Open source intelligence team launches DarkInvader to provide early warning of data breaches

The original team behind RandomStorm and Pentest People have launched a new venture, DarkInvader, that combines automated dark web searches with open source intelligence research, to provide organisations with an earlier indication that their systems have been breached.

DarkInvader continuously trawls the dark web and hacker forums for caches of stolen data associated with a user’s organisation, so that they can respond to incidents more quickly and prevent further damage. DarkInvader was co-founded by serial entrepreneurs, Andrew Mason and Robin Hill, along with technical director, Gavin Watson and sales director, Anthony Harvey, who has already won a number of public sector contracts for the new company.

Under GDPR, organisations are legally bound to inform the Information Commissioner’s Office (ICO) within 72 hours of a data breach and alert affected customers. However, stealthy hackers often lurk on networks for long periods, increasing their access privileges, while organisations are unaware that their systems have been penetrated.

DarkInvader’s software automatically scans hundreds of thousands of illicit online marketplaces and millions of dark web pages to identify key pieces of information that indicate that an organisation’s stores of payment card data, passport numbers, healthcare records and other sensitive personally identifiable data have been compromised.

To bolster the automated searches, the company’s cyber security researchers also manually monitor hacker forums for conversations indicating new exploits. This blended approach, combining the best dark web scanning automation with human research and open source intelligence gathering, helps organisations to act more quickly to prevent leaked credentials being used to log into critical systems and cause further damage, or steal customers’ data.

When a breach is confirmed, DarkInvader provides the affected organisation with a risk report on the severity, along with remediation advice to help the company to identify and block the source of the leak to prevent escalation.

DarkInvader co-founder, Andrew Mason, said, “Organisations often don’t realise they’ve been hacked until we tell them that their data is being offered for sale on forums and secret websites that are not easily accessible to the general public. Our combination of technology and human research allows us to identify threats earlier than standard dark web automation tools.”

DarkInvader provides a full monitoring and consultancy service to organisations that do not have their own in-house security experts. Larger organisations with their own cyber security teams can also sign up to receive DarkInvader alerts allowing them to assess the veracity and severity of suspected data leaks to prevent leaked data being used to attack critical systems.

“Even with robust cyber defences in place, a brand new web vulnerability, an unpatched server, or a misconfigured device can create a small chink in an organisation’s armour that gets exploited by determined hackers. Like a river pollution alarm alerting a factory that it’s leaking chemicals, if company records are found on the dark web this cannot be ignored,” says technical director, Gavin Watson, “DarkInvader provides the last line of defence.”