Using AI to overcome the challenges of investigating digital narcotics supply chains
Law enforcement agencies would do well to heed drug trafficking’s technology-driven distribution systems
By Johnmichael O’Hare
The narcotic supply chain is a familiar foe to drug investigation units. Depending on the type of drug, the structure runs from the manufacturer to the trafficker to the distributor, who may repackage and blend the narcotic with adulterants, to the dealer, and finally, to the end-user. In the case of organic drugs, a cultivator or farmer is another link on the chain.
Traditional investigative approaches often take a bottom-up approach: find the lower-level dealers and work one’s way up from there. Years of experience, human intelligence (HUMINT) and legwork provide the key tools. But what if, suddenly, those time-tested techniques were no longer effective?
That situation is moving closer to reality as more illicit drugs, the opioid trade, in particular, are sold through the dark web. Dark web marketplaces, operating below the surface web where most netizens conduct business, offer a mix of weaponry, child pornography and narcotics. The street supply chain has been replicated in this online realm. Investigating it requires a new methodology and new tools such as artificial intelligence (AI).
Law enforcement agencies would do well to heed drug trafficking’s technology-driven distribution systems, which the ongoing COVID-19 pandemic could be accelerating. Public health measures limiting in-person encounters have disrupted traditional supply chains, according to a May 2020 research brief from the United Nations Office on Drugs and Crime. Drug users may increasingly tap the dark web to circumvent “street control” and mail delivery, according to the UN office.
The investigative challenge
Narcotics agents attempting to crack down on a conventional supply chain face a number of challenges. Organizations with limited resources must quickly and accurately identify the key players. In doing so, they also need to overcome the complexity of drug distribution networks that often hinder investigative speed. Inquiries that span jurisdictional boundaries further complicate matters.
Those challenges take on new dimensions in the online setting. Threat actors operating in the dark web have an enhanced ability to maintain anonymity. Conventional search engines don’t index dark websites and entering this layer requires an anonymizing browser.
The dark web also provides a platform through which threat actors can communicate and plan their activities in relative secrecy. Dark web marketplaces, meanwhile, provide the marketing muscle to promote drugs to a worldwide customer base, transcending geographic limitations. Drug sales transactions take place through cryptocurrencies, adding another layer of anonymity.
Those dark web features help threat actors better manage the narcotics supply chain. They also raise the bar for investigators. Narcotics agents must understand the dark web to understand the supply chain. Getting there involves a steep learning curve since many law enforcement agencies are unfamiliar with the dark web and lack the technology tools required for conducting online investigations.
Law enforcement agencies may also need to change policies or develop new ones to take on dark web investigations. For example, a policy may prevent an investigator from downloading the type of browser required for accessing dark websites. Once in the dark web, investigators may be exposed to material that’s illegal to view. In addition, an investigator may stumble upon an exploit, which could lead to law enforcement computers and networks being compromised.
To deal with those risks, agencies must establish a strong policy around navigating the dark web to protect themselves and their investigators. Such a policy might, for instance, require investigators to use a non-attributed, standalone machine that’s isolated from the agency’s primary network.
But even with a solid dark web policy and a growing base of knowledge, investigators still face hurdles. They must collect and analyze the massive amounts of data uncovered during an online investigation. From that data, they must pull out the critical bits of information pointing to the identities of threat actors. The task then becomes collaging the data that leads to an indictment.
The role of AI
That’s a big ask for agencies with finite resources and limited time. AI, however, can serve as a force multiplier, helping investigators overcome the various challenges of conducting an online investigation. Here are a few areas where AI technology can come into play:
- Monitoring dark web marketplaces
AI, coupled with web intelligence (WEBINT), can support investigators in executing searches across dark web forums that promote narcotic marketplaces to the dark web marketplaces themselves. This technology approach uses complex keyword searches, based on custom search parameters that might include a marketplace’s name, a drug commodity’s name (which could be insider jargon), and a commodity’s country of origin and shipping destinations. AI, in this context, helps automate the search process and boosts the investigator’s efficiency and precision. In addition, natural language processing, a branch of AI, can explore datasets to extract new keywords, further enhancing the search process.
- Accelerating the investigation process
Speed is a critical element in any investigation. AI accelerates the process, delivering analytical capabilities. AI-enabled searches may span not only the dark web but also pull in data from surface websites that shed additional light on drug supply chains. Conducting such comprehensive searches manually would require considerable human resources and ample amounts of time. Once investigators harvest the data – often in terabytes – the next chore is to comb through and analyze the information and extract the actionable intelligence. A purely manual effort to sift through huge volumes of data would occupy a team of investigators for days, if not weeks. AI can help organizations rapidly process the data generated in a WEBINT operation to home in on the data relevant to a drug network investigation.
- Quickly unmasking threat actors and networks
Those AI-enhanced investigative capabilities also serve to quickly and accurately identify and deanonymize a threat actor and then expose his or her associates across the drug supply chain. The actual number of nodes in such a network can vary. Some can be quite truncated, with the manufacturer also acting as the distributor. Or a dealer can source commodities from a manufacturer and sell them across several marketplaces. In other cases, a dealer will buy from a manufacturer and become a distributor, selling to downstream dealers who, in turn, cut the drug to boost profitability. In any event, AI can help correlate the bits and pieces of data that surface in an online investigation – phone numbers, photo metadata, online handles, IP addresses, for instance – to determine an identity. And once the first player is identified, social network analysis can help uncover other relationships. Following the trail of connections will unearth the key nodes of the network.
- Finding clues on the open web
The ability to find data crucial to investigations in the open-source environment is another advantage of using AI-infused WEBINT. While much of a drug supply chain operates in the dark web, parts of it may breach the surface web. Some dark web marketplaces, for example, advertise their onion extensions through conventional social media outlets. A photo used to promote narcotics on the dark web may also exist on the surface web. If the threat actor didn’t remove the photo’s exchangeable image file format data, investigators can obtain useful information such as timestamps and geolocation.
- Incorporating physical evidence
Narcotics agents can also use WEBINT to evaluate physical evidence as well as virtual variety. If electronics are seized as part of an investigation, cameras or computers can yield photos, which, as noted above, may include relevant bits of data regarding time and location. Or, if a drug shipment is intercepted, the shipping label will provide information on origin and destination. Investigators can then use AI to analyze and correlate those findings with other data harvested during an investigation.
- Building a case with confidence
AI’s precision and accuracy help narcotics agents collect, analyze and present data that is reliable and trustworthy. That resulting confidence level is a huge step forward for an investigation. With reliable data in place, law enforcement personnel can move on to performing due diligence, making sure they are pursuing the right threat actor and confirming that the data can serve as evidence in court. The verified data lets agencies build a case against a narcotics supply chain role player. The quality of that data leads to indictments and improves prosecution rates.
Investigators tracking narcotics distribution online will find themselves entering a new world, where threat actors have reimagined and redeployed traditional supply chain structures in an entirely digital format. Role players in these rapidly evolving networks have the advantage of anonymity as they build end-to-end relationships, from manufacturers to users.
Law enforcement agencies, however, can tap AI as a tool for investigating and disrupting drug trafficking. AI can have a massive impact when it comes to leveling the online playing field. The power of AI in collecting vast amounts of data and finding correlations helps agencies identify the key components of complex narcotics supply chains. AI’s big data-crunching capabilities dramatically accelerate investigations. The technology’s precision raises the level of trust in the data, which helps agencies build cases for the successful prosecution of threat actors.
The need to digitalize businesses amid the pandemic also applies to the business of selling illegal drugs. Law enforcement agencies should consider technology-assisted investigation methods that harness AI’s vast potential.
Read next: What cops need to know about crime, cryptocurrencies and the dark web
Criminals use cryptocurrency to hide money, making it nearly impossible for local and state agencies to investigate
About the author
Johnmichael O'Hare is the sales and business development director of Cobwebs Technologies. He is the former commander of the Vice, Intelligence and Narcotics Division for the Hartford (Connecticut) Police Department. Prior to that, he was the Project Developer for the City of Hartford's Capital City Command Center (C4), a Real-Time Crime Center (RTCC) that reaches throughout Hartford County and beyond. C4 provided real-time and investigative support for local, state, and federal law enforcement partners utilizing multiple layers of forensic tools, coupled with data resources, and real-time intelligence. Contact him at firstname.lastname@example.org.