In today's threat landscape an organization can use all the help it can get with detecting threats against its...
The latest cyber intelligence, risk, and security media coverage for SurfWatch Labs. The latest cyber intelligence, risk, and security media coverage for SurfWatch Labs.
assets. Monitoring for threats within a company's network has and will continue to be the first place to look for threats, but many people are exploring additional locations to monitor for threats outside of their direct control. With these additional options available, many organizations are turning to services that monitor the dark web to expand their threat monitoring capabilities. This allows organizations to keep an eye out for attacks being planned in the dark web or even to be notified if stolen corporate data is being posted to malicious forums. Sometimes you need to be in the lion's den to detect an attack.
The dark web has been a place filled with mystery and can offer anything from drugs, books, weapons, music, stolen data and even refuge for political dissidents. It's the internet within the internet and allows people the freedom, either good or bad, to access data that they're looking to research, view or even sell with the guise of anonymity. The dark web, which sees the sale of stolen data, malware and hacking campaigns, makes it a natural place for cybercriminals to congregate. There are plenty of legitimate uses for the dark web, but many people focus on these uses since it's what's mostly reported about in the media. It's for this reason that cybersecurity threat intelligence companies like OWL Cybersecurity and SurfWatch Labs undertake threat monitoring of the dark web and other commonly used hacker sites to bring this correlated intelligence to your fingertips.
Having insight into what's occurring within the dark web is extremely useful when an organization is looking to monitor for potential risks before they occur. These solutions are taking advantage of the openness of the dark web and using it for your benefit. The dark web is unlike the internet we all know, mainly because it's not indexed by a common search engine and it's hard to determine where certain activity is occurring. This makes it much harder for people to find information on the dark web unless they know where to look.
Particular threat intelligence companies are piggy backing off the data on the dark web and using this to their advantage by creating alerts when something of interest for your organization has been found. There have been many examples of attacks, or malware being found, that if detected and alerted on earlier would have given the victims a better chance to prepare for the attack before it occurred. It is alerts like these that allow threat intelligence companies to shine a light on the dark web and become an earlier warning system for organizations looking to monitor for threats outside their direct control.
There have also been instances where compromised data from an organization has been posted to the dark web either for sale or to dox another entity. Having the ability to use the data provided from these companies, or to run custom queries within the data threat intelligence companies own, allows you to proactively be notified if there's been a breach. This has been seen many times with insider threats that take data or ideas and post them within the dark web for sale or reputation harming. Without knowing where to look in the dark web, this data would go past any internal threat intelligence organization that a business might have deployed. If an organization knows data was posted to the dark web by an insider threat, it can limit the scope of its investigation or at least be able to understand the motives behind the attackers' actions sooner.
Threat monitoring on the dark web adds an additional level of intelligence that many companies are grasping for in order to get a leg up on attackers. Just like anything else, these technologies aren't to be used solely by themselves. They're to supplement your threat monitoring architecture by being able to perform searches outside of your normal domain and within areas that attackers are performing business. It's becoming extremely difficult to monitor all areas that an attacker might post information, but having services review the dark web and other sharing platforms that attackers normally communicate is critical in today's threat monitoring and reputation protection. Being able to monitor communications on the dark web of attackers discussing campaigns with other actors could yield vital information a company would want to know urgently.
By monitoring potential attackers as close as possible where many groups are performing their operations and communication allows you to take a step closer in disrupting their efforts in organizing an attack. It also assists with monitoring of data that might be used to harm your business and be used as an early warning sign that something isn't right. Using technologies like this might not find threats every day, but when they do you'll be happy to know about it beforehand.
In the world of web where we get the global connectivity, it is far easier to break into someone’s personal zone. By personal, we do not just mean the social media. The world wide web which has become the hub of storing and restoring information, considered to be the safest vault, is a mere toy in the hands of a few computer geniuses. Hackers, Black Hat Hackers, villains, crackers, cyber-criminals, cyber pirates as they are well-known, throw a malicious software or virus at a system to gain the access to the desired information. Piqued by curiosity, they may perhaps break into your system too. Here are top 10 hackers or the whiz kids who put the world in awe with their dexterity.
1. Gary McKinnon
Gary McKinnon must’ve been a curious, restless child, for to gain information on UFOs, he thought it better to get a direct access into the channels of NASA. He infiltrated 97 US military and NASA computers, by installing virus and deleting a few files. All the efforts to satisfy his curiosity, but, alas, curiosity killed the cat. It was soon found that McKinnon was guilty of having hacked the military and NASA websites from his girlfriend’s aunt’s house in London. While entering and deleting the files from these websites wasn’t enough, McKinnon thought of shaming the security forces by putting out a notice on the website that said, “Your security is crap.” Well, looks like McKinnon was something, if he could shut down the US Military’s Washington Network of about 2000 computers for 24 hours, making the hack, the biggest military computer hack of all time!
2. LulzSec
LulzSec or Lulz Security, a high profile, Black Hat hacker group, gained credentials for hacking into Sony, News International, CIA, FBI, Scotland Yard, and several noteworthy accounts. So notorious was the group that when it hacked into News Corporations account, they put across a false report of Rupert Murdoch having passed away. While the group claims to have retired from their vile duties, the motto of the group, “Laughing at your security since 2011!” stays alive. There are assertions of the group having hacked into the websites of the newspapers like The Times and The Sun to post its retirement news. Many, however, claim that this group had taken it upon itself to create awareness about the absence of efficient security against hackers.
3. Adrian Lamo
Adrian Lamo decided to switch careers when he realized the potentials of his skills. He became a news when he hacked into Yahoo!, Microsoft, Google, and The New York Times. This, although culminated into his arrest, it later helped him gain the batch of an American Threat Analyst. A guy who would hack into top-notch accounts sitting in the spacious and comforting cafeterias, libraries, internet cafes, soon turned Wikileaks suspect Bradley Manning over to FBI. While Manning was arrested for leaking several hundred sensitive US government documents, Lamo went hiding or should we presume, undercover?
4. Mathew Bevan and Richard Pryce
Targeting the over-sensitive nerves, what Mathew Bevan along with his alleged partner Richard Pryce did, could have triggered great many issues between USA and North Korea. The duo hacked the US military computers and used it as a means to infiltrate the foreign systems. The crucial contents of Korean Atomic Research Institute were dumped into USAF system. However, the contents were majorly relevant to South Korea and hence, less volatile. But this, nonetheless, could have led to a huge international issue.
5. Jonathan James
The first juvenile to be imprisoned for a cyber-crime at the age of 16, Jonathan James or better known as c0mrade, hacked into Defense Threat Reduction Agency of US department. Further, he installed a sniffer that scrutinized the messages passed on between the DTRA employees. Not only did he keep a check on the messages being passed around, in the process, he collected the passwords and usernames and other such vital details of the employees, and further even stole essential software. All this cost NASA to shut down its system and to pay from its pocket $41,000. c0mrade, however, had a bitter ending as James committed suicide in 2008.
6. Kevin Poulsen
How far would you go to win your dream car or a dream house? How far will you go to win an online contest or a radio show contest? Perhaps, you shall keep trying your luck, unless you are Kevin Poulsen! Poulsen infiltrated a radio shows call-in contest just so he could win a Porsche. Dark Dante, as he was better known, went underground after FBI started pursuing him. He, later, was found guilty of seven counts of mail, wire and computer fraud, money laundering and the likes. What turned out to be rewarding in Dark Dante’s case is – his past crafted his future. Poulsen now serves as a Senior Editor at Wired.
7. Kevin Mitnick
Clad in an Armani suit, when a bespectacled face in his mid-40s smiles at you from the computer screen, you can hardly consider the man a cyber-criminal. Such is the case with Kevin David Mitnick. Once upon a time, the most wanted cyber-criminal of US, now is an affluent entrepreneur. Kevin, who is now a security consultant, was convicted of hacking Nokia, Motorola and Pentagon. He pleaded guilty to seven counts of fraud that included wire fraud, computer fraud and of illegally interception a wire communication. After five years of incarceration that included eight months of solitary confinement, Mitnick now has started afresh. However, his knack with the computers is still reminisced and was even depicted on celluloid in the films Takedown and Freedom Downtown.
8. Anonymous
The concept of being a “digital Robin Hood” was far from being conceived, but in the computer age, it is very likely that someone somewhere has bagged this title. A “hacktivist group” called Anonymous are known with the penname of being the “digital Robin Hood” amongst its supporters. Identified in public by wearing a Guy Fawkes Masks, Anons, as they are widely known, have publicized themselves by attacking the government, religious and corporate websites. The Vatican, the FBI, the CIA, PayPal, Sony, Mastercard, Visa, Chinese, Israeli, Tunisian, and Ugandan governments have been amongst their targets. Although, Anons have been arguing whether to engage in a serious activism or a mere entertainment, many of the group members have clarified their intent which is to attack internet censorship and control.
9. Astra
Astra, a Sanskrit word for weapon was the penname of a hacker who dealt in the weapon stealing and selling. A 58-year-old Greek Mathematician hacked into the systems of France’s Dassault Group, stole vulnerable weapons technology data and sold it to different countries for five long years. While the real identity of the ASTRA remains untraced, officials have said that he had been wanted since 2002. Astra sold the data to approximately 250 people from around the globe, which cost Dassault $360 millions of damage.
10. Albert Gonzalez
How safe is internet banking? When we browse through the profile of this mastermind, we are certain that one ought to use the World Wide Web with immense care. For two long years, Albert Gonzalez, stole from credit cards of the netizens. This was recorded to be the biggest credit card theft in the history of mankind. He resold approximately 170 million credit cards and ATM numbers. He did so by installing a sniffer and sniffing out the computer data from internal corporate networks. When arrested, Gonzalez was sentenced to 20 years in Federal prison.