Internet Security

This 'Google for the Dark web' helped me check if I'd been hacked

When it comes to security, much of the focus is around exploits and malware and finding evidence of them within your own networks. But what if you applied that theory to your own data that might have already left your organization without your knowledge?

“Everyone's spending most of their time and effort making their network more secure,” says Jeremy Hendy, Executive VP, Sales & Marketing at security intelligence startup RepKnight. “Great, but also you should be spending 5% of your time looking for your stuff outside the firewall on the harder to reach bits of the internet that you can't find today.”


Google for the Dark Web

RepKnight was founded in Belfast in 2011, but started by providing a different kind of security intelligence.

“We were originally doing real-time social media monitoring for law enforcement, and intelligence agencies,” says Hendy. “The company came into being around the London 2012 Olympics, when the police were using us to monitor any riots or anything kicking off.”

Around 18 months ago the company did a full pivot to refocus on the commercial sector and infosec. While the sentiment analysis still exists to see if there’s any growing trends around terms such as DDoS, Ransomware, hacking etc., the company also offers the ability to search the web’s underbelly.

“At the heart of RepKnight is this real-time search engine that's just hoovering up stuff from social media and the dark web.”

The company combines a mix of feeds from the likes of Twitter, automated scraping of PasteBin and similar sites, robots that crawl harder to index TOR sites and forums, and human curated scanning of certain online communities, and brings it all together into one database, which is searchable from a dashboard you can manage yourself.

“We see people using the tool from that kind of proactive threat intel before it happens: “Is someone chattering about a vulnerability of my product?”

“It may or may not be "Hey I've hacked this company" or it may just be someone's bought the data and we've spotted the data changing hands.”

What kind of information it searches for is up to you: it could be credit card numbers, a list of your company’s email addresses that could be used for phishing, your company’s emails, source code, formulas, designs, any valuable IP or personal information. Anything precious you wouldn’t want published online. The information on big data dumps or dark web data exchanges often only exists briefly, so any information RepKnight comes across will be stored and searchable later.

“Very typically in a lot of the data breaches things get posted for a few minutes and then deleted because the Bitcoin is paid and up goes the URL to go and grab the data. And if we spot that URL then we'll go and copy the data too.”

While the company does have in-house analyst monitoring RepKnight is focused on providing users with the tools to do the forensics yourself, because you know your company better than any consultant.

“If there's a discussion about your company - and there's a top-secret code word for a project that comes up - if you outsource that we're not going to know if that's relevant or not.”

Hendy describes the product as a cheap and cheerful tool that's easy to use and scalable up to big companies and down to one-man bands and is focused on simplicity because originally it was designed to be used by policemen (i.e. people who aren't infosec/secops focused).

“It's like a burglar alarm that goes off, rather than something you have to sit and watch 24 a day. most of the time you'll see nothing - no news is good news.”

The proof of the pudding, they say, is in the eating. So, has IDG Connect or this poor writer been hacked? Apparently not: A search for the term ‘IDG Connect’ only appeared in a list of technology news sites, while variants of ‘Dan Swinhoe’ only brought up a bunch of Dans and a couple of Swinhoes in a list of members affiliated to a certain UK-based political group. So all fairly innocuous. Happy days.


GDPR & detection

Like many companies on the market, GDPR compliance is a big part of RepKnight’s current pitch.

“There's this long dwell time from being breached to discovering it - a FireEye report last year that said 469 days in Europe - GDPR comes into force in 352 days, so [if you have suffered a breach] it's already done, it's already out there. Too late.”

He argues that as well as helping improve the chances of finding evidence of a breach – and therefore providing a better chance of hitting that 72-hour breach notification deadline – employing services such as RepKnight demonstrate to the likes of the Information Commissioner’s Office that you've taken reasonable steps to protect your data, and reduce the likelihood or size of a fine.

“Everyone loves to talk about the hackers, but a lot of the time it’s well-meaning insiders who are just trying to do their job but don't really realise that maybe that wasn't the smartest thing to put information on an open Dropbox. Or it’s emailing a CSV file that then gets forgotten or lays around on a network somewhere, and someone finds it.”

One good practice, he says, is to include watermarks within data – such as a fake entry in a customer list or document sent to a partner – that could be used to identify the source of a breach.


Belfast fuelled by security startups and pizza

While London remains the UK’s tech hotspot, there’s a growing trend of a hotbed of technology startups popping up outside England. Edinburgh and Glasgow in Scotland have an increasingly large hub of startups , while Belfast has grown to become a major hotbed for security companies.

“There's a nice little cluster of companies around there now - Black Duck, Alert Logic - there's really good people coming through the system now that have got relevant degrees and are really quite talented.”

“We got a really good relationship with Queen's University Belfast & CSIT. We get quite a lot of students coming and doing internships with us, and the good ones we sponsor them and get a job [with us].”

Hendy says that the company’s CTO, Seamus Clarke, is the ‘grey hair of experience’ amongst a large number of young engineers easily motivated by the promise of pizza if there needs to be a late night.

“It's really nice having that mix of enthusiasm and youth with a bit of discipline.”


« C-suite career advice: Vincent Delaroche, CAST


Typical 24: Holly Gage, Bluewolf »
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?