What We Learned at ISS World North America
Last week, between September 5-7, Webhose took part in the ISS World North America convention in Washington D.C. Hundreds of members among the leading national intelligence and cyber security agencies from over 20 countries participated. Topics such as data collection, criminal profiling, criminal anonymization and how to conduct crime investigations using the online resources at hand were discussed. In fact, during this convention, our very own CEO, Ran Geva, presented two tracks (more on this later).
This event was chock full of important information and we’ve decided to share our key takeaways here. So what did we actually learn? And what did Ran talk about?
Cyber Crime Awareness Does Not Equal Action
By now it’s safe to say that companies and security agencies are aware of cyber crimes, but what actions are actually being taken to prevent and fight them? Up until now, organizations have attempted to monitor criminal activity on the dark web via local feeds and internal databases. Essentially, organizations may have a solution to analyze and investigate crime, but this relies heavily on data that is mainly one-dimensional; they are doing little to connect information amassed across varying dark networks to one ID.
With the introduction of dark web data collection, however, this method is becoming more and more dynamic. By taking enriched data feeds from multiple sources and connecting them to their local repositories, organizations are now able to better profile criminals as well as work more efficiently to catch them before they strike.
For example, let’s say an organization has the basic details on an actor, such as a username or wallet ID. They can then use data collected across multiple networks (I2P, TOR, etc.) to gather actor activity info using identifiers such as their email. They can then analyze and find additional details that may convict or at least facilitate in finding more information about the given criminal and any other members, locations, or organizations involved in the given crime. In this day and age, data is king – the more information you have, the faster you’re able to monitor, act, and prevent criminal activity.
Encryption is No Longer Something to Fear
Two words: quantum computing…
To be sure, there is a lot of hype around quantum computing, but when looking to the future of cyber crime prevention, this will be pivotal. Today encrypted data can take days to even years to decrypt. But with the ability of quantum machines to compute and process mass amounts of data and perform multiple computations simultaneously, encrypted data will be accessible within minutes, if not seconds.
Hack the Hacker
Another trend in cyber crime prevention comes in the form of “hacking the hacker.” As criminals become more savvy, organizations are scrambling to catch up with all the threats out there. Part of this means that they need to understand their targets, by thinking and acting more like them. But how does one do that?
In essence, it means gaining as much information about the actors as possible. For example, let’s say an organization wants to discover the real IP behind an actor’s server. Similar to a hacker, the organization will use hacking methods, such as port scanning to discover additional details or access points to the actor’s server. They might also get configuration details on the server using default protocol queries or injection methods an anonymous criminal is using and build a server “profile” for the hacker so that if they happen to be on the open web as well as the dark web, their behavior might overlap and in turn, they could get caught.
Crawling TOR – Ran Geva, Webhose CEO Presents
Another challenge that cyber organizations face are all the obstacles the TOR network presents. How does one penetrate a network that is password protected more often than not, is unstructured and does not have an automated system to access search results? During Webhose’s presentation, Ran Geva (our CEO), addressed just that and was welcomed with resounding applause.
While the TOR network is like a maze one isn’t sure how to navigate, there are ways to access the needle in a haystack it holds. For one, Webhose provides a service that can bypass password and captcha protected sources. Additional features include structured data, categorization, entity extraction and a wider scope of coverage (TOR, I2P, Telegram, paste sites to name a few).
As criminals become craftier, organizations have to become savvier and more prepared to catch them. This comes in the form of getting better data collection, adopting better techniques to access the dark web as well as integrating systems to assist in better analyses that can be integrated into existing systems. In other words, by taking advantage of all the tools cyber monitoring has to offer, more actionable, higher-quality insights will come by much faster.