To Catch a Criminal: Hacking into the Dark Web and International Law Implications

By Natalie Edmundson for

The “dark web” is fertile ground for criminal activity, nourished by ever-evolving technology presenting ongoing challenges for governments. In May 2017, in what is being regarded as the biggest cyberattack in history, a malicious software known as “WannaCry” targeted the U.K.’s National Health Service.[1] It has been reported that this malware affected over 200,000 people in 150 countries, including the U.K., China, Japan, and South Korea.[2] The attack took the form of “ransomware” – after seizing control of computers, the WannaCry hackers demanded $300 in bitcoin.[3] It has been reported that the hackers got away with $143,000 in bitcoin relating to ransoms paid from the WannaCry attack.[4] In addition to the Wannacry attack this year, Sony Pictures Entertainment was hacked by a North Korean group known as Guardians of Peace just before Sony’s comedy The Interview was to be released into theaters.[5] As a result, Sony’s internal data had been compromised, as well as personal information and emails relating to Sony employees. Additionally, information regarding unreleased movies was obtained and leaked online.[6] In response to the attack, President Obama signed an executive order imposing increased sanctions on North Korea that allowed the Treasury Department to block any North Korean official or agent from accessing its assets or entering the United States.[7]

In addition to the abovementioned attacks, millions of Americans were affected by the Equifax data breach that occurred earlier this summer. According to Equifax, “the hackers accessed people’s names, Social Security numbers, birth dates, addressed, and, in some instances, driver’s license numbers.”[8] The hackers were also able to obtain credit card numbers for about 209,000 people.[9] In all, approximately 145 million people were affected by the breach.

Governments are concerned not only with hackers that are taking advantage of vulnerabilities in large corporations and causing data breaches, but also with other illegalities that occur on the dark web including child pornography, dealings in firearms and wartime weapons, the sale and transport of narcotics, and human trafficking, to name a few. This post will examine how the U.S. government has taken steps to hack into the dark web to find the individuals responsible for the illegalities occurring on the dark web, including the crimes listed above. The post will further examine the international implications that follow government hacking and explore the ability of foreign states to cooperate to combat the criminal activity occurring within the dark web.

To understand how the dark web operates, it is important to understand Tor. “The system known as Tor (The Onion Router) was actually developed by the U.S. Government as a method of rerouting web traffic so that the originator could not be identified.”[10] The objective was to allow informants to communicate with their handlers in safety, which meant that the system need to be available in public. Government then handed the system off to a private nonprofit operation.[11] But Tor is one of potentially numerous anonymizing services on the dark web.[12] Because systems like Tor conceal the user’s location, it can be difficult for the government to locate the user unless the user makes a mistake. Thus, “a government’s best chance of identifying who is behind the crime and where he is requires tricking the target into downloading malicious code [termed NIT] that searches for location information on the target’s computer and sends it to the government.”[13]

The government’s hacking to find these criminals, however, has not gone without criticism. Ahmed Ghappour, a professor at Stanford Law School, just recently published a law review article concerning government hacking and the international law implications that follow. In his article, Ghappour asserts that, “Law enforcement’s use of hacking techniques to pursue criminal suspects on the dark web will result in overseas cyberexfiltration operations that may violate the sovereignty of other nations.”[14] It is true that sovereignty is an important consideration that any government should take into account when hacking into the dark web because the risk of following an electronic trail and ending up in a foreign state is high. The law of nations permits the exercise of criminal jurisdiction by a foreign nation in five circumstances: (1) acts with effects within the nation; (2) to protect the interests of the nation; (3) nationality of the offender; (4) nationality of the victim; and (5) universal jurisdiction.[15] The problem is that when the government starts hacking into the dark web, it does not know if there are effects within its own territory and it does not know the nationality of the offender/victim. Therein lies the problem – the very point of the dark web is anonymity.

The government would not know any of the aforementioned factors until it identifies a criminal transaction. Only then would the government know the nationality of the offender/victim, whether there are internal effects, or whether it involves universal jurisdiction. Professor Ghappour’s concerns are legitimate, but many nations have realized the importance of being able to find criminal offenders on the dark web. The more hackers adapt and bring about new devastations, the more nations will recognize the need to respond and prevent future cyber attacks. As a result of this realization, foreign nations have promulgated conventions that aim to prevent and stop cybercrimes.

For example, the Council of Europe has “promulgated a ‘Convention on Cybercrime’ that commits signatory nations to criminalize various acts of computer misuse and to extradite or prosecute offenders.”[16] More than 50 countries, including the U.S., are signatories to the EU Convention.[17] One of the ultimate goals of the EU Convention is to “pursue, as a matter of priority, a common criminal policy aimed at the protection of society against cybercrime, inter alia, by adopting appropriate legislation and fostering international cooperation.”[18]

In his article, Professor Ghappour emphasizes that violating state sovereignty could have consequences that the U.S. is not ready to handle (i.e., attribution, foreign prosecution, countermeasures, etc.) and that the U.S. would be violating state sovereignty by exercising law enforcement functions in the territory of another state without the consent of the other state.[19] However, as the EU Convention exemplifies, a multitude of countries have recognized the need to cooperate with foreign states to combat the evolving danger of cybercrime. As Orin Kerr points out in his article, “One government’s use of NITs [network investigative technique] to investigate crimes on the dark web is generally welcomed by other governments rather than feared.” Professor Kerr gives the Playpen investigation as an example of the cooperation between foreign nations.

Playpen was a child pornography website available only on the dark web that had over 100,000 unique user accounts. An NIT installed by the United States pursuant to a warrant ended up searching over one thousand computers in many different countries. That led to further investigations and hundreds of arrests around the world.[20]

Professor Kerr also points out that the U.S. government is not hacking unilaterally.

Europol recently used an NIT to search the computers of visitors to a dark web child pornography site called The Giftbox Exchange. The Australian government recently used a phishing attack to hack the computers of visitors to a dark web child pornography site called The Love Zone. In at least one known instance, the Australian government hacking broke into computers in the United States. There is no sign that the United States government or the American public was offended by the foreign search. To the contrary, United States authorities picked up the investigation and brought domestic criminal charges based on the foreign government hacking.[21]

The examples mentioned above are just a few examples that demonstrate the international cooperation between nations to combat cybercrimes. Thus, it appears that Professor Ghappour’s concerns regarding violating state sovereignty are not as worrisome as he makes them out to be. However, his concerns may be very legitimate if the U.S. electronically invades a foreign state that is not a signatory of the convention and is not cooperative in the efforts to combat cybercrime. That foreign state would, at this point in time, be North Korea.

Many of the most recent cyberattacks throughout the world are rumored to be connected back to North Korea and the United States’ relationship with North Korea is volatile. Hence, if the United States is hacking into the dark web to catch enemy hackers, it may be very likely that the U.S. could find itself in North Korean territory. The outcome of that particular situation (if/when it occurs) still appears to be unknown. If the United States unwittingly winds up in North Korea’s territory via the web, Professor Ghappour’s concern about retaliation and countermeasures may very likely become reality. However, if the United States is purposely attempting to track and take down known North Korean hackers, the actions of the United States may be justified under the principle that the United States may exercise criminal jurisdiction based on the effects within the nation and to protect the interests of the nation.

In conclusion, as with many areas of international law, enforcement strategies are political as well as legal. International cooperation and understanding are critical to achieve the shared goal of combatting cyber crimes. However, catching cyber criminals in countries where there is an international treaty or agreement is not the problem. The problem is that some of the most pervasive cyber crimes today are originating in countries in which there is no reciprocal agreement, such as North Korea. Thus, the United States and other cooperating countries need to tread lightly to ensure that state sovereignty is not violated regarding the nations that are not signatories to international conventions regarding cyber crimes. Otherwise, we may subject ourselves to foreign litigation or retaliation.

Natalie Edmundson is a 3L from Tooele, UT. Edmundson loves Criminal Procedure and hopes to one day become a Deputy District Attorney.  


[1] Browne, Ryan. “UK Government: North Korea Was behind the WannaCry Cyber-Attack That Crippled Health Service.” CNBC, CNBC, 27 Oct. 2017,

[2] News, CBS. “Unprecedented Wave of Cyberattacks Sweeps the Globe.” CBS News, CBS Interactive, 15 May 2017,

[3] Leefeldt, Ed. “Hacker’s Paradise: Secrets of the ‘Dark Web.’” CBS News, CBS Interactive, 17 May 2017,

Bitcoin is a digital currency that is commonly used on the dark web.

[4] Browne, Ryan. “UK Government: North Korea Was behind the WannaCry Cyber-Attack That Crippled Health Service.” CNBC, CNBC, 27 Oct. 2017,

[5] Grisham, Lori. “Timeline: North Korea and the Sony Pictures Hack.” USA Today, Gannett Satellite Information Network, 5 Jan. 2015,

[6] Id.

[7] Id.

[8] “The Equifax Data Breach: What to Do.” Consumer Information, 5 Oct. 2017,

[9] Id.

[10] McCormack, Wayne. “International Criminal Law: Cases and Materials.” International Criminal Law: Cases and Materials, West Academic Publishing, 2015, p. 446

[11] Id.

[12] Orin Kerr, Government Hacking to Light the Dark Web: What Risks to International Relations and International Law? 70 Stan. L. Rev. Online 58, 59 (2017).

[13] Id.

[14] Ahmed Ghappour, Searching Places Unknown: Law Enforcement Jurisdiction on the Dark Web, 69 Stan. L. Rev. 1075, 1135 (2017).

[15] McCormack, Wayne. “International Criminal Law: Cases and Materials.” International Criminal Law: Cases and Materials, West Academic Publishing, 2015, p. 30

[16] Id. at 448.

[17] Chart of Signatures and Ratifications of Treaty 185. Treaty Office, Council of Europe ,

[18]Council of Europe. “Convention on Cybercrime .” European Treaty Series, 185 ,

[19] Ahmed Ghappour, Searching Places Unknown: Law Enforcement Jurisdiction on the Dark Web, 69 Stan. L. Rev. 1075, 1083 (2017); Restatement (Third) of the Foreign Relations Law of the United States § 432(2).

[20] 70 Stan. L. Rev. Online 58, 63 (2017).

[21] Id. at 65.