Media Centre

The world of Dark Web monitoring – An interview with SIXGILL Co-Founder Avi Kasztan

30 December 2019

Avraham Chaim Schneider, Ariel Yosefi, Nimrod Kozlovski 

Much of the mystique surrounding the dark web stems from the fact that for the average cyber citizen, this sinister sliver of the internet is like a digital, third world country few have dared ventured into. Information about its inner workings comes in snippets from news reports informing of yet another shocking data breach with ‘X’ million users exposed, or some stunning police raid complete with all the sordid details one would expect to find when turning over rocks in an underworld infested with crime.

But like any foreign country, the mystique mostly evaporates once you experience it firsthand. That isn’t to say the reports of crime and exploitative behavior are exaggerated. To be sure, there’s plenty of that going on. But it’s still just a place with its own cultural norms and trends, and to get a true sense of that culture and what trends may be emerging that threaten your data, it’s a good idea to speak to someone whose day job it is to walk its dark marketplaces and listen in on the closed chat banter of the locals.

That is why our guide today will be SIXGILL Co-Founder Avi Kasztan, a local for-all-intents-and-purposes in that unlike most firms offering dark web services as part of a broader cyber offering, SIXGILL specializes exclusively in dark web monitoring and intelligence. We began with the basics.

Who in his opinion should be actively monitoring the dark web? His short answer, everyone.

The dark web is home to hard core cybercrime, he says. It’s where criminals plan their activities with a level of collaboration and sophistication hereto unheard of. In his words, the dark web is essentially a social network for criminals. A robust industry with hierarchies, money flows and user reputations being built (and torn down) on a daily basis. To effectively use the power of social networks you don’t necessarily have to be actively posting on them. It all depends on your goals. The same applies to the dark web and Kasztan believes any company concerned about its assts (especially its human assets) should be monitoring it to make sure they aren’t missing out on anything critical.

Critical is the operative word here. According to Kasztan, the damage hackers can inflict via the dark web should not be underestimated. They could effectively murder someone, in the digital sense, through identity theft. Admittedly, this sounds a bit over dramatic so we pressed him to elaborate on this point. What could a victim of identity theft be facing on a practical, real-world level?

For starters, an empty bank account would be the least of the victim’s worries. According to Kasztan, criminals sometimes need and alternative identity to commit their crimes with. A victim of ID theft might wake up one day to a knock at their door by the authorities with evidence of their involvement in anything from gun running to human trafficking and everything in between. It could be a legal (not to mention financial) nightmare to clear a record from such crimes, and as for reputations, they may never recover.

We asked about health profiles, knowing these to be a favorite for many hackers. Kasztan agrees that the danger is real, only far worse than the obvious threat of having sensitive medical information exposed, which would be bad enough on its own. Data could be modified in ways that is not only damaging from a reputational sense, but physically so if medical histories are made to be inaccurate.

Kasztan doesn’t stop there, taking the health-hack scenario to the next level when suggesting some medical devices with online connections may allow attackers gaining access to cause serious injury or even death, depending upon its functionality. This sounds a little too much like something out of a techno-thriller novel to simply accept at face value so we did a little research on our own, and wouldn’t you know it, former US Vice President Dick Chaney’s cardiologist actually disabled the wireless functionality of the VP’s pacemaker due to this very fear.

We moved on to the question of proactive v.s. reactive monitoring. What’s the breakdown for companies approaching SIXGILL?

Kasztan responds with an old adage that a clever man knows how to extricate themselves from a bad situation while the smart man knows to avoid the situation in the first place. He explains that corporate awareness of the need to address the reality of the dark web is increasing. But he clarifies that SIXGILL is a cyber intelligence firm, more involved in monitoring than offensive measures. Should a company discover a breach, generally speaking it’s time to begin collaborating with authorities.

And yet there are times when out-of-the-box, offensive measures can be employed. Kasztan recalls one case involving a team of hackers exploiting ATMs across a country that affected their client along with many other banks in the region. The hackers were extremely sophisticated in their methodology and always managed to remain one step ahead of the authorities. They appeared to be toying with their pursuers, almost as if hacking the ATMs was just an excuse to show off. When the SIXGILL team understood the game the hackers were playing it became clear what they needed to do to bring them down, and that they had the technology and knowhow to do it.

Essentially, they used the hackers’ own sophistication against them. Through their intimate knowledge of the dark web’s cultural hierarchy they were able to narrow down the list of possible suspects in the ecosystem with the technical ability to pull off attacks with this level of complexity, eventually closing in on and identifying the ones responsible, at which point they sent over the authorities to handle the dirty work.

To wrap things up, we asked about the future of dark web. Some claim its growth has stagnated with raids and site take-downs keeping the number of its URLs from ever growing much beyond the 100K mark. At present the number is closer to half that.

Kasztan is not impressed with URL numbers. He measures growth in terms of the size and nature of the crimes being committed and the amount of money changing hands. We know from our previous piece on Mapping the Dark Web that the numbers are indeed rocketing skyward, with bitcoin transactions expected to break the 1B mark this year.

Kasztan believes the dark web is going through a maturing phase from which it will eventually stabilize. It’s a platform like eBay or Amazon, he says. It just happens to be filled with criminals.

A similar version to this article first appeared in C-Tech.