Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyberopsalliance.com |

Published byMilagros Robles Bustos Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyberopsalliance.com |"— Presentation transcript:

1 Cyberopsalliance.com | info@cyberopsalliance.com
DnI DaaS DARKNET INTELLIGENCE (DnI) DATA-AS-A-SERVICE (DaaS) Cyber Ops Alliance NOTICE: READER PLEASE BE ADVISED THAT ALL HYPERLINKS CONTAINED IN THIS DOCUMENT ARE EITHER TO WIKIPEDIA OR ACTUAL CASE STUDIES OF OUR WORK. ALL LINKS HAVE BEEN ANALYZED AND WE CONCLUDE ARE SAFE. Cyberopsalliance.com |

2 This is our mission and passion: “People First for the Greater Good!”
WHO WE ARE Cyberattacks and data breaches are part of our day-to-day life so much so, people have become desensitized to the events. In every case the customers’ compromised data recompense is “credit monitoring, free for one year”. We have often heard people joke about how many free credit monitoring packages they have due to the high number of data breaches their information was connected to in a 12-month period. Using our evidence, collected in real-time enabled authorities to arrest and successfully prosecute cyber cases that traditionally take up to 18 months, e.g. attacker was arrested within 72 hours from attack. Developing innovative breakthrough technologies to unmask threats from the unknown is our mission and passion. Leveraging our years of experience and being recognized as darknet subject matter experts affords us the insight required to deliver our clients the highest fidelity raw darknet data near-real-time (NRT). Our support to domestic and foreign, law enforcement agencies, intelligence communities and militaries successfully disrupts large-scale terrorist attacks resulting in some instances thousands of people went home to their families. Cyber Ops Alliance partner BOC Intel founders pioneered many of the darknet intelligence (DnI) methodologies you see today, e.g. CyberHUMINT™ and have been covertly active collecting darknet data since Ten years ago, the darknet/deep web was unheard of compared to today being a common term heard on television and radio. As recent as 2014, there were only two commercial entities (our founder’s being one) offering DnI. During DnI infancy our founder developed methodologies used for threat actor identification. Working with law enforcement the company set records for threat actor attribution of cyberattacks globally. This is our mission and passion: “People First for the Greater Good!”

3 DnI FACTS AND UNKNOWN SECRET REVEALED
Our founder is elated to see the numerous DnI companies that have launched since As the saying goes “Imitation is the greatest form of flattery”. We invite all cyber and non-cyber security providers to consider augmenting their current offerings with our DnI DaaS. Why? DnI at best will always be a piece of the puzzle for clients threat visibility. As of this writing (24 March 2018), there are currently 6,291 peer routers in TOR network. A TOR connection requires 3 random routers to connect to every 6 minutes, “entry guard > relay > exit node”. Probability of same combination consecutively is one-in 41,515,940,466. Logically the odds are too great for any single DnI provider to have full visibility. The fact of the matter is stand-alone DnI providers can best serve clients by disclosing they can only provide a piece of the puzzle. Augmenting stand-alone DnI with other DnI sources is a unique concept, albeit exactly what intelligence is…verify, verify, verify. We discovered that, augmenting with other DnI providers, all parties retained their respective proprietary IP while simultaneously enriching the clients DnI visibility. DnI is unlike conventional cybersecurity products in terms of threat events monitored; cybersecurity products secure their clients from perimeter surface net attacks among many other vectors; whereas DnI attempts to provide timely intelligence from anonymous peer-to-peer networks.

4 Currently, choosing a DnI provider is akin to buying a bottle of water; so many brands and prices for the exact same thing – water. Many DnI providers are packaging the same data sourced from crawling or scraping sites, which are synonymous. Some DnI providers claim to index millions of pages every day from darknet sites by scraping. Scraping is possible of some darknet sites, but not all. Since the infamous SilkRoad takedown of October 2013, there hasn’t been recorded actionable intelligence attributed to scraped darknet data. Darknet black markets and forums are generally platforms for narcotics, fraud products, counterfeit goods, tutorials on how to be a cybercriminal, extremists guidebooks and the like. Experience has taught that the best intelligence is found in invite-only Vetting Required Membership (VRM) darknet sites. VRM sites generally have less than 100 members and anti-bot-scrape code. Anti-bot-scrape code identifies a scrape instance occurring, then instantly bans the scrape and user-id access, thus ceasing the scrape. VRM INDEX

5 Darknet Intelligence Secret: DnI providers omit disclosure to clients that… scraping cannot bypass all login pages to capture content. Not all darknet sites are using CAPTCHA as an authentication method, especially the quality darknet sites. Authentication can be a randomly generated equation, a trivia question, or combination of both giving a limited time to input the correct answer. We have seen VRM sites that require a darknet history question be solved for authentication e.g. “What new site did TCF admin launch?” This darknet history question pre-dates the existence of most DnI providers back to 2014. Therefore, scrape methods are often indexing a login page yielding zero actionable intelligence. Concluding, companies using scrape methodologies are likely returning the same results.

6 Our proprietary collection method was developed early on from CyberHUMINT™ bad actor PSYOPS. We earned their confidence at which point they share intelligence. Accordingly, this earns us access to invite-only VRM sites and intelligence other DnI providers are unable to scrape.

7 Our goal is not to undermine the clients existing DnI provider, but rather offer the client or clients DnI provider to broaden their DnI visibility through augmentation with our DnI DaaS - “two heads are better than one”. The clients DnI provider indeed has quality DnI, albeit they are only one piece of the puzzle that make up DnI visibility. Due to our unique collection methods, we have data events that other DnI providers won’t see in their environment. Many DnI providers purport to have billions of compromised data records which is highly likely, however 98% of those records have long since been remediated. Antiquated known data leaks are free for download and great for research. Our data records are often attained through CyberHUMINT™ methods that generally are not available for months -if ever- on database sites.

8 Actionable DnI is the unknown here and now
Actionable DnI is the unknown here and now. Cyber Ops Alliance partner BOC Intel delivers only the highest quality real-time actionable DnI globally with the guarantee that our data is 100% unique and not scrape sourced. Clients of our DnI data are the first to see our data in real-time, delivered from the darknet to the client. Our DnI is not curated or filtered, but raw data that easily integrates into existing environments via our API. We deliver this never-before-seen DnI DaaS in real-time for a fraction of the cost of other providers. A dark web network is only dark because peers -at their personal expense- participate as a node/relay. Wikipedia Darknet Two typical darknet types are friend-to-friend networks (usually used for file sharing with a peer-to-peer connection) and privacy networks such as Tor. Our decade of DnI experience tells us 100% DnI NRT is not possible. The very best any DnI provider can deliver is a piece of the puzzle. As of March 2018, there are approximately 70 thousand TOR sites, down from Spring 2017, where the number of TOR sites peaked at approximately 120 thousand.

9 DnI DaaS DISCOVERY Long gone are the days of waiting for antiquated threat intelligence. Know the latest tools, exploits, and vectors for attack that cybercriminals, APT groups and rogue state actors develop, use and sell. We deliver the latest offerings and methods real-time directly to your cyber security professionals before all others. Our technology aggregates IRC chats, VRM sites, Telegram and What’s App then delivers directly to the client.

10 DnI DaaS VULNERABLE HOST
Compromised servers shelled hosting malware SQL vulnerable web-objects Vulnerable open server environments (Windows and Linux) Websites hosting malicious browser crypto miners (e.g. CoinHive or Deep Miner) Various hosts of malicious mining code targeting browsers Attacks and scans of hosts with timestamps Real-time new darknet forum and black market posts

11 HACKING TOOLS AND METHOD OFFERING
DnI THREATS Malware Exploits Ransomware Botnet Phishing DDoS Sentry MBA Dox HACKING TOOLS AND METHOD OFFERING

12 DnI CYBERCRIME Email Tax Records Passwords Payment card Online banking
Suspicious IP addresses PII SSN Insurance Medical IoT 24 HOURS GOVERNMENT, ACADEMIA AND GENERAL UNIQUE AND PASSWORD STOLEN ISIS PROPAGANDA STOLEN CREDENTIALS PAYMENT CARD

13 DnI DaaS SOURCE Tor Invite-only IRCs I2P Black markets Freenet
Telegram Invite-only VMR forums What’s App 24 HOURS NUMBER OF DARKNET LOGINS CAPTURED USERID & PASSWORD BLACKMARKET HACKER FORUMS HUMAN TRAFFICKING CHILD EXPLOIT 24 HOURS I2P IRC MESSAGES, PERSONA NAME, RANK, FREQUENCY SEEN

14 cyberopsalliance.com | info@cyberopsalliance.com
CONTACT YOUR REPRESENTATIVE TO SCHEDULE AN ONLINE DEMO TODAY cyberopsalliance.com |

Download ppt "Cyberopsalliance.com |"

Similar presentations

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.

Cyber Crimes.
1 ITGS - introduction A computer may have: a direct connection to a net (cable); or remote access (modem). Connect network to other network through: cables.

1 ITGS - introduction A computer may have: a direct connection to a net (cable); or remote access (modem). Connect network to other network through: cables.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Edmodo Training A Guide to Getting Started. 2 Free social learning network for teachers, students, schools and districts Safe and easy way to connect.

Edmodo Training A Guide to Getting Started. 2 Free social learning network for teachers, students, schools and districts Safe and easy way to connect.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
VCE IT Theory Slideshows By Mark Kelly Vceit.com Websites & Data.

VCE IT Theory Slideshows By Mark Kelly Vceit.com Websites & Data.
Chapter 6 Discovering the Scope of the Incident Spring 2016 - Incident Response & Computer Forensics.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
#ABATECHSHOW PRESENTED BY: The Deep Dark Web Presenters John Simek #Idon’tTweet Amanda

#ABATECHSHOW PRESENTED BY: The Deep Dark Web Presenters John Simek #Idon’tTweet Amanda
Hiding in the Dark: The Internet You Cannot See Marc Visnick 503-242-3637.

Hiding in the Dark: The Internet You Cannot See Marc Visnick
October 28, 2015 Cyber Security Awareness Update.

October 28, 2015 Cyber Security Awareness Update.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

Similar presentations

Ads by Google