skunkb
UNDER ATTACK?
How Dark Web Monitoring Can Be Used For OSINT & Investigations
gasparem
January 19, 2023
2fa Attack surface analysis cybercriminals cybersecurity dark web Darkweb data data Breach

Recent scrutiny of surface web activities appears to be driving an influx of new users, including illicit goods sellers, to the dark web, which has gained widespread notoriety in recent years. Now that it has been established, it functions as a segment of the internet where criminal networks can operate more freely, and terrorist networks can keep their communications safe.

Although much of the dark web’s information is open source data (OSD), it can also be used as open source intelligence (OSINT), despite efforts to conceal it through anonymous networks and encryption. The dark web has become increasingly important in fighting financial crime and other illicit activities because of this.

What is Dark Web?

Dark webs are the result of a US Naval Research Laboratory-funded project in the 1990s that attempted to protect intelligence communications using a network of relays known as the Onion Routing (Tor) Project to route traffic. As a result, Tor has attracted the support of numerous organizations and institutions, including Human Rights Watch, Facebook, and Google.

The dark web is certainly a place where you can find some espionage activity, even if it has little to do with illicit activity.

  • Prior to the 2015 Paris terrorist attacks, ISIS spread propaganda on .onion forums, one of the 50,000 terrorist networks communicating on the dark web.
  • A total of 1% of dark web addresses are dedicated to financial crime. In 2020, 133,927 C-level executive credentials were found on dark web marketplaces. Typically, personal information and sensitive information, such as social security numbers and credit card numbers, can be sold for as little as $1.
  • Dark web markets are dominated by drugs, with 48% of listings being related to drugs.
What is Dark Web Monitoring?

The 21st century has brought us new tools for forensic investigations that are powered by artificial intelligence, fighting fire with fire on the dark web. In order to monitor the dark web, law enforcement agencies can use AI web intelligence software to use dark web investigation tools. As a result, they can identify threat actors and malicious activity more effectively, solve cases faster, stay ahead of threats, and enhance existing and offline investigations.

It has been developed new techniques to break through the barriers that often prevent dark web crawlers from accessing hotspots for criminal activity such as dark web forums.

Who benefits from the monitoring of the dark web?

As a means of combating cybercrime and terrorism, major governmental authorities are using dark web monitoring to prevent it from happening. As a form of neighborhood watch, agencies such as the FBI, Drug Enforcement agencies, and Homeland Security use AI crime prediction software and dark web crawlers to keep an eye on suspicious activities that might be part of a bigger investigation.

As a detective or investigator, you often have to transform raw data into actionable information in order to solve a problem. Cobwebs is a web intelligence platform that takes data from dark web sources such as blogs, social networks, imported files, and deep web data, and analyzes it using big data to reveal crucial connections between the locations, cyber footprints, and affiliations of threat actors. As part of the intelligence insights, the wide range of crawling grounds has been included. By doing so, you are able to convert important words and phrases into valuable leads in the long run.

How does Dark Web Monitoring Work?

Identity theft, the exchange of stolen personal information such as credit cards, bank account numbers, bank account passwords, and trading grounds for stolen personal information are just a few of the crimes that occur on the dark web. Crawlers powered by artificial intelligence visit dark web forums and dark web social networks to check for stolen information that’s being sold and misused. As soon as the crawler software finds a match, the relevant authorities are notified.

In near real-time, dark web monitoring monitors millions of sites in search of specific information (e.g. company email addresses), or general information (e.g., company name and industry).

Users can create customized alerts when they find a threat that notifies team members and other employees relevant to the threat, such as marketing, legal, human resources, and fraud teams.

The Dark Web in OSINT Investigations

Since dark web websites have become increasingly popular in recent years, it is not surprising that investigators have begun searching and mining their data. The pros and cons of using the dark web should, however, be weighed up at the beginning of any investigation, aside from security considerations.

Dark Web Monitoring with OSINT

Although it is technically possible to create your dark web monitoring program, it is unrealistic. A high level of computational power and systematization will be required to continuously scan the Dark web for platforms where personal information is sold or traded. Making the right business plan and finding the right solutions based on the problem is one of the challenges of the job.

How Dark Web Can be Used in OSINT investigations

As OSINT investigators begin to venture into the dark web to get a better understanding of illicit networks and criminal activity, the dark web has become a very valuable source of insight into these activities. Let’s examine some of the opportunities the dark web can provide:

Monitoring Illicit Activities

The dark web forums, marketplaces, and messaging services can be easily accessed, allowing you to monitor users and discussions quickly, as well as monitor illicit activities. As a result, detectives can use dark web sites to gain a deeper understanding of contemporary trends in drug dealing, financial crime, firearms sales, and even human trafficking and wildlife trafficking.

Evaluating Existing Leads

In order to evaluate existing leads, you can use the dark web whistleblowing resources such as GlobaLeaks, Independent Media Center, as well as other services provided by the American Whistleblowing Press to evaluate leads that already exist. It is also possible to corroborate or disprove information that is found on the surface web through this method.

Combating Insider Threats

When a company’s data is breached, leaked, or hacked, dark web marketplaces and forums can provide evidence that the data has been sold to the dark web and by whom as a result of insider threats. Additionally, insider threats may reveal information about themselves that is either identifiable or incriminating in nature.

Identifying Individuals

Identifying individuals: Despite the implied safety provided by the dark web, poor user habits can lead to an unintended self-identification on the dark web, despite the implied safety of the dark web. As an example, users of dark web forums might use the same usernames they use on social networks, or their language, terminology, or profile picture may appear to match the same as that of surface web users.

Dark Web Challenges in OSINT Investigations

In spite of the potential benefits of utilizing the dark web for threat intelligence and investigation, it is critical that we first understand the challenges that dark web searches and data mining present to investigators in the area of threat intelligence and investigation:

  • Despite not having a surface web search engine such as Google indexing the dark web, special dark web search engines are available to explore the dark web, although these search engines are typically slow and cumbersome. It is common for dark web addresses to be changed in order to make it hard to trace them.
  • This is an important point to emphasize because browser fingerprinting is a tracking method that subverts onion routing security. Although it may be nearly impossible to track users directly through their data traffic, browser fingerprinting uses unique properties of the browser and machine to identify users.
  • With Tor, you are protected from fingerprinting by blocking scripts, using the same default fallback fonts on all browsers, and blocking WebGL and the Canvas API, so it is difficult to differentiate between browsers, thus making it difficult to distinguish between them. In spite of this, the Tor Project admits that it may eventually be possible to identify users based on their Tor browser fingerprint.
  • Keeping humans out of the loop: Researchers are susceptible to human error in the same way that dark web users are susceptible to revealing their own identities. OSINT investigators will be able to use their existing skills when searching the dark web, but it is important to be careful not to leave behind any evidence when they search. As a result, researchers may become weary and more prone to errors when performing exhaustive OSINT operations.
  • An individual may be exposed to illegal or potentially traumatic material through the dark web if they are exposed to it. Many of the pages on the dark web are intentionally uncensored or unmoderated, allowing them to spread illegal and potentially traumatic material. It presents a legal and ethical dilemma for researchers – they must develop strategies that ensure that certain types of content are moderated or triaged before they are able to access it at a distance.
Conclusion

Open-source intelligence (OSINT) can be obtained from dark web sites, which are commonly used by cybercriminals to share information about successful attacks, new vulnerabilities, and the latest tools and techniques. It is important to use a dark web monitoring tool that gathers information from the dark web and processes it in order to identify useful open-source intelligence. Analysts will be able to gain valuable contextual information about the state of the cyber threat landscape as a result of this information.

CLICK HERE to download your free OSINT.

Share on Facebook
Share on Twitter