Munich Shooting Highlights Security Concerns Over Dark Web Gun Trade
Friday's Munich attack is thought to be one of the first mass killings where someone has successfully bought and used a gun procured from the Dark Web. BuzzFeed News asks what can be done to counter the risk from illicit online marketplaces.
The gun attack at a shopping mall in Munich on Friday, in which an 18-year-old German-Iranian man killed nine people and injured 35, was the latest in a string of shootings in Europe this year.
The man, who has not been officially identified but has been named locally as David Ali Sonboly, had no links to ISIS or Islamic fundamentalism, as had initially been feared.
But the attack was part of another, less well-reported trend changing the security challenge faced by nations with strict gun controls: It is thought to be one of the first mass attacks where the shooter managed to buy a gun from the Dark Web.
German police said that it was probable that Sonboly bought his 9mm Glock 17 handgun via a dark net market (DNM), an anonymised marketplace stored on a portion of the internet that can't be accessed via regular web browsers and search engines.
The gun, which carries a certification mark from Slovakia, was a former theatrical prop that had been modified to fire real bullets, Robert Heimberger, president of the Bavarian Office of Criminal Investigation, said on Sunday.
Germany has strict gun laws and Sonboly wouldn't have been given a licence to legally own the pistol. Police still don't know how he got the 300 rounds of ammunition found on his body after he killed himself.
DNMs, or cryptomarkets, are long-established sources of soft and hard drugs, child abuse images, fake identity documents, knives, and – although very rarely – firearms.
So how much of a threat does the black market pose from a security perspective, and how on earth can police and government agencies tackle it?
While DNMs are overwhelmingly used to buy and sell drugs, there is no doubt that some weapons are for sale.
Within a few minutes of searching on Alphabay, currently the biggest DNM, BuzzFeed News found several guns for sale – including one similar to the model used in Munich last week.
For $1,500, the buyer would get the gun, a night sight, and two magazines of bullets. The US-based seller claims to have sold a similar model in the last two weeks. In total, there were 736 pistols for sale on the site on Tuesday.
However, many of the guns offered for sale on DNMs are either scams or fake "honeytrap" listings created by law enforcement agencies.
In one of several sting operations in the last year, the UK's National Crime Agency (NCA) last year arrested Montgomery Byrne, a 31-year-old self-employed plasterer, who arranged to meet a DNM seller having agreed to buy a self-loading Glock pistol and 300 rounds for £1,300.
Instead, he was met at a service station by NCA officers and later pleaded guilty to nine charges. He is serving six years in prison.
In November, Darren Hillyer, 38, an IT manager, admitted conspiracy to import a firearm after posing as a woman called Emma to buy a gun and ammunition from a DNM. NCA officers intercepted the package, which he had persuaded an accomplice to pick up from a post office.
But there are cases when guns get through unnoticed by the authorities.
Liam Lyburd, a disaffected 18-year-old, successfully bought a gun from the Dark Web in 2014 and planned to shoot his former classmates at a college in Newcastle upon Tyne.
Police were tipped off about his plans to indiscriminately kill innocent teenagers hours before he was due to carry them out.
Lyburd spent £2,000 in bitcoin, the virtual cryptocurrency, for a gun to be shipped to him in four parts from the US, to avoid the attention of border police and customs officials.
Policing the Dark Web is a key concern for UK security services: In November 2015, the NCA and the GCHQ listening service launched a new unit in which officers from both agencies would focus on the Dark Web, particularly on child sexual exploitation.
A spokesperson for the NCA told BuzzFeed News in a statement that the Dark Web has become a way for legitimate, legal sales to become diverted into illegal channels.
"What we are seeing across Europe is the online sale of firearms has emerged as a key distribution channel for firearms diverted from legal sources," they said.
"Online forums and auction/advert websites are facilitators for the trade in illegal firearms in the UK, as well as in many European countries. The NCA assesses that most of the online trade in illegal firearms takes place on surface web platforms, with a smaller number taking place on the Dark Web."
But as for what the authorities can actually do to track and stop Dark Web criminals, experts warn that the traditional approach of trying to shut down the most popular cryptomarkets just won't work.
"WIth DNMs, the nature of supply has been democratised," said Jamie Bartlett, director of the Centre for the Analysis of Social Media at the Demos think tank, and author of The Dark Net.
"So I’m not surprised if the authorities are worried about this – but the question is whether some enormous international policing cyber-crackdown is the way forward, because I don’t see a big technological solution for this, such as shutting them [DNMs] down."
For Bartlett, more "old-fashioned" policing, such as creating undercover accounts and infiltrating the networks, will be more successful than just going on a "huge anti-Dark Web crusade trying to shut the whole thing".
"We have to come up with a solution that accepts that they exist in the same way that offline black markets exist and we know we can’t shut them down, we just police them to minimise the harm," he said.
In 2014, after a huge international police operation six months in the planning, more than 400 cryptomarkets based on the Tor network with links to illegal activity were shut down, including the infamous Silk Road 2.0. US Homeland Security worked with Europol and 40 investigators from across Europe.
More than £1 million in Bitcoin, the cryptocurrency favoured by DNM users, was seized. But illegal activity still continues on DNMs; from a buyer's point of view, not much has changed.
For Dr Luca Giommoni, an expert in illicit online markets at Cardiff University, a more effective approach would be to target individual sellers who have gained the trust of their customers. So it's not the network that needs to be taken down, but the relationship between buyers and sellers.
"Probably what law enforcement can do is act on trust and target the few, the small percentage of sellers who are growing, and systematically shut them down," he said.
"The reason cryptomarkets are still small is not because of the threat of law enforcement but the scams and the theft – it’s all about trust. So if law enforcement agencies are able to act on that trust and those few sellers who are very effective, maybe it could work."Deputy chief constable Peter Goodman, of Derbyshire police, National Police Chiefs’ Council lead for cybercrime, told BuzzFeed News in an emailed statement that forces across the country were increasing their resources to tackle dark web crime.
"The scale of cybercrime in the UK continues to grow and law enforcement must evolve to meet the threats posed by digital crime and the dark web. Our priority is to make the UK a hostile place for cybercriminals to target or operate," he said.
"Transforming our response to cybercrime and the dark web is challenging but it is a focus for investment in policing. Additional funding through the National Cyber Security Programme has supplied specialist investigators and protect officers at regional levels and there’s increasing evidence of forces supporting this with local cyber-capabilities."The NPCC are working closely with the National Crime Agency and other partners to develop effective processes at an international, national and local level to encourage cooperation and a focus on victim care."