The hunter becomes the hunted
Our customer, a large household-name technology company, has a dedicated team of trust and safety analysts who focus on ensuring that the company’s online platform is not used by drug cartels, hate groups, terrorist cells, human trafficking rings or other criminal establishments.
The team uses all available online sources, on both surface and dark web, to keep an eye on suspicious individuals and organizations. Analysts regularly listen in on forums, investigate social media activity and watch Telegraph channels for signs that criminals are using the company’s platform for their illicit operations and communications. However, without the means to properly disguise and anonymize their presence and activity, analysts were left unprotected. It was only a matter of time before the adversary tracked them down and, in one bizarre instance, sent a fully armed law enforcement squadron to their front door.
Without the means to properly disguise and anonymize their presence and activity, analysts were left unprotected.
-Retaliation threat turns real
A traditional commercial browser is not the best tool for sensitive online investigations. Even when connecting through a VPN, turning off major cookies and using fake accounts and profiles, analysts run the risk of revealing their real identities, locations, affiliations and intentions to the very people they are investigating.
The tech company’s trust and safety teams thought they were safe while investigating online activity of criminal individuals and groups. But at the same time as they were collecting information on their adversaries, the criminals were gathering vital information on them. Once the criminals found out that they were being watched, they used small traces collected through a regular browsing session, such as time zone and language settings, keyboard configurations and hardware and software footprints, to compile a picture of who was watching them — and from there, zeroed in on individual analysts’ identities.
These days, it’s not hard to find anyone’s home address, phone number and email address online. The criminals used this information to orchestrate fraudulent phone calls to local law enforcement using spoofed numbers, claiming a serious and immediate danger, akin to active shooting or kidnapping. When a 911 operator receives a call of this nature, they act without hesitation, sending armed responders to the caller’s address. In this case, of course, there was no real threat, only a couple of frightened family members, realizing that their loved one’s job has put them all in danger.
Once the criminals found out they were being watched, they used compiled details collected from the analysts' browsing sessions to zero in on individual analysts’ identities.
-Secure and anonymous online investigations
Silo for Research has been created to protect investigators from situations like these. With this tool, the tech company’s trust and safety analysts are now equipped with specialized managed attribution features, designed to disguise their identities, spoof their physical locations, IP addresses and network settings. This ability to manage attribution (i.e., details of their digital fingerprint) prevents adversaries from retaliating against investigators and their organization. Silo for Research helps them safely browse both the surface and dark web, collect, analyze and share evidence, and store files securely, without fear of introducing malware to their networks.
Since adopting Silo for Research, the tech company’s trust and safety analysts report that they feel less at risk, and can do their job more effectively, proactively researching potential threats and monitoring misuse of the company’s platform. Other groups within the company have also introduced Silo for Research to their workflows, helping them to:
- Hunt cyberthreats
- Securely browse the web
- Use third-party tools without risk
- Share suspicious activity with law enforcement
- Improve the company’s overall security posture