Monitoring Darknet: Are you doing enough?
Muslim Koser, Volon Cyber Security
Idea of this topic is to specifically highlight the learnings from years of experience I have with building teams who carry out HUMINT operations in the Darknet. There have been numerous presentations which talks about “findings in the Darknet/cyber underground” but with this presentation, plan is to discuss some real-world examples which we have encountered over period of last 10 years in the CTI domain. These examples will include gathering highly sophisticated and actionable information which provide insights that is not possible via many current /automated collection and search solutions in the market today.
Further, As in the current world of AI/ML where such technologies are claimed to be used by variety of organisations in cyber Intelligence solutions, I would take an approach where we discuss best ways to club “collection automation” with AI & ML and fuse with HUMINT where will explain the ways to work with information overload (data from hundreds of forums) and still identify right information and then fuse it to HUMINT to get context and make the collected information actionable.
Real life examples which will be used in this talk could be but not limited to would include:
- How APT groups usually known to target nation-state, shifted focus in to financial crime
- Actors/Groups, advance infiltration and TTPs to provide access information for Military/armed forces targets
- Target of national level setup by Darknet actors affecting large number of organisations in a country
- Targeted attacks towards financial institutions and how actionable insights of SWFIT based attacks were identified which was impossible to get without HUMINT
Muslim has over 20 years of Information Security Experience with core focus on Cyber Threat Intelligence, Cyber Risk Management and Cyber security consulting. Before Volon, he worked at FireEye Inc where he headed one of their Cyber Threat Intelligence Research team. Muslim set-up Cyber Threat Research team for iSIGHT Partners in India which was one of the first team worked in this domain.
Muslim has also been member of Honeynet Project as well as Indian Honeynet Chapter and involved in Detux Sandbox which was one of the first online linux sandbox service. As part of Honeynet project Muslim was also involved in design of open source spam Honeypot SHIVA.
Previously, Muslim was based in Malaysia where he led the information security consulting practice for Network Security Solutions. Muslim is also credited with involvement in establishing national level CERTs and consulting for various corporate CSIRTs.