As mentioned in previous articles I am absolutely fascinated with ‘OSINT’ (Open-Source Intelligence) and ‘Information Gathering’ when it comes to ethical hacking and cybersecurity, maybe I am some kind of voyeur who likes snooping but I suppose it’s always been there as I love people watching when travelling, I used to travel a lot in one of my previous jobs and spent every second Friday in Heathrow waiting to fly home just people watching and this is a sort extension of that in some way, possibly.
Anyways, I stumbled upon an article earlier on in the week that blew my mind regarding this from someone called ‘Under The Breach’ about tracking down REvil’s “Lalartu” by utilizing OSINT methods, there was a huge rise in companies that were breached with ransomware which is when they encrypt the companies servers, files and data then hold them to ransom, the company needs to pay in some kind of cryptocurrency (usually Bitcoin) to get it all back.
An extremely talented group came to prominence recently and named themselves ‘REvil’ and not to go over it all but ‘Under The Breach’ sussed out who one of the threat actors was by an amazing example of how you can use OSINT methods, if you have ANY interest in this type of work then I urge you to please go and read the article on how they did it at either of these links which is their website and medium page.
- https://underthebreach.com/f/tracking-down-revils-lalartu-by-utilizing-multiple-osint-metho
- https://medium.com/@underthebreach/tracking-down-revils-lalartu-by-utilizing-multiple-osint-methods-2bf3a6c65a80
On their website, they offer the following services.
By utilizing confidential sources within exclusive cyber-crime forums and hacking groups we identified the most critical attack vectors used by cyber criminals today and offer our customers unparalleled pre-breach information on their companies.
We offer a highly-precise alert system that allows companies to know exactly what online threats they face in order to take action proactively, before a costly data breach can occur.
Our boots-on-the-ground approach to cyber-criminal threats, developed by elite IDF intelligence alumni, grants us the ability to not only protect your employees and digital assets, but also identify threats facing the dearest asset of your company — your customers.
Bottom-line: our mission is to prevent the next data breach in your company’s database so we could save your company millions of dollars.
- https://medium.com/@underthebreach/under-the-breach-subscription-2f6df0986a95
- https://underthebreach.com/service-list
Once I had read through the article I was smiling to myself about it all and so went to their website and read the other articles, there is only another four as they are new about town in the cybersecurity world (under this name at least) and the other articles are just as insightful and fascinating to read like this one:-
“So how did a group of individuals get their hands on 230,000 computers worldwide in the first place?”
- https://underthebreach.com/f/genesis-market-2020-overview-a-bazaar-for-buying-data-out-of-com
- https://medium.com/@underthebreach/genesis-market-2020-overview-a-bazaar-for-buying-data-out-of-compromised-computers-85b581b903ec
or
“How I found the hacker behind a 850,000 computers botnet”
- https://medium.com/@underthebreach/how-i-found-the-hacker-behind-a-850-000-computers-botnet-1bd37dc4de74
- https://underthebreach.com/f/how-i-found-the-hacker-behind-a-850000-computers-botnet
As you can see these are absolutely brilliant reads and someone who is clearly very talented and skilled at what they do.
After reading some news articles that they have appeared in (bear in mind ALL OF THIS is in 2020, all less than two months) I thought I would reach out to ask a few questions for the site.
If you want to read the articles click the links here:- The New York Times, The Guardian, CNBC, ZDNet & Bleeping Computer.
I was thrilled when they said yes and to be quite frank, we’ve been chatting away on twitter and they are unbelievably nice, really pleasant to talk too.
Here is the interview ?
I can see the company has launched recently and is already a success well done, how long has the plan been on the horizon in starting it?
I’ve loved the hacking community since I was young, I then had a chance to build my skill set during my service in the IDF.
During that time I started developing the idea for a service but knew that I don’t have any connections in the real world so I first wanted to see if the content I’m posting even holds up when actual professional researchers see it.
Seeing they didn’t slam me and in fact a lot of people I looked up to since I was young started to motivate me into doing more of what I do, I decided to go on and launch the service because I feel like it would help a lot of companies during these times when data breaches are so common..
Appreciating the fact you want to keep a level in anonymity given the line of work, can I ask about how you/the company got into ethical hacking and Pentesting as obviously there is not much about you online?
Throughout the years of browsing hacking communities and talking to hackers on a daily basis, I began sympathizing with movements supporting privacy like the cypherpunks and realized I could help prevent data breaches to companies thus preventing exposure of sensitive information of people around the world.
Reading through the articles of your OSINT (Open-Source Intelligence) work and it is fascinating to read, are you involved in other Pentesting stuff?
I spent years learning OSINT techniques and building OSINT techniques on my own but another hobby I have is learning more and more about Cryptocurrencies and how they’re going to change the lives of people around the world.
On the other hand, unfortunately, Cryptocurrencies have a major role in the shift I’m seeing in Cybercrime recently – hackers are much more incentivized to hack large companies due to the rise of Ransomware, allowing a hacker who sits at home to blackmail a large corporation which is in a whole different continent from him, I think this shift will create a new era of hacking and we need to prepare ourselves.
What services do you offer the client?
The service I am offering is mitigating a widely used attack vector that is used by the biggest Ransomware/Cybercrime groups before they manage to utilize it and hack companies.
How have you managed to decide what to work on, was it client based every time or did you just fancy working on some of them?
Every single thing I wrote so far was written because I felt like people would enjoy reading it and it would help spread awareness to data breaches, exploits and cybercrimes.
Although you only have an online presence in the OffSec online world since August I am assuming it’s been longer?
Yes, I’ve been fascinated with the hacking community for many years now, I’ve had plenty of aliases throughout the years, and of course I also maintain my real social media and have a life aside from what you’re seeing.
you think people underestimate the importance of OSINT and what is a good way of practicing in it?
I definitely think OSINT is underestimated, I feel like if people knew what you’re capable of doing “merely” with OSINT they would be amazed.
The information is always out there no matter how much you try to hide it, you just have to be creative and think outside of the box, this is why I enjoy it so much.
A good way to practice it is to start reading materials about different OSINT methods and start practicing, you can start by trying to find all the information you can about yourself online.
What advice would you give to someone just starting out in Ethical Hacking and looking to find their interests in it.
I feel like talking to the community will really help newcomers, there are amazing people out there who are always ready to help and teach people, don’t hesitate to talk to them!
How did you decide to stay so anonymous, is it to save from repercussions of the people you catch or just to make the job easier when on a specific one?
I think being anonymous is just an old habit of mine (practice what you preach right?).
I advocate for privacy and I think people should always take care of themselves before thinking other people will do it on their behalf.
I already told some journalists and investors who I am because I don’t actively try to hide my identity, when I launch the upcoming service I will let people who I am and what my background is.
Given the successful start to you guys, what is the plan for next couple of years?
I’m hoping that as time goes on we will start feeling the impact of what we do and how we are able to help companies.
I want to be able to look back at this time and feel like I really built something useful.
Please go and check them out on the web at the following:-
- Website = https://underthebreach.com/
- Medium = https://medium.com/@underthebreach
- Twitter = https://twitter.com/underthebreach