Bringing Light to the Dark Web

Our browsers only show us a small part of the Internet. Beneath the Internet’s visible sites are a series of encrypted sites that make up what you call the Dark Web, a catch-all term for sections of the Internet that are inaccessible without specific software. In the 1990s, a group of researchers from the Ministry of Defense were looking for a means of communication for spies around the world. They imagined an anonymized and encrypted network, an internet hidden under our present, unknown to all, which would serve the intelligence community. But, for that, they needed other noises, other civil traffic, to mask the communications of the spies. The Naval Research Laboratory has freely released the basic principle of open source software like The Onion Router (TOR) that randomly bounces encrypted traffic around the world. If you asked The Tor Project, the nonprofit now responsible for maintaining the TOR network, they’d say the goal is to allow activists and dissidents to access the material through a firewall. The anonymity granted by TOR has attracted not only dissidents and activists, but also criminals. In a short time, the Dark Web has become a haven for illegal activity across the world, providing a platform for drugs, weapons, ransomware, and human trafficking. Whether TOR is good or bad is an academic question according to Dr. Gareth Owenson, CTO and co-founder of Searchlight. “At the end of the day, there is a significant and malicious criminal element that society needs to be aware of and protected against.”

Protection guided the founders of Searchlight from the start of their careers. Ben Jones, CEO and co-founder of Searchlight, spent years as an aerospace engineer working with military defense aircraft, but soon realized the field didn’t fit his personal desire to do social good. “I realized that I wanted to run a business that could make a profit but also benefit society at large.” Ben turned to systems rather than hardware, working with the University of Portsmouth on cybersecurity projects. Here, he reconnected with his co-founder and CTO, Dr. Gareth Owenson, a longtime friend from grade school and an expert with more than a decade of cybersecurity experience. As he said, “I’ve been in cybersecurity since it was still called computer security.” During his academic career, Gareth has published articles on the cryptocurrency networks and crypto networks that make up the Dark Web. Together, they established Searchlight Security with a unique mission to provide social good, protecting all elements of society from threat actors working and coordinating undetected with TOR, in addition to profitability.

They started from the beginning, with Greek mythology. Well not exactly. Searchlight began with Cereberus, named after the mythical three-headed hellhound that holds back evildoers in the underworld. Searchlight’s Cerberus was pursuing a similar goal, keeping threat actors contained in the Dark Web and monitoring the underground economy. Cerberus forensics platform catapulted Searchlight to market. Within 3 months of developing the prototype, Searchlight was running a paid proof of concept for the UK government which turned into a long-term contract two months later. What made the product so valuable was its ability to turn a thread of information, like a potentially compromised IP address, into an in-depth analysis of one’s Dark Web presence. The firewall company spending time and money developing to protect against attacks from certain vectors won’t prevent a breach of compromised credentials circulating on the Dark Web. With Cerberus, companies could examine potential threats to their business beyond firewalls, looking at who was selling their information and the capabilities of threat actors.

But, like most investigations, Cerberus needed an investigator. “With a system like [Cerberus] it’s very analyst driven,” admitted Ben, “and therefore you need a qualified analyst to be able to deliver the product. The time and availability of skilled analysts helped maximize the usability of the Searchlight project. Searchlight therefore began work on a product that would automate core functions of its investigation platform, releasing Dark IQ after 3 years to do just that. Since the release of Dark IQ and with an established trust in law enforcement, Searchlight has expanded into the commercial sphere. “We are increasingly looking at the pre-attack threat and audit space, while continuous automation and integration expand DarkIQ’s usability. To be able to establish the threat and continue to monitor it,” Jones said. Consider buying a new business. “Currently, they can check financial statements or their credit statements. But, at the moment, checking their cybersecurity and whether they have been breached and what data is being held for ransom is not available.

And then of course there is the threat of Russia to Western infrastructure. Something which, according to Owenson, is not unusual. “There has certainly been an upsurge in Russian attacks on Western infrastructure, which is not a new phenomenon. We have also seen some of the ransomware groups that are often based in Russia take particular positions in favor or against the Russian government… but many of these groups are implicitly supported by the Russian government, so they want to be seen as aligned with the government Russian, otherwise they risk being thrown in prison for what they have done.

Jones added that quite often some of these gang rumors or considerations of their next targets can start on dark web forums, so if someone was looking to test out certain positions or leak certain information, monitoring those forums can sometimes help detect what is happening. prevent cyberattacks.

In cybersecurity, few companies have such a human impact as Searchlight Security. This is something the founders are proud of, as is the rest of the Searchlight team: “We are a mission-driven company. It is rewarding work because you are doing a greater good. We have stories that we share within the company where we have had a direct impact on the lives of individuals and also on companies as a whole – we have helped prevent attacks, so it is very useful to stand up and go to work in the morning and be a part of that,” Jones said.

Therefore, the team is also hiring and looking to grow by partnering with Managed Security Service Providers (MSSPs) or large enterprises with their own SOCs that can use tightly targeted and actionable intelligence, without spending much time analyzing too many alerts and sifting through large datasets.

Comments are closed.