Customer portal
Articles Tagged with

legal firms need cyber threat intelligence

"Offensive
Product news, Tips

Offensive Cyber Threat Intelligence for Lawyers and Private Investigators

by Ben Hurst
August 10, 2022

In the last article, I wrote about how legal firms can utilise cyber threat intelligence and the SOS Intel toolkit for cyber defence. But in this article I want to explore a different idea, namely, offensive threat intelligence for legal firms. 

When someone says “cyber crime” what do most people think of? Likely something along the lines of “hacker”. Most will picture someone in a dark room staring at a computer screen with hundreds of lines of code flashing by while frantically typing on their keyboard. 

While hackers like this do exist, they make up a minority of cyber criminals. Cyber stalking is, by far, the most common cyber crime. 

Every year almost 10 million people in the United States are victims of cyber stalking or harassment. The vast majority, about ~80%, of cyber stalking incidents go unreported to law enforcement. To make matters worse, cases of cyber stalking that are reported often go unpunished. From 2010 – 2013, of the roughly 2.5 million reported cases of online harassment, only 10 cases resulted in a prosecution. 

A major reason many of these cases go unresolved is the extensive evidence required to make a case. Collecting evidence on a cyber stalker is a difficult and time consuming process. But, this doesn’t have to be the case. 

Utilising cyber threat intelligence tools, it is possible to collect large amounts of data on a target. Much like other cyber criminals, cyber stalkers use platforms like Telegram and Signal. Threat intelligence tools like the SOS Intel toolkit can pull data from these platforms on a mass scale. Just by crafting a few keywords you can search thousands of terabytes of data.

This “offensive” use of the SOS intelligence toolkit is not isolated to just cyberstalking cases. The SOS toolkit is incredibly versatile, it’s capable of assisting with any sort of research into any internet crime. Let’s take a look at what the SOS toolkit is capable of…

SOS Intelligence Toolkit API

The best way to utilise the SOS Toolkit is the API. The API allows you to integrate the toolkit into 3rd party programs. The API provides you the raw aggregate data and leaves the organisation up to your personal preferences. To start working with the API, first you will need to generate your API key. 

You can do this in the “API” tab of the web interface. Once you click the “generate” button you will see this message:

There are many API clients out there, but for the purpose of simplicity in the example I will be using Postman.

SOS Intelligence offers a Postman Collection file to further simplify the process of  implementing API requests in postman. If you are interested in using the Postman collection, please send an email to “[email protected]” 

Once you have your API key and have imported the Postman collection file (or you plan on manually adding the API requests) you need to add the key to Postman as such:

 Once you have your API key set you are ready to start making API requests! In this example I will be making queries as if I was investigating a cyber crime case. 

Quick note: The user I am searching for in this example is “pompompurin” a known cyber criminal who is active on Twitter and Telegram and administrator of the infamous “Breached Forums”.

Here is a simple query for “breached forums” using the Twitter search function. (Note: At the moment the Twitter search function has a search history limit of 6 months)

The Twitter search function will return any data that matches the search query. If the query matches any of the values or sub-values of a post, the function will return all of the data of said post. 

The data aggregated on each post is entirely dependent on the post itself, i.e. if other users are mentioned or if there are hashtags. It’s worth noting that searches are passed as phrases with “AND” logic. For example, my search for “breached forums” searches for “breached” AND “forums”. This way you can refine your results easily by crafting search queries that match exactly what you’re looking for, automatically weeding out all of the bad results.

Sometimes collecting intelligence from clearnet sources is not sufficient enough. Many hacking forums run both clearnet and darknet sites. The SOS Darkweb search function can search with several different categorical options. The first option is the “Full Text Search” as seen below.

The “full text search” searches through the full text of the site’s page. To narrow down your search results, you can set parameters like “phrase” to true. For example, if I search for SOS Intelligence, the query will pass as SOS “OR” Intelligence. However, if I set the “phrase” parameter to true, this query is passed as SOS “AND” Intelligence. 

The Dark Web Search tool also has special functions for more specific searches like emails and Bitcoin wallet addresses.

The SOS Toolkit puts all of these tools at your disposal instantly. The API is just one method of utilising the toolkit. 

The SOS web application allows you to access the same tools with a more friendly user interface. But the API allows you to integrate the SOS Toolkit into 3rd party OSINT frameworks as well as your own programs/scripts. 

The API provides a simple way to work with the tool kit “offensively”. Utilising several or all of these search functions you can gather a great amount of information on a suspect. You can try these searches out yourself! Remember, we have two community APIs:

  • DARKSEARCH: Provides information about onion websites.
  • CVE Top Talkers: Provides a top list of most talked about CVEs across our threat feeds.

Both can be accessed via a free plan which you can sign up for here 🙂

Photo by Tingey Injury Law Firm on Unsplash.

"Legal
Opinion, The Dark Web

Hacking your lawyer: Why Legal Firms need Cyber Threat Intelligence

by Ben Hurst
August 8, 2022

Data breaches are not good for anyone (excluding the cyber criminals), but breaches are particularly bad for industries that handle sensitive information. Unfortunately companies that often handle sensitive data typically do not take their security threats seriously. The pharmaceutical and medical sectors saw a 20% increase in cyber attacks in 2021, costing them, on average, $45,000 per hour of downtime. 

The medical industry is not the only industry handling sensitive data. Legal firms hold a tremendous amount of personal data on, not only clients, but also anyone involved in their respective cases.

For threat actors, legal firms hold a treasure trove of data that they can use for criminal activities such as, financial fraud, extortion, or even just crude doxxing. 

Unlike hospitals and pharmaceutical companies legal firms typically are not held to the same security and data privacy standards and regulations. In the United States acts like HIPAA and GLBA require any company that handles certain information to abide by set security standards. But, regardless of the law, a data breach looks good for no one. 

Defensive security measures like proper data storage and encryption are a must for any legal firm, but these measures can only go so far. In order to take your security to the next level proactive measures are needed.

Luckily for us, threat actors are often very open about their upcoming or ongoing attacks. Hackers will post on dark web forums or even in public chat rooms. 

Publicly posted data leak of a New York legal firm 

Collecting and aggregating this information can be difficult for a small legal firm with less resources. This is where SOS Intelligence comes in. SOS Intelligence can offer your legal firm – small or large – tools to bolster your proactive security measures. 

Due to the nature of established and emerging threat actors, defensive measures like proper data encryption and storage is not enough. Threat actors will always be able to find a way around these defences.

Whether it involves paying an insider for access to your network or exploiting a n-day vulnerability in your VPN software, SOS cyber threat intelligence will be able to provide insider intelligence not found anywhere else. 

Our Dark Web monitoring tool can be utilised for searching for hackers discussing your company. You can quickly build a profile on threat actors targeting your firm then proactively adapt your defensive measures to compensate. 

Getting a sense for threat actors targeting your firm will do wonders for both your cyber defence and – in the case of a breach – can assist incident response. SOS Intelligence offers tools that can actively pull information from common dark web forums and chat rooms. 

Our tools can also grab messages from closed source forums and chats. Dark web monitoring will be able to offer a different perspective than the hundreds of various defensive tools. The SOS Intelligence toolkit will allow you to see through the eyes of a hacker. It’s time to take your security to the next level, try out the SOS toolkit today.

If you are a legal firm who would like some advice on what you need to be doing plus a demo of how we can help you, then click here now to book some time with Amir, our founder. We promise this is something you won’t regret.

Photo by Tingey Injury Law Firm on Unsplash

Recent Posts
Recent Comments
    Privacy Settings
    We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
    Youtube
    Consent to display content from - Youtube
    Vimeo
    Consent to display content from - Vimeo
    Google Maps
    Consent to display content from - Google
    Spotify
    Consent to display content from - Spotify
    Sound Cloud
    Consent to display content from - Sound
    Save