Buy vs. build non-attributable networks

DIY approaches to powering secure, anonymous online research may seem cost-effective, but hard and soft costs combined show that’s not the case.
 

For sensitive online research, a solution is needed to ensure that the research you’re doing isn’t tied back to you or your organization. Without this critical capability, you’re at risk of being blocked, targeted, infected or identified by adversarial targets of your research.

Many organizations decide the cost-effective approach to disguising researcher identities (i.e., preventing attribution of their research) must be to build their own in-house solution. But when looking at the total investment in time and resources, this isn’t the case.

Using a SaaS for non-attributable web access is definitively less expensive from a hard and soft costs perspective than a build-your-own solution. SaaS solutions can also offer better protection against attribution and web risks as well as improve research efficiency.

Read the solution brief: Hidden costs of DIY research networks >

Why do I need a dedicated setup for online research?

Using a traditional browser like Chrome, Safari or Firefox can be disastrous when conducting sensitive online research. For one, they don’t provide any separation between the researcher’s machine and network and the web content they’re interacting with. This means malicious content can get in and sensitive information can get out.

What’s more, these browsers are built to track users. They disclose dozens of identifying details about the researcher’s device, browsing behavior and more to every website they visit. With enough unique details in combination, webmasters can understand who they are and why they’re visiting their site.

Learn more about what’s in your digital fingerprint and how managed attribution can help you blend in with the crowd on sites you’re investigating. What is managed attribution and how does it improve online investigation? >

When speaking with online research practitioners, their need for a dedicated setup to browse the web comes down to avoiding these three things: getting blocked, identified and targeted.

Getting blocked when trying to do online research

This can happen in two ways. One is getting blocked by corporate IT solutions like firewalls and web gateways that aim to protect the network from malicious/unsavory websites.

The other is getting blocked by external parties based on your fingerprint; for example, when a Brazilian website blocks connections from U.S. IP addresses.

Both cases prevent investigators from getting the access they need, leading to incomplete intelligence or searching for a solution to get the special web access they need.

See how this SOC needed to bypass access blocks to investigate region-specific malware , and turned to Silo for Research to give give threat hunters full view of the malware in a secure environment >

Getting identified when doing online research

By combining the dozens of details of a researcher’s digital fingerprint (their IP address; device settings such as language and keyboard preferences, time zone; hardware, software and plugins; browser in use; etc.), webmasters can create a profile of a website visitor and uncover who they really are and/or who they’re working for.

Learn how to blend in with the crowd when performing online investigations in this Silo for Research demo >

Being identified can lead to a number of additional issues. If online research can be traced back to the employee’s corporate network or — even worse — their home network, the subject of the research can potentially try to infect or target the researcher or scrub intelligence before it can be collected.

Getting targeted or infected because of online research

Once identified by a research subject, they may choose to target you digitally (i.e., via malware) or physically (i.e., in the real world). Physical targeting can take strange and scary forms:

• You’ve been swatted:A SWAT team showed up at a trust and safety analyst’s house when criminals found out that they were being watched online. They used small traces collected through the analyst’s regular browsing session, such as time zone and language settings, keyboard configurations and hardware and software footprints, to compile a picture of who was watching them. From there, zeroed in on individual analysts’ identities.
• Good morning sir, I’m with the FBI: An analyst at a social media company who’s responsible for policing the platform for terrorist content got a visit from the FBI. This wasn’t the result of research subject targeting, but rather identification by the FBI themselves after the analyst frequented forums and sites associated with terrorist activity in the course of his online investigations. Without a dedicated environment, the FBI identified him and he was unwittingly the subject of his own terrorist investigation.

Different approaches to non-attributable networks

It’s evident that non-attributable networks are critical to performing secure and effective sensitive online research. To achieve this, organizations typically take one of two approaches: buy a service or attempt to build their own in-house solution.

Here’s one of my favorite blogs that talks about the “buy vs. build” dynamic and how financial crime analysts and IT find a solution that makes both parties happy >

While the in-house approach may seem attractive from a cost perspective, it carries lots of issues:

Granting special web permissions on the company network

This one is simple. An analyst gets blocked by corporate IT and requests a web access exception to visit the site. This solves the problem of getting blocked because it gives the analyst access to the site so they can gather intelligence, but opens up a number of other issues.

• Inefficiency: the exception process isn’t immediate and uses up IT resources
• Security risk: The company is allowing access to potentially risky sites on the corporate network
• Attribution risk: The company and analyst are at risk of being identified, infected or targeted

Relaxing web permissions is an easy solution for getting blocked, but it’s not a good solution for the other reasons mentioned above.

Using personal devices to get around corporate IT blocks

Again, this solves the problem of getting blocked and stopping an analyst from getting to the websites they need to visit, but puts individual employees and their companies at risk.

Companies should not require analysts to use their own personal resources to conduct online research on behalf of the company, and analysts shouldn’t — and usually don’t want to — sign up for jobs that require them to put themselves at risk.

Using personal resources for online research opens the analysts up to risk because the company isn’t willing to accommodate them with proper tools, and it opens the company up for risk because they have no ability to control or audit the analysts' online research set up.

Building your own network for online research

I’ve heard it all, from kiosks in the corner that are “off-network” to naughty rooms in the broom closet that can be used to do research separate from the company. In short, building your own setup comes with a number of issues. It requires IT to constantly build and maintain a separate non-attributable computer network.

Why non-attributable SaaS is the best approach

Having a proper risk-free setup for conducting online research is necessary for anyone conducting sensitive online research. Without the proper setup, it can lead to being blocked, targeted, infected, or identified.

Building your own in-house solution for conducting online investigations isn’t a good option because it’s costly, complicated, requires constant upkeep, doesn’t scale and doesn’t provide the ability to secure/audit/control in an enterprise way. Even if you’ve got the time and resources and attempt to build your own, it’s imperfect. And you have to rely on end users to be savvy enough to understand how to use it — and trust them to use it correctly.

To learn how Silo for Research provides steadfast security and anonymity in online investigations through a cloud-based platform, visit our product page.