A UK start-up business that specialises in showing firms their ‘digital shadow’, or the amount of information they are leaking online, is making news for itself by catching cyber criminals who are costing businesses a conservative $100bn a year.
Digital Shadows started in 2011 and provides a “hackers’ eye view of their business”. What they have found in their short life is frightening, particularly to the firms who employ them. For example, they found a bank manager who was selling illicit bank accounts complete with a balance to criminals. The man’s employers were oblivious of this and only realised when Digital Shadows ran a sweep of the internet for security breaches.
Digital Shadows has developed algorithms that scan the worldwide web for mentions of its clients, collecting everything from tweets to chat room mentions. Most importantly, it can ascertain if a lone employee email address has found its way into a file of stolen usernames and passwords being sold by cyber criminals.
It does this by accessing the ‘deep web’, or the part of the internet that is not indexed by normal search engines. Within the deep web is the dark web, where sites that are actively hidden and inaccessible from standard web browsers lurk.
This area is accessed by tapping into the TOR network, or ‘The Onion Router’, which references the dark web’s many layers. The TOR provides anonymity for hackers but they cannot escape a search by Digital Shadows, which scans 100 million data sources in 27 languages on behalf of its clients to find any threats.
Once found, the vulnerabilities are analysed to gauge the impact of the breach and brief the client on how to mitigate the damage caused. As one of the firm’s founders said, they cannot remove the information but they can take steps such as re-setting passwords and stopping the breach happening again.