Thu, Sep 17, 2015 - Page 9 News List

Business booms for cybersecurity firms watching the ‘dark Web’

By Nicole Perlroth  /  NY Times News Service, CHANTILLY, Virginia

On a recent Wednesday morning, 100 intelligence analysts crammed into a nondescript conference room in Virginia and dialed into a group call with 100 counterparts in Taiwan, Argentina, Brazil, Cyprus, India, the Netherlands, Romania, Spain and Ukraine. As they worked their way around the room, the analysts briefed one another on the latest developments in the “dark Web.”

A security firm in Pakistan was doing a little moonlighting, selling its espionage tools for as little as US$500. Several US utility companies were under attack. A group of criminals were up to old tricks, infecting victims with a new form of “ransomware,” which encrypts PCs until victims pay a ransom.

The analysts, employees of iSight Partners, a company that provides intelligence about threats to computer security in much the same way military scouts provide intelligence about enemy troops, were careful not to name names or clients, in case someone, somewhere, was listening on the open line.

Within 30 minutes, they were all back at their keyboards, monitoring underground chatter and markets, analyzing computer code meant to cause harm, watching the networks of potential attackers and poring over social media channels for signs of imminent attacks.

For the last eight years, iSight has been quietly assembling what might be the largest private team of experts in a nascent business called threat intelligence.

Of the company’s 311 employees, 243 are so-called cyberintelligence professionals, a statistic that executives there say would rank iSight, if it were a government-run cyberintelligence agency, among the 10 largest in the world, although that statistic is impossible to verify, given the secretive nature of these operations.

ISight analysts spend their days digging around the dark Web, piecing together hackers’ intentions, targets and techniques to provide their clients with information like warnings of imminent attacks and the latest tools and techniques being used to break into computer networks.

The company’s focus is what iSight chief executive John Watters calls “left of boom,” which is military jargon for the moment before an explosive device detonates.

Watters, a tall 51-year-old Texan whose standard uniform consists of Hawaiian shirts and custom cowboy boots, frequently invokes war analogies when talking about online threats.

“When we went into Iraq, the biggest loss of life wasn’t from snipers. It was from concealed explosive devices,” he said. “We didn’t get ahead of the threat until we started asking ourselves: ‘Who’s making the bombs? How are they getting their materials? How are they detonating them? And how do we get into that cycle before the bombs are ever placed there?’”

“Our business is tracking the arms merchants and bomb makers so we can be left of boom and avoid the impact altogether,” Watters added.

ISight’s investors, who have put US$60 million into the company so far, believe that its services fill a critical gap in the battle to get ahead of threats.

Most security companies, like FireEye, Symantec, Palo Alto Networks and Intel’s security unit, focus on blocking or detecting intrusions as they occur or responding to attacks after the fact.

ISight goes straight to the enemy. Its analysts — many of them fluent in Russian, Mandarin, Portuguese or 21 other languages — infiltrate the underground, where they watch criminals putting their schemes together and selling their tools.

This story has been viewed 2052 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top