Biometric identification is increasingly becoming an indispensable technology in various issues related to the management of travelers, immigrants and refugees crossing the US borders. The biometric identification technology, as well as the processes involved in identity management and human identification represent a target for identity theft, spoofing, tampering, and impersonation.
A team of researchers developed an innovative and human-in-the-loop strategy for searching the dark web for various topics of interest. During the past 12 months, the team managed to utilize their novel strategy to develop a systematic methodology for identifying some of the vulnerabilities of biometric technology, as well as the limitations of various processes of identity management. This helped the team analyze and understand the risks associated with successful biometric impersonation attacks involving US Points of Entry, as they managed to define multiple attack vectors that involve dark web websites.
Methodology used to search the dark web for marketplaces for identity misrepresentation:
The strategy used by the researchers involved the following steps:
1- Building a vocabulary of relevant keywords such as fingerprint falsification, biometric attacks, fingerprint alteration immigration, and other keywords related to individuals discussing illegal immigration via the usage of spoofing or falsifying biometric devices.
2- Querying the surface and dark web using the selected queries to obtain a group of webpages. Dark web querying was done via the webhose.io API, which is a simple process.
3- Preprocessing queried webpage text and extracted features of cleaned words.
4- Creating k clusters using the results and visualization of the data via means of k wordclouds.
Results of the study:
Results of the study were presented in the form of wordclouds:
1- The first phase of wordclouds reflected human engineered query terms which is illustrated via the below figure. The researchers considered all potential biometric systems, yet they gave preference to results involving fingerprints, passport fraud, and face recognition.
2- The next phase of wordclouds (see below figure) involved results of 2-means keyword clustering algorithms based on Term Frequency-Inverse Document Frequency (TF-IDF) scores of keywords obtained from the surface web and dark web.
3- The last phase of wordclouds was generated from collected posts from the surface web and dark web. The below figure shows a sample of wordclouds from posts of the dark web using keywords: immigration, fingerprint alteration, fake biometric, and artificially manufactured biometric.
Interesting results: Marketplaces for identity misrepresentation on the dark web:
The following represents a sample of the findings on dark web’s popular black markets:
1. HANSA and AlphaBay represented black markets that served as e-commerce websites to sell fake IDs, passports, SSNs and driving licenses originating from various countries. Both marketplaces were taken down by the FBI in July 2017.
2. Counterfeit Guru and House of Lions Forums are currently inactive dark web websites that are somehow similar to HANSA and AlphaBay and support discussions of illegal identity manipulation and related activities.
3. WSM Forum is a currently active dark web website that sells fake IDs, passports, and driving licenses from different countries.
4. Hidden Answers is a dark web forum that includes discussions on illegal topics.
Important conclusion: The market for passport fraud and identity spoofing is growing:
This proposed search approach is believed to be very promising. The team of researchers were capable of identifying information reflecting interest in illegal manipulation of identity, in addition to a marketplace of services that serve the needs of individuals with such requests. Most of the findings obtained via this novel approach involved passport fraud. Moreover, the team of researchers managed to identify interest in biometric data spoofing too. Nevertheless, so far they have only detected a small number of cryptic descriptions of such services present on the dark web. Even though the results of the research reflect the existence of demand for identity spoofing, so far this doesn’t create significant input into the risk modeling the researchers hoped to obtain. Despite the fact that the results of the research are much more modest than they were expected to be, the report concludes that both the surface web and dark web have to be monitored closely and analyzed via threat intelligence to prevent the emergence of information that can entice immigrants, travelers, or refugees to attempt crossing borders via biometric entry ports.