In light of Cybersecurity Awareness month, DarkOwl is committed to sharing resources from our researchers and analysts that touch on safety best-practices and key trends in the global cybersphere based directly on insights from the darknet.
Be the first to know as we release new research by entering your email below!
Featured Content
WHITEPAPER
Tensions Between China & Taiwan Realized on the Darknet
In this report, DarkOwl researchers provide insights and analysis from the darknet on how tensions between China and Taiwan are impacting the cyber underground.
Industrial Control Systems and Operational Technology Threats on the Darknet
DarkOwl participated in this presentation in conjunction with Hybrid COE to bring awareness around ICS/OT threat vectors that continue to emerge and circulate on the darknet.
Cybersecurity Awareness: Darknet Investigator Best Practices
DarkOwl analysts outline a compilation of best practices for conducting OSINT and DARKINT investigations. Curious what we mean by DarkInt? Check out this 101 guide. This is now live!
BLOG
Cyber Group Spotlight: Bjorka
Learn more about the threat actor Bjorka who is causing terror to the Indonesian government. Check out previous Cyber Group Spotlight on SiegedSec in the meantime. This now live!
EVENT
DarkOwl @ OSMOSISCON in Tampa, FL
DarkOwl Product Engineer Damian Hoffmann will present “Finding Actionable intelligence in Dark Web Data for OSINT investigations” to attendees at this year’s OSMOSISCON, October 16 – 18.
Attending OSMOSISCON? Schedule a time meet with a DarkOwl team member here. Read our synopsis here.
EVENT
DarkOwl @ DarkWeb Conference in Hyderabad, India
David Alley, CEO for DarkOwl FZE will be attending and speaking at this conference on October 18th, focusing on Combating Cyber Warfare and Cyber Terrorism using the Darkweb.
Attending this conference? Schedule time to meet David here.
DATASHEET
Dark Web Monitoring
DarkOwl is an open-source intelligence (OSINT) platform that aggregates information from various underground sources. Monitor for information critical to your organization, clients, and customers to discern actionable and meaningful intelligence from things like cyber breaches and ransomware attacks. Check out our new datasheet.
BLOG
Top Mentions of Cybersecurity Awareness on the Darknet
This piece will examine what threat actors on the darknet are discussing regarding cybersecurity awareness and related topics. This is now live!
Curious to see how darknet data can improve your cybersecurity situation awareness? Contact us.
In DarkOwl’s Darknet Marketplace Snapshot blog series, our researchers provide short-form insight into a variety of darknet marketplaces: looking for trends, exploring new marketplaces, examining admin and vendor activities, and offering a host of insights into this transient and often criminal corner of the internet. This edition features Exchange Market.
For this marketplace snapshot, our analysts selected a darknet marketplace hosted on Tor called Exchange Market. Exchange marketplace content is predominantly Chinese Mandarin and features illicit goods traditionally offered on a typical criminal marketplace – including weapons. The market does not appear to emphasize drugs for purchase in variety and volume as is common with other decentralized markets on the darknet.
Since early 2019, DarkOwl has observed activity from Exchange Market with a comprehensive offering of physical and virtual goods and services for sale; including advertisements that are supportive and worthwhile to darknet and underground criminal communities. The market’s onion service is advertised as though it is based in China, uses mostly Chinese Mandarin language, and references popular technology and applications exclusive to China culture. The market is not widely advertised across the darknet in typical marketplace discussion boards and link lists.
Like most decentralized markets, account registration and user authentication are required before accessing Exchange market’s listings. The market also requires the user solve an English-character-based CAPTCHA before access is granted.
Exchange Market Login Screen, Source: Tor Browser
Once authenticated, the banner includes the English phrase:
“Exchange, Trade Privately. Against Tracking and surveillance.”
The top banner includes three sections translated to English as:
“Real-time manual penetration data for acquisition of first-hand online loans by overseas teams”; “Receive download site traffic”; and “Integrity buys and sells first-hand data on men and women.”
Exchange Market, Post-Authentication, Source: Tor Browser
A Closer Look at Exchange Market’s Goods & Services
Exchange market is divided into different sections with each advertising a different category of items for sale. Sections at the very top offer paid advertising materials as is common with other darknet marketplaces and forums. For example, some paid advertisements listed include recruitment and data brokerage offerings:
“High salary looking for 3 to 4 Java architects front end engineer jobs in Thailand”;
“A large number of financial investment data in the currency circle of Japan, South Korea, Europe and the United States stock and foreign exchange exchanges are collected”; and
“Looking for a hacker that can provide cvv sync fish.”
Below the Paid Advertising section, there are different categories listed with dozens of individual advertisements each. The advertisements listed are updated frequently.
data resources
service businesses
virtual items
physical items
technical skills
video pornography
other categories
basic knowledge
private shop
Three Categories of Goods & Services Advertised: Data Resources, Services, and Virtual Items, Source: Tor Browser
[TRANSLATED FIGURE BELOW – Source: Google Translate]
Data Resource [see more]
Service Business [see more]
Virtual item [see more]
1 15W pieces of the latest national college student data in July 2021 suitable for online loans
1 11 detective business inquiry 11 high quality and lowest price on the whole network 11 recruiting agents 11
1 In 2022, the whole network will launch Android remote control stealing u
2 470,000 pieces of data on the wehkamp shopping station in the Netherlands
2 In 2022, the latest PAYPAL binding foreign credit card fraud core technology
6 500,000 shopping data in Spain_Automatic delivery
6 thug private detective
6 1434 sets of US driver’s license front and back hand-held driver’s license
7 57W National Physician and Physician Registration Examination Database Package is of great value for money
7 Dead and Remnant Order Customized Order
7 37 sets of Japanese driver’s license plus hand-held driver’s license japan driver’s license
8 Taiwan personal data 730,000 names, phone numbers, email addresses, birth dates
8 Anti-drinking tea network security Anonymous anti-tracking evades the investigation of the Internet police to deal with national security tea-drinking security money laundering technology
8 TRCERC’s latest release of the coin withdrawal interface source code is fully open source, there are two sets
9 870,000 names and email addresses of real estate agents in the United States
9 All kinds of inquiries of detectives
9 In 2021, the latest bitcoin money laundering technology is very safe in the black production circle
10 US Wolf Eye Clinic patient data 630,000 phone and mailbox SSN
10 24-hour stable query business
10 11 teach you how to date a girl in junior high, high school and college 11 by no means a cold reading pua tutorial
11 elitemate US online dating site data 1.04 million
11 Check cars, check people, check all
11 AliExpress eBay Amazon Alibaba Taobao and other e-commerce seller data
12 7.73 million Robinhood stock and cryptocurrency investing sites
12 Query ID card activity track
12 Latest National Official Contact Information Official Position
13 570,000 users of btce cryptocurrency platform
13 Detective_Check_Online second message
13 CC attack tutorial and software
14 24,970 US users of bitmain bitcoin mining machine
14 High-quality file inspection on the whole network
14 Naked chat fraud to obtain address book source code Naked chat software codeless video voice changing software photographed and shipped automatically
15 Hacker QQ number stealing tutorial with software
16 bitcoinnetworks bitcoin contract website 5237
16 Monero Money Laundering 2021 The Safest Way to Launder Money Original
16 The full technical information of the hacker is here
Translated Table of Exchange Market Listings for data resources, business services, and virtual items
Data Resources
This section of the market has listings focused the brokerage of personally identifiable information (PII) and digital identity theft crime including: selling PII exfiltrated from shopping data, college students’ data, phone numbers, social security numbers (SSNs), addresses, and users of bitcoin services. The personal data offered appears to be primarily sourced from individuals located in the Netherlands, India, Brazil, Spain, the United States, and Taiwan.
The Unites States is targeted the most frequently in this category with personal data available stolen from US real estate agents, a US optometrist’s patient data, and data from a US online dating service. A newer advertisement, shared this week, titled, “3.26 million in 22 years in the United States_Detailed personal information of US citizens” claims that the data is US personal identity data from 2021 and that 2022 and includes names, addresses, phone numbers, and work associations, and industries.
Data Resources Section of Exchange Market, Source: Tor Browser
Another listing, titled “Taiwan personal data 730,000 names, phone numbers, email addresses, birth dates,” is notable given tensions between the China and Taiwan and likely a result of recent cyberattacks against the country. Each database offered appears to be legitimate and links to real data.
Neither advertisement includes a price for the databases.
“Service Business” Offerings
Listings under the service business category include social engineering, penetration testing, fraud technologies, private detectives, internet tracking avoidance and privacy, and methods for money laundering.
One listing appears to offer one-on-one guidance for the “private customization for telemarketing SMS” – which is likely a customized SMS hijacking service.
Virtual Items
The “virtual items” features malware, trojans, and viruses for conducting cybercrime. Our analysts noted several RATs (Remote Access Trojans), PII for social engineering and fraud, hacking tutorials and associated software, video and voice changing software, and Bitcoin laundering technology.
Interestingly, most of the PII offered here originated from citizens in Spain, Italy, the United Kingdom, Japan, the United States, and Poland – suggesting that either Chinese-based threat actors are directly targeting these countries or non-China based data brokers are reselling exfiltrated databases on this market. Other databases for sale included e-commerce websites such as Amazon, AliExpress, eBay, Alibaba, and Taobao.
Physical Items
Instead of offering a wide selection of drugs for sale as a ‘physical good’ for sale, this section of the market features counterfeited documents and items (e.g. cigarettes), weapons, and a limited supply of LSD tabs and prescription drugs. Clonazepam and LSD tabs are allegedly shipped from Europe, a handgun offered for $10,200 USD, and fake tax certificates and bank cards were advertised from various international government and financial institutions.
Of note, the handgun’s advertisement description, “Glock19 customer customized list” does not correlate to the model of the handgun pictured. The picture is a G17 Glock instead and includes the inscription “Austria” on the weapon. Despite the discrepancy in what is advertisement and the picture, there are other automatic and semi-automatic weapons included in the Glock19 advertisement.
[TRANSLATED ADVERTISEMENT – Source Google Translate]
“New glock 19 gen4 price ($10,200)
Shipping time is about a month
No refunds will be accepted after payment, as the goods will not be returned once dispatched, Because of their own problems, the mobile phone number is not answered, the goods are not received, and refunds are not accepted. If you do not receive the goods or do not meet the requirements can be refunded. Please release the money after receiving the goods without any problems, for the sake of long-term cooperation in the future
Save time for those who really need it, don’t bother.
AR15 AR-24K beretta PX4 MAC 11 Russian-made Markov is cheap
Customer-made list, if you need anything else, you can send a private message, don’t waste everyone’s time thank you [If you want to order, please make a sincere consultation for $10, send a private message on the site, or leave a telegram or encrypted email
Only connect with the big boss, you can also come if you think you have the strength. Don’t waste your time consulting if you are bored
I finally want to say that cheap people deserve to be deceived. . . Stop believing those in some groups. . All liars can’t see it.”
Handgun offered for sale on the darknet marketplace, Source: Tor Browser
Technical Skills
The Technical Skills section cover numerous skills required for fraud and hacking technologies. Some technical skills advertisements include antivirus software by-pass techniques, methods to register Google voice account with US phone numbers, online credit card loans, DDoS attacks, and scraping information from WeChat chat records real-time. There are also some unexpected socially specific skills on offer like: “Tricks to Control Women” and “The Manson Method to Get Women Addicted to You.”
Video Pornography
This section of the market includes what one would expect with subscriptions and pornographic content available for purchase and download. There are also mentions of CSAM content.
Other Categories
This section includes uncategorized listings for a variety of products, much of which is similar to the ones already described above. Our analysts noted offers for ransomware, international passports, hacking toolkits and tutorials, and unrelated listings, such as “The most complete network of CCP princelings.”
Basic Knowledge
The Basic Knowledge section of the marketplace is a mixture of offerings and discussions on topics such as earning passive income, fraud and hacking tutorials, and practical dating skills.
More Exchange Market Listings, Source: Tor Browser
This section of the market appears to also include an option to add comments to posts, although additional marketplace approvals and/or Bitcoin payment may be required.
Exchange Market: DarkOwl Analyst’s Observations
Exchange Marketplace restricts any personalization of buyer or vendor accounts. There are no custom usernames or avatars associated with either type of account.
Vendors are provided a “seller account number” that appears with their product listings and there is no obvious vouching for a vendor’s legitimacy with reviews and creditability from other marketplaces or sources.
Similarly, buyers are issued a random string of numbers that serve as the account’s username, further obfuscating the identities of all parties involved in a marketplace transaction.
A limited number of vendors include links to potentially associated Telegram channels and/or include English text in their advertisements.
Products on the marketplace are tailored towards Chinese online services, e.g. ransomware to target Taobao, Xianyu, WeChat, and Weibo.
To transact with a vendor on Exchange, the onion service requires the buyer generate a separate transaction password.
The marketplace serves as ‘escrow’ with a ‘pay-to-play’ mentality, requiring Bitcoin deposit for an account to be fully activated.
Conclusions
With longevity and network persistence offering illegal goods and services since 2019, DarkOwl assesses that Exchange Market is a comprehensive darknet marketplace that sells goods and services to support the full spectrum of potential cybercrime. In addition to databases and exploits to conduct financial and identity fraud, scamming, hacking, ransomware campaigns, and more, the market appears to also support a solid recruitment and hacker-for-hire segment of the Chinese-malware community.
Unlike other decentralized markets, Exchange Market demonstrates higher concern for anonymity by providing random numbers to users rather than personalized aliases. While the language barrier might limit access for large swaths of darknet users – who are predominantly English and Russian speakers – Exchange Market’s popularity is consistent despite limited out of market advertising and is still flourishing on its own.
Subscribe to email to receive the latest research directly into your inbox every Thursday and don’t miss our next Darknet Marketplace Spotlight.
The year 2022 has been one of heightened global tensions and geopolitical military conflicts. Russia’s three-day “special military operation” against Ukraine has turned in months of heated battlefield bloodshed, cruise missile attacks, and sparked a global cyberwar touching hundreds of other non-Ukrainian nor Russian entities. Elsewhere, open sources estimate that over 100 people have died in a border conflict between the former Soviet states of Kyrgyzstan and Tajikistan, both of which share a border with China. Meanwhile, a fragile ceasefire agreement between Armenia and Azerbaijan failed to stop fighting that resulted in a couple hundred deaths in an Armenia enclave of the Nagorno-Karabakh region of Azerbaijan just last month.
Amongst these hostilities are escalating, volatile tensions between China and Taiwan that stem from China’s “One-China Principle” and its refusal to recognize Taiwan’s sovereign independence.
In DarkOwl’s upcoming research investigation, our analysts take a closer look at how recent political tensions between China and Taiwan spill into the darknet, deep web, and greater cyber space.
Recent political tensions between China and Taiwan spill into the darknet and cybersphere.
In this paper, we will look at how numerous data leaks and cyberattacks have occurred in both the U.S. and Taiwan – prompted by a controversial political visit from US Speaker of the House, Nancy Pelosi in August, and the subsequent approval from the Biden administration to deliver $1.1 Billion dollars in US weapons to Taiwan.
The new research piece will also shed light on the darknet’s response to concerted information operations and political escalations between the two countries, including chatter related to a potential military invasion of Taiwan, China’s role in Russia and across the globe, and general anti-China sentiment across several darknet discussion services. We also uncover some of the critical government and organization data leaks that have surfaced for both Taiwan and China and are in circulation in the darknet.
To receive a copy of this research as soon as it goes live on October 5, drop your email below:
This year, International Peace Day comes amidst a global cyberwar that arguably began (but has determinably escalated) with the Russian invasion of Ukraine. When considering the notion of peace, especially during this time of heightened combativeness, we turned to one of our darknet analysts. In return, they offered their first-hand perspective and candid thoughts on the notion of a peaceful cyberspace.
Peace in the Midst of a Cyberwar: Perspectives from a Darknet Analyst
In my opinion, the concept of a ‘peaceful darknet’ is a complete oxymoron. There have been brief moments when I’ve experienced something close to peace on the darknet, such as when I connect with various underground communities and established trust groups. I login to the community, check the channel nicks to see who else is online, and direct message or send a quick jabber message to the online “friends” I’ve established after years of moving in and out of these communities. There are moments of contentment after a friend shares an update on their dad’s recovery from a recent surgery, and we relate about videos we’ve both watched on YouTube.
But, is it peaceful? Hardly. There’s a cloud of anxiety. At any point in time, the server our community connects to might be hit with a heavy DDoS attack from ‘skids’ or a rival darknet community. You never know when a guest account will connect and immediately flood fill the chat with hateful and explicit messages.
I look at the clock. Around this time most nights, a former member and now banned user connects to the server and there’s immediate drama between them and the chat’s moderators and staff. The user claims he’s got proof that one of the staff is a pedophile. They’re kicked out and the channel/room is locked. Another member posts a funny meme. Another asks for help using Mimikatz. Just another typical night in the darknet.
Before Ukrainian Invasion: Brewings of a Cyberwar
Months before the Russians physically invaded Ukraine resulting in the formation of the IT Army of Ukraine and the hacking collective Anonymous’ launched their infamous cyber campaign #opRussia against Putin and Russia-aligned threat actors, members of the elite GRU were busy covertly carrying out many a pre-invasion operational cyber campaign by probing networks and accessing sensitive Ukrainian networks.
Millions of Ukraine’s citizens’ personal data had already surfaced and were in circulation across the darknet. Russian trolls on darknet forums and Telegram channels taunted the West and Ukraine, with posts about everything from Hunter Biden’s laptop to a weak NATO; some hinted at how quickly Kyiv would collapse after an invasion. Western news media started reporting of troop build-ups along Ukraine’s borders in Belarus and Russia.
Then, the Kremlin announced their recognition of the Luhansk and Donestk People’s Republic (LPR/DPR). Less than a week later Putin ordered commencement of his “special military operation.”
After February 24th 2022, everything changed: both in real life and virtually. Darknet dynamics completely shifted. Cybercriminal groups and ransomware gangs split down the middle – those supporting Ukraine and those supporting the Kremlin. Many Ukrainian-based darknet users, including an online ‘friend’ prominent in the darknet carding community, disappeared after deploying with the military to fight for their country’s freedom. Hundreds of Russian and Ukrainian Telegram channels emerged with videos from the front lines. Social media channels post videos of cruise missiles hitting centuries old buildings in Kharkiv. Apartments and residential buildings were completely decimated along with the people and memories in them.
War Launches a Frenzy of Darknet Activity
Every few hours I discover another leak URL that has emerged from a victim in Ukraine or Russia. I annotate the details to a database of Ukraine-Russian cyberwar leaks I started within the first 36 hours of the invasion. I proliferate the IP addresses of new targets issued by the Minister of Digital Transformation of Ukraine and load another Tor URL that has mysteriously disappeared.
A DarkOwl Vision monitor I created for a client – months before the invasion – alerts me that the company’s web domain has been mentioned by Russian threat actors on Telegram. Attacks against US companies and NATO entities start to mix into the now daily exhaustive list of on-going cyber activity. New threat actor groups announce their formation every other day. ATW? nb65?! KILLNET…. I begin to ponder how this cyber chaos can possibly result in any form of success for Ukraine. Members of Anonymous and various ‘collectives’ around the globe invariably clash attacking the same digital targets.
My sleep in those early weeks consisted of brief 2-hour naps only after caffeine was no longer effective and I could barely keep my eyes open. My dreams haunted by the sound of the sirens I had heard repeatedly in videos coming out of Kyiv on Telegram and the images of decaying soldiers’ bodies on a channel dedicated to helping survivors identify their lost loved ones. I’m millions of miles from the epicenter; yet, I’m still affected by what I’ve virtually witnessed.
Fast Forward Seven Months
The IT Army of Ukraine has grown to a force of nearly half a million hacktivists. The cyberwar leaks database is terabytes in size. The CONTI ransomware gang passes the ransomware baton to LockBit, shifting from ransomware to nation-state operations. A ransomware group seem to surface every week announcing dozens of global commercial victims – many that are small businesses that struggle to survive such an attack.
Zero days and exploits used against Russian government and commercial entities have become increasingly sophisticated with attacks against critical infrastructure becoming the standard. Anonymous’ operational cyber cells are now run with shocking efficiency and effectiveness and the cyber battlefield is either less chaotic or I’ve become more tolerant and accepting of the chaos.
Pro-Russian disinformation networks across social media and the digital underground are operating at full capacity. On the surface, the Ukrainian military has successfully pushed the Russians back over 6,000 square kilometers in eastern Ukraine, liberated dozens of towns, and villages with their counteroffensive against Russia, and another Russian oil executive has mysteriously fallen out of a window in Moscow. It’s nearing the end of summer. I visit a local farmer’s market all to overhear a random 60-something-year-old woman at a stall arrogantly declare, “President Putin is simply trying to dismantle the global cabal and de-nazify Ukraine”. I take a deep breath and slowly walk back to my car, suddenly no longer interested in buying any local produce.
I return to my home office to find a request for technical information related to recent cyber-attacks in China and Taiwan in my inbox. I suddenly realize that this is never going to end. China could very well invade the island of Taiwan by the end of the year and trigger yet another round of global cyber initiatives and operational campaigns.
The cyberwar is no longer simply between those who support Ukraine and those who do not. The cyberwar is simply a virtual reflection of the pure lack of peace we have within ourselves as individuals, societies, and nations. Peace in Ukraine will in no way result in peace on the darknet nor stop your neighbor down the street from spewing the propaganda they’ve been fed and now believes in their heart.
I disconnect the wi-fi, shut off my computer, crawl into bed in the middle of a Saturday afternoon, and for the first time in seven months, sleep peacefully.
The above account came from one of our DarkOwl Analysts, who are trained to routinely immerse themselves in the darknet space. Their efforts support our product collections efforts, and also support our clients to understand data and intelligence on the darknet. For more questions about how analysts support our customers, thought leadership, and data collection efforts, contact us.
Earlier this month, DarkOwl participated in the well-regarded law enforcement conference: ISS World Asia. The annual, training-oriented event describes itself as “the world’s largest gathering of Regional Law Enforcement, Intelligence and Homeland Security Analysts, Telecoms as well as Financial Crime Investigators responsible for Cyber Crime Investigation, Electronic Surveillance and Intelligence.”
Representing DarkOwl was David Alley, CEO of DarkOwl FZE based in Dubai, and Richard Hancock, Darknet Intelligence Analyst based out of DarkOwl’s headquarters in Denver.
“We find ISS World events to be incredibly helpful in bridging the gap between national security agencies and the OSINT vendor community,” shared David. He also noted a common thread in his conversations with investigators: the need for safe, effective, ethical, and high-quality dark web OSINT tools.
While at ISSW in Singapore, the DarkOwl team hosted a seminar on Darknet Intelligence Discovery and Collection. The goal of this session was to further educate the international intelligence community on how threat actors on the darknet are evolving in their use of new tools and methodologies.
Later in the week, David Alley of DarkOwl FZE delivered a presentation with representatives from Social Links, one of DarkOwl’s partners and leading provider of OSINT technologies.
The session, Countering Illegal Trade on Darknet Marketplaces, was offered as part of one of ISS World Asia’s closed track programs, available only to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
The collaborative presentation focused on what the current dark web marketplace landscape looks like, and explored methods for counteracting illegal cyber trading. The discussion was further supported with demonstrations on how investigators can expose criminal and terrorist cryptocurrency activity on the darknet by using a platform that has been enriched with DarkOwl data.
Per our partners Social Links, this session showed how “through advanced data extraction and analysis, investigators can break through the perceived anonymity of the Dark Web and crypto transactions to identify criminal actors.”
DarkOwl looks forward to continuing their presence at ISS World events as part of our ongoing initiative to support the global law enforcement community in their efforts to police illegal and nefarious activity on the darknet.
Upcoming research from DarkOwl displays an alarming number of threats on the darknet and deep web that could effectively target and compromise Critical Infrastructure.
For the past several months, DarkOwl analysts have been monitoring for and documenting instances on the darknet that could be threatening to Industrial Control Systems (ICS) and their adjacent Operational Technologies (OT). These two critical systems govern most everything societies rely on in the modern age. They include critical infrastructure such as manufacturing facilities, water treatment plants, mass transportation, electrical grids, gas, and oil refineries… all rely on some aspect of ICS/OT incorporated in their industrial processes.
In doing so, DarkOwl’s analysts found a significant number of instances in which attacks or attack vectors that could directly effect these critical industries were being actively discussed or circulated on the darknet. The research will be published an upcoming whitepaper, Industrial Control Systems (ICS) & Operational Technology (OT) Threats on the Darknet.
The full extent of this research will be published Tuesday, September 13 and will cover how critical infrastructure is being targeted on the digital underground.
Abstract
Industrial Control Systems (ICS) & Operational Technology (OT) Threats on the Darknet
In recent years, especially in the world of ransomware and extortion-as-a-service crime – which is highly prevalent on the darknet – the information security community and major security operations centers have been centrally focused on securing sensitive organizational ‘data’ and intellectual property with concerted attempts to mitigate network attacks and remediate the effects of one leak after another leak emerging on the darknet and across underground criminal communities.
ICS/OT security involves protecting critical ‘processes’ needed in critical infrastructure and manufacturing facilities and is less concerned about data loss. The effects of ICS/OT attacks, especially against those that involve targeted unencrypted, serial communication protocols, are not manifested as simple domain network and email connectivity issues. A successful ICS-OT attack transcends the cyber realm and can result in the physical destruction of devices, kinetic explosions, and even risks the potential loss of human life.
In this darknet research investigation, the analysts at DarkOwl review the threats discussed and circulated on the darknet related to ICS/OT and exploits designed to compromise Supervisory Control And Data Acquisition (SCADA) panels. The research highlights initial points of compromise and data brokers in unauthorized network access, the reconnaissance utilities employed by threat actors to surface critical infrastructure system vulnerabilities, and the real dangers presented by the industry’s reliance on insecure IEC protocols.
To receive a copy of this research as soon as it goes live on September 13, drop your email below:
Interview with DarkOwl’s Sarah Prime and Alison Halland
August 26, 2022
In honor of Women’s Equality Day this August 26th, DarkOwl looks at workforce equality efforts within the cybersecurity industry and in our company by interviewing our Chief Business Officer, Alison Halland, and Director of Product Technology, Sarah Prime. DarkOwl is committed to building a balanced workforce which informs our efforts to create the most effective and talented team possible.
Background and Statistics: Women in Technology
Efforts to change the makeup of cybersecurity which traditionally has been male dominated have been embraced across the industry. Companies, organizations, and the government have taken notice. Organizations such as CISA (Cybersecurity and Infrastructure Agency), headed by Jen Easterly, are making efforts not just to hire women but also to highlight and empower them. Women will play an important role in supporting the demands of the industry – which is in dire need of more human resources. In fact, it has been estimated that just this year, the industry would need to grow by 65% effectively to defend organizations’ critical assets.
Despite impressive efforts underway by all types of institutions such as Women in Cybersecurity (WiCys), there is still a gap. “It’s not just women, but it’s all types of diversity. Whether that’s neuro diversity, diversity of gender identity, of sexual orientation, of race, of national origin,” Easterly said.
A 2021 article published by the US census bureau reported that although women make up around half of the U.S. workforce, they comprise only about 27% of STEM workers. However, this is not to say that women are not earning degrees in STEM. A report published in April 2022 claimed that while women earned almost half of the bachelor’s degrees in STEM, there is a large disparity across fields. Women earn the majority of bachelor’s STEM degrees in life sciences, psychology, and the social sciences. But, they made up only a little over a quarter in math-intensive fields. However, women holding STEM bachelor’s degrees may be a poor indicator of how many women will end up working in STEM-related industries because the ISC2 2021 Cybersecurity Workforce report finds that pathways to cybersecurity are changing.
While an IT background is the most common route, a little over half of cybersecurity professionals started outside of IT. 17% transitioned from unrelated career fields, 15% gained access through cybersecurity education, and 15% explored cybersecurity concepts on their own. [Source]
Figure 1: Participants Pathways to Cybersecurity Careers [Source]
Interview: Thoughts on Being a Women in Cybersecurity from Two Members of DarkOwl’s Leadership Team
To commemorate Women’s Equality Day, DarkOwl’s Junior Darknet Analyst and Marketing Contributor Molly Bocock sat down with Sarah Prime, Director of Product Technology and Alison Halland, Chief Business Officer for a candid interview about working in the cybersecurity industry.
Editors Note: Some content has been edited for length and clarity.
The ISC2 2021 Cybersecurity Workforce report finds that pathways to cybersecurity are changing. An IT background is the most common route, but around more than half of cybersecurity professionals started outside of IT. 17% transitioned from unrelated career fields, 15% gained access through cybersecurity education, and 15% explored cybersecurity concepts on their own.
Molly: Tell me about your background and your journey to where you are now – did you know you always wanted to be in cyber?
Sarah: The short answer is no, I had no idea I wanted to be in cyber. I didn’t know what the darknet was when I started working at DarkOwl. I actually started my career in the educational publishing industry. I started developing simulation and e-learning products and found that I really liked it. In my next job I transitioned to developing software products full-time.
Then I moved out to Denver and joined a start-up that was literally working out of a garage and that company had a very innovative idea and needed help building a product that would help their really talented cybersecurity analyst team do more and better work. And ultimately that company became DarkOwl.
That’s how I got here today. 8 years later I feel like my mission in this world is to help expose what is happening on the darknet so criminals don’t have a place to hide, and preserving what the darknet is in terms of privacy for people who need it. I do find it a very rewarding industry to be in because it feels like you are contributing in a small way to making the world a better place.
Alison: Like Sarah, I did not think that I was going to end up in cyber. I started my career in finance and was working in Boston for a company that grew exponentially and ended up going public and then the financial crisis hit, so I went back and got my MBA at Dartmouth. After that, I knew I wanted to make an industry change, but I just couldn’t put my finger exactly on what industry I wanted to go to and was conflicted about it. So, I made a geographical change and moved to Denver with the hopes of figuring it out when I got here.
After staying in the financial sector for my first role out here, I then found myself working independently and consulting for security companies with cyber angles. I was really intrigued by the industry, specifically how innovative it was, how fast it was moving, and the different personalities it attracted. I had come from the very traditional finance industry in New England where everyone looked the same and acted the same, and there was a piece of edginess and this “as long as you could cut the mustard” attitude in the cyber space that I thought was really interesting. Lo and behold I ended up at DarkOwl and have now been in cybersecurity for 6 years.
The same study from ISC2 reported that fewer women (38%) came from an IT background than men (50%). Women have higher rates of entry from self-learning than men (20% vs. 14%) and pursuing cybersecurity education to land a job (20% vs. 13%).
Has working in this field dispelled any misconceptions you had about your own abilities or interests?
Alison: I don’t think so. One thing you learn as you progress in your career is that there is an appetite for all skill sets across almost all industries. My exact skill set definitely doesn’t scream “cyber” in the traditional sense; however, I have been dedicated to learning the space and there is always the need for clear communication about our technology, defining the strategic directions, contract negotiations, understanding specific client’s use cases, and the list goes on.
Sarah: Yes – there’s the “hacker in the hoodie” contingent of cyber but there are also so many other opportunities. I am not a hacker in a hoodie. Cyber needs product people, cyber needs marketing people, cyber needs business people, and it’s a really interesting cross-section of backgrounds and I found that community to be really welcoming of different perspectives and ideas and innovation.
Alison: I also think there is this altruistic angle in cyber that feels really good to be a part of, and I don’t know that all industries can say that. Cyber has an appeal and a reputation that is well-deserved in many regards to the innovativeness and by having these incredible products that, like Sarah attests to, can keep us all safer and make sure that we’re doing right by both our clients and our company.
Sarah: It’s less so about what gender you are and more so about what ideas do you bring to the table, and are you doing a cool thing and let me hear about it. I found that to be really supportive and encouraging.
An earlier study by ISC2 found that women in cybersecurity tended to be younger, were more likely to hold post-graduate degrees, and were more motivated to earn certifications and degrees in the field. It also reported that that 17% of women said they earned U.S. $50,000 to $99,999, which is 12 percentage points less than men at 29%. They are closer in representation in the $100,000+ range (16% vs. 20% of men). [Source] The more recent study from 2021 noted that participants who had earned at least one cybersecurity certification made about $33,000 more in annual salary than those that hold none.
Can you talk about your professional development? What courses or certifications would you recommend? What advice would you give to a woman who is at the entry-level in the cybersecurity industry?
Sarah: I think that there are a lot of different opportunities within the industry as we were talking about. Some of my professional development has been around product development, product strategy. I recently completed a course out of Northwestern University around product strategy. Some of the certifications that are more traditional cyber-security focused that have been really impactful to members of my team have been the Certified Ethical Hacker as well as the OSCP.
Alison: My advice to anyone early in their career would be to ensure that they are thinking about the path they are headed down and to realize that any learning you do in a specific role, whether its technical knowledge or business sense, are learnings that you can take with you wherever you go. No one can take that learning away from you, and will only make you stronger as you progress within your career. Lastly, I would remind them that no one cares about your professional development more than yourself – so don’t lose sight of that and ask for what you need/want.
The data from the 2021 Cybersecurity Workforce study from ISC2 suggests that a reliable estimate of women in the cybersecurity workforce globally remains at 25%.
What is it like as a woman working in the cybersecurity industry? Are there any challenges or advantages to working in a male-dominated industry?
Alison: My experience in the cyber industry has been pretty heavily concentrated at DarkOwl. That being said, I feel empowered and enabled here. I think we have a unique scenario where we not only have a lot of females on the payroll, but have females with tenure and historical knowledge which is invaluable to DarkOwl. I’m really proud of that and I love working internally with everyone male and female alike. Its very much a norm at DarkOwl — to see females across all departments —but I don’t want to sugar-coat the fact that it’s not like that in the industry at large.
Sarah: I echo that 100 thousand percent. I find myself very fortunate to work at DarkOwl, we work with a lot of smart women, and we have an above-average number of women on staff. Our goal is to have gender equality in terms of our workforce and we’ve hovered somewhere between 35 and 40 percent. We want to increase it. But absolutely, you see traditional mindsets across this industry, you could see it in larger companies, and you certainly see it in the make-up of executive teams and boards where its very male dominated. Sometimes it is very obvious being the only woman in the room.
Alison: Speaking of being the only woman in the room, I was just reminiscing about this year’s Blackhat Conference, which I just returned from. For DarkOwl it entailed three days of back-to-back meetings in our executive suite and I was the only female in every meeting both on the DarkOwl side, and on the client side.
The good news is that I didn’t feel marginalized in any way but it does emphasizes the reality that there are not a lot of females at the executive level within the cybersecurity industry. So, its apparent to me that there is still a huge gap and a lot of work to be done.
Sarah: I had a meeting at a big company in Silicon Valley several years ago when DarkOwl was first starting. I was presenting with our CEO, and we had 20 people in that meeting from the client side. 15 of them were men and they were seated at the front of the room and the 5 women were in the back. The client introduced all of the 15 men by name and then said “and there’s the rest of the staff back there” who were all women.
In some ways experiences like these inspire me to be better, to achieve more, and to work harder because I want to pull someone up. I want to be a model for someone else — that’s really important to me personally. Bringing up people behind me, to reach your hand down and pull someone up. I think that the world is trending in the right direction. It is a great time to be a woman in the cybersecurity industry. Companies want to hire women; companies want to close that gap. There’s immense opportunity in this industry. The industry is focused on it, and there are groups like Women in Cyber doing amazing work to close that gap.
The 2021 study by ISC2 had fewer female participants, because “this year our response base included higher participation of professionals holding formal cybersecurity roles, which are more frequently held by men than women.” Chadra McMahon, who in March 2022 was the only woman to serve as the CISO among the top 10 largest companies nationwide, has said that “Cybersecurity is not well understood as a career or as an opportunity.” Therefore, it seems that how “cybersecurity” is defined can influence how many women are reported to be working in the cybersecurity workforce.
What do we not understand about cybersecurity as a field and its job opportunities? What does cybersecurity mean to you?
Sarah: I think a lot of people think cybersecurity is about pen testing and forensics, and I would say that there are so many more opportunities. There are research and intelligence tracts, there are OSINT tracts, there are darknet tracts, there are social engineering tracts, and there are a lot of different specializations. You can do all of them, you can do any of them. There’s a lot of data science and software and programming work in cybersecurity. It’s a very innovative field and there are a lot of opportunities. Again, its not just a hacker in a hoodie in a basement somewhere.
Alison: People sometimes think of “cybersecurity” as something very abstract and high-tech, but I actually think of it as something really familiar that we interact with every day. Cybersecurity impacts every single individual in every single company. There is no one that is above it or beyond it in the modernized world. I think its pervasive in a good way. Every company has to think about it. The industry is huge, and its experiencing explosive growth in a thousand different directions, so jump on it and find your path!
Sarah: There are so many different paths you can take within cybersecurity. It’s really exciting and from that standpoint really cool. What does cybersecurity mean to me? It’s helping secure the modern world. The way that everyone does business, the way that everyone communicates— all of that is digital, all of that is through computers. For example, the three of us are in different spaces right now. There’s a new way of working and being in the world and cybersecurity is making that connected, safe, secure, and just helping people to live safely.
Alison: Like Sarah said, there’s so many different avenues you can go in cyber. Whether you’re at a company that is trying to solve a specific cybersecurity gap across multiple industries, or one that provides innovative solutions for the cybersecurity industry itself. Cybersecurity technologies are only going to continue to be more and more necessary, and from that necessity comes innovation – which often attracts great talent.
Figure 2: The Most Important Qualifications for Cybersecurity Profressionals (Non-technical Skills and Attributes) [Source]
Alison: Molly, I would ask a question of you. When I was in college, we didn’t even talk about cybersecurity as an industry. What do people think of it coming out of college now? Do they think of cybersecurity in the stereotypical sense, i.e. as a very narrow highly technical field, or do people think of it more broadly, like I do?
Molly: It’s a mix of both. People who are less familiar with STEM in general, I’m thinking of the people who tried to avoid it like the plague since they were young and thought “I hate math I’m never going there.” They think of cybersecurity as very “hacker in a hoodie.” People who are in business have a broader perspective. They realize the business opportunity; they know that every business has to have different departments like HR, marketing, and sales — they understand that. Younger people are seeing cyber as an opportunity to move into but they’re still hesitant. People think “oh, I’m not good enough, I’m not there, I don’t have what I need, I’m going to fail there because I didn’t study computer science when I was in undergrad so I don’t have the hard skills they want.”
Sarah: Yes, and I hope we can change that. As Alison said earlier it’s going to take work to change some things, but I hope we can. I find the most successful people in this industry are multi-disciplinary. They have a lot of skill sets and they have a lot of soft skills. There’s no way you can think like an attacker if you are too narrowly focused. You need critical thinking skills and you need collaboration skills.
Alison: I think that cybersecurity, more so than other industries, is forward-thinking in accepting non-traditional employees. I think the appetite for openness in the cybersecurity industry, and this is just anecdotally, is a little bit wider than in other industries.
Sarah: Attackers work in groups. They are not one person. These big nation-state entities, these big APTs, are collectives. They have multiple skill sets. So the good guys also need to work in teams, to be able to work with other people, and to bring different skills to the table. And those skills are not just math or hard tech skills. It is really about collaborating. The best people are able to work in very out-of-the-box ways.
To bring this back to the point of the interview, I think women have a lot of those traits, culturally. I think that women bring a unique voice to this and can bring their tech skills and some of the other really critical skills like collaboration, like communication, like critical thinking, to the table and be really successful in this field. As long as you are doing good work, there’s room for you in this industry.
Alison: Right, exactly.
Key takeaways from Alison and Sarah’s perspectives:
Anyone who is interested in the cybersecurity industry has a strong chance of being able to find a role that suits them. While companies and institutions are putting more resources towards addressing the gender and representation gaps in cyber, those gaps still exist. Therefore, the company makeup of where you work can have a very real impact on your experience in the field, especially if you are in the minority of the workforce.
As an industry, cybersecurity is forced to embrace change given the nature of the field. Cybersecurity’s welcomeness to innovation makes it more open to changes, such as seeing more women in the field, than perhaps other industries are. In the experiences of Alison and Sarah, people are accepted based on the quality of their work and there is an open invitation to explore new projects and ideas – which are also necessary to evolve with the sophisticated threat actors we face. Individuals should not discount themselves from working in cyber. A wide variety of skillsets are needed to address present and future threats; Multi-disciplinary workers have an advantage, and learning opportunities and professional development can always be cultivated – especially when you partner with organizations that prioritize the employees growth.
In DarkOwl’s regular daily collection of content for its Vision SaaS platform, we often witness criminal communities being disrupted and dispersed by law enforcement operations. Usually, these operations are carried out covertly until enough evidence has been gathered to shut down the illicit operation. At that point, oftentimes, the law enforcement group will conduct heavy DDoS attacks (or other attack methodologies) against the marketplace or forum to shut it down, leaving a “this domain has been seized” notice on a website’s landing page.
In this piece, we decided to take a closer look at some of the key intelligence agencies, government groups, and law enforcement organizations that contribute to policing the darknet through targeted cyber operations.
The darknet – compromised of anonymous networks only accessible by special anonymous proxies and/or peer-to-peer systems – is an elaborate web of services. Based on our historical insight into this space, our analysts ascertain that the darknet is largely compromised of criminal activity ranging from the sale of drugs and illicit goods and humans to advanced malware development, data brokerage, fraud, and financial crime. Recent academic researchindicates that over half of all Tor-based onion services facilitate crime in some form or fashion.
Much of this criminal activity spills over into the deep web and chat platforms like Telegram where many of the leading administrators establishing ‘mirror’ sites and channels that replicate much of the content shared across Tor and peer-to-peer anonymous networks.
International intelligence, military, law enforcement personnel, and other cybercrime agencies are present both overtly and covertly on the darknet. Marketplace and forum discussion threads are sprinkled with users dismissing posts with derogatory name-calling like “pig” or “spook.”
In 2019, the US Central Intelligence Agency (CIA) replicated their Surface Website (cia.gov) on the Tor network, including the agency’s public announcements, the World Factbook, and careers page all available reportedly via ‘secure and anonymous’ web connections.
In early May, the CIA launched a concerted campaign to encourage Russians dissatisfied with Putin’s invasion of Ukraine to “get in touch on the darknet.” The campaign included detailed instructions in both Russian and English for downloading the Tor browser and accessing their content Tor.
There are any number of organized law enforcement operations on-going in the darknet and adjacent criminal communities. Many times, the seizures of servers hosting and facilitating cybercrime are a result of a multi-agency activity months (or years) in the making. Agents from the Federal Bureau of Investigation’s Cyber Crime Unit (FBI) and Interpol lead many of the operations that result in not only the take-down of criminal sites, but also the indictments and arrests of the criminal masterminds behind the darknet community.
With so many different groups operating in the space and most heavily rely on acronyms, we’ve compiled a list of the prominent international government, intelligence, and law enforcement organizations that we’ve seen mentioned in significant operations carried out on the darknet. The table below includes their common and formal names, as well as the countries they primarily operate in.
Federal Security Service (Federalnaya Sluzhba Bezopasnosti ФСБ)
Russia
FinCEN
Financial Crimes Enforcement Network
USA
GDCOC
General Directorate Combating Organized Crime
Bulgaria
GCHQ
Government Communications Headquarters
UK
HSI
Homeland Security Investigations
USA
IRS:CI
Internal Revenue Service, Criminal Investigation
USA
IDF
Israel Defense Force
Israel
JCODE
Joint Criminal Opioid and Darknet Enforcement (DOJ)
USA
GRU
Main Intelligence Directorate
Russia
NCA
National Crime Agency
UK
NCJITF
National Cyber Joint Investigative Task Force
USA
DNRED
National Directorate of Intelligence and Customs Investigations
France
NSA
National Security Agency
USA
NCIS
Naval Criminal Investigative Service
USA
KLPD
Netherland’s National Police
Netherlands
OFAC
Office of Foreign Assets Control
USA
PSNI
Police Service of Northern Ireland
Ireland
PF
Policia Federal
Mexico
NPB
Polisen Swedish Police
Sweden
PJ
Portuguese Judicial Police (Polícia Judiciária)
Portugal
SBU
Security Service of Ukraine (СБУ)
Ukraine
Europol
European Union Agency for Law Enforcement Cooperation
European Union
Interpol
International Criminal Police Organization
International
CBP
U.S. Customs and Border Protection
USA
ICE
U.S. Immigration and Customs Enforcement
USA
USDT
United States Department of the Treasury
USA
USPIS
United States Postal Inspection Service
USA
USSS
United States Secret Service
USA
DOD
United States Department of Defense
USA
DEA
United States Drug Enforcement Agency
USA
Stay tuned for future content where we review some of the most historically significant and disruptive darknet “operations” conducted by these organizations. Our interactive timeline is now live!
Learn how DarkOwl supports Law Enforcement & National Security investigations with darknet data tools built for analysts, cybercrime agencies and threat intelligence teams. Contact us to learn more.
The NIST Data Interoperability Framework defines “Big Data” as a large amount of data in the networked, digitized, sensor-laden, information-driven world. The authors of that framework describe “Big Data” and “data science” as buzzwords that are essentially composites of many other concepts across computational mathematics and network science.
Data can appear in “structured” and “unstructured” formats. According to IBM, not all data is created equal. Structured data is often quantitative, highly organized, and easily decipherable, while unstructured data is more often qualitative, and not easily processed, and analyzed with conventional tools.
In the last decade the amount of unstructured data available to an individual has skyrocketed. Think about the amount of raw data a person consumes or generates on any given day, through mediums like SMS text messaging, watching, and/or creating YouTube videos, editing, and sharing digital photographs, interacting with dynamic web pages, and keeping up with the demands of social media. 2.5 quintillion bytes of data is produced every day, 80-90% of which is unstructured data.
Darknet 101
The darknet is a layer of the internet that was designed specifically for anonymity. It is more difficult to access than the surface web, and is accessible with only via special tools and software – specifically browsers and other protocols. You cannot access the darknet by simply typing a dark web address into your web browser. There are also darknet-adjacent networks, such as instant messaging platforms like Telegram, the deep web, some high-risk surface websites.
Data on the Darknet
The darknet and deep web are vast sources of structured, semi-structured and unstructured data that requires advanced architecture to collect, process, analyze, and distribute meaningful and targeted datasets to clients and users across diverse industry verticals. This includes FinTech, InsureTech, Identity Protection and Threat Intelligence providers. DarkOwl employs a modified model of “Big Data” often depicted by the “V’s” of Big Data.
Quick Definitions:
darknet: Also referred to as the “dark web.” A layer of the internet that cannot be accessed by traditional browsers, but requires anonymous proxy networks or infrastructure for access. Tor is the most common.
deep web: Online content that is not indexed by search engines, such as authentication required protected and paste sites and can be best described as any content with a surface web site that requires authentication.
high-risk surface web: consists of areas of the surface web (or “regular” internet) that have a high degree of overlap with the darknet community. This includes some chan-type imageboards, paste sites, and other select forums.
For a full list of darknet terms, check out our Glossary.
Volume
DarkOwl delivers petabytes of data processed in real time, with crawlers operating across different anonymous networks, deep websites, and platforms. As of this week, our Vision UI has collected and indexed over 215 million documents of darknet data across Tor, I2P, and Zeronet in the last year. Our Entity API has uncovered and archived over 8.8 billion emails, 15 billion credit card numbers, 1.8 billion IP addresses, and over 387 million cryptocurrency addresses.
Velocity
DarkOwl’s resources are designed to provide fast and frequent data updates by collecting from real-time instant messaging sources and capturing live discussions between users on darknet forums. In the last 24 hours, our system crawled and indexed over 1 million new documents of data.
Veracity
DarkOwl collects data in its original, raw-text format from legitimate and authentic sources discovered in the darknet, deep web, and high-risk surface web. DarkOwl scrapes darknet data without translation in its native language to avoid contextual loss from automated in-platform translation services.
Variety
The data DarkOwl discovers is disparate from diverse and distributed data sources such as Tor, I2P, ZeroNet, open FTP sites, and chat platforms with instant or new real-time messaging. We collect everything from darknet marketplace listings for drugs and malware to user contributions to forums and Telegram channel messages.
Value
DarkOwl delivers its data in a variety of delivery mechanisms along with our expert insights to help drive high-value business decisions for our clients and stakeholders. Darknet data in this raw format helps provides valuable evidence for qualitative investigations to quantitative risk calculations.
Voices
Darknet data centralizes around the voices of the various personas and threat actors conducting criminal operations in the underground. DarkOwl’s Lexicon helps users easily decipher and filter by marketplace, vendors, forums, threat actor pseudonyms, and ransomware-as-a-service (RaaS) operators.
Delivery Mechanisms of Scalable Data
Data Warehouse
A data warehouse consists of mostly structured data that is typically accessed via SQL. Data warehouses are traditionally based on RDBMS technologies such as Oracle, DB2, Postgres etc., and they take a ton of resources to build and maintain, hence the drop in popularity over time.
Data Lake
A data lake consists of a combination of structured AND unstructured data. Mostly unstructured data – as in medical transcriptions, court documents, audio, video, screen shots and so on. The structured data is mostly to tag and link the unstructured data. Data lakes are more popular now due to the ease of creating lakes. Data lakes are supported by cloud native vendors such as Amazon AWS, Google Cloud, Microsoft Azure, etc. DarkOwl can set up custom data lakes that contains a subset of our data, that we give customers access to.
Data Feeds
Data feeding describes the process of pushing parts of our Big Data over to the customer side. For example, we feed only credentials to some customers, or only credit cards to another, and in some cases, provide a daily snapshot of everything that a data provider has visibility into directly to the customer for their own business use case.
Figure 1: Screenshot of an API response from DarkOwl’s Entity API Credit Card Endpoint
Data Streaming
To process data rapidly, DarkOwl uses open-source technologies such as Kafka. Such services are mostly for internal use, but we could easily set up our customer as one of the subscribers to our data stream. This especially makes sense when the velocity of data is very high, which is often the case for darknet data.
Download this Report as a PDF
To learn how darknet data at-scale applies to your use case, please reach out.
DarkOwl and Symbol Security today announced their partnership, which enables Symbol Security access to DarkOwl’s extensive darknet database. This collaboration will support Symbol Security’s new Cyber Threat Surveillance feature, which will empower thousands of customers to gain access to critical visibility of surface web, deep web, and dark web activity involving their most critical assets.
The Cyber Threat Surveillance tool comes as a result of the ever-escalating global cybercrime landscape. By incorporating data from DarkOwl, Symbol Security is able to offer education programs and resources, alongside proactive awareness and cyber threat visibility – components that are key to reducing cybercrime and overall cyber risk.
“The launch of our Cyber Threat Surveillance service provides previously unattainable darknet visibility for customers with modest budgets” said Symbol Security President and Co-Founder Craig Sandman, “Now, small to mid sized businesses, and the thousands of MSPs, vCISO’s and Security Consultants that serve this space can gain much needed deep and dark web visibility at a price point that make sense.”
While services like Cyber Threat Surveillance exist today, most are built for a more sophisticated global enterprise or Fortune 1000 business. Symbol’s Cyber Threat Surveillance tool, which provides surface, deep, and dark web visibility, is instead aimed towards SMB and mid-market clients.
DarkOwl CEO, Mark Turnage commented, “Symbol Security’s approach to reducing human risk impressively wholistic. Adding DarkOwl’s data to their customer offerings will help to secure cybersecurity visibility services that have been out of reach for so many small businesses. We applaud their mission and recognize their progressive technical expertise, and look forward to a very successful partnership”
About Symbol Security: Symbol Security’s SaaS platform helps customers reduce their cyber risk, and adhere to industry compliance requirements. Through authentic simulated phishing exercises, interactive training content, and awareness of risk data across domain registries, and the dark web, Symbol helps companies identify and act on potential points of cyber risk. Symbol can be operated by company administrators with ease or leveraged by Managed Security Service Providers as part of their security offerings.
About DarkOwl DarkOwl uses machine learning to automatically, continuously, and anonymously collect, index and rank darknet, deep web, and high-risk surface net data that allows for simplicity in searching. Our platform collects and stores data in near realtime, allowing darknet sites that frequently change location and availability, be queried in a safe and secure manner without having to access the darknet itself. DarkOwl offers a variety of options to access their data.
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.
