Using the dark web in financial crime investigations has the potential to speed up time-to-insight and improve caseload efficiency — something financial crime analysts need dearly. According to a recent survey conducted by Authentic8 and the Association of Certified Financial Crime Specialists (ACFCS), 57 percent of respondents reported declining or stagnant caseload productivity compared to the previous year. As the threat of financial crime continues to increase, the productivity issue could put organizations at risk of prolonged exposure to adversaries, compliance violations and monetary loss due to money laundering and reputation damage.

To avoid these risks, organizations need to properly equip their analysts for dark web access where appropriate, ensuring the access itself doesn’t introduce new risk or management burdens.

How are Organizations Leveraging the Dark Web in Financial Crime Investigations?

According to the survey, about a third (29 percent) of analysts say they don’t need to research and follow leads in the dark web in financial crime investigations; however, 25 percent say they need to at least 1-3 times per year and 46 percent say they see value in this capabilities if it can be done securely and with proper auditing.

This last group is of particular interest and shows the desire of nearly half of analysts to uncover any and all evidence that could improve the quality and efficiency of their case. Yet their organizations haven’t properly enabled them to responsibly and safely access the dark web.

IT and risk management teams are understandably concerned about granting access to the dark web. Like all web access, it has the potential to introduce new risks to the organization, and when it comes to the internet, the deeper you go, the greater those risks become. Amateurs to the most elite criminals hide their activities within the corners of the dark web, and if they catch on that they’re under investigation they can retaliate against the analyst and their organization through cyberattacks or misinformation to spoil the case, or they may seek retribution in the real world.

Safely Using the Dark Web in Financial Crime Investigations

To safely enable analysts to access the dark web in financial crime investigations, the following capabilities are critical:

  • Isolation: A guaranteed layer of separation needs to exist between the corporate network and the analysts’ browser session to isolate both the web traffic and any potentially malicious content such as images, documents and related payloads
  • Managed Attribution: To avoid detection by the investigative targets’ webmaster, analysts need to misattribute their online fingerprint by manipulating attributes such as geographical location, browser and operating system to blend in with other site visitors
  • Audit and Policy Control: IT and risk management teams must also fulfill their obligations and maintain auditability of analyst activity in their web session and enforcing security policies during those sessions to maintain compliance

Some organizations choose a do-it-yourself approach to achieving these capabilities through a mixture of “dirty” networks and machines, VPNs, incognito mode and other means. However, these homegrown environments often contain gaps that result in data leakage, attribution or compliance violations. They are often incredibly difficult to maintain and costly to operate both in terms of infrastructure/equipment and personnel. Whats more, the process of accessing and using these environments can further hamper analyst productivity, further extending the time-to-insight.

Utilizing cloud services to execute all web code off-network is a way to guarantee 100-percent isolation between the browser session and the corporate network. When selecting a cloud service, though, ensure it provides the needed audit and policy control administration to satisfy compliance requirements. Purpose-built solutions for managed attribution can also give analysts the tools they need to tailor their online identity for any investigative target site and maintain anonymity.

With these precautionary measures and tradecraft tools, organizations can deliver the needed capability of leveraging the dark web in financial crime investigations while protecting themselves and their analysts from risk. These capabilities will also help to improve caseload productivity, reducing the potential for greater monetary loss.


About the Author

A8 Team
A8 Team
Contribution Team U.S.A.

Authentic8 Team is a group of cybersecurity enthusiasts, investigation sleuths, top-notch engineers, news junkies, policy wonks and all-around fervent writers hell-bent on bringing you the best darn blog in the industry. 

Related Resources


Financial fraud investigation: tips & techniques

Keep your online financial fraud and AML research secure and anonymous across the open, deep and dark web

Flash Report
Flash Report

Managing attribution in online financial crime investigations

Learn how to maintain anonymity while investigating financial crime online to protect researchers, their organizations and the quality of investigations

Flash Report
Flash Report

Using the dark web in financial crime investigations

Learn how to safely conduct financial crime investigations on the dark web without disclosing identity or intent to targets