A lot has been said, specifically in our field about the deep or dark web. How you deal with it, how you monitor it, and how you can utilize it in order to keep your brand, client, or even government safe. Perhaps the best way to deal with the dark web is to treat it as if it’s a cyber criminal intelligence source, like an old school organized crime meeting place or a den of drug dealers that needs to be infiltrated. With proper intelligence gathering techniques you stand a good chance to detect and shut down the next attack before it happens, rather than react to it once it does. But even when treating the dark web as an intelligence gathering source to be infiltrated, there are some major differences in how you gather intelligence on the dark web rather than in old school intelligence gathering operations.
Automation of connections
One of the most important methods in old school counter intelligence gathering is building and creating personal connections over time with persons of interest. When the time comes you hope the connection with them will yield the right intelligence in order to foil an attack. When it comes to the dark web, instead of creating those relationships, the chatter and conversations on the sites themselves is automatically monitored and analyzed. Those who think they are using a completely private version of the internet often discount the fact that there are people out there whose jobs it is to collect and track information on them. While old school intelligence data collection can often occur through the creation of false identities and the forging of personal connections, today's technology allows for utilizing the connections the threat actors already have, to build profiles of people of interest.
What are these dark web connections we keep talking about? As mentioned, they’re not created through undercover work and a well placed operative. They’re built between the malicious actors themselves. Something that is possible with automated cyber intelligence on the dark web that in the old school intelligence gathering game would take a major investment of human resources is link analysis. Link analysis is basically the understanding of existing relationships between individuals of interest and how they relate to a specific threat. Understanding the relationship between a group of hackers could very well be the key to understanding their plan, and making sure you have a clear image of the threat.
In all of this, the keyword is automation. With AI and machine learning tools we can automatically do what used to take intelligence gatherers months to achieve. No where is that more true than in response time. Automation gives us instant analysis of threats, thus shortening our response time and making sure that we are ready to handle the specific threats we anticipate.
What’s the same? Everything else
Technology isn't reinventing the wheel, its just making the wheel work more efficiently and, at the end of the day, roll faster down the road. Dark web cyber intelligence uses the same techniques counter intelligence agencies use in order to assess and predict threats, but with automated monitoring and analysis, making it as safe, quick, and efficient as possible. Individual threat actors are tracked, their relationships analyzed. Their online locations are hunted down just like any old school “secret agent” might do, but machine learning AI is used to make sure this can be done on the scale required by the dark web. So while the methods might be different, the tactics themselves are the same.