Forces of darkness surveyed

17 March 2017

Thomas Olofsson was facing an important decision. Either follow in the footsteps of some of his friends and hack companies and government agencies. Or choose the other side and continue with the same interest but in the service of conventional society.

 

The choice fell to the latter. All things considered, it felt like the path to a simpler and more rewarding life. This is how a career began that has led to Thomas owning his an own company in the security branch, Intelliagg, where Thomas and his colleagues have made the biggest-ever survey of the Internet’s dark forces.

 

 

We've spent a lot of time surveying the Dark Web, the darkest reaches of the Internet, where weapons, drugs and hacker attacks are sold as conventional goods and where few have access.

Thomas Olofsson, Combitech.

 

 

The information Intelliagg gathers is sold to their customers so that they can find out, for example, if a coordinated attack on their companies is planned. Thomas and his colleagues can, for example, see if queries are being made regarding how a certain company is hacked, or if challenges for joint actions begin to be circulated. For a company that is facing an attack, this provides valuable time to prepare. The way in which Thomas works is both simple and ingenious.

 

Using the same methods as forces of darkness

 

We use the same anonymisings against the forces of darkness as they use. We can't see where they are or who they are. But they can't see who we are either and why we are there. To avoid detection and create a comprehensive picture of what is happening, we've infiltrated the networks via hundreds of nodes on a scale that to my knowledge, has never been previously attained.

 

The initiative is necessary because the threats during recent years have grown to a scale never before seen. Thomas has observed the changes over the years. 

 

Those who think that cyberattacks are conducted by bored youths who want to test their knowledge haven't kept up. Sure, they also exist, but it's criminal groups and increasingly national governments that are behind the intrusion attempts and attacks these days. The latter is not seen in the statistics, which is because states often engage the criminal groups to conduct the attacks.

Thomas Olofsson, Combitech.

 

Cyberattacks against businesses, harmful code, weapons and sex trafficking are on sale, side by side. Increased digitalisation entails new business opportunities even for the dark forces.  

 

 

Difficult to get at hackers

Many of the criminal groups have their base in Asian countries at the outer edges of Russia. Many groups previously had their bases in Russia, but after Putin initiated harder measures against them, they' moved to smaller countries beyond the Russian borders. For Western companies, it’s naturally to difficult get at them.

 

 So what should can be done?

 

The main thing is that companies conduct a thorough risk analysis so that they know where the risks are and what or which information needs to be protected. This work should preferably be made into a process that senior management can update and work with regularly.

It is also important to conduct open source intelligence analyses and find out about who might want to access the information or sabotage things for the company or its customers. The more you know about your enemies and their resources, the easier you can prepare and establish a reasonable level of security.

Thomas Olofsson, Combitech.

 

 

Identify business-critical information

It might sound like a job for your IT department, but this is something Thomas is strongly against.

 

They naturally have an important role in the process, but this has become a matter for senior management. Neither IT nor security departments can have the same understanding of the market situation and of what is business-critical information. Companies that don't understand this will be risking major problems in the future.

Thomas Olofsson, Combitech.

Hans Danielsson

Business Area Manager

hans.danielsson@combitech.com

+46 (0)13 18 00 17

Other news

29 October 2020

How do you know if your system is secure, if it has never been tested?

Combitech contributes to a safer and more secure society. An important part of this work is performed by our penetration testers. Their work is to simulate hacker attacks in order to find vulnerabilities and weaknesses in networks and systems. Three of Combitech’s sharpest pentesters, Christoffer Olsen at Combitech Denmark, Michael Johansson at Combitech Sweden and Olav Sortland Thoresen from Watchcom in Norway explain what they do, how they do it and why their work is vital to many companies.

3 April 2019

A Holistic Approach to Cybersecurity

The capabilities and motivations of attackers to go after operational systems in infrastructures critical to society’s resilience are omnipresent. But these sectors are traditionally not prepared to deal with such security threats. It is time to wake up!

21 November 2018

Your organization is “GDPR compliant”, but do you perform penetration tests?

Today’s organizations are facing an ever-expanding set of legal and regulatory compliance requirements regarding how they must handle sensitive information, how they must ensure the resilience of their digital processes, and how they must protect the privacy of individuals. Organizations must not only operate within legal and contractual boundaries but do so in a way that creates the business value that their stakeholders expect of them.

Want to know more?