Monday, February 13, 2023

Who is Dancho Danchev? - Part Two

Hello everyone,

This is Dancho and I would like to welcome you to my official "I'm now officially back" blog post detailing some of my current future and upcoming projects including a brief introduction to who I am to those unfamiliar with my research activities throughout the years where you can freely grab a E-Book copy of my blog in a full offline fashion from here.

My name is Dancho Danchev I'm a 38 years old security blogger OSINT analyst and threat intelligence analyst from Bulgaria. I'm currently running one of the security industry's most popular security publications which is my personal blog - Dancho Danchev's Blog - Mind Streams of Information Security Knowlwedge. I've been running my publication since December, 2005 and throughout the years I had an overage of 7,000 RSS feed subscribers including 5.6M page views throughout the years making my blog an extremely important switchboard to the world of security blogging OSINT research and analysis threat intelligence analysis and most importantly cybercrime fighting research and analysis.

I'm also acting as a DNS Threat Reseaarcher at WhoisXML API.

It's been a while since I've last posted a quality video on YouTube and I've decided that this is going to be a pretty long and decent introduction into what I've been up to online since the 90's up to present day where I'm an internationally recognized cybercrime researcher security blogger and threat intelligence analyst. In this rather long video I'll walk you through my experience as a hacker enthusiast during the 90's up to present day and I'll also discuss in-depth a variety of personal projects including to offer a general discussion and overview on a variety of key topics that are currently active within the security industry including my personal career such as for instance.

Among my key accomplishments include my "lawful surveillance" and "lawful interceprtion" experience as teenage hacker the production of the popular Astalavista Security Newsletter circa 2003-2006 including the "take-down" of the Koobface botnet [MP3] including a participation in Top Secret GCHQ program called "Lovely Horse" including regular appearance in major news publications for interview and expert opinion including Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine and regular security and research presentation appearance at major security events at GCHQ, Interpol, InfoSec Europe, RSA Europe and CyberCamp.

I'm an internationally recognized expert in the field of cybercrime fighting and threat intelligence gathering having actively pioneered my own methodlogy for processing threat intelligence which leads me to a successful set of hundreas of high-quality anaysis and research articles published at the industry's leading threat intelligence blog - ZDNet's Zero Day, Dancho Danchev's Mind Streams of Information Security Knowledge and Webroot's Threat Blog with his research featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine currently producing threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge.

With my research featured at RSA Europe, CyberCamp, InfoSec, GCHQ and Interpol I continue to actively produce threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge publishing a diverse set of hundreds of high-quality research analysis detailing the malicious and fraudulent activities at nation-state and malicious actors across the globe.

In the past I've been a member of:

    * A Member to WarIndustries (http://warindustries.com)
    * List Moderator at BlackCode Ravers (http://blackcode.com)
    * Contributor Black Sun Research Facility (http://blacksun.box.sk) (BSRF)
    * List Moderator Software Contributor (TDS-2 Trojan Information Database) (https://packetstormsecurity.com/files/25533/tlibrary.zip.html) DiamondCS Trojan Defense (http://tds.diamondcs.com.au)
    * Contributor to LockDownCorp (http://lockdowncorp.com)
    * Contributor to HelpNetSecurity (http://forbidden.net-security.org)
    * A Security Consultant for Frame4 Security Systems (http://frame4.com)
    * Contributor to TechGenix’s WindowSecurity.com (http://www.windowsecurity.com/authors/dancho-danchev/)
    * Technical Collector - LockDownCorp - (https://lockdowncorp.com)
    * Managing Director - Astalavista Security Group - (https://astalavista.com)
    * Security Consultant - Wandera - (https://wandera.com)
    * Threat Intelligence Analyst - GroupSense - (https://groupsense.io)
    * Security Consultant - KCS Group Europe - (https://kcsgroup.com)
    * OSINT Analyst - Treadstone71 - (https://treadstone71.com)
    * Security Blogger - Armadillo Phone - (https://armadillophone.com)
    * Security Blogger for ZDNet (http://www.zdnet.com/blog/security/)
    * Threat Intelligence Analyst for Webroot (https://www.webroot.com/blog/)

I would like to thank the following people for contributing to the Scene throughout the 90's up to present day and for keeping up the good work part of Astalavista.com's Security Newsletter which I produced circa 2003-2006.

    * Proge — http://www.progenic.com/
    * Jason Scott — http://www.textfiles.com/
    * Kevin Townsend — http://www.Itsecurity.com/
    * Richard Menta — http://www.bankinfosecurity.com
    * MrYowler — http://www.cyberarmy.net/
    * Prozac — http://www.astalavista.com/
    * Candid Wuest — http://www.trojan.ch/
    * Anthony Aykut — http://www.frame4.com/
    * Dave Wreski — http://www.linuxsecurity.com/
    * Mitchell Rowtow — http://www.securitydocs.com/
    * Eric (SnakeByte) — http://www.snake-basket.de/
    * Björn Andreasson — http://www.warindustries.com/
    * Bruce — http://www.dallascon.com/
    * Nikolay Nedyalkov — http://www.iseca.org/
    * Roman Polesek — http://www.hakin9.org/en/
    * John Young — http://www.cryptome.org/
    * Eric Goldman — http://www.ericgoldman.org/
    * Robert — http://www.cgisecurity.com/
    * Johannes B. Ullrich — http://isc.sans.org/
    * Daniel Brandt — http://google-watch.org/
    * David Endler — http://www.tippingpoint.com/
    * Vladimir, 3APA3A — http://security.nnov.ru

In this upcoming series of blog posts I'll discuss in-depth a variety of personal projects and current and ongoing both real-time current and historical research and analysis activities in the following categories such as for instance:

 - My Dark Web Onion 
 - My Uncle George Law Enforcement and OSINT Enrichment Operation
 - My Cybercrime Forum Data Set
 - My Unit-123.org E-Shop for Intelligence Deliverables Project
 - My Offensive Warfare 2.0 Threat Intelligence Clearing House Project
 - My Disruptive Individual's Threat Intelligence Feed
 - My Current work as a DNS Threat Researcher with WhoisXML API
 - How I ended up in Snowden's Archive?a
 - How I ended up on Wikileaks?
 - How I made it into several comparative academic studies on the quality of sharing threat intelligence and cybercrime research information?
 - How come I'm the only one listed as a competitor in Jeffrey Carr's Taia Global Competitors Slide?
 - What's it's like to run the infamous Astalavista.com portal back in 2003-2006 where I was acting as a Managing Director?
 - What it's like to get the privilege to work as a security blogger at ZDNet's Zero Day blog for four years?
 - What's it's like to work as a security blogger with Webroot for two years?
 - How I ended up and spend the last couple of years doing OSINT on the bad guys?
 - How I ended up having a project on the infamous Astalavista.box.sk?
 - A brief introduction into some of the latest developments and research that I posted on my personal blog - Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
 - How I ended up having a mobile application?
 - How I ended up having a personal memoir?
 - How I got busted?
 - What it's like to visit the GCHQ?
 - What it's like to meet the security industry?
 - What it's like to visit RSA Europe 2012?
 - What it's like to visit InfoSec 2012?
 - What it's like to visit CyberCamp 2016?
 - What it's like to get an invitation to visit Canada's Security Service?
 - My DIA Needpedia Investment Proposal
 - How I ended up discovering a SolarWinds victim?
 - How I ended up with a real-time OSINT and cyber attack attribution campaign on the Conti Ransomware Gang?
 - How I ended up almost retiring and offering OSINT and threat intelligence training?

Before I continue and actually present the topics which I'll cover exclusively in this video in-depth I would like to thank the following individuals with the idea to say big thanks for offering interest and support for some of my projects where I'm currently doing my best both personally and professionally to return them the favor:

- Jamie Riden
- Steve Santorelli
- Michal Salat
- John Young
- Paul de Souza
- Harrison Cook
- Ian Cook
- Jeffrey Bardin
- Liran Sorani
- Joe Steward
I also wanted to take the time and effort to dedicate this video introduction to my ex-girfriend circa the 90’s Yordanka Ilieva with whom I worked on the infamous https://astalavista.com where I had the privilege to work on the infamous Astalavista Security Group Security Newsletter and received the necessary support and guidance in the context of making this high-quality security publication happen including everyone in the U.S that I know and have worked with in the context of fighting cybercrime where I wanted to say big thanks to everyone who ever approached me and said “keep up the good work” and “keep it coming” in the context of motivating me to continue doing my research and continue to publish high-quality research articles and proper cyber threat actor attribution research and analysis including the following people:

- Ivan Schmid - for being the coolest boss ever in the world and for welcoming me on board at one of the Web’s most popular Web site for hackers circa 2003-2006 where I had the privilege to work as a Managing Director of the portal with my ex-girlfriend circa the 90’s - Yordanka Ilieva while I was studying in the Netherlands.

- Pascal Mittner - for being the second coolest boss ever in the world who I never really had the chance to meet personally but was properly doing my work and where I was actually getting paid to do my work

- Gary Scott - with whom I had the privilege to exchange data and information during the 90’s on my way to
produce a high-quality newsletter and actually threat intelligence type of brief for ScanSafe at the time which later on got acquired by Cisco

- Paul Ferguson - for keeping it cool and for keeping in touch an for actually inspiring me to do my research
into the field of cybercrime research through his daily publications at his personal blog

- Alex Eckelberry - for keeping it cool and corporate and for actually inspiriting me to do my research in the
field of cybercrime research and for running and maitaining Sunbelt Software which greatly inspired me to do my research in the field of cybercrime research

- James McQuaid - for being among the few individuals to actually raise awareness on the existence of the Russian Business Network and for continuing to supply high-profile and high-value threat intelligence information on a variety of mailing lists

- Jeffrey Bardin - for inviting me to join Treadstone71 as an OSINT Analyst and to actually allow me to work with him on a several projects where I actually earned the necessary amount to pay some of my bills and properly invest in several projects including to lauch one of the first commercial E-Shops for intelligence deliverables

- Jeffrey Carr - for keeping it cool and for expressing his personal gratitude and commenting on my research in the context of “keeping it coming”.

- Ken Dunham - for keeping it cool and for running a high-profile and popular mailing list for security trends and actual technical information on current and ongoing cyber attack trends

- Jart Armit - for keeping it cool and for approaching me several times to say “hi” and “keep up the good work”

- Robert McMillan - for being a true professional and a good friend with whom I had the privilege and speak and communicate on a numerous occassions

- Rob Lemos - for being a good proffessional and someone that I know and have worked with and whose work I’ve followed in the past

- Gregg Keizer - for being a true professional and for actually bothering to quote me and reference me in several articles on numerous occassions

- Gary Warner - for being a true professional and for being always on the front lines of fighting the bad guys and cybercrime internationally

- Jorge Mieres - for being a true threat intelligence and cybercrime research professional and for keeping it cool in terms of new research and for offering a unique and in-depth overview and perspective on new and novel cyber attack trends and threats

- Marcus Sachs - for keeping it cool and for being a true professional whose work I’ve followed in the past

- Gunter Ollman - for being a true professional and a good friend with whom I actually got the chance to meet at RSA Europe 2012

The World is small and infinite and we can definitely make it a better place by doing our work following the basic methodology that an “OSINT conducted today is a tax payer’s buck saved somewhere”.

I owe everyone a big one and I'm doing my best both personally and professionally to return the favour. Bare with me.

Stay tuned!

The time has come for me to introduce myself professionally through the prism of the opinion of my fellow colleagues and friends from the industry.

Here are some sample recommendations which I've received from friends colleagues and partners throughout the years with the idea to illustrate my experience and expertise in the field such as for instance:

“I have been working in the security space for many years and for a very large part of that have been following the excellent research work that Dancho has been doing in identifying cyber criminals and doing complex analysis of highly advanced modern day malware attacks. Dancho is extremely well known in the security industry for the work he has done and continues to do. When we had the opportunity of collaborating with Dancho at Webroot, we didn’t hesitate. Dancho has proven to deliver on a continuous basis for us and his work is simply phenomenal. I look forward to working with Dancho for many years to come.”
— Jacques Erasmus, was Dancho’s client

“Dancho is an expert researcher who I’ve had the pleasure of working with on several hacker investigations for Taia Global clients. I consider Dancho one of the best and most insightful researchers working in InfoSec today.”
— Jeffrey Carr, CEO, Taia Global, Inc., managed Dancho indirectly at Non-disclosure agreement

“Dancho Danchev has his pulse on the cyber criminal community. I can think of few people who have his experience, skills and understanding when it comes to cyber intelligence and understanding the cyber threat. I cannot recommend Dancho enough.”
— Lance Spitzner, President, The Honeynet Project, worked with Dancho at Non-disclosure agreement

“Dancho is one of those exceedingly rare security professionals with not only an eye for uncovering the root cause of an attack and the ability to examine it from multiple angles, but also explain his findings in a way that has a meaningful and direct impact on those tasked with defending against such attacks. I admire the depth of his analysis and his dogged determination to track back who the criminal operators are despite the dangers he could be exposed to. Dancho gets two-thumbs-up from me and I’d hire him in a heart-beat if he ever makes it to the USA. In the meantime I’ll keep on following his research, reading his blogs and looking forward to collaborating with him on future cyber crime investigations.”
— Gunter Ollmann, Vice President of Research, Damballa, Inc., was with another company when working with Dancho at Non-disclosure agreement

“Dancho is an exceptional information security professional; he continually goes the extra mile for clients and the security community. His knowledge and analysis in core areas as threat intelligence analysis, cybercrime counter Intelligence and competitive intelligence research is outstanding. He also manages the most difficult task with ease, that of communicating this in an understandable and meaningful form for the community. Working with Dancho over several years has been highly productive, and beneficial.”
— Jart Armin, Editor, HostExploit, was with another company when working with Dancho at Non-disclosure agreement

“I first knew Dancho when he was fresh out of college but already with a prodigious understanding of information security matters. He became one of the experts in the Security Clinic on ITsecurity.com, a site I founded and was publishing at the time; and he willingly gave free security help and advice to visitors to the site. Since those days I have watched both his career and knowledge grow in leaps and bounds until he is now, without any doubt, one of the world’s leading experts on the shady world of cybercrime.”
— Kevin Townsend, Founder/Editor, ITsecurity.com, worked directly with Dancho at ITsecurity.com

“Dancho is a veritable mine of information, particularly on subjects like the ones he blogs about, such as spam and malware campaigns and the actors behind them. I am an avid reader of his, and also have met Dancho at a few conferences that we’ve both attended. I’ve found him to be extremely friendly, and always ready to explain anything he’s been working on. Were I organising a conference, I would definitely send him an invite.”
— Jamie Riden, Senior Consultant, NGS Secure, was with another company when working with Dancho at Non-disclosure agreement

“While rebuilding the site security and fraud team at a leading online web site, threats and rapid evolution in the online security space necessitated I get up to speed quickly, and with more than a modicum of depth and breadth of understanding of current trends and risks in the cyber security realm. After spending considerable time building an information network of the most germane, relevant, and useful sources, a common thread emerged from the chatter of activity and updates – “Dancho Danchev”. As I poured over security publications, cyber-security journals, blogs, and security vendor sites, I continued to see Dancho cited and acknowledged as the security researcher and expert who “broke the story” or “tipped off users to the nvulnerabilities” or “alerted the community to threat vectors” for major events. Dancho has voluntarily shared critical information on what the crooks are up to and has been an invaluable and much appreciated resource. Dancho’s passion for his work is reflected in his genuine desire to quash the “bad guys” activities and share as much actionable information as he possibly can. I highly recommend Dancho to any organization seeking an top-notch expert and passionate evangelist of online security practices.”
— Chris Duncan, Director - Customer Operations, CareerBuilder.com, was with another company when working with Dancho at ZDNet

Here's a brief interview with me which I gave to the original and upcoming re-launch of the infamous Astalavista.box.sk project:

Dear Dancho – can you please introduce yourself and the latest Box.sk project? Can you please elaborate more on your experience in fighting cybercrime including your contributions to the threat intelligence gathering community and the U.S Security Industry?

My name is Dancho Danchev. I’ve been an independent contractor doing OSINT cybercrime fighting and threat intelligence gathering for over a decade and I’m currently running one of the security industry’s leading security publications which is my personal blog where I’ve established the foundations for an efficient and relevant OSINT and law enforcement methodology in terms of fighting and disrupting cybercrime internationally which led me to pursue a successful career with several high-profile U.S based companies and organizations throughout the past decade following a successful career as an ex-hacker throughout the 90’s. My daily routine consists of digging deep inside the cyber warfare realm in the context of responding to and tracking down high-profile nation-state sponsored or targeted malware campaigns and cybercrime incidents and keeping track of the bad guys as usual with the idea to contribute to the overall demise of cybercrime internationally and to actually contribute to the U.S Intelligence Community with operational and tactical intelligence including to actively support U.S Law Enforcement on its way to track down and respond to cybercrime events globally.

My primary motivation for re-lauching a project on the original Astalavista.box.sk is to “show them how it’s done” in the context of reaching out to a broader audience in the context of offering practical tactical and operational advice in the World of cyber warfare information warfare operations and to present hardcore and never-published before potentially classified and sensitive material in the world of the U.S Intelligence Community and U.S Law Enforcement and to actually find a constructive and relevant way to say “hi” and “we’re back” to a loyal base of users globally and to actually find a way to “keep the spirit” of the Scene the way we know it. I’ve planned a set of new high-profile projects which I intend to communicate to our audience to a systematic and periodic basis with the idea to offer an insightful and unique peek inside the Scene the way we know it.

What are some of the currently running Box.sk projects and what do you have planned for the future?

We’re currenty running a high-profile and extremely popular WordPress blog including a cyber security and hacking forum community and we’ve recently launched an extremely popular Call for Papers and Call for Innovation part of the WHGDG (World Hacker Global Domination Group) franchise where we’re currently soliciting content in a variery of areas and on a variety of topics including a recently launched IRC server including an extremely popular search engine for hackers and security experts including the upcoming launch of our flagship publicly accessible product called Project Cybertronics VR for Hackers and Security Experts including an upcoming high-profile YouTube broadcast featuring folks and experts from the security industry and the Scene.

We’ve also lined up a variety of high-profile and upcoming community-driven and publicly accessible products and services and we’ll be definitely looking forward to issuing periodic updates on their public and proprietary availability. “If it’s going to be massive it better be good” in the context of re-surrecting and re-launching the Scene’s and the security industry’s most popular Web site for hackers and security experts internationally.

Among the key features of the portal include a flagship search engine for hackers and security experts which can be accesses at – and is currently indexing over 3M web sites for hackers and security experts.

What do you think about U.S National Security in a post-Snowden world?

I’m a firm believer that building communities around leaked and classified data might not be the best way to actually communicate its value and actually reach out to a wider audience potentially blowing the whistle on currently active and sensitive and classified cyber surveillance and cyber intelligence type of programs part of the portfolio of services courtesy of the U.S Intelligence Community. I’m also positive that a new set of copy-cats will eventually emerge trying to potentially steal operational and tactical know-how from the leaked data potentially setting the foundations for their own private and proprietary cyber surveillance and cyber intelligence products.

In terms of U.S National Security in a post-Snowden world I believe that a specific set of international fan-base or actual clusters of supporters cannot really do much harm besides raising awareness on the actual state of cyber surveillance and cyber intelligence programs and their scale and reach internationally and can actually assist in building a more sophisticated internal security systems in place.

The current state of U.S National Security has to do with a specific set of post 9/11 contractor base which are truly making an impact globally by launching new companies actually hiring people to work for them and actually are fully capable of disrupting and undermining today’s modern and sophisticated cybercrime-driven online activity that also includes various cyber jihad sentiments globally. Case in point would be ISIS which the U.S Cyber Command has specifically targeted and could be possibly used as the most relevant and recent example of fraudulent online cyber jihad activity up to present day in the context of a large scale international campaign which basically attracted the U.S attention which resulted in a variety of campaigns targeting pro-ISIS infrastructure and its supporters.

How can you best describe your experience in tracking down and monitoring of the Koobface botnet?

It took me two and a half years of active daily monitoring of the Koobface botnet to actually come up and properly provide the necessary technical research and analysis behind the actual working of the botnet and actually allow me to track down and publicly distribute a variety of personally identifiable information on one of the key members of the group which at some point resulted in having Facebook’s net-space IP block redirected to my personal blog including to actually have a personal message embedded on tens of thousands of infected hosts globally personally greeting me for my research into the Koobface botnet. At some point my research into the group’s whereabouts became the primary information source on the group’s activities internationally which resulted in a series of blog posts on the topic and greatly motivated me to continue my research into the way the botnet worked at the time through the systematic and daily publication of high-profile and never-published before technical analysis and research on the botnet’s la

What’s the current state of the fight against cybercrime globally?

While we’re currently observing a lot of newly popping-up vendors and organizations who are actually good at tracking down and responding to cybercrime incidents and activities it should be clearly noted that high-profile think-tanks including independent researchers organizations and vendors who have been tracking down cybercrime incidents and profiling cybercrime activities for decades should be easily considered a recommended reading in terms of their recently and historical published research in this area.

It should be also clearly noted that wide-spread cooperation campaigns between the academic commercial and private sector are already taking place potentially undermining and contributing to the overall lowering down of cybercrime activity globally.

What should be done in the broader context of fighting cybercrime internationally is a currently ongoing OSINT and Law Enforcement operation similar to my recently launched crowd-sourced OSINT and Law Enforcement operation called “Uncle George” including my most recently published high-profile and available online for free Cybercrime Forum Data Set for 2019 which you can download and process and potentially reach out to me in terms of the actual enrichment and tracking and shutting down process.

How can you best describe the ongoing intersection between law enforcement and the U.S Intelligence Community in the context of launching offensive lawful surveillance campaigns? Case in point is the recent take down and hijacking of the primary domain for Encrochat a proprietary encrypted mobile solution? Do you think Dutch law enforcement basically abused its technological “know-how” and expertise to target a commercial encrypted mobile solutions provider?

This is something that’s extremely important in the context of fighting cybercrime but can definitely raise someone’s eyebrows across the World in the context of preventing and responding to cybercrime and cyber jihad incidents globally in particular the intersection between U.S Law Enforcement and the U.S Intelligence Community. Case in point is the Dutch Intelligence Service which is quite experienced in fighting tracking down and actually responding to cybercrime and cyber jihad incidents globally which is a great example of the intersection between law enforcement and a country’s Intelligence Agencies globally. Case in point is Encrochat which is basically a commercial enterprise which was successfully taken offline thanks to a cooperation between the Dutch Intelligence Service and Law Enforcement internationally which eventually led to the direct compromise of the primary command and control infrastructure of the company and the actual interception of ongoing messages and communication.

Do you think that the launch of U.S Cyber Command is a step in the right direction? Do you think that publicly sharing proprietary malware releases on VirusTotal is an OPSEC violation? How do you think the U.S Cyber Command can better perform in the context of today’s modern offensive cyber warfare arms race?

Successfully positioning a major U.S based and publicly accessible organization for the purpose of fighting to and responding to cybercrime and cyber attack incidents is a step in the right direction. It should be clearly evident that with the U.S Cyber Command looking to expand and extend its industry outreach campaigns and is actually bothering to share proprietary releases which can be clearly found in a huge number of public and private malware repositories thanks to third-party researchers and vendors this is definitely a step in the right direction. In the broader context of fighting cybercrime and responding to cyber jihad and cyber warfare campaigns and incidents globally.

You used to work on Astalavista.com one of Box.sk’s primary competitors throughout 2003-2006? What’s your impression for running and managing the portal? What really took place when it got hacked?

I used to run and manage Astalavista.com which was the primary competitor of the original Astalavista.box.sk throughout 2003-2006 while I was studying in the Netherlands which greatly helped me make impact internationally and actually helped me pay the bills at the time. My primary responsibilities were to manage and issue daily updates to the security directory including the security news section including the production of a highly popular and high-traffic volume Security Newsletter where I was also responsible for interviewing people from the Scene and the Security Industry.

My other responsibilities included the overall look of the portal including the introduction of new sections including to actually manage and run advertising inventory where I was responsible for bringing more advertisers on board.

Is it true that you’re running one of the security industry’s most popular security publications? How did you originally launched the project? What’s the current state of the project?

I’ve been been running my personal Dancho Danchev’s Blog since December, 2005 while I was still working or https://astalavista.com acting as a Managing Director of the portal where I was busy responsible for the daily updates of the Security Directory including the Security News section including the introduction of new

What’s your attitude towards “4th party collection?

As this has been my primary area of occupation throughout the last couple of years with the results of my research published at my personal blog I believe that 4th party collection is largely driven by a specific set of folks and experts who are actually capable of making an impact and causing widespread damage across the cybercrime ecosystem internationally. Case in point is my most recently launched Law Enforcement and OSINT operation called “Uncle George” where I’ve managed to publicly process approximately 1M web sites from major and leading online cybercrime-friendly forum communities with the idea to assist U.S Law Enforcement and the U.S Intelligence Community on its way to enrich and actually process the data set potentially disrupting the cybercrime-friendly forum communities behind the campaign including to actually track down and prosecute the cybercriminals behind these campaigns.

Do you believe that an over-populated security industry means lower OPSEC for high-profile operations?

I think that as we’re continuing to witness the emergence and the existence of new cybercrime and OSINT researchers and analysts joining the security industry which could actually make the fight against cybercrime ever easier in case these researchers get invited into private mailing lists and private invite-only communities. I don’t necessarily think that an over-populated security industry means lower OPSEC for high-profile operations in case everyone involved in a specific campaign or operation is keeping track of its sources and sources of information.

Who’s running the show in 2020? What can best describe a successful “4th party collection” or virtual SIGINT operation? Who’s running the show in terms of fighting cybercrime online?

I’m currently observing the usual deal of research done by high-profile and well-known cybercrime researchers and security experts that also includes vendors including a great deal of research done by novice researchers entering the cybercrime research ecosystem. In terms of a successful “4th party collection” I can best describe the process as a combination of Technical Collection OSINT analysis and actual enrichment and actual U.S Law Enforcement and U.S Intelligence Community outreach where the ultimate goal would be to track down the prosecute the cybercriminals behind these campaigns.

Is it true that we live in an utopian World where North Korea and Iran-originating cyber attacks are basically launched by anything but nation-state actors namely Generation Y individuals who’re online starting to embrace new technologies meaning that “everything’s in order”?

I can confirm an evident trend where the mainstream news media is over-hyping the use of remote access tools which in reality are good old fashioned trojan horses circa the 90’s in terms of launching targeted or widespread malicious software serving campaigns. Based on my research and analysis it should be clearly evident that both North Korea and Iran are lacking the necessary technical and operational “know-how” to launch or participate in high-profile campaigns making it easier for these parties to outsource their cyber warfare or malicious software research and development needs to a third-party which could be for instance Russia.

Do you believe that corrupt and potentially compromised North Korean online agents are actually doing more harm than good by participation in cyber warfare campaigns using techniques and methodologies that were common in use throughout the 90’s namely trojan horses and various other lawful surveillance tools?

I’m clearly observing an increase in such type of “rogue agent” type of activity where North Korea or Iran-based hackers are actually directly undermining the OPSEC of their country’s offensive or defensive cyber warfare operations in terms of actually signaling trends and various other indicators which could prove crucial in a possible attribution campaign or actual assessment of a specific country’s understanding of offensive and defensive cyber warfare.

Were you surprised that you participated in a Top Secret GCHQ program monitoring hackers on Twitter called “Lovely Horse”? How do you think you made the list?

This was quite a surprise and it was in fact a privilege and an honor to have made the list with my old Twitter account where I was busy contributing with research and various other type of activity announcements on a daily basis while working for my previous empower which is Webroot. I think I made the list based on my research and it would be definitely a privilege and an honor to learn more and actually find out more about related Top Secret or Classified program where I’ve participated with my research.

What’s the current state of your currently ongoing law enforcement and OSINT operation “Uncle George”?

The current state of my currently ongoing Law Enforcement and OSINT operation called “Uncle George” is an active cooperation between several researchers who approached me including a vendor in terms of enriching the actual data set potentially helping me reach out to U.S Law Enforcement on my way to assist U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns. Users interested in joining my currently ongoing Law Enforcement and OSINT operation “Uncle George” can do it here.

Stay tuned!

No comments:

Post a Comment