To commemorate this day, we interviewed Diego Alejandro Palomino, from the Technological Investigation Unit of the National Police, to have him clarify concepts related to telecommunications security and the cyber-patrolling work they carry out to fight cyber crime.  

What is the dark web, and how is it different from the deep web? 

The content of the web is a conglomerate of files of all kinds, which are usually indexed, that is, they can be found by searching through the different search engines that exist. That would be the “surface web”, the one to which all users have access and which, however, may correspond to just 4-5% of net content. 

The “dark web”, on the other hand, corresponds to content that is not indexed, that is, the content hidden, a priori, from the usual search engines. The contents of the “dark web” pursue anonymity in the source and destination of the information transmitted, whether deliberately or otherwise, which is why it is often accessed through specific applications. Despite this, these applications are used in the same way for searching the “surface web”. 

Although we can speak of a distinction between the “dark web” and the “deep web”, in practice such differentiation makes little sense. It is true that to refer to the “deep web” the example of an iceberg is usually used, with three parts distinguished therein: the upper part, which is located above the water, which would correspond to the “surface web”; the contiguous submerged part (or intermediate part), which would correspond to the networks and technologies pursuing anonymity in the source and destination of their transmissions, which would be the “dark web”, and the lower peak, which would be the websites or databases that escape all types of search engine indexing and are very difficult to access, which would correspond to the “deep web”. 

What is the work of the Technology Research Unit on the dark web? 

The tasks of the Central Cybercrime Unit include investigating all crimes related to Information and Communication Technologies (ICTs), and a large part of its work is done on the web, without differentiating where the information is found, where the crimes are committed and where the criminals are located. 

One of the main tasks carried out by the National Police consists of the prevention and investigation of crimes, including those carried out on-line. For such tasks, different sources of information are available: police complaints, communications from public authorities, information on citizen participation and information obtained directly. 

In the net, one of the fundamental sources for the National Police is cyber patrolling, which consists of a mixture of techniques, mostly preventive, with the aim of locating illegal activities and their perpetrators, and which do not necessarily have to be linked to specific investigations. It is a technique that allows for the collection, storage and analysis of data so that they can be transformed into relevant information. In general, cyber patrols consist of the observation of social networks, tracking on the dark web and checks on the web, distinguishing the activity that can may happen on open networks, like any net user, and on private networks, with judicial authorisation and, normally, for concrete investigation of certain crimes. 

Has activity increased on this net during the state of alarm? 

Network activity has increased considerably, based on various factors. For one thing, people who are confined at home and have the possibility of teleworking have remote access from their homes, which generates an increase in the security breaches and vulnerabilities of companies that facilitate this kind of work. 

For another, since people are not doing outdoor activities they search for leisure or entertainment on-line, which means greater control over emails, an increase in the use of social networks, web searches for information, the need to buy  pharmaceuticals and basic necessities, etc. All this leads to a significant increase in illegal activity and, above all, in the effectiveness of cyber criminal actions. 

Among the activities that are being discovered among all the information obtained by whatever means we can highlight different blocks of irregular activities, such as fake news, fraud of all kinds, and offences against people and the protection of minors. 

As an example, and summarising the illegal activity detected by the Central Cybercrime Unit, the following issues, among many others, can be highlighted: More than 130,000 domains related to COVID-19 have been detected, emails, websites and instant messages offering miraculous remedies, including COVID-19 vaccines, fake websites for the sale of pharmaceuticals, impersonation of official bodies for regularisation of temporary lay-offs (ERTES), financial compensation from the Social Security or economic aid to the unemployed and self-employed, as well as an immense increase in “Phishing” using the main financial entities’ corporate images. 

There are no borders on the net… is it necessary to do cyber patrols with the cooperation of several countries or police units? 

The National Police obviously works hand in hand with international public institutions to carry out cyber patrols and detect “fake news”. The Internet has no borders and criminals find a way to attack victims and feel untouchable before States. The exchange of intelligence and investigative information is therefore still vital. 

International police cooperation plays a key role in the investigations and cyber patrolling that is currently taking place. It is a way of exchanging experiences and good practices, not just information, when dealing with any investigation, and having knowledge of the current status of cybercrime. 

The support of the main international institutions, EUROPOL and INTERPOL, where experiences and good practices are being shared, as well as early warning systems and information on new criminal phenomena on the net. In fact, fluid contacts continue to be maintained in the face of network checks requested through these channels. 

Recently, the meeting with AMERIPOL, which took place as part of the cooperation with EUROPOL and, specifically, with the National Police of Spain, has been an important milestone for rapprochement, collaboration and understanding between the police of various countries that, as a general rule, and more so in the current situation, require generosity, understanding and mutual support, because we are all in the same boat, and sometimes the boat goes adrift and we feel like Don Quixote and Sancho Panza crossing the high plains, fighting against giants or windmills.  

The views and opinions expressed in this blog are the sole responsibility of the person who write them.