexual images, is called “sextortion.” As the clock ticked, Z started posting photos in “Part 1”, shortly following with “Part 2”, but he could still not be tracked, since the IP address of this too was obscured, using the Facebook onion server. Now, in this situation, what would these two teenagers have done? The correct response is to seek immediate aid, which they did by submitting a complaint to BTRC and calling their victim helpline, then calling 999. But not a single person picked up.
It gets worse though. B even went to Mirpur thana, where officers refused to even listen to the whole situation, let alone solve the problem. Thanks to the lacklustre system, around 10pm, the teenagers had to desperately manage cash, and fulfil Z’s wishes through a bKash agent. And when B returned home, he was scolded by his parents, who had not the slightest clue that their son was being harassed, abominably. Md Saimum Reza Talukder, lawyer in Bangladesh Cyber & Legal Center (BCLC), informed me that in almost 80 percent of the cases he dealt with, victims didn’t tell their families, and also didn’t want to file any complaint to police. Though the adults—parents and police—in this case, didn’t know how to react, the teenagers handled the perilous predicament, in the best way they could.
Yet, while victim-blaming might be the reason why we cannot address these issues, it’s a pervasive cultural transgression itself that won’t be solved anytime soon, and this “hacker epidemic” is not going to wait for it to stop. Sadly, for the time being at least, prevention is the only available cure. So it would be wise for young adults to refrain from leaving personal information on the net—in chat media files—for their own safety. On the other hand, in one of the cases BCLC received, a young boy in class 8 turned out to be a perpetrator, and thats what adults must start countering. But most parents of children I know, would interpret these horrendous stories to mean “the internet is poison,” and then restrict kids from using it. Not only would that be unrealistic, it’s also not even a valid conviction. Internet is not “unsafe” in design; the onion sites with its shield of encryptions is “safe,” but that feature is exploited by vile individuals. So the technology is not the problem. It’s the way certain human beings use it. And this is why we must break the silence over what goes on in the Dark Web.
One answer to this growing issue is Open Source Intelligence (OSINT)—a recent phenomenon used by security professionals to collect and analyse public information from various sources, and to track the social media handles of criminals on the dark web. Yet, that allows nefarious parasites to also access OSINT software to find your information from your phone numbers, birthdates, ID card images, posted on your social media handles, and then use that to harass you. Crime prevention pathways can be subverted to commit crimes, just like legal routes can be taken to harm people. This full circle is surely terrifying, but the point here is to highlight that dangerous things do happen, and pernicious communities do exist. And only with that awareness can we really do something about it.
*The names have been changed to protect privacy.
Ramisa Rob is a Masters candidate in New York University.