BitDepthFeatured

White hats on the darknet

5 Mins read

Above: The architecture of Searchlight Cyber’s monitoring system.

BitDepth#1421 for August 28, 2023

Calibra Solutions hosted a webinar on Thursday about the tools it brings to bear on improving cybersecurity, with a particular emphasis on threat intelligence.

Calibra is a 15-year-old regional solutions provider with an impressive client roster of TT businesses and state enterprises led by Managing Director George Whyte.

Based in Trinidad and Tobago Calibra offers its services in the English-speaking Caribbean as well as in the Dutch-speaking islands of Suriname, Aruba, Curacao and Sint Marteen.

The company offers a range of IT consulting and advisory services and delivers business analytics using Qlik analytics and financial application software for banks and corporations through its partner Mimics.

The company’s capacity to monitor and respond to threats on the darkweb is a focus of its business partner Searchlight Cyber.

According to Nick Savage, Head of Infrastructure, Security and Compliance at Searchlight, the company began out of early explorations of Bitcoin and surveys of the digital currency’s use on the darkweb.

The company accesses the anonymous sites on the darkweb using its software platforms, Cerberus, which it uses to investigate activities and DarkIQ, which is tasked with using that intelligence for monitoring and preventive analysis.

To do this, the company accesses the anonymous onion sites of the dark web to extract information about what is being posted or pasted there, extracting and analysing information about data dumps and compromised hardware that’s being sold to host malware.

Searchlight works closely with law enforcement when it finds actionable material, such as leaked information and credentials.

The architecture of the Tor network

“Cerberus is great for performing investigations on what has happened or investigations on actors that you’re interested in or investigations on [specific] things that you’re interested in,” Savage said.

“You can see what [potential bad actors] are currently doing, see what else they’ve done, and interact with all the intelligence that we’ve gathered about those actors that may help to deanonymise them if you want to go through the process of possibly arresting them.”

“We’ve found the service to also be really useful when it comes to performing investigations about what happened in the past. I’ve had the misfortune of being at an enterprise that had a ransomware attack that closed everything down. On Cerberus, we had an early warning sign about this happening a week before.”

“To take the information that we have available and present it in a more proactive manner, we’ve developed DarkIQ which delivers alerts about the information that gives early warning signs of threat actors operating on the dark web that may be targeting you, that may be targeting the type of equipment that you’re using, vulnerabilities that exist in that equipment or that may be targeting particular exploits that you need to be aware of to bring in additional mitigation or protection.”

The company doesn’t only gather current dark web information, it archives data that normally exists only for a short time on onion sites and has records that go back for at least two decades.

That makes it possible to have investigations into information that no longer exists on the darkweb about drug marketplaces, cryptocurrency transactions and ransomware groups, enabling deeper analysis and correlation of activities and bad actors.

“This open source intelligence helps take you from the nebulous environment of the dark web to identifiers that you can use in the real world,” Savage explained.

“For law enforcement [you might] use a server that will give you the evidence that you need to go through to prosecution.”

“Dark IQ is a proactive monitoring platform that allows you to gather all the data you can with Cerberus, but do it in a proactive way. Instead of going off to look for all this information, it is presented to you as actions.”

“If we’ve identified credentials that are associated with your company, corporate IP addresses that are interacting with sources we deem to be high risk, identified mentions of compromises in your company’s endpoints, or people who are attempting to sell access. We will present that to you as an action that you will be able to respond to.”

According to Savage, the ransomware group Conti made US$170 million in the first year of operation. “These are big enterprises from a national security point of view.”

The Clop ransomware group, which has been exploiting a MOVEit vulnerability has been so successful, Savage says that at one point their webpage had a notice, “Please be patient, we will be with you shortly.”

Searchlight Cyber’s Nick Savage. Photo from his LinkedIn page

Nick Savage explains how the dark web works (partially paraphrased from his presentation during the webinar)

The darknet, which runs on the internet backbone, was originally developed as a means of enabling privacy for its users, creating anonymity through theoretical networking constructs.

One of those constructs is onion routing, which is what the Tor browser uses to establish anonymity.

Another construct is garlic routing, which is what Invisible Internet Project (I2P) uses to maintain anonymity, so we have a technical infrastructure that attempts to minimise or effectively eliminate the ability of an end server to know who it is communicating with.

There were also additional things added to Tor, which are called onion sites, websites that exist only within that anonymisation network.

For a v3 onion address for Tor, you would gain access to this with the end identifier of the onion.

You would then contact the directory service. The directory service will enable you to access an introductory point, the introductory point takes you to the viewpoint through which you’d make a connection to the onion server.

Neither the web server nor the end user know the identity or the IP address of the other.

It’s an anonymisation tool. Not only anonymising the user on the internet, but also anonymising the website, anonymising the endpoint, so everybody is kept within the within the darkweb ecosystem.

The onion router network has established the greatest number of nodes, hardware relays through which computing power is contributed.

In order to maintain the Tor network, the total network has around ten thousand of these relays.

The architecture of the I2P network

The tool builds a network of these servers across the internet using encryption so individual relays don’t know the next step for the subsequent hop after that.
On the I2P, servers are volunteered to be a part of the I2P network.

I2P attempts to combine cells of information from different people, put it into one blob of encrypted information before sending it across the network.

The Tor project claims that its users are whistleblowers, journalists, bloggers, IT professionals, law enforcement, business people, “normal” people.

Famous uses include drug marketplaces (Silk Road, Hansa) and child abuse material.

News agencies create darkweb sites to allow whistleblowers to contribute information to them anonymously. If you’re in a country that has a fair amount of restrictions on network access and where and to whom you are connecting, that is a useful thing to have.

Savage reports that most of the requests to particular sites were to sites that either contained illegal material or were associated with illegal activities.
There are more than 500,000 Tor onion websites on the darkweb.

Blue skies for microblogging?

Blue skies for microblogging?

Bluesky hit its current high of 23 million users faster than expected, but it’s way behind X.
Read More
The apps that thrive in Apple’s ecosystem

The apps that thrive in Apple’s ecosystem

By Apple's own yardstick an app that shares usable data across three devices is acceptable one that synchronises with four is a winner.
Read More
America’s open mic moment

America’s open mic moment

What made online pundits so effective in the US election?
Read More
The press and the president-elect

The press and the president-elect

Beyond the president-elect's often-expressed intent to retaliate against journalists he believes are unfairly attacking him is the agenda of Project 2025.
Read More
All washed up

All washed up

Dirt on its own will simply shake out of fabric. What keeps it in place is oil and grease, readily generated by human skin.
Read More
The state of Caribbean digital transformation

The state of Caribbean digital transformation

Despite 87 per cent believing that digital will disrupt their industry, 87 per cent acknowledged that they don't have the right leaders
Read More
The WordPress War

The WordPress War

WPEngine and the websites of its customers were blocked from the WordPress log-in system theme and plug-in updates and other background processes that enable a Wordpress website.
Read More
A budget of concrete and asphalt

A budget of concrete and asphalt

Four years after Hassel Bacchus took up the pioneering role of Digital Transformation Minister, the 2025 budget could not identify any completed transformation project that's positively affected citizens.
Read More
Arima’s first step toward becoming a smart city

Arima’s first step toward becoming a smart city

The public WiFi was officially activated on September 28 at the hospital, and it's fast. A local ping registered 250 megabits of download speed and 126 for upload.
Read More
Now hear this!

Now hear this!

Budget headsets will effectively dampen ambient sounds, but tend to be an all or nothing solution.
Read More
A taxing time for all

A taxing time for all

Tax collection began using the least customer-friendly interface imaginable, lines outside a government building.
Read More
Mobile devices, a war of increments

Mobile devices, a war of increments

Mixing and matching the two rival ecosystems is essentially impossible, so it's the utility of the products combined that makes the biggest difference.
Read More
Why cash is king in Trinidad and Tobago

Why cash is king in Trinidad and Tobago

In 2017, 16 per cent of users owned a credit card, a figure that dropped to 15 per cent by 2023.
Read More
I shopped at Temu!

I shopped at Temu!

Temu is great fun to explore and offers many bargains but product quality can be wildly variable.
Read More
What’s needed to make e-Governance happen?

What’s needed to make e-Governance happen?

“If we look at successful governments that have achieved a certain level in of success in these programs, some things stand out."
Read More
Changing the education conversation

Changing the education conversation

There are local schools that aspire to continuous improvement and others that struggle to make it through a working day without bloodshed.
Read More
Practical steps to reducing cybersecurity risks

Practical steps to reducing cybersecurity risks

The process, to be effective, must be ongoing and managed to ensure that vendors meet required standards.
Read More
The consequences of careless code

The consequences of careless code

The cruel reality of Crowdstrike is that it wasn't a cybersecurity attack. It was a quality of service lapse and the incident puts IT professionals in an odd space.
Read More
What leaders are doing to enable digital transformation

What leaders are doing to enable digital transformation

If people in your organisation are coming to you, telling you we need to change these things, you really should listen.
Read More
Apple’s photography workflow

Apple’s photography workflow

Every Apple device has a Photos database and every image that's taken with a mobile iOS device or imported into the desktop Photos app gets added to it.
Read More
Blue skies for microblogging? Blue skies for microblogging?
The apps that thrive in Apple’s ecosystem The apps that thrive in Apple’s...
America’s open mic moment America’s open mic moment
The press and the president-elect The press and the president-elect
All washed up All washed up
The state of Caribbean digital transformation The state of Caribbean digital transformation
The WordPress War The WordPress War
A budget of concrete and asphalt A budget of concrete and asphalt
Arima’s first step toward becoming a smart city Arima’s first step toward becoming a...
Now hear this! Now hear this!
A taxing time for all A taxing time for all
Mobile devices, a war of increments Mobile devices, a war of increments
Why cash is king in Trinidad and Tobago Why cash is king in Trinidad...
I shopped at Temu! I shopped at Temu!
What’s needed to make e-Governance happen? What’s needed to make e-Governance happen?
Changing the education conversation Changing the education conversation
Practical steps to reducing cybersecurity risks Practical steps to reducing cybersecurity risks
The consequences of careless code The consequences of careless code
What leaders are doing to enable digital transformation What leaders are doing to enable...
Apple’s photography workflow Apple’s photography workflow

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

Related posts
Press Releases

Samsung extends Knox security to its home appliances

2 Mins read
Knox Matrix is a security solution that comprehensively protects connected devices and networks using private blockchain technology.
BitDepthFeatured

Practical steps to reducing cybersecurity risks

4 Mins read
The process, to be effective, must be ongoing and managed to ensure that vendors meet required standards.
BitDepthFeatured

The consequences of careless code

5 Mins read
The cruel reality of Crowdstrike is that it wasn’t a cybersecurity attack. It was a quality of service lapse and the incident puts IT professionals in an odd space.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback
1 year ago

[…] Trinidad and Tobago – Calibra Solutions hosted a webinar on Thursday about the tools it brings to bear on improving cybersecurity, with a particular emphasis on threat intelligence… more […]

×
BitDepthFeatured

The silence of the breaches

1
0
Share your perspective in the comments!x
()
x