Welcome to our IRS presentation, "Understanding the Basics of the Dark Web." We're glad
you're joining us. My name is Philip Yamalis. That's the name tied to the face on this slide. I
am a stakeholder liaison at the Internal Revenue Service, and it is my pleasure to be your
moderator for today's web conference. Ladies and gentlemen, today's web conference will
last 120 minutes. Before we begin this presentation, I'd like to ask that if you are with the
media, to please send us an email message at the address provided on this slide. That address is
SBSE.SL.Web.Conference.Team@iRS.gov. In your email, please include your contact information and
the news publication that you're with. Our team of media relations specialists or stakeholder
liaison staff can assist or answer any questions that you might have. So, here we go. This
slide, again, gives you some information if you have technology problems today. Let me highlight
a few, because it could happen to you. Again, audio for today's webcast will be available through your
computer speakers only. Technical help document is available to you if you have problems. And
I'm going to tell you how to access that on the next slide. If you don't have the gear icon that
you see on this slide, use a different browser to launch and view the web conference. Here
are some instructions to select the flash instead of HLS. You might have received today's
materials in a reminder email. If not, no worries. You can download the PowerPoint in PDF
format, as well as the technical help document that I referred to. This can assist you if you
experience technology issues, you'll have both right in front of you. To download, click on the
materials button on the left side of your screen. Now, if you've done everything that you
can and you're still having trouble hearing the audio through your computer speakers, I'm glad to
tell you that closed captioning is available once the presentation begins. Click CC button on the
left side of your screen to access it, and then you don't have to worry if you can't hear me.
You'll be able to read what I'm saying, or what our presenter is saying. If you have
topic-specific questions for us today, please submit them by clicking on the "Ask Question" button
on the left side of your screen. Many of you got to practice using this feature during our
chatting session, and we appreciate that. Now, if you have a question during the web conference,
please enter it in the text box, and then simply click submit. Please, please, please do not
enter any sensitive or taxpayer specific information. We can't stress that enough. Most likely,
the presentation content will cover your questions, so we ask that you wait for your specific
topic to be addressed before submitting your question. And as you can see, we pull from
those questions throughout the conference, so ask them -- feel free to ask those questions as you
need to. Now, we may not be able to answer all the questions submitted during this web
conference, but we will answer as many of them as we have time for, and we have some time built
in. We really do appreciate the questions you asked us, because they certainly help us ensure
that we have relevant information on IRS.gov for you. Finally, we're going to take a few
breaks during the presentation to share some knowledge-based questions with you. At those times, a
polling feature will pop up on the screen with a question and some multiple-choice answers. You
should select the response that you believe is correct by clicking the radio button next to your
selection, and then simply click submit. As a note, you might need to turn off your pop-up
blocker, pop up blocker, to receive these questions. So, if you're not seeing the questions when I ask them,
simply get in there and turn off your pop-up blocker. If you do not get the pop-up box
for responding, then you can enter your response timely in the Ask Question feature so that we can
track your participation. Okay, folks. Now it is certainly my pleasure to introduce our presenter
for today's web conference, Mr. James Daniels. James is a special agent in the IRS criminal
investigation division. He's been a special agent since 1995. During this time, he conducted
complex financial investigations involving tax evasion, bank secrecy, structuring, money
laundering, narcoties, identity theft, and cybercrimes. And folks that's not all. He's also conducted various
complex fraud investigations, including tax, healthcare, bank investigations, bankruptcy, wire and
mail fraud. James is the current program manager for cybercrimes in the IRS criminal
investigation division, and he's responsible for the program areas not only with virtual currency,
but today's topic, the Dark Web. Jim, let me turn it over to you. Looking forward to a
great presentation once again. JAMES DANIELS: Thank you very much, and thank you for
having me here today. I will mention at first that we will have time in the Q&;A later to answer
questions regarding virtual currency that I think were left unanswered in the first presentation,
so we should have time at the end for that. All right. So we're going to jump into and
start talking about the Deep and the Dark Web. This graphic here shows kind of a representation
of what's out there in terms of the Internet. And quickly, what this shows is that the Surface
Web, which is the place that most people are used to and go majority of the time is at the very
top. Down below with Deep Web, in order to gain access to that, these are private databases
and password protected sites. Within the Deep Web, we've got the Dark Web, which is only
accessible via special software; and is intentionally hidden and anonymous. So let's dive into
each one of these a little bit more. So, the Surface Web. This is accessible via normal
browsers that you're used to. Explorer, Firefox, Chrome. And they're the normal websites you go
to. Google, Yahoo, Facebook, those kind of places. It's been part of the worldwide web since the first
browser was introduced in 1990 and it's a thing most people are familiar with. Anything you can discover through your
Internet browser using any of the main search engines is what you get access to. This is
where you read about the news, buy something on Amazon, or visit any of your daily sites. It's
also an area of the web that's under constant surveillance by governments across the world.
Everyone has access to the Surface Web. There's nothing there that's protected. The
interesting note is this only makes up 5% of the total Internet content that exists today.
Estimates suggest the Deep Web could be anywhere from 500 to 5,000 times larger. In perspective,
there are roughly 20 terabytes of data and roughly one billion documents on the Surface Web,
compared to 7,500 terabytes of discovered data and almost 6 billion discovered documents in the
Deep Web. So, let's talk about the Deep Web. The Deep Web is part of the web at its
conception. In its basic terms, it's an opposite of the surface has it has anything that search
engines cannot find. The key difference between the two in real data terms, sites on the surface
in it are indexed for search engines to find, like Google. But the Deep Web is not indexed.
However, both are accessible by the public; they just require different methods to access them.
Usually, a specific password, encrypted browser, or a set of log-in details. The Deep Web
contains the Dark Web, and it isn't as bad as it sounds. But without it, we wouldn't be able to
It is this need to keep files that gave a rise to the need to keep a portion of the web secure and use the Internet as we do today. The Deep Web contains all of our medical records, financial records, social media files, and plenty of other information we want to and need to keep secure.
away from the, quote unquote, Googled at the whim of anybody at any time. A good example is
when you have to either generate a PIN number or have memorable information to enter across bank
accounts often online. This information is stored in the Deep Web, and you have to use details
like passwords and those kinds of things to allow you special access. But as you can see
it, and you do still have access to the Deep Web, and it isn't that entirely illicit dangerous
part of the web that it's often confused with. Which is what the Dark Web is. So the Dark
Web is part of the Deep Web. But its major difference is that it has been intentionally hidden
and is inaccessible to normal web browsers. The technology to create the Dark Web was initially
created and is still funded by the U.S. military researchers since the mid 1990s. And the reason
was, it was to allow spies and intelligence agencies to anonymously send and receive messages.
It's named The Onion Router, and was quickly coined the shorter term Tor, T-O-R, with its name coming from the application layer encryption within a communication
protocol stack. Basically, it represents layers of an onion in terms of encryption. If the
military unit built it, why is it accessible to anyone with the right tools? Well, the strategy
was to release the Tor into the public domain with simple logic. You can't hide messages if
there's nothing to hide them behind. Therefore, if more people have access to send anonymous
messages, it's harder to find -- for counterintelligence agencies to discover these messages.
So the government opened it up to allow others to use it so they could use it to send
messages back and forth, things that they didn't want governments to know or other people to know.
Another perceived benefit was to help people in nations where they seemed to be oppressed.
With impossible freedom of speech laws to allow the voices freely where they cannot be tracked and
punished. A good idea in theory. However, it has been primarily filled with crime and the
ability to find these criminals is extremely difficult. Which is what the entire process and
point of the Tor project was, was to make it impossible to find who's communicating out there.
Let's take a look at the usage of the Dark Web from a global perspective. As you noticed in
the graphic here, there are a lot of numbers of people using it in European countries and in Asia.
And it doesn't necessarily represent that this is where crime is occurring or those kind of
things, but basically, this is just a representation of the users accessing the anonymous Internet
that we're going to talk about today being the Dark Web. Now, one of the things I want to
talk about is what kind of services or what is out there on the Dark Web? And one of the big
things, just like most things on the Internet, is pornography. But, in this case with the Dark
Web and it being anonymous, unfortunately, we see a lot of child pornography out there, and child
exploitation. It's done out here because of the anonymity of the Dark Web, because it's difficult
to find and track these people. The other thing we have is pharmaceuticals. People will
end up selling extra medication that they've got out on the Dark Web, and doctors will end up
selling medication that they get access to at a significant profit. People who aren't
allowed to buy weapons or want to buy weapons that aren't necessarily allowed where they're at,
this is where they can get them. There are blogs out there that talk about how to commit
crimes. The blogs that go through and talk about ways to commit fraud, ways to commit identity
theft, and even how to steal from the government, how to file false tax returns, and even commit
other violations. There are financial fraud sites that specifically go through and show
users how to go through and look for identifying information on people, and a system in exploiting
the financial industry. There's a significant amount of drugs that can be purchased out on the
Dark Web. Fake documentation services where you can get passports created and/or driver's license
information created. There are carding sites where you can take credit card information and
have them encoded onto new cards, or get access to other people's account information. So,
why don't we go ahead and do our first polling question. PHILIP YAMALIS: That sounds
good to me there, James. Our first polling question is: What type of activities occur on the Dark
Web? Okay. What do you think the correct answer is? Is it A, drug sales. B, weapons sales. C,
money laundering. D, all of the above. I think we're going to get 100% correct here. Let's take
a minute, click on the radio button you believe most closely answers this question. What do you
think the correct answer is? Is it: A, drug sales B, weapon sales C, money laundering or
D, all of the above Take a few more seconds here. Okay, let's stop the polling now.
Share the correct answer on the next slide. And the correct answer is -- drum roll, please --
there it is. D, all of the above. Drugs, weapon sales, money laundering, as many of those that
occurred on that slide that Jim gave us, all occur on the Dark Web. Well, 95% of you responded
correctly, so, James, let me turn it back to you. JAMES DANIELS: All right. Sounds
good. So the question is, how do people access the Dark Web? Well, actually, it's not very
difficult to do. It requires special software that needs to be run on your computer, and one of
the ways you can do it is a software by the name of Tor, which is free software enabling anonymous
communication. The name is derived from the acronym of the original software project called The
Onion Router. Another component to use with this is a software program called Tails, which
relies on the Tor anonymity network to protect your privacy online. All the softwares configured
to connect to the Internet through Tor. If an application tries to connect to the Internet
directly, the connection is automatically blocked for security. This is one of the things that
Tails provides for you. Tor is an open and distributed network that helps defend against
traffic analysis, a form of network surveillance that threatens personal freedom and privacy,
confidential business activities and relationships, and state security. So it's specifically
designed to anonymize your communication and it's specifically designed to stop others from
attempting to find out what you're sending out to the Internet. Tor protects you by
bouncing your communications around a network of relays, which we'll talk a little bit more about
in a minute. But it prevents somebody from watching your Internet connection and learning what
sites you visit. And prevents the sites you visit from learning about your physical location.
With the Tor, you can be anonymous by hiding your location. You can connect to services that
would be considered censored otherwise. You can also resist attacks that block the usage of
Tor using circumventing tools such as bridges. To learn more about Tor, you can go to their
official website. Tor can be downloaded and installed by anyone. It is free. One of the ways
that people use this in conjunction, Tails and Tor, basically allows them to install all of
these software tools onto a single thumb drive, which then effectively leverages your computer to
not route any of the information to your hard drive and hides and secures who you are. This is
just another level of security that can be done. Now with this, all of these things that I've talked
about, none of this protects you from malware or ransomware. It just stops the identification of the communication that
you're doing, not preventing the potential malicious code and/or viruses to your computer.
So, how does Tor work? Tor connects directly to the Internet through a free worldwide
volunteer overlay network that consists of more than 7,000 relays to conceal users' location. The
intent of Tor's use is to protect the personal privacy of their users. Tor does not prevent an
online service from determining when it's being accessed through the Tor, but it protects users'
privacy. But it does not hide the fact that someone is using Tor. Some websites restrict
allowances through Tor. There are several websites that will block connections from Tor.
Onion routing is implemented by encryption in the application layer of the communication protocol stack. Nested like layers of an
onion, Tor encrypts the data, including the next node destination IP address. Multiple times it
sends it through a virtual circuit comprising of successive random selection Tor relays. Each
relay decrypts a layer of the encryption to reveal the next relay to go to. The final relay
decrypts the most inner relay, and tehn sends the original data to its destination without revealing or knowing the source of the
original IP address. Because the routing of the communication is partly concealed, at every
hop in the Tor circuit, the method eliminates any single point at which the communication peers
can be determined through network surveillance that relies upon knowing its source and
destination. And these Tor nodes that are out there are just volunteer computers. Once you
install Tor onto your computer, you can decide if you want to become part of the Tor network and
make your computer a Tor node. Because IP addresses of the sender and recipient are not
both in clear text at any hop along the way, anyone eavesdropping at any point along the
communications channel cannot directly identify both ends. Furthermore, to the recipient, it
appears that the last Tor node, called the exit node, rather than the sender, is the originator of
the communication. So in our example here, with Alice sending this information, Jane believes
it's coming from the last computer and has no knowledge of Alice. This allows Alice to be secure
in her communication. Now, you can use this communication not just to get to the Dark Web,
but it can also be used to just go to the surface websites as well. So if you wanted to conceal
where you were coming from to do searchs, through Google or through other websites, then you could
use Tor to conceal where you're coming from. Now, it does make your communication slower, so it's
not as fast as your normal Internet. But, again, depending upon the level of security you want to
use, this is one potential way to do it. So let's look a little bit more into the Tor
browser itself. When you open up the Tor browser. It is based upon Mozilla's Firefox, and is
preconfigured to protect your anonymity. It does this through plug-ins that it ueses directly for Firefox. Now again it does not protect your
computer from malware or viruses or anything like that. Once you open up the Tor, you can
click on the link shown here, and then that will take you and open up and show you what your IP
address appears to be. Now, on this slide, your IP address is shown in the middle. I've got it
circled in red. If you were to open up a browser that was not using Tor, this IP address would be
different. Again, this is important if you're attempting to conceal where you're at or where
you're trying to communicate from. A good example would be, you know, you coming from a
different address, house address, than the one that you actually live at. You can say one, but
you're actually at another. It just allows another relayed node in between. So then that way,
whatever website you go to, this is where it will appear to be coming from, even though you aren't
actually coming from that location. Now, in the upper corner, there is a little onion, part
of this Tor browser. If you click on that, that will actually take you to the notification of
where your relays are going. And on here, you can see that the browser is connecting through
three different hops. One goes through France, then through Germany, and then through the United
States. So these are the connection Tor nodes that you're actually hitting when you're going
through this particular Tor connection. Now, this one here, if I was attempting to make it look
like I was coming from the United States would be the one that I would want. But if I did not
want this particular communication link to make it look like I was coming from the U.S., I could
click on the very top where it says new identity, and it would give me three brand-new Tor nodes
that I would go through. And I can keep clicking that as many times as I want to get the actual
connection that I want. You can also close down this software itself and reopen it, and
that would give you a new connection as well. So depending upon the level of security that you're
looking for would depend upon how often you would redo this identity. And I think we've got
another polling question. PHILIP YAMALIS: Yeah. This is -- I think you're right. So,
okay, audience, I hope you're ready. I know we got a little bit of panic after the first one. It
seems like something is going on with the system that caused some of our participants to get an
error message when submitting their poll responses. So, I want to let you know that as long as
you submit the response through the Ask Question feature, you're good. So if you get that error,
just send your response through the Ask Question feature. So, here's our second polling
question. Is the Dark Web -- or the Dark Web can be accessed through which web browser? What do you
think is the correct answer? Is it: A, chrome B, Firefox C, Tor or D, Explorer
Take a minute, click on the radio button. If you click the radio button and you submit it and you get an error message, just simply put
your answer in the Ask Question feature. Think the correct answer is A. Chrome, B. Firefox, C. Tor, or D. Explorer. I'll give you a couple extra seconds just in case
there's that error. Okay. We'll stop the polling now. Let's share the correct answer on the
next slide. There it is. The correct response is C, Tor. And I'm seeing that 76% of you
responded correctly. Maybe that could be because of the errors we're receiving. Jim, just in
case, why don't we clarify that a little bit and explain why Tor would be the web browser that we
use. JAMES DANIELS: Correct. So, Tor is the component of the web browser that you
actually need to use itself. Firefox is the software that it sits on top of. Chrome and Explorer
are just normal web browsers that do not allow access to the Dark Web. So if you don't have Tor,
then you can't get access to the Dark Web based on this answer. Now, there are a couple other
pieces of software that do the same thing that Tor does, but in this particular example, Tor would
be the correct answer. PHILIP YAMALIS: So if I'm petrified of the Dark Web and I've got
Chrome and Explorer on my computer, I don't really have to worry about accessing the Dark Web because I'm
not going to be able to put Tor on there, unless I use that special software. JAMES
DANIELS: Correct. If you don't have the special software, you can't get to the Dark Web. Kind
of like if you've got Microsoft Word document. If you don't have Word, you can't open it. Now,
you may have another piece of software, maybe Google has a piece of software that can open up a
Word document or Office can open it up, but you have the right software in order to get to it.
PHILIP YAMALIS: Got it. Why don't we continue and talk about searching the Dark Web.
JAMES DANIELS: All right. So, getting into the Dark Web and actually looking around, you
have to go to something other than Google. And there are a couple of websites that are out there, and I say websites,
these are dark websites, that you would go to. And one distinction, you know whether you're on a dark
website or a regular website would be the address of the website itself. The .onion at the very end
distinguishes a dark website from a regular website. Normal websites have on a .com, .org, .info, etc. Dark net websites have a .onion address and agian that onion is for that layer of that encryption.
That's what it's referencing in terms of the onion layers. So in here, you've got the
Onion URL Repository. And basically, it's a massive index of over a billion page results and it doesn't have a
limitation on the type of information it holds. Another one would be the Uncensored Hidden
Wiki sites. Again, this is another website that has an uncensored collection of links and
articles over the site's history, and they've included links to information on criminal activities
from drugs to child pornography. There are still links to graphic content and illegal sites
can be found on there. The NotEvil website is a search engine that allows users to skip over any
ads or any other information and specifically get to what they're looking for and kind of acts
like and mimics Google. ParaZite is another search engine that works on the Deep Web. It
has basic useful features to allow people to get around. Now, one question usually comes up, why
is the Deep Web search not available from Google? Well, the primary reason is Google doesn't
provide Deep Web content, in that this content is not indexed with regular search engines. Hence,
search engines will not show the results, or crawl to a document or file, which is unindexed by
the worldwide web. The content lies behind HTML forms, which is the basic storage mechanism of
web pages. Regular search engines crawl and searchs are derived from the interconnected servers
that they have access to. And again, only 4 to 5% of the internet content is actually visible to the general public. The other 96% is hidden behind the Deep Web. So, let's take a
look at one of these search type engines. One of the ones that used to be in existence out there
and now no longer is is called Grams. A lot of these websites come up and down all the time. But in this particular example, I just
went to the search browser and typed in cocaine. And when I hit the search engine, it came up
with various number of Dark Net sites that allow me access to purchase cocaine in various amounts,
sizes, and from different locations. So, depending upon where I wanted to get it shipped
from or depending upon the volume or the amount I wanted, I've got the ability to use these type
of search sites to go out to the Dark Web. So a lot of these sites aren't openly
accessible. There isn't just a place to go and look them up. So, some websites have popped up,
and one of them here is called the deep dot web. On here, they give you a list on the Surface Web
of a lot of things that are happening out on the Dark Web. Where to go. Websites you can go to. Marketplaces you can go to, and blogs
and forums that you can join. They also have a equivalent of a .onion address, which you can see and
hear that they give their deep.dot.web onion address on there as well. And if you can go and access it through the onion address, you can directly link to these websites while
you're in the Dark Web. It's also a new site dedicated to events in and surrounding the
Dark Web, featuring in-depth interviews and reviews about dark net markets, Tor hidden services,
legal actions, privacy, bitcoin, and other really big news. So, let's take a look at some
of the Dark Net markets. I"m going to describe basically what a dark net market is. What it is, it's the equivalent of Amazon, but in the Dark Web. So, if
you wanted to use Amazon to go and buy a set of speakers for your computer, you would open up
Amazon and type in what you were looking for. Computer speakers. And you would get a series of
customers who are willing to sell that product to you. You can browse and see the prices, the
types, how much they're willing to sell it, if there's shipping costs. The Dark Web has the exact
same thing. And your equivalent is called a Dark Net market. And these Dark Net markets do the
exact same thing that Amazon does. But, their categories are a little bit different. As you can
see on this page, you can browse for categories for fraud, drug and chemicals, guides and
tutorials, counterfeit items, jewelry and gold, weapons, et cetera. So, categories are
different than what you would see on Amazon, but the look and feel are the same. Even on this
page here, you can see postings for particular featured items. Now out on the dark web, people
don't operate under their normal real name. That's why they've got here. They're here because
they want to be anonymous. So when they're there, they have a user name or a user handle to go
by, and they come up and make a fake name. In this particular example, we've got a user name of
angrydragon007. And with that, this person now can operate underneath that name. And everyone
out on the Dark Web knows them as that name, and that's the name that you operate under, that's
the name you communicate with, that's what you buy under, and that's what you sell under. And the
main reason is, people want to have confidence in who they're dealing with. They may never have
met this person in real life, but, in operating underneath this name now, now they can go out and
see, hey, who is this person? This is the person I want to communicate with. I don't know who
their real name is. I don't know where they live. But I know and possibly can trust this person
to interact with and do transactions with. And a lot of these websites that are out there allow
you to basically rate the transactions as well. So, if I want to buy some heroin, and I
click on this, I would look at what kind of rating that this person had, and they would either
have four or five stars, just like you would see on Amazon. It's no different. And the main
reason why they want to do that is if somebody starts to get bad ratings because they're now
sending out what they had promised, then nobody's going to transact with them. So, it is a
self-sustaining market that works because of the anonymity and for this feedback. So this type of
website basically allows for people to do anything that they want. Now, this AlphaBay
Market is no longer active. It was taken down by law enforcement. On July 20th of last year. It
was a globally coordinated operation between law enforcement agencies worldwide. The United
States Department of Justice announced the takedown of AlphaBay and Hansel Marketplace at the same
time. It offered a bunch of different listings, including illegal drugs, firearms, and stolen
personal identifying information. Payment was regulated using bitcoins. And that's another
significant thing with these types of Dark Net marketplaces, is they don't take credit cards.
They take virtual currency. And they take different types of virtual currency depending upon what's
being sold. So, if it is a transaction for some PII, which is personally identifiable
information for someone else, maybe that particular seller will only take bitcoins. And so you
would then transact with this person using bitcoins rather than real money. Other vendors may
only take Manero or Ethereum. And so depending upon the type of payment that they'll take will
depend upon how you conduct that transaction with them. No different than what you see out
on Amazon or e-Bay or something else like that. E-Bay may say, hey, we'll take Paypal, we'll take
credit card, but we won't take checks. This operates the same way, but it's with virtual
currency. They also have escrow accounts as well to protect buyers and sellers. It would
allow you to go in and basically make a payment, and the escrow company on the Dark Web would hold
that until you agreed that, yes, I got this, and now I feel comfortable releasing the money. So
there's also that set in there as well that helps protect both sides, if you will. So I'm
going to talk a little bit more about the AlphaBay Market takedown. So AlphaBay was reportedly
launched in September of 2014. At the time, it had about 14,000 new users in the first 90 days of
operation. Dark Net informal website placed AlphaBay Market at the top tier of the markets in
the first six months that it had been operating. In October of 2015, it was recognized as the largest
Dark Net market according to Digital Citizens Alliance. In May of 2015, the site announced
an integrated digital contracts in escrow system, which I had talked about. October of 2015, it
had over 200,000 users. And by the time it was taken down in July of 2017, it had over 400,000
users. AlphaBay was known in the world of dark markets for accepting other currency
types other than bitcoin. It had support for Manero and other types of crypto currency.
Some interesting articles that came out about AlphaBay Market were, in March of 2015, AlphaBay
made the news for selling stolen Uber accounts. Uber had made a statement regarding the potential
data breach. We investigated and found no evidence of a breach. Attempting to fraudently access or sell accounts is illegal and we notified the authorities about this report. It's a good opportunity to remind people to use strong unique user names and passwords and avoid re-using
credentials across multiple sites and services. In 2015, London-based telecommunications
company, TalkTalk, sustained a major attack. The stolen data was put on sale on AlphaBay, which led
to the arrest of a 15-year-old boy who had done the hack. In December of 2015, a website
called code breaker released a podcast describing shopping experience on the marketplace. The
podcast talked about purchasing illegal items on the marketplace such as pharmaceutical drugs.
The UK based media outlet Daily Mail pointed to the marketplace that might be linked to the
Russian Mafia. According to the UK-based media outlet "Daily Mirror," it's administered in Russia
By July of 2017, AlphaBay was ten times the size of its predecessor Silk Road, which was and has a Russian computer server. Expert claims it has links to the country's Mafia and has proven impossible to shut down.
taken down in October of 2013. Silk Road was also taken down by the United States as well.
It had over 39,000 listings, 400,000 users, and was facilitating between 600 and 800,000
transactions per day. By the time the first service began, Diaz used his hot mail address, and
this would be Alex, the main organizer of this particular Dark Net marketplace. And this is how
we as the United States ended up figuring out who this was. He had used a pseudonym to run
the sites, which he had previously used in other carding forums in 2008. This is where it comes
into when I was describing before about when you pick a user name, everyone sticks to it on the
Dark Net market sites, because if you move and change user names, you have to rebuild up your credibility.
Diaz's laptop reportedly contained unencrypted personal net worth tapping to all of his global assets
across jurisdictions at the time he was captured. He also had servers which contained multiple and consistently
unencrypted crypto currency wallets. That's where the majority of his profits went. Assets were
liquidated through proceeds were held in a variety of accounts directly related to Diaz's wife and companies
they owned in Thailand, or directly held in personal accounts in Liechtenstein, Cypress,
Switzerland, and Antigua. The statements about the goal on his site that he launched in 2014 and his goal was to become the largest e-Bay style under
world marketplace. In May of 2017, law enforcement was active on the site. In June, a
warrant was issued by the United States and the eastern district of California for racketeering,
narcotics, identity theft and access to {indiscernible}. Transferring of false IDs, trafficking illegal device, and making equipment and conspiracy to commit
money laundering. A warrant was issued for his arrest in Thailand by the end of June. In
early July of 2017, Canadian police raided a company in Montreal. It was his company and it was
the reported location of the physical servers as well as two residential properties. He was
arrested in Bangkok at his dwelling in a district which was searched by the royal Thai police police with the help of FBI and DEA. He expectedly
committed suicide while he was in custody of the narcotics division in Bangkok. His wife has
also been reported to be charged with money laundering, and by the end of July, the site was shut
down. So that's just one example of one of the investigations that we end up doing. There
were many other sites that we have taken down, but AlphaBay was one of the main ones. Why
don't we go ahead and go to our next polling question. PHILIP YAMALIS: I don't know,
I'm too petrified. [Laughter] Sure thing. Let's do it. Let's do it. So, our third
polling question for this afternoon is: What is the name of a Dark Net market? Okay. What do you
think is the correct answer? Is it -- A, Amazon B, Google C, AlphaBay D,
Ethereum Take a minute. Click on the radio button that you believe most closely answers
this question. If your radio button isn't working, click on the Ask Question feature and submit
your answer there. All you need to do is submit either A, B, C, or D. . Is it A, Amazon; B, Google; C, AlphaBay; D, Ethereum. Okay. All right.
Let's stop the polling now, and we'll share the correct response on the next slide. And the
answer is, C, AlphaBay. Yeah, 93%, James, of our audience responded correctly. You know,
this is very sober -- very interesting, and I must say sobering information. You know, for the CPA that's
out there wondering the connection to what we do through tax and investments, will this be part of
the discussion as well, or is this presented to help us understand what's out in the Wide World
Web? JAMES DANIELS: It's a combination of both. We've got the, this is what the Dark
Web is and this is what happens out there. And the connection to the CPA and the tax -- because,
again, I'm a criminal investigator with the Internal Revenue Service, and all of these things
impact tax administration and the collection of the appropriate taxes that need to be paid. All
of these industries are taxable when you talk about drugs and money laundering and all of these
things. If there's a profit being generated, it has to be taxed as well, in addition to it being
money laundering. Now, from the CPA perspective, the biggest thing to take away is this is
where the CPAs and small businesses, they get hit and they get hit hard. So, what we have seen
and we've been working on is there are websites out there that are specifically dedicated to
supplying access to CPA firms and tax preparation companies and their service. PHILIP YAMALIS: I'm going
to ask that you move a little closer to your microphone, because you seemed to fade out there just
a little bit. JAMES DANIELS: Oh, okay. All right. How about that? PHILIP
YAMALIS: Oh, that's much better. Thank you. JAMES DANIELS: Sounds good. So what
we're seeing out there is the identity theft that's occurring. Is that we are having the
malicious software that's out there is being downloaded inadvertently or intentionally onto
computers' machines. And when that happens, it gives access to that particular computer. And
CPAs and tax preparers, they're the ones that have the majority of the information. So I'm going
to get in and talk in a little bit more depth later about that. But that's going to be the
connection to the CPA and the tax preparers that are out there, is knowing what is out there on
the Dark Web, knowing what occurs out there, and that you're subject to your information being out
there as well because it either was stolen or captured at some point in time. PHILIP
YAMALIS: And I'll tell you, James, as stakeholder liaison, we are usually the first source of that
tax practitioner that calls the IRS that says, hey, looks like I've been hacked. Looks like some
of my client's info has been stolen. Well now you know where it goes when it's stolen. I'm glad
you're going to get into that just a little bit more. So, thanks for that. Okay. So we
got through our polling question. Why don't we continue on the next slide. JAMES
DANIELS: All right. Sounds good. The next thing I'm going to talk on a little bit here is the
opioid crisis. And the reason why I'm touching on these other avenues of crime that are occurring
out there is these things are what are supporting the other type of financial crimes that are
occurring. In addition to PI being bought and stolen, in addition to tax returns being captured,
a lot of the support -- PHILIP YAMALIS: You said PI, personal identification, right?
Personally identifying information. JAMES DANIELS: That's right. PII, personal
identifying information. A lot of that is being done specific to help and support different
drug habits like the opioid crisis that's going on right now. So I'm going to quickly touch on
that, what's occurring out on the Dark Web right now. We as federal agents, both with the
IRS and DEA, FBI, are working with HSI, which is Homeland Security Investigations, to help combat
this opioid crisis. And we're seeing that pop up more and more on the Dark Web itself.
With this, the root causes of the current crisis are complex. And one of the solutions federal
agencies have developed and implemented to help stem the tide of opioids coming into communities
is relatively simple and straightforward. Leveraging the unique authorities and broad resources
of HSI to disrupt, dismantle, and defeat the transnational criminal organizations and disrupt
networks responsible for the current crisis identifying and targeting upper echelon traffickers,
seizing their assets, and holding them accountable for the destruction they are responsible for.
To accomplish this, HSI is determined to target these individuals along with other federal
agencies, wherever they are located, including in the deep recesses of cyber space. As a
result, those who traffic in opioids, particularly within the Dark Web, are a top priority of the
federal agencies. Dangerous and often fatal substances such as Fentanyl and other synthetic
opioids as well as heroin and illicitly obtained prescription opioids are increasingly being distributed online via the
Dark Web, requiring new and innovative technologies that law enforcement must implement. So
the other thing to remember with this whole opioid crisis and everything that's going on, this all comes
back to money, and allowing money that's being transacted on the Dark Web, almost all of it is being done through
virtual currency. And this is the other avenue that [indiscernible] comes into, is there is a
very large subset of people that are using virtual currency to conduct illegal activities.
So, if you're a CPA and you have a client that is involved in this type of activity in terms of
operating with virtual currency, it may be worthwhile to inquire as to what are they using it for.
Because some of this virtual currency is being used in the Dark Web for illegal activity.
Let's go ahead and go to the next slide. This is a package -- a picture of a package of opioid
type material and drugs that are being delivered through the postal system. And one of the ways
that you can do this in terms of this information being -- the drugs themselves being moved
through our postal service is because of the Dark Web. The Dark Web through these Dark Net
markets are allowing these dealers to set up and have complete distribution systems set up to go
from where they're being either made out of the country and/or from illegal prescriptions in
doctor's offices and other ways, because leveraging the Dark Web and the anonymity of it that it
allows, allows for this type of activity to occur. Okay. Let's go to the next slide.
So, at the forefront of this activity, is the HSI Cyber Crimes Center, which is also
identified as C3. The personnel at C3 are devoted to spearheading and coordinating transnational
investigators that originates from illicit trafficking of opioids within the Dark Web. Federal
agents, intelligence analysts and other personnel assigned to C3 have spent years honing and refining their
skills in penetrating and navigating the Dark Web and routinely collaborate with each other, the
personnel domestically and overseas to develop investigative strategies that have been critical in
piercing the anonymity of users and administrators in Dark Net marketplaces. Training has
been increased along with intelligence, which is a critical pillar in a multi-pronged strategy to
the newly enhanced online undercover capacity that has been highly successful in penetrating these
online narcotics distribution networks. All right. Go to the next slide. The digital nature
of all of these things also leads back into the financial component we were talking about. The
data you see during these previous Dark Web investigations, in many cases aggregated by federal
agents and other law enforcement agencies to be made available for them to work their
investigation. And a lot of this money -- PHILIP YAMALIS: Let me interrupt. Forgive
me. It sounds like your microphone is failing out on us again. So, I'm just going to ask you to
tap that thing or something and see if we can -- the producers are telling us that our audio is
giving us a little bit more difficulty. So, be patient with us, folks. James, if you could give
it a try again, we'd certainly appreciate it. JAMES DANIELS: All right. How does this
sound? Is that any better? PHILIP YAMALIS: That is better. That is better.
JAMES DANIELS: Okay. All right. And so money laundering is the main key that runs into us from
an investigation standpoint, that that's how we as IRS criminal investigation again get involved in
these narcotics type transactions and investigations. So the next thing we're going to talk
about is ransomware, and ransomware is a type of malicious software that threatens to punish the
victim's data or potentially lock access to it unless a ransom is paid. While some simple
ransomware may lock the system in a way which is not difficult for a knowledgeable person to
reverse, more advanced malware uses a technique called crypto viral extortion, which it encrypts
the victim's files, making them inaccessible and demands a ransom payment to decrypt them. In a
particularly implemented crypto file extortion attack, recovering the files without the decryption
key is almost impossible and difficult to trace digital currencies such as cash and bitcoin are used to make ransoms making tracing and prosecution of the perpetrators difficult. Ransomware attacks are typically
being carried out using a Trojan that is disguised as a legitimate file that the user is tricked
into downloading or opening it when it arrives in an email attachment. However, one high
profile example, the WannaCry worm, traveled automatically between computers without user
interaction. The WannaCry virus began in May 2018 with evidence pointing to its initial infection from Asia was likely through an
exposed vulnerable server message block port rather than an email phishing, as it was initially assumed. Within
a day, the code was reported to have affected computers in over 150 countries. Organizations that had
not installed the Microsoft security update in April of 2017 were affected by the attack. Those
still running an unsupported version of Microsoft Windows such as XP Or Windows Servers 2003 were
particularly high risk because no security patches had been released since April 2014. Lab study report showed that less than .1% of the affected computers
were running XP and that 98% of the affected computers were running Windows 7. In a controlled
testing environment, the cyber security firm found that they were unable to infect an XP system
with WannaCry just using exploits. As the payload failed to load or cause the operating system to crash
rather than execute encryption files. However, when executed manually, WannaCry could still
operate on Windows XP. Worldwide cyber attack of WannaCry ransom crypto worm which targeted
computers running the Microsoft windows operating system, by encrypting data and demanding ransom
payments in the bitcoin crypto currency. It propagated through an exploit in an owner's Windows system
released by the shadow brokers a few months prior to the attack. While Microsoft released patches
previously close to the exploit, much of WannaCry has spread from organizations that had not
applied these, or were using older Windows systems that were part of the -- past their end of
life. WannaCry took advantage of installing back doors onto infected systems. The attack
was stopped within a few days of discovery due to emergency patches released by Microsoft. And
the discovery of the kill switch that prevented affected computers from spreading WannaCry
further. One of the largest agencies struck by the attack was the national Health Service
Hospitals in England, and over 700,000 devices including computers and MRI scanners, blood storage
refrigerators, and computer equipment have been affected. NHS services had to turn away
non-critical emergencies and some ambulances were diverted. Nissan motor was also affected out
the UK where they had to halt production after the ransomware infected some of their systems. (Indiscernable) also stopped production in several sites in an
attempt to stop the spread of the ransomware. In December of 2017, the United States and
United Kingdom and Australia formally asserted that North Korea was behind the attack. So let's take a
look at what some of the results are of using ransomware. PHILIP YAMALIS: I want to
point out, thank goodness that Microsoft was able to come up with a patch to clean up WannaCry,
but as you and I both know, and seeing reports of practitioner breaches, we still know that
malware, it's downloaded by somebody just clicking on a hyperlink in an email that looks official.
And that ransomware still can easily be downloaded on a tax practitioner's computer, you know,
having all this personally identifying information that can really haunt their business down the
road. JAMES DANIELS: Yeah. And that's actually one of the things that we're seeing
happening right now, is that tax practitioners are either having an issue downloading some
ransomware or malware onto their machine unknowingly, and we are working active investigations
right now where there is one site where somebody in the Dark Web can go to, and call and look up a
list of all of the affected computers, and it's a list that kind of looks like what we saw before
in terms of a Amazon style page, where you can sort by country, you can sort by computer type, you
can sort by the type of access that you can get to the computer. Now, the interesting thing
on this is one of the things that this malware does when it gets installed on the machine is goes
through and checks to see what's installed on that machine. So, I can actually go in and look at
all of the information about a particular computer, and the first thing that we noticed for us
when we were doing our investigations was that it was accounting for and finding tax preparation
software. Which would then let the person know looking at this potential computer that they
wanted to get access to, that this is a potential taxpayer, or tax preparer, and that they have
all of their client information on this machine. Now, what I can do then is through this
website is purchase access to that machine. I can get the administrator password and administrator log-in to
log into this machine remotely, go in, get all of the CPA's information, get all of the tax
preparer's information, get copies of all of the tax returns, and turn around and close my
connection without that person even knowing I had done it. And in addition, if I did it good enough to where nobody knew it was there, I can turn around and sell the access
back to the website at about an 80% difference, and now I've got access to all the data, plus I
just returned the information back to the place to turn around and sell again. PHILIP
YAMALIS: Wow. JAMES DANIELS: We're not just seeing this in the United States. We're
seeing this all across the world. PHILIP YAMALIS: So, James, what if I'm a practitioner
that gets this ransomware downloaded onto my computer. Should I pay the ransom? JAMES
DANIELS: So, there are two schools of thought on this. And one of the schools of thought from
the government's perspective says that -- oh, I'm getting some real feedback now. There we go.
Okay. One of the schools of thought is, no, you shouldn't pay it. Because if you end up paying,
you're perpetuating the ability for these people to go out and do this. The other school of
thought says, well, if you don't have any backups and you don't have your data maintained
somewhere else, you may not have a choice to attempt to do it. Now, that's not to say that they
will or won't send it. That, I don't know. It kind of just depends on who it is and, you know,
what they're willing to pay and what they're willing to do. So, it's hard to say which is which,
but it's kind of up in the air. I personally can't advise one way or the other as to what to do.
PHILIP YAMALIS: Sure. Now let's go back to the ransomware slide. This is what it looks like then if ransomware comes across your screen and you start to panic,
right? JAMES DANIELS: Yeah, exactly. So if this is what comes up on your screen, this is
where you're being notified that ransomware has been downloaded to your machine and that your
files -- potentially all of them -- have been encrypted. And in this particular one, the only way
to unencrypt it would be to pay this fee. Now, there are some services out there, other computer
specialists that may be able to assist you depending upon the level of encryption or
sophistication, but I think the biggest thing to note out of all of this is that you want to make
sure that you're not downloading any software that you don't recognize, and that you're not
clicking on any links from within emails or web pages that you're not familiar with, because
that's a majority of where all of these things occur is through there. Now and intersting thing from the last presentation we did, you notice on here,
it says bitcoins accepted here, and then there's a bitcoin address. Now this bitcoin address that's in this page right here can visually be seen on
the block chain, and in the last presentation, we talked a little bit about that. This is one of
the ways that we in law enforcement now have the ability to potentially track these transactions.
If we see this web address receiving money now, then we can potentially go in and follow that
transaction as to where somebody may convert it back from this type of virtual currency, being
bitcoin, back to a currency being U.S. dollar or something else. All right. Let's go to
the next page. So this here is another example of having your computer infected and/or -- with
ransomware. One of the interesting things to note on this particular one is it's telling you how
to get to the Dark Web to make a payment. That it gives you specific dot onion addresses, and even
tells you how to download the Tor software needed to get there. So, depending upon who it is and
how it was encrypted will depend upon how they want to be paid. The previous one would allow you
to pay via the Surface Web, using bitcoin, where this one is actually requiring you to go to the
Dark Web to become unencrypted. And again, it's just another reminder that backing up all of your
data, keeping an off site backup of your stuff is highly important because of this particular
scenario. Whereas if you do have all of your stuff backed up that hasn't been unencrypted by
ransomware or malware or some other means, then you're in a much better position to not have to
worry about this and just reinstall the data that you've got. So one of the other interesting
things that we're seeing is the difference between the ransomware and combining it with potential
mining. So what we're seeing now is a combination of the two. Rather than going through and
stealing, requiring people to pay money to have their files unencrypted, they're moving to a new
concept called crypto jacking, and basically what this is, it's led to the eventual and
predictable shift from cyber criminals not only crypto jacking, but also installing malware with
the sole purpose of using it as an end point that isn't theirs to mine the crypto currency. It's a smart strategy
if you're a cyber criminal. Why not try and ransom someone else's machine -- or why would you try
to ransom someone else's machine and wait for them to pay, when you can just leverage their
computer to do mining for you? Crypto jacking is one of the more illicit uses of an end
point of a computer. There are a number of ways to actually do this, but one of the more
persuasive models comes in the form of a script created by Coin Hive. If you think of a normal
web-based marketing model, it serves ads on web pages to generate revenue for the site and drive
customers to whoever the advertiser wants. This model, as annoying and persuasive as it is, has
helped fuel the growth of the Internet. What Coin Hive did was change that model. Instead of
serving ads while watching content or visiting websites, the script will run and use your computer's browser as a
crypto currency miner. This actually presents an upside and allows people who want to donate to
charities by monetizing their CPU. But the problem begins to show up when looking at how easy it
is to inject malicious code into the websites. Cyber criminals quickly started using these
types of scripts and piggy backed on existing injection techniques. This has occurred for
legitimate websites as well as for malicious ones. And it's got so persuasive that it actually
started to damage people's mobile phones. Crypto mining malware grew from there. In January of
2018, researchers identified 250 unique pieces of crypto mining malware alone. As with other
profitable malware models, the cyber criminals will continue to innovate, obfuscate, and try to evade existing inpoint prevention capabilities, the
problem will persist until the model no longer becomes profitable. Ransomware and crypto mining malware
will continue to be a thing. As long as there's a profit, the cyber criminals will continue to
use it as an avenue of attack. I would expect to see the same innovation and invasion we have
seen from ransomware continue to evolve in this next form of extortion. Stopping this form
of malware requires the same approach we've always taken to stop other pieces of malware. The
intention of malware may be different, but prevention detection and response to them are the same.
The next slide shows an example of what and how easy it is on the Dark Web to buy your own
ransomware. And it's become so popular and easy that with this particular example here, it shows
that you can for $39 buy your own piece of ransomware. And it comes with the instructions itself
on how to actually modify it and install it on other people's machines. You can actually set the amount of
time somebody's got to pay you and include the bitcoin address you want them to pay you at to
have it unencrypted. You don't have to know how to write any code whatsoever in order to create
your own ransomware. This particular one gives the victim 96 hours to pay to have their computer
unlocked. After 96 hours, data starts disappearing and it's fully undetectable at this point,
until the owner pays to access his personal information, the ransomware will start deleting files
at random. Eventually, if the bounty is never paid, there won't be any files left to
recover. The last thing I want to talk about on the Dark Web are bots, an Internet bot,
which is a software application that runs automated tasks or scripts over the Internet.
Typically, bots perform tasks that are both simple and structurally repetitive and at a much
higher rate than possible for the human alone. The largest use of bots is in web spidering
or web crawling, which is an automated script that fetches, analyzes, and files information from
web servers as many times the speed of the human. More than half of all web traffic is made up of
bots. Efforts by servers hosting websites to counteract bots vary. Servers may choose to outline
rules on the behavior of Internet bots by implementing a bots file protocol. This file is simply
a text file stating the rules that govern the bot's ability and behavior on that computer. Any bot
interacting with or spidering any server that does not allow to follow these rules should in
theory deny access to or remove from the effective site. It's the only rule implemented by
a server is a posted text file with no associated program software or application, then adhering to these rules becomes
entirely voluntary. In reality, there is no way to enforce these rules or even ensure that the
bot's creator/implementer acknowledges or even reads the file contents. Some bots are good, IE search engines and
spiders, while others could be used to launch malicious and harsh attacks, most notably in
political campaigns. These can be installed on your machine and sit there for a while until they
become activated by the main creator or a main server and will wait until they get told what to
do. So this is just one of the many things that are out there that come from the Dark Web,
that interact in our normal daily lives. But I think now would be a good time to turn it over to
have some questions. PHILIP YAMALIS: Yeah, let's do that. Before I do that, let me go
to our final polling question, and ask the question. What do hackers use to encrypt files and
force someone to pay to have them unencrypted? What do you think is the correct answer? Is it --
A, miners B, hackwar er C, ransomware D, ransom code Not a trick
question. Please take a minute. Click on the radio button you believe most closely answers this question or submit your answer on the Ask a Question feature. Again, what do you
think the correct answer is? Is it: A, miners; B, hackware; C,ransomware; D, ransom code. Okay. We'll stop the polling now and share your responses.
We'll also share the correct answer on the next slide. The answer is C, ransomware. And I see
that 98% of our audience responded correctly. That's pretty good. I think this is some great
information that you're sharing with us, James. Although I was a bit scared when you started
talking about that ransomware. I'm paranoid. I can understand that we can easily be protected by
continually educating ourselves, not necessarily as tax practitioners, but wherever we might work
to avoid, you know, ransomware and malware from infecting our computers. And then you
concluded with the Dark Web. So, why don't we do this. Let's go on to the Question and Answer
period. Since we got 98% of our folks answering that question correctly. First of all, James, I
want to thank you for all the phenomenal information and for the great presentation that you've
given us here this afternoon. I know I personally have learned a lot, and I'm sure the audience
-- I hope you did, too. Before we again the Question and Answer session, I want to mention again
that we might not have time to answer all of the questions submitted during this web conference.
However, let me assure you, we will answer as many as we have time for. James has also agreed to answer
some questions that might have been left over from our morning web conference on virtual
currencies. So, please note that if you're participating to earn a certificate and related
continuing education credit, you'll qualify by participating for at least 100 minutes from the
official start time of this webcast, and that was 2:00 p.m. Eastern Standard Time. Don't forget,
you can't include that first ten minutes of chatting that we engaged in. So, sorry about that. Make
sure you give yourself 100 minutes to get that certificate. Okay, everyone. We received a lot of
questions. Let me get started so we can get to as many as possible. Let's see what's getting
thrown our way in terms of the questions here. Quite a few questions here. Oh, here they
go. All right. So, we started talking about the Deep Web. And there seems to be confusion by a
couple of the folks that answered questions. Hey, is the Deep Web different from the Cloud? And
if it is, how is the Deep Web different from the Cloud? JAMES DANIELS: So, the Cloud is
just a space out on the Internet that allows for storage in terms of data to be accessed by you
and/or other people that you want to give access to. It just happens to be accessible to
everyone, if you will, that has access. So the Cloud would reside within the definition of Deep
Web, if you had to get a password in order to access it. If it was something that is shared
with the public, then it would be within the Surface Web. Now, you can have cloud capability
within the Dark Web as well if the information was stored in a way that you would need a browser
in order to access it. So, a Cloud is more all encompassing of where the data is stored.
It's not necessarily stored locally on your machine. It's stored out on the Internet somewhere.
And depending upon how it's stored would depend upon which category it fell into. PHILIP
YAMALIS: Right. So, let's talk about this, James. What's the process for reporting tax scams?
I have a practitioner here that received a voicemail message on their cell phone advising them
that they were under indictment for tax crimes. I called the number back, and the call was
answered with IRS. It certainly sounded like a call center, and that's one of the scams I've
personally not heard about in that way. But let's remind our audience today what is this process
for reporting tax scams? JAMES DANIELS: So, I believe -- and again, I will defer to the
liaison office, but I believe that there is a 1-800 number that can be called to report these. I
believe you can also report them online through the IRS. But I will say that you out in the
general public are not the only ones subject to these calls, as I too was called by the IRS and
was informed that I was under criminal investigation and that if I didn't pay my taxes, somebody
was going to come out to arrest me. Which I thought it was quite comical seeing as how this
person is purported to work in the same office as I did, made it for quite a fun conversation with
them. PHILIP YAMALIS: Absolutely. And I do want to remind our audience that you can
type "scams" in the upper right-hand corner of IRS.gov in the keyword search, and it will tell you some
of those ongoing scams going on right now that you'll be able to recognize and share with your
clientele. There also is a method of reporting those scams from right there under scam on
IRS.web. Just a reminder. I know we talked about that before the presentation started. I
thought I'd throw that out there for you now. So, here's a question, and it relates to
virtual currency as well as the deeper Dark Web. Is virtual currency located in the deeper Dark
Web? JAMES DANIELS: So virtual currency is a digital form of payment or a digital form
of currency. It operates within the Dark Web, it also operates within the clear web, you can use
virtual currency to pay to buy something on Amazon. You've can also use it to pay for something
in a Dark Web as well. PHILIP YAMALIS: And we learned earlier that some tax offices are
accepting virtual currency for payment as well. JAMES DANIELS: Exactly.
PHILIP YAMALIS: But I think the most important thing as you stressed earlier on the virtual currency is that on the Dark Web, they're only going to use virtual currency as opposed to
normal currency. JAMES DANIELS: That's correct. The Dark Web will only accept virtual
currency because they want to keep their anonymity to a high. They want to make sure that they're
not transacting in something that potentially could be traced. Where virtual currency is more
difficult to trace than using a credit card or a bank transfer or something like that. So the
dark marketplaces out on the Dark Web will not accept payment other than in virtual currency.
PHILIP YAMALIS: You shared earlier the success of authorities to shut down some of the
sites that we heard about and we read about them in the papers. One, of course, being AlphaBay.
How come the authorities aren't able to completely shut down the Dark Web? How are you successful
in shutting down things like AlphaBay, but yet the authorities cannot shut down the Dark Web?
What's the reason? JAMES DANIELS: Well, the thing to remember is the Dark Web was
actually created by the U.S. government. PHILIP YAMALIS: How about that?
JAMES DANIELS: And they use it to communicate, you know, sensitive information back and forth.
They've created an environment to do that. And they need that environment in order to have that
encrypted communication and they need others to use this same tool in order to hide their messages
back and forth. So, taking out the Dark Web is not what the intended purpose is. It just
happens to be being used for the wrong purpose. And people are finding a way to use it for
illegal things. Just like anything else in the world, somebody's going to find a way to turn
something into a criminal enterprise, and that's where federal law enforcement has to get involved
and attempt to dismantle that as much as possible. Now, we've got our own investigation
techniques that help us trace and track people doing these type of things, and when we find them,
we will take them out. But in terms of the Dark Web, it's out there for an intended purpose. It
just happens to be others are exploiting that purpose for criminal means. PHILIP
YAMALIS: James, are you aware of a replacement for AlphaBay on the Dark Web? Has a replacement,
have other great replacements for AlphaBay been created that you're aware of? JAMES
DANIELS: Yes. I mean, as soon as AlphaBay went down, I think Dream Market was the next one that
came up. And when Dream Market goes down, there will be another one that pops up. Like I said,
we took out Silk Road, which was one of the very first Dark Net marketplaces. Others have popped
up and we've taken those out, and it's just a matter of continually taking them out and attempting
to dismantle, you know, these illegal marketplaces that are transacting in, you know, these types
of goods and this illicit activity. PHILIP YAMALIS: Awesome. So, let's talk about it.
How can you prevent your personal info from appearing on the Dark Web? JAMES DANIELS:
Well, there are a couple things you can do. With computers that you have access to, you know, you
can be secure by having the right, you know, malware software installed. You know, the antivirus
software. Making sure that that's up to date. And the biggest thing is phishing scams. Making
sure that you're not clicking on email links that you don't know. Making sure you're not opening
emails that you don't know who they're from. And even the phone calls you can get, with people
advising you that they need information from you in order to do something. That's where the
social engineering type is getting information out of you. Other things are completely out
of your control that you can't do. When hacks occur on businesses, when hacks occur on doctor's
offices or CPA firms or those kind of things where your data happens to be stored on their
machine, and their machine then is compromised and it comes off of there, there's nothing you can
do about that one. It's just a matter of attempting to protect yourself as much as you can, and
this is where it becomes the responsibility of those that have data need to be responsible for
protecting it. And need to take the same steps as everybody else to attempt to protect that data
as well. PHILIP YAMALIS: That's awesome. So for a practitioner, it's a good idea to
download publication 4557, keeping your clients' data secure. You know, I mean, you're mandated
by law as a tax practitioner to do that, and publication 4557 does include a checklist to help the
tax practitioner doing so in protecting the data of their clients as well. So, many times
-- I have a question here from a tax practitioner. Many times I do a search for something
specific. Suddenly, I have advertising on my site focusing on what I had searched for. Would Tor
stop that? Or is that just part of the system of using things like that? JAMES DANIELS:
Could you ask that question one more time? PHILIP YAMALIS: Yeah. So, many times I'm
on there and I do a search for something specific, on the Internet. Suddenly, there's advertising
on my site focusing on what I had searched for. We all find that to be a common thing, especially
if we're using certain types of social media. I guess the question is, would Tor -- would the Tor
software stop that? JAMES DANIELS: Yeah. So, the Tor software, utilizing that
anonymizes your communication and would stop other parties from seeing what you're sending out to
do searchs on. It would significantly decrease that component of it because when you submit
something out of Tor, it's encrypted and only goes to the place that it's expected, so when it
comes back, others can't see what you're attempting to search for and/or trap the information that
you're sending out. PHILIP YAMALIS: Very good. So is there a reason, though, for an
everyday person with no issues to use Tor? JAMES DANIELS: Because of -- PHILIP
YAMALIS: Other than that one, can you give me another example where Tor might be helpful to
somebody in the everyday world? JAMES DANIELS: It just comes down to, you know, privacy
and security. Using Tor -- now, I will say, if you use Tor, it's going to be slower than your
normal communication of click and wait. Because it has to go through those levels of encryption.
And so it's a combination of convenience versus necessity. You know, Tor will encrypt your
information and will stop others from seeing it. But at the same time, you're going to have to
wait a little bit longer to get the responses back because as we saw, it has to go through various
levels of communication in order to go there and come back. So it is slower, but it does encrypt
your information so others can't get access to it. PHILIP YAMALIS: Okay. Very good.
Is this Tor software available for anyone to obtain it? JAMES DANIELS: Anyone can
download Tor. It's free to use. Mozilla Firefox, which is the browser that it works in
conjunction with, is also free. So, yeah, it's a completely free application to use.
PHILIP YAMALIS: Not that I want to suggest any type of browsing software over any, but Firefox
seems slow to me anyway. So adding Tor, I guess it could significantly slow down your system for
sure. Somebody says that we mentioned Tails. Did we say something about Tails? Did we
miss that? Did this person or I miss that? JAMES DANIELS: We did. We talked about
Tails. Tails can be used in conjunction with Tor and Mozilla Firefox as another level of
anonymity to use. Tails will basically mimic the minimum software operating system necessary to
run a computer. So you could install it on a thumb drive, and then install Tor within that
environment, and then basically, operate in a secured environment within Tails. That way you can
open and close that Tails type environment without actually getting access to your regular
computer. So if somebody attempted to come in to your machine while you're using Tails, they can
only get into that Tails environment, they couldn't get into your actual computer.
PHILIP YAMALIS: Very good. And I know we've talked about this. How is the Dark Web getting
Social Security numbers, even those of children? JAMES DANIELS: Through data breaches.
It comes through the malicious code that gets installed on servers and, you know, CPA machines and
normal businesses, their account files. And then those account files are then downloaded to a
person's machine who will turn around and upload them to the Dark Web for sale. PHILIP
YAMALIS: That's where the data breaches begin. That's where our headaches begin here, right?
JAMES DANIELS: Exactly. PHILIP YAMALIS: So... all right. This is something
that ties in a little bit with what we spoke about this morning and today. So how do you pay for
something that you find on the Dark Web? Of course, you wouldn't use your credit card and your
real name. How would you pay for the product? JAMES DANIELS: That's correct. That's
where virtual currency comes into play. What you would end up doing is converting your money,
your cash, to a virtual currency. Then you would use your virtual currency to pay for things
online. You can use that with a wallet. You can use that with your -- you know, the public key.
As we saw on the ransomware page, public key is the address where money gets sent to and comes
from. The private key is the thing that allows you to transfer that money. So with your
public and private key, with those two things, you can go out and make payments for things on the
Dark Web. It's all using virtual currency. PHILIP YAMALIS: And James, this would be a
great opportunity, I want to remind our audience that this morning's virtual currency
presentation, as well as this afternoon's presentation on the Dark Web, have been recorded and
will be available in approximately three weeks as an archived webinar. So keep that in mind. If
you missed this morning's presentation, and I do urge you to keep that in mind, it will be
available in three weeks for you. And that ties so much in with what you spoke about this
afternoon. So, after I purchase something on the Dark Web using virtual currency, how would
someone receive that purchase? Do they use their personal address? I mean, they use so much anonymity --
did I say that right? You use so much of that by using virtual currency. Do they use your
personal address to obtain the item they purchased on the Dark Web? How would they do that?
JAMES DANIELS: So there's lots of different ways people can get it to them, depending upon the
security level that they want to do and the sophistication that they're at. Some examples that I've
seen in investigations that I have worked is someone can go as easy as setting up a mailbox's et
cetera address. Where you would go down and use not your real ID, use someone else's ID that you
bought off the Dark Web, to set up a mailbox's et cetera address, and have things delivered there.
That way it's not coming back specifically to you. Now, if it's a larger package, and depending
upon the volume of, you know, criminal activity you're in, we've seen people go so far as to
actually rent apartments or even buy houses, to have things shipped specifically to there, that way it is not in specific connection to them and they'll
drive by at night or various times during the day to pick up the package and take it back to where
they really want it to go. So it just kind of depends upon the level that someone is willing to
go to. Some people have it shipped directly to their house. Again, that's not for their
perspective the best way to do it, but just depends upon how complex they want to get in terms of
hiding the shipment. PHILIP YAMALIS: Got it. One of our audience members heard of
carding. Can you describe what carding is and how that relates to the Dark Web? JAMES
DANIELS: So there's a couple different things with carding. That's where you attempt to get or
do actually access people's credit card type information. Whether it be an ATM card or a credit
card itself. They have the ability to buy on the Dark Web with the full credit card number along
with the CVV number and expiration, everything you would need to transact online, you can do that.
With that, if you have a card writer, a machine that you can actually encode onto, then you can
actually take the information you bought on the Dark Web and encode it onto credit cards
themselves. And then use those at a normal store. So it just kind of just depends. The carding arena really kind of
holds in fits around working with a credit card and account type information that you've stolen
from someone else. PHILIP YAMALIS: This is great stuff, James. So, a lot of our
audience, our tax preparers as we saw in the chatting feature before we got started, what should
they do if they suspect a client is involved in the Dark Web buying and selling? JAMES
DANIELS: Well, again, it depends upon what they're buying and selling. You can't inherently say
that, hey, if someone is doing this, then it's X, but normally, the Dark Web purchases, a majority of
the ones that we have seen are involved in illegal activity. I would say from a CPA perspective,
as a way to make sure that you're protecting yourself, having clients that are involved in illegal
activities may attempt to use you to help launder their money. Now, whether you know it or don't
know it. So, if there is, you know, Dark Web activity that you know about, it's one of the
things that you need to protect yourself to make sure they're not being involved with something
unknowingly and/or potentially a client being involved in something that you don't want to be
associated with. PHILIP YAMALIS: That's so very, very true. And more so why due diligence
comes into play as a tax preparer. I hear it all the time from taxpayer practitioners, I just don't
want to be involved with that. And back to the old simple publication 17 statement, just because that income
isn't illegal doesn't mean it doesn't need to be reported on the tax return. So, let's get
back to the tax preparer again. A big issue for their clients right now is the theft of tax
identification, tax identity theft. Can we explain how tax identities are stolen and finally exploited
via the Dark Web, and we can get into a little bit about what do we do as a tax practitioner if we
discovered that we have been victims of tax identity theft. Two-pronged question there.
JAMES DANIELS: Yeah. Again, a majority of the data comes from data breaches, whether that be
from a company or from a person's, you know, personal drive or wherever. And then what happens is Those those identities go for
sale out on the Dark Web, like on AlphaBay type markets, where you can buy identity information or lists
of information, depending upon if you buy it in bulk, you can get it for 50 cents an ID. Now with that
information, once you've got the Social Security number, you know, name, address, other
identifying information, then that information could potentially be used to create false tax
returns. Which then puts your clients into the precarious position that if tax returns have been
filed and accepted by the IRS prior to your client filing, then that runs into some serious
situations of you not being able to get your clients' return through. And so it's just that vicious
cycle that occurs, once that name is out there, it can be sold multiple times and used multiple
times for many different financial crimes. PHILIP YAMALIS: And the bottom line here is,
we can't keep ourselves absent minded thinking that it's not going to happen to us. As tax
practitioners, we're more vulnerable because we have all this PII, Personally Identifying
Information, in our computer bases, and the Dark Web basically goes after those types of
computers. So it's certainly more apt to happen to a tax practitioner than someone else out there. You made
some great examples of the Uber case, of some other cases that occurred, where even these big
companies didn't think it was happening to them but it was. So as tax practitioners, I guess we have to be a
bit more vigilant, right? JAMES DANIELS: Oh, very much so. In terms of information
needed in order to secure, you know, the finances and financial information that's necessary, tax
practitioners are the ones that have the most. And again, it's not just tax crimes that occur.
With that information, you can go out and get credit cards. You can get loans. You can actually
buy houses with it. Because you've got all the information that's necessary in order to do it,
especially if they have access to past tax returns as well. So not only do they leverage them to
file taxes in future years, but they can also use that past tax information to go out and get a
loan in a person's name. And turn around and get cash out on properties. So there's lots of
information that can be used in tax practitioners' computers that can be leveraged in the
financial criminal world. PHILIP YAMALIS: So, let me do this. Let me ask you the
second part of that question. If you as a tax practitioner believe that you are a victim of a
data breach, you should immediately contact your -- not only your local authorities, but you also
want to contact your Stakeholder Liaison to give you some guidance to report that to the Internal
Revenue Service. Stakeholder Liaison will then assist you in getting this reported to criminal
investigation on our end as well as refund compliance, and also guide you in terms of who you
should be contacting locally or in your State. So, keep that in mind. If you find yourself to be
a victim of data breach, you want to make sure you contact your local Stakeholder Liaison, and
I'll tell you shortly before we end this presentation on how to do that. Anything else you
would add to that, James? JAMES DANIELS: No, I definitely reiterate that -- I mean,
I'll be honest, what we have seen in the field is a fear from tax practitioners of reporting this
information. And it needs to be the exact opposite. Because it's not -- it's not one of those
things that once it's happened, there's nothing you can do to reverse it. And you're better off
protecting the clients and protecting information rather than worrying about, you know, what's
going to happen if someone finds out. Because eventually it's going to get found out. Eventually
it's going to get tracked back that hey we got 80 tax returns that came in false. Lo and behold, last year they were all prepared out of one CPA firm. It's
pretty easy to figure out where the breach occurred. So, if you do know about it, in terms
of protection of yourself and your clients, getting that information to us as fast as possible is the
best thing to do. PHILIP YAMALIS: So very true andI appreciate you adding that. It's good to have the
fear that, man, this could happen to me, but it's a different thing to have the fear to try to
cover up. You don't want to do that. You want to get to us right away. Thanks for saying that. It's so important.
Alright, so, as tax practitioners, should we be using a Tor setup when working with people's taxes?
Should we be using this as a layer of privacy for our home Internet use? Does it work like a VPN?
JAMES DANIELS: So, again, it's one of those things in terms of security level of what you
feel most comfortable with. What information do you have stored on the machine that you're using.
I definitely, if I was a tax practitioner, would take a higher level of security on the computer
I'm using to prepare tax returns versus the one I used to surf the Internet and not store
sensitive information on. So I think you need to apply the security level to the data that's
being stored. And I'll be honest, I've talked to some tax practitioners that have a desktop
computer that they use strictly for doing their tax returns that's not connected to the Internet.
You can't get to it other than being in the office. So depending upon the level of security
that you want to take this to, will kind of depend upon how fearful you are of having something
happen. And it's one of those things that you've got to do the best you can and have the best
processes, you can, but all of these things will add different levels of protection. Using
Tor in conjunction with tax returns probably isn't the saving grace of everything. Tor is just
more for the communication protection. It's not going to stop ransomware or malware from getting
onto your machine. That's more of the making sure that you're not opening up those emails, you're
not downloading things that you don't know about. PHILIP YAMALIS: Well, that leads us
to a good question that I just saw. Recently heard about a very sophisticated scheme that appears
to be from a real client and even has some personal notes in the body of the email that make it
appear that it's really from the client. I've seen that happen where somebody spoofs themselves
as a client and says, hey, here's my tax return information. Check it out. Any thoughts on that?
You click on that and what happens? JAMES DANIELS: A lot of those, that�s the actual social engineering that we're
talking about, sending out something to make you feel comfortable with what you're being provided.
That hey, this is somebody I know, so I should feel comfortable clicking on this link. Without
actually getting into the header information of emails to see where things actually came from, you
can make the email address look like it came from one place even though it came from another if
you're just looking on the outside. If you look on the inside of the email, which is where the
headers are located, where the email came from, the data related behind the email, you would be able
to tell, hey, this didn't come from the right Gmail server, it came from somewhere else.
But again, it's one of those things, all these protections and all these worries have to be weighed out
with actually being able to operate your business. Probably the best thing to do is separate
where you answer emails from, from where you prepare tax returns. If you are concerned about
potentially opening up, you know, an email that could potentially affect your computer, you
probably don't want to have that on the same computer where you prepare all your tax returns from.
PHILIP YAMALIS: Very good. I know our presentation was mainly on the Dark Web, but,
hey, one of the questions that came in is how do you know when your computer was actually hacked?
Can your computer be hacked and they, of course, wait 30 days before letting you know?
JAMES DANIELS: Yeah. So they'll put in there some things that are time bombed. Code which
basically says, hey, it will install and wait 30 day, wait 90 days before it does something. And
some even more malicious code, like the one I described, that goes in and looks to see what's on
your computer. You would never even know. It just happens in the background. And then it
reports back what's on your machine, and if you have a vulnerability to get into your machine,
then it would report that as well and all of this could happen in the background without any of
your knowledge and you wouldn't even know it occurred. We've had several situations where
we have identified the CPA that had been compromised and went out to go talk to them and they had no
knowledge whatsoever, even though we found all of their data for sale on the Dark Web, they had no
knowledge of it whatsoever. They didn't know. It takes a computer technician and a computer
expert to go in and take a look at the back end of the computer and the data files as to when the breach
potentially occurred, what type of breach it was, and those kind of things. PHILIP
YAMALIS: Very good stuff. Very good stuff. Let me just throw this question out there again. Just for
clarification. So, James, are you saying that anyone, and anyone is capitalized here, are you
saying anyone can access the Dark Web as long as you have this Tor software? JAMES
DANIELS: Yes. Anyone can access the Dark Web. Yep. Again, you can go to the Dark Net market.
Anyone can get to that Dark Net market with a Tor browser installed on their machine. Anybody can
get to it. PHILIP YAMALIS: And what do you recommend to the person in the audience
today that's thinking, hmm, let me go check it out. JAMES DANIELS: Again, it's one of
those things that -- I've been on the Dark Web, not even from a work perspective, just to go out
and see what it is. There's nothing inherently illegal going out to the Dark Web. I wouldn't
recommend clicking on sites that are going to be relative to pornography and those kind of things
because the last thing you want to do is end up in some child pornography website by accident.
So, it's one of those things. Going out there doesn't necessarily mean you're doing anything
illegal, but the other thing that, unless you know where you're going or what you're doing, you
may inadvertently click on something you hadn't intended on, and end up with stuff on your
computer that you didn't really want in the first place. It's one of those things, you need to be
careful with it. Just like anything else in this world, it can be used for good or for evil.
PHILIP YAMALIS: Very good. I did see some comments coming in on the Ask Question feature
about what happened to the last polling question. We did get it in. We got it out of place. I
know you saw the pop-up box. We got that back in. So as long as you participated by using the
Ask Question feature, we did get that in. I've got a couple questions left over that do
relate to this afternoon�s presentation left over from this morning's presentation on Virtual Currency. One of the questions is, you
spoke about today that people pay for things on the Dark Web using the crypto currencies.Is this legal? Aren't
crypto currencies used on the Dark Web being done so illegally? JAMES DANIELS: Right.
For this question, I like to use the example that people buy and sell drugs using cash. The mere
fact that I have cash and I'm buying drugs, yes, that's an illegal transaction. Now, if I have
cash and I go out and buy a cup of coffee, not an illegal activity. It's not an illegal
transaction. Virtual currency is the same way. I can use virtual currency to buy something
illegal on the Dark Web. I can buy cocaine with it. Now I've conducted an illegal transaction.
Or I can use virtual currency to go down and buy a Tesla. Not an illegal transaction. So you're using the
medium of exchange, whether it be cash, whether it be in virtual currency, but the mere fact that
you're doing the transaction in that is not the illegal part. The illegal part is what are you
using it to buy. What are you using it to transact? What's the purpose? That's the part that's
illegal. PHILIP YAMALIS: Awesome. I love that analogy, and you used it earlier this
morning, and it seems to enliven the discussion about the currency, the crypto currency.
Let me throw this one in about crypto currency. How do you convert virtual currency to Fiat
currency, the currency used by the government? Will my bank automatically do that?
JAMES DANIELS: So banks, there are very few banks -- I can't think of any off the top of my head
that will actually transact in virtual currency. Usually, what you have to use is a virtual
currency exchanger. And so there are a couple of them out there. Some we highlighted this
morning are Coin Base and Etoro. There is quite a few of them out there. But basically, you set up an account with them. And when you have an
account set up with them, then they would allow you to convert from virtual currency to a Fiat currency
like U.S. dollar or Euro or something else. So you have to go through an exchanger that
will basically do that conversion for you. Or you've got to find someone who's willing to, you
know, buy your bitcoins or other virtual currency in some other way. So someone else has got to
kind of make that conversion for you. Banks out there, up until now, have not been involved in
doing any of that. PHILIP YAMALIS: Very good. I'm going back to the Dark Web, because
this person has asked that a couple times, so I'm going to go ahead and do it. It's a two-(?).
So, number one, this person asks, are user net sites part of the deeper web? And second, as
someone who has no intention to purchase heroin to arrange for a murder or anything else nefarious,
do I have any reason to ever go into the Dark Web? JAMES DANIELS: Ok, so to answer the first question, yes, a user site where I
needed a user name and password to get into, that would be, yes, part of the Deep Web, because that's a protected area that
no one can get access to, and that's the way I kind of like to think about it, is with the Surface
Web. Is it anyone can click on the site and look at the information without having to log in,
then that's the Surface Web. If I have to log in to either get my bank information, health
information, or even into some social media part of like Facebook, some of it is public that everyone gets to see, some of
it is private that only I get to see or who I decide to share it with gets to see. So that's the
distinction between the Deep Web and the Surface Web. So, the difference between the Dark
Web and the Deep Web is -- yeah, there's probably no reason for that person to ever want to or
need to go to the Dark Web. Again, it's normally -- it's used from the illegal perspective of
what we talked about, the criminal activities for drugs, you know, pornography, carding, all of
those kind of things. And it is also used for legitimate purpose for securing
communication back and forth. If you needed to communicate with somebody that you didn't want
anybody else to know about, that's how you would do it. That's how the government uses it. There
is a legal avenue for using the Dark Web. But in terms of your normal everyday person, the answer
is no. PHILIP YAMALIS: Okay. And once again, give me a legal example of using the Dark
Web. JAMES DANIELS: Perfect example would be the government needs to communicate to
another government for military action. Or you could be in a potentially politically oppressed
country where you want to speak out and start a group to talk about a certain topic that maybe
that particular government doesn't allow you to talk about. And so this would give you a forum to
do it. Those are the main uses for it, is for communicating anonymously back and forth.
PHILIP YAMALIS: Phenomenal. James, great stuff. And I think that's all the time we have for
questions. I really, really want to thank you again for taking the time to answer the questions
for our audience. We sincerely appreciate your time, and we appreciate you sharing your expertise
with us today. James, let me do this. Before we leave, do you have some important points that
you'd like to share with the audience, those points that, hey, if you didn't get anything, I hope
you got this. JAMES DANIELS: Yeah. I think the big thing to remember, the important
points, is the Surface Web only contains about 5% of the data that's actually stored on the Internet.
And that special software like the Tor is what you would need to access the Dark Web. And I think
the most important thing is don't click on links from unknown people or email addresses. That's
how and where a majority of the malicious software and the malware happens, is in unintended
clicks on email addresses. Or links within email addresses. PHILIP YAMALIS:
Absolutely, absolutely. So, again, James, thanks so much for an amazing presentation. For those
of you that attended today for at least 100 minutes after the official start time of the web
conference, you will receive a certificate of completion that you can use with the credentialing
organization for possible CPE credit. Again I want to remind you if you're eligible for continuing
education from the Internal Revenue Service and you registered with your valid PTIN, your credit
will be posted in your PTIN account. And of course, you're eligible for continuing
education from the California Tax Education Council. Your credit will be posted to your CTEC
account as well. Folks, if you qualify and have not received your certificate and/or credit
by June 28th, please email us at SBSE.SL.Web.Conference.Team@iRS.gov. Of course, the email
address is shown on this slide. And, if you want to know who your local Stakeholder Liaison
is, if you already don't know, you may send us an email using that same address shown on this
slide. We'll send that information to you. Or you can find a contact for your State by visiting
IRS.gov and using keyword search, Stakeholder Liaison. So, as part of the service's efforts
to provide you with timely topics and interesting speakers, we'd appreciate if you'd like to take
-- if you'd please take a few minutes to complete this short evaluation before you exit. If you
have any requests for future web conference topics or pertinent information that you'd like to see
in an IRS fact sheet, Tax Tip or FAQ on IRS.gov, please indicate your suggestions in the comments section of the survey, or
in the Ask Question feature on your viewing screen. FAQ stands for frequently asked questions.
Click the survey button on the left side of your screen to begin. If it doesn't come up, please
check to make sure that you did not -- that you disabled that pop-up blocker. Got to disable that
pop-up blocker so that the survey can come up. We hope that you'll be able to join us for
the upcoming web conferences that we're offering throughout the year. As you can see on this
slide, we have several upcoming web conferences planned for the upcoming weeks. We hope that
you'll be able to attend one or more of these web conferences. I do want to remind you that both
of today's web conferences featuring James Daniels will be available in an archived webinar in
approximately three weeks. To register for these and other upcoming IRS web conferences, please
visit IRS.gov using keyword "webinars," select the webinars for tax practitioners or webinars for
small businesses. We hope you'll look to your local stakeholder liaison for information about
policies, practices, and procedures the IRS uses to ensure compliance with tax laws. We
also elevate issues that affect tax administration by using IMRS, otherwise known as the Issue
Management Resolution System. Ladies and gentlemen, it's been a pleasure to be here with
you today. On behalf of the Internal Revenue Service, I'd like to thank you for attending today's
web conference. It's important for the IRS to maintain strong partnerships with you, the tax
professional community, industry associations, and other federal, state, and local government
organizations. Folks, you make our job a lot easier by sharing the information that we share with
you, and that allows for proper tax reporting. Thanks again for your time and attendance.
Much success in your business or practice. Please feel free to exit the web conference at this
time. Thank you, and have a great day.