Though anyone can gain access to the dark net using Tor software, the illicit and unregulated part of the internet is not for the faint of heart. Being that it’s so unstructured, the dark web is not a place where one can go without knowing exactly what they’re looking for and exactly where to find it.
But what about businesses that want to explore the dark web, specifically to see if their data or information has been compromised, without the risk that comes with poking around in such an unfamiliar place?
Owl Cybersecurity created a way to safely query the dark net.
Just weeks ago at PYMNTS’ Innovation Project, Alison Connolly, director of strategic partnerships at Owl Cybersecurity, shared how the company is creating an opportunity for dark net big data to be harnessed through a commercially available database.
Let The Search Begin
Owl Cybersecurity utilizes bots to anonymously and continuously collect information from the dark net, which is then indexed and stored in a database. That database provides a reflection of what exists on the dark net, without having to actually dig into it.
Though there are no search engines available in the dark web, Connolly said the database of actionable dark net data that Owl Cybersecurity provides can serve a similar purpose.
Using the database, an organization can query information, such as an email address, Social Security Number, a phrase or even an internal project name. The database will then return results of where mentions of that data exist, meaning all of the pages associated with that queried information across the dark web.
Connolly demonstrated a query that would show how many pages on the dark net have a number of credit cards available between 5 and 50,000. The results showed that within the last week, more than 49,000 pages contained the credit card dump Connolly was looking for. On one page, a person’s full credit card number, CV, ATM PIN, Social Security Number, birth date and mother’s maiden name was displayed and available for sale.
Of course the person whose compromised data was on display would want to know that their information was widely available on the dark web, but this exposure was also beneficial to the issuing bank of the credit card, Connolly noted.
Organizations can leverage the database to monitor for specific queries or data by setting up a saved search.
Putting Dark Data To Use
Before creating its database of DARKINT — actionable data from the dark net – Owl Cybersecurity’s core business was performing assessments and penetration testing for companies.
The firm would be hired to break into an organization’s system.
After the penetration tests, Owl Cybersecurity would share its results with the organization in order to help them point to vulnerabilities and places where their infrastructure needed to be fixed.
Connolly said that work would always include first going to the dark net to see how much exposure an organization actually had.
In an effort to be more efficient in that initial process, Owl Cybersecurity started cataloging and indexing data because doing it manually each time would take hours.
“Fast forward to today: We’ve actually put the user interface on it and now offer clients direct access to the dark net database,” Connolly explained.
This safe way to access the dark net can be especially helpful, considering Owl Cybersecurity’s research has shown that about half of dark net websites go up and down at least once a day.
“That’s one of the big hurdles on the dark net, whereas our tool will capture that and then we have a 60-day look back,” she added.
Not only does the database help to solve problems for Owl Cybersecurity’s clients, but it is also more complete than the dark net and easier to navigate.
“You have a way to query the dark net without exposing your organization,” Connolly said.