Thanks, everyone, for joining us on the Security Influencers Channel. We're hosting a series of brief and highly informative interviews with influential security leaders and in 2015, we're talking about the implications of rapid software development and continuous security.
Today we're joined by Ed Alcantara. Following an event of stolen identity in 2008, Ed was compelled to develop methodologies and protocols that allow actionable real-time intelligence from bad actors and Darknet denizens to be the genesis for his new company. It was originally known a AFX Corporation, and now they're doing business as Darknet BlackOps Intelligence, or DBI. Ed serves as the CSO.
In this interview, we discuss what exactly is the "Dark Net" and why it is important. Ed shares his thoughts on working with the largest multi-national insurance agencies to assist them in developing "cyber insurance" best practices that actually help to prevent breaches. I ask Ed what he thinks the effects Sony's breach will have in corporate board rooms and how security visibility will play out at the C-Level. Since Ed is on the front lines of the "dark net," we also discuss what's a typical haul from any given attack? What do these guys really make when they do this? Is their motivation just money, or are they trying to do reputation damage or disruption?
The following is a brief excerpt of our interview:
Jeff Williams: All right, so you work for Darknet BlackOps Intelligence, so I got to start by asking, what is the dark net? Why is it important?
Ed Alcantara: That's obviously a great question. Most people have never heard of the area of the Internet called the dark, hidden or deep web, and that should hardly be surprising. After all, it is not accessible through your everyday web browser such as Microsoft Explorer, Google Chrome, Mozilla Firefox, etc. You won't be able to find it unless you go looking for it is - what the darknet, deep web, hidden services is. But references to the cyber underworld are starting increasingly to creep up into the everyday life, whether that be through popular culture and TV shows. Like just recently, last night there was an episode of Scorpion where they heavily focused on dark web, deep web, darknet stuff. Netflix House of Cards, et cetera, or through warnings from crime enforcement agencies and government.
The use of the word dark references the sinister side of the online world where marketplaces have, are actively trading of illicit drugs, weapons, fake IDs known as fools, online banking logins, including two factor authentication intercept and circumvention. CBVs, which is credit card data used for online fraudulent transactions, and then there's dumpz, which are track 1 and track 2 datas that are used for real world, brick and mortar, transactions. Then of course you have the child exploits, the sex workers, the human trafficking.
All this is made possible through the Tor network, and the Tor network is absolutely a great network. It provides anonymity, and it is a wonderful, awesome tool, and it has greater real world potential than it does for nefarious means. However, because of the anonymity factor that it affords the individuals that use it, it tends to attract a large amount of criminal activity. So there's that.
Jeff Williams: Real briefly, what are some of the good uses of Tor?
Ed Alcantara: Some of the good uses of Tors would maybe say we have a reporter that's embedded in Iran who's trying to get his story out. So he'll log onto to Tor, or maybe someone in China who's trying to get their story out, or they're trying to access news where other regimes won't let them access the Internet through conventional means. So they'll use the Tor network to do that.
Jeff Williams: So it's a lot of the same kind of things that you would use PGP for, for instance, but it gives you anonymity instead of just confidentiality.
Ed Alcantara: Exactly.
Jeff Williams: Okay. So they're all running through Tor, and they've got all this dark data out there. So what do you guys do?
Ed Alcantara: What we do would be we provide dark net intelligence for organizations. So we look for our customers that are high risk for cyber crime and espionage. I would say that a good portion of them reach out to us, and then the others that we will discover their personnel or their organization's intellectual property that may have been breached or compromised, for sale. We might find some of their customer's PII information for sale. So we'll reach out to them if they're not our customer or client already, and we'll let them know, "You guys have a problem that needs to be addressed," and we'll walk them through it and get them through that issue.
Jeff Williams: So without giving me too much information, can you talk a little bit about what kinds of enterprises you're seeing or you service? Is it small companies, large companies, tech companies, overseas, where is the focus of this?
Ed Alcantara: We do not have any borders, so to say. So we provide services globally. We have a wide spectrum of customers, all the way down from government agencies right down to probably your local flower shop in your community right there. The biggest targets right now that we're seeing are insurance activities, for organizations to lose data or be compromised would be insurance agencies. They're probably the greatest target because their information, those data records, provides the most valuable data sets on the black markets.
Jeff Williams: Interesting. I was just actually thinking if you contacted me I might want to hurry up and buy some cyber insurance before I get attacked, or is that some sort of pre-existing condition that I wouldn't be covered for?
Ed Alcantara: That was something I wanted to touch on, and that's a great question. We are currently working with many of the largest multi-national insurance agencies trying to assist them in developing a best practices policies for that cyber insurance. Because 2014 they thought, insurance companies saw a trend where they kind of wanted to back off of cyber insurance because it wasn't profitable. It was costing too much money. Then they started to realize that these organizations that get breached that they were actually knew that they were compromised, didn't do much about it, because they were relying on cyber insurance.
So now the insurance industries are trying to implement a best practices policies where they're requiring their customers to provide some type of dark net intelligence as a protocol in their first response in order to be covered. If they don't have any type of dark net intelligence, they will not be covered. That's a little caveat to the cyber insurance that's going to be coming down the pipeline, I would say in the next six months.
Jeff Williams: I would love to see that. I always thought that the insurance industry could potentially have some leverage over corporate security practices. But I'll be honest, I started doing work in that in maybe the year 2000, 2001, and unfortunately never really was able to influence organizations to do much better at security.
Ed Alcantara: Right. It's always a challenge for you. What is also helpful is, particularly when an organization knows, or they've been alerted that they've been compromised, and they've been provided enough information to demonstrate that their information has been compromised. Their customer information is now being trafficked or posted for sale. If it comes out that that organization did nothing, the Justice Department may be looking into prosecuting the C suite of those organizations. So ending up behind bars for another person's crime is a good motivator for most C suites to do something and be a little bit more responsible, to be more proactive and less reactive, or more compliant and less complacent, I should say.
To hear the rest of my interview with Ed, click here.