Coverage



Twenty percent of the Dark Net was taken offline last week, when a hacker compromised a server hosting some 10,000 websites on the Tor network.



Unscrupulous workers who sell their employers’ secrets are nothing new. But a rise in websites dedicated to white collar crime is making the practice easier than ever—and leading more insiders to peddle confidential information.



Cybercriminals are increasingly using dark web forums to recruit employees and contractors willing to help them achieve their goals, according to a report published on Tuesday by security firms IntSights and RedOwl.



February 1, 2017

Ten Fascinating Things

08. Insider trading isn’t limited to Wall Street. People are increasingly taking to the dark Web to sell confidential corporate information.



Cybercriminals are increasingly using the dark web to recruit insiders to help steal data, including to make illegal trades, according to a new paper from Ido Wulkan of IntSights and Tim Condello and David Pogemiller of RedOwl.



According to a report from RedOwl and IntSights, the recruitment of insiders within the Dark Web is active and growing, with forum discussions and insider outreach nearly doubling from 2015 to 2016.



Insider trading and other forms of access-related corporate crimes earn some dark web traders as much as $5000 a month, according to a new report.



A RedOwl report claims that insider recruitment is “active and growing” with chatter across public and private forums about the subject doubling from 2015 to 2016.



A study revealed how hackers in the dark web are arming insiders with the tools and knowledge necessary to help steal corporate secrets.



Hackers from US-based risk management outfit RedOwl and Israeli threat intelligence firm IntSights worked their way past the interview process to access the private dark net property Kick Ass Marketplace, where they found evidence of staff selling internal corporate secrets to hackers.



Cybercriminals are ramping up efforts to recruit employees with access to corporate networks. The Dark Web, which promises anonymity to rogue insiders, is driving that trend.



Insider trading in the Dark Web is expanding, with new recruits being sourced from banks and financial institutions keen to make money from privileged access and knowledge.



According to the Identity Theft Resource Center, there were a combined 901 reported breaches between January and November of last year, with the largest number occurring in the business sector. While it’s tempting to lay the blame on hackers on the outside, the culprit is most often someone within the organization.



A recent study from MIT on gender and engineering found that women like to tinker with tools, same as the men do. That, to me, is revelatory. As a female data scientist working at a technology company with fellow female colleagues in all types of positions, I get to see that type of tinkering firsthand every day.



Corporations need to keep close tabs on their employees to root out internal threats, which are becoming more prevalent. This raises important ethical questions about privacy in the workplace. Where should corporations draw the line between respecting employee privacy and staying secure? Here are five suggestions for how to do it right.



December 8, 2016

Beware insider threats

While much of the effort to counter cyberthreats seems to focus on external actors—hackers, criminals, and nation states—it can be argued that the predominant threat actually comes from people inside corporate entities.



Over the past few years, several high-profile market manipulation cases have emerged in the energy and gas markets, including rulings against BP America and Louis Dreyfus Energy Services.



Mr. Condello is the vice-president of cyber threat intelligence at user behavior analytics provider RedOwl. He recently published an article describing what banks need to know about the new Android malware.



November 22, 2016

The inside story

Following a number of high-profile examples of insider risk in recent years, hedge funds are increasingly having to take a proactive approach towards internal monitoring.US firm RedOwl talks about its services to HFMTechnology.



Regtech startups have raised roughly $2.3B across 317 deals since 2012. Deal activity is on track to set a new high in 2016.



“Vetrepreneurship” is sweeping the country. The SBA reports that 25% of Post-9/11 veterans want to start their own businesses.



Brian White, RedOwl Analytics chief operating officer, and Keith Rabois, Khosla Ventures partner, discuss what cybersecurity will be like under Donald Trump. They speak with Bloomberg’s Emily Chang on “Bloomberg Technology.”



t’s a rough year to be an Android fan: a new banking Trojan has infected over 200,000 Android devices over the last month, by influencing or pushing users to enter their online or banking credentials into a screen overlaid onto the open app.



The huge cyberattack that crippled the Internet and disabled dozens of websites Friday appeared to be the biggest attack of its kind that the world has ever seen.



Brian White, RedOwl Analytics chief operating officer, discusses the cyber attack on a Web host that caused a widespread Internet disruption in the U.S. He speaks with Bloomberg’s Cory Johnson on “Bloomberg Technology.”



The FBI has arrested NSA contractor Harold Martin, who is suspected of stealing highly classified source code developed by the agency to hack the computer networks of adversaries like Russia, China, Iran and North Korea. Apparently though, the suspect did not fit any of the usual profiles of an “insider threat.”



An NSA contractor stealing sensitive government documents is in the news again, and it has nothing to do with Edward Snowden, movies or pardon requests. But it does have everything to do with the ever-present threat of insiders and third-party contractors and how these concerns continue to get swept aside or given less importance than breaches caused by outside actors and nation-states.



A recent Bitglass survey of more than 500 IT professionals found that one in three respondents said their enterprise has experienced an insider attack in the last year, and fully 74 percent said their enterprise is vulnerable to insider threats. Fifty-six percent of respondents said insider leaks have become more frequent in the past year.



September 29, 2016

Meeting Hackers Head-On

In a climactic conclusion to an insider threat story that has been developing since 2015, Morgan Stanley agreed to pay a fine of $1 million to the US Securities and Exchange Commssion (SEC) in June this year for failing to protect private customer data.



Whilst the popular view of hackers tends to be of outsiders, there’s been increasing emphasis in recent years on the threat to enterprise data posed by those inside the organization. Behavior analytics company RedOwl carried out a survey at last month’s Black Hat conference, asking almost 300 security professionals for their views on insider threats, and the results are released today.



An effective cyber security strategy is a “team effort,” says Guy Filipelli, founder and CEO of RedOwl, a cyber security/risk management company. “It is often a combination of information security, physical security, technology or IT, legal, and potentially risk or HR and then at one point, the leadership of the institution.”



“The [US] SEC and FCA are both exploring ways to effectively leverage voice, electronic communications and other data to stem fraud and improve compliance,” says Brian White, the chief operating officer of RedOwl, which provides risk-analysis technology. “Moreover, the regulators are watching the development of technology with a closer interest so they can stay abreast of the art of the possible, and be cognisant of the solutions that financial institutions are implementing to address the latest mandates.”



The insider threat is not really a cybersecurity problem or a data analytics issue; it’s a human risk problem that can only be solved by understanding how people think and behave. In this slideshow, RedOwl has applied the science of risk assessment to employee behavior and come up with six persona types of employees who represent insider threat risks.



Eleonore Fournier-Tombs, RedOwl field data scientist, ponders the curious case of Galen Marsh, who stole masses of data from his former employee, Morgan Stanley, by using a very simple hack of the client data management system.



According to Adam Reeve, a principal architect at RedOwl Analytics security firm who was the first one to break this news, Niantic had the ability to read and send users’ email, access users’ Google Drive documents, look at users’ search history, view users’ Google Maps navigation history and access users’ private photos stored in Google Photos.



Amid an onslaught of privacy and cybersecurity threats, it can be difficult to predict which potential concerns will capture the public imagination. A particularly unlikely candidate for public debate over privacy and cybersecurity is Pokémon Go—a location-based, augmented reality mobile game developed by Niantic for iOS and Android devices.



Every day, U.S. companies are targeted by foreign nations trying to steal their intellectual property (IP). But today’s spies aren’t trained outsiders; they’re folks working in accounting or programmers in the back office. In the modern world, espionage takes place online, using user accounts that have been compromised via phishing or even blackmail.



Many of the attacks on small businesses come from the outside. But, in some incidents, it’s the firm’s employees who are the culprits. A software firm called RedOwl Analytics is trying to do something about this growing problem, according to this report from Quartz. The new service – introduced recently – is designed to track the behavior of all of the employees at a company with the goal of finding that one who is planning a data breach or possibly looking to steal intellectual property or other sensitive information.



You’d think it might be easy to catch a culprit who’s inside the office, but employees aren’t exactly announcing their criminal plans over company email. One solution comes in the form of detailed behavioral analytics: Software that can comb through hundreds of thousands of emails, chats, financial trades, login times, and other online activity to flag suspicious employee activity. In recent years, a handful of data-monitoring companies, such as RedOwl, Palantir, and Splunk, have started offering such software.



Just a couple of weeks ago, the app requested “full account access” to even more data, a fact that analysts found particularly troubling. Niantic has since said that the request was a mistake, and that they didn’t actually use any of it.



The insider threat is not just a cybersecurity problem or a data analytics issue; it’s a human risk problem that can only be solved by understanding how people think and behave. There are certain signals that, with context, can pinpoint an insider threat before they strike. For example, the Fat Leonard case can be identified with one type of threat.



Last week, the concerns about the app’s access to a user’s Google Account emerged, prompted by a blog post by RedOwl Analytics Principal Architect Adam Reeve, who called it a “huge security risk.” Original reports said the app gave full access to a user’s Google Account, including the ability to send and read emails, but later clarification found that the company was only able to access profile information.



Android users don’t appear to hand over the same far-reaching permissions, said Adam Reeve, a principal architect at RedOwl Analytics Inc. “My assumption is that this is a mistake on the part of Niantic, but it’s also possible that it is a problem on [the part of] Google,” he said in a blog post on the game’s privacy issues.



Adam Reeve, principal architect of security firm RedOwl, however, found that “Pokemon Go” required overly broad permission for those using a Google account as a sign-in. Even setting aside the location data collected by the app, he said, the app is a “huge security risk.” He noted the app, in theory, could allow “Pokemon Go” to read one’s Gmail, send email as you and access your Google search history.



Niantic was forced to admit its mistakes on Monday after computer security experts realized that the video game gets a rare level of access to your Google account. Adam Reeve, a computer security expert at the cybersecurity firm RedOwl, was the first to discover this.