In an ever-increasingly digital world, many have become immune to the news of ongoing threats that persist on the internet, breaches, privacy, attacks happen every day and once in a while one of them is significant enough to hit the news. Sadly, even organizations fall under this false sense of security, feeling their risk and their security is solid, that all that is going on with their information is known and secured. The bare truth is that the breaches and data leaks we hear about form only the tip of the iceberg of what is really going on out there. The ‘Dark Web’ is probably the best way to describe this, the places where search engines do not go and things you can only find if you are looking for it; it includes botnets, anonymous networking, C&C networks- in places all over the world, including the U.S.
Enterprise Counter Intelligence
Getting secret information was once all about dumpster diving and has evolved with the times; companies carelessly threw out their information in the trash and thieves were all too willing to do whatever they had to do to get it. The means were easy. Now that information can be anywhere and especially in secret corners of the internet. One World Labs (OWL) has developed a one-of-a-kind software engine that seeks, indexes and collects information on a platform called Enterprise Counter-Intelligence While approximately 1% of the deep web accessible to the average person, it goes where no one else can, indexing deep from the nether reaches of the net. These are the kind of places where information is incoming, largely never even seen, much less shared by Google and typically unbeknownst to the company whose information has leaked. From countless forums, file-sharing sites, listservs, IRC channels, ftp servers and more there is a constant, nefarious publishing and sharing of information that could have your name on it.
The statistics are alarming, in January alone the Enterprise Counter-Intelligence index found 550,000 new compromised credit card accounts – numbers, expirations, CVV codes, – everything. It also found over 1 million company username and passwords, both encrypted and non-encrypted, many of those for accounts of the biggest companies you can think of at all levels. 150,000 instances of PII (personal identifiable information) – meaning Social Security Numbers, birthdates and so on. These are but just a few examples, there are many more that cannot be shared publicly as they have ramifications on national security, corporate information, and individuals – basically if there is data you value, somebody out there values its worth just as much and they’re willing (and able) to do anything they can to get it. OWL founder and CISO Chris Roberts describes it perfectly:
“Data has a value.. The data is the same, but the game has not changed”
Jay Weber, One World Labs CEO spoke to me about the tremendous security products that the company provides and the incredible demand opportunity that the company is facing. Their customers come from all over the place, and include the usual corporate suspects, but also government, private foundations, and finance. The Enterprise Counter Intelligence platform is clearly a shining star and the product that creates the most buzz, adding that more and more customers are painfully aware of the following:
“Once your data is out there, you are at risk”
Leaks are everywhere
For anyone that thinks that their four-walls are secure, think again. No amount of egress security, DLP, predictive security models if you were even that far ahead of the pack can account for everything given so many variables for data leakage. Among the many vectors are smartphones, web browsing, social engineering, the risk of leaked information may even come from your own IT staff. As it turns out that time and time again, information is accidentally exposed even in the most innocent of circumstances. OWL’s Enterprise Counter-Intelligence finds it every day – a common finding can be found when staff publicly posts configuration information in relation to a technical matter, exposing sensitive architecture information, configuration details, and often even accounts and passwords.
Another common leak vector comes from trusted entities – anything from vendors, suppliers, contractors, and partners can inadvertently or maliciously compromise your organization with ease. Understand the following: there is no compliance or certification that can assure that an outside organization will not mishandle information and hackers know this. This is often one of the first places they hunt and look for opportunities to launch attacks, be it social engineering, exploits, custom malware or whatever – the toolbox is only growing by the day.
Data Leaks and CyberCrime – it could happen to you
Do you know what information hackers have about your company? Statistics show that even the most hardened secure environments experience data leakage, increasing threat, risks, and financial impact. In as much as 50% of cases it takes months to discover that sensitive data has been found out on the net somewhere and has been shared many, many times over. If you are “lucky”, somehow you have found out about this within weeks – that is, if perhaps you have been hacked or even worse, a customer has notified you of the lost data. The Verizon Security report recently reported that 95% of data leakage incidents are reported by the actual customer to the party that lost the information – ouch. Sensitive data could mean proprietary information, corporate secrets, customer secrets, security information and more; these types of incidents are not only costly and have a direct impact on risk.
Digital Footprints – Healthcare and Other Targets
Yes, it’s bad out there, but it’s not all gloom and doom – the Enterprise Counter-Intelligence index is the foundation of a SaaS platform offered by OWL that allows customers to review their ‘Digital Footprint’, manage their risk, and evaluate the security posture of their company. The threat of underground networks of hackers is a most considerable risk to business as the sophistication level of cybercrime is increasing, and the targets get bigger and bigger. Once, financial institutions like banks and retail bore the brunt of cybercrime because the money motive there was obvious. Today, a shift to other industries such as healthcare has taken place. Roberts adds:
“Follow the Money – that’s what cybercrime is doing”
Let’s briefly spotlight that field – healthcare is a relatively new frontier for cybercrime, its experience and defenses are not as mature as in the banking and finance industries. Compliance- as I’ve reported so many times before, only goes so far and is not equivalent to security. The industry is laden with soft targets, for example, many healthcare-associated clinics share information with unsophisticated applications and security measures in mind. The target only gets greater as the move to Electronic Medical Records (EMR) is going on throughout the industry, making for a very thorough data source and target. Medical devices, supply chains, computing devices, networks, and a long list of other vulnerabilities were built with life-saving response and cost consciousness in mind, not security. This is where a lot of fraud activity, personal information, and ongoing attacks takes place and where the need for better security is so very great. The access to sophisticated tools to even average hackers is an ever-increasing threat all around, and healthcare for one is largely unprepared to deal with it, that’s where OWL can help.
Built on Big Data, Distributed Computing, Analytics, and Anonymous Networking
The Enterprise Counter-Intelligence is a fascinating engine, comprised of analytics, semantics, and Big Data elements, using OSINT constructs. The platform is built on a distributed clustered framework. As you can imagine, the index itself is distributed, encrypted and built with the utmost security layers throughout. Access to the system is tight. Network design comes into play as many, many sites are not appreciative of an index that could be scraping their information. The operation engages its tasks through a complicated and non-static web of anonymous networking and thousands of running proxy configurations designed to avoid detection and maintain access to sometimes super-secretive environments.
If a company were to assign a human to engage in this type of discovery, they could quickly after some training, find and discover at a rate of about 1 page per minute. The engine scrapes 75 pages per second and is tuned to detect across the semantics of the most prevalent languages, complete with variations. In other words, you had better hope that one analyst could not only increase his speed 4500 times, but also become well-versed in Farsi, Cantonese, Russian, and on and on.
While the collection of data is impressive, it would be worthless without some kind of context. This is a classic Big Data scenario. In other words, how can this engine in real-time go out and find contextualized data about a specific client or their associated companies and not return an overwhelming heap of information? Here is a simple example – if the engine were to come across the following statement:
“I’m hacked off with IBM”
What value is that statement on its own? Perhaps the author’s stock price took a hit or who knows. On its own, it’s worthless. But tack something off like a certain type of data, and perhaps it means something more, and has a little more weight. Let’s look at another more direct example:
“I hacked IBM”
This one should be obvious, and something the index would definitely pick up, but there are many different ways of saying the same thing. Hackers are known for their expressive license, ‘hack’ can become ‘h4ck’, ‘haxx’,’haxx0rd’, and on and on. Contextualizing data is a science and art at the same time, it takes a depth of background knowledge to know what you are looking for and a significant development to execute. This is but a brief view into how this engine has come into being, I could literally write a whole book and case study on it, but naturally being a security product- true details have to remain unknown.
Complete Security Services
The job is not over nor complete with the Enterprise Counter Intelligence platform. Packaged in monthly reports, the service adds business intelligence, risk mitigation, and analytic capabilities to client’s arsenal. The service also enables forensic capabilities, security and policy validation, rapid response, cost containment, and incident response. The party is just getting started here as many organizations do not have means of dealing with leaked information, much less security.
That’s where OWL’s continued professional services can help customers reach an enhanced security posture. They offer a unique 9-phase security assessment that can help identify your organization’s state of security. This elite team of leading-edge talented security personnel are consummate professionals with unmatched experience. With that, an actionable remediation can begin and coupled with the ongoing digital footprint reports, you just can’t be any more sure of what you are doing in security with such leading services. Anyone interested in learning more, can contact Matt Girsch at One World Labs, LLC.