Meet Sixgill - Your Eyes on the Dark Web
- Please describe your background and the company background.
- What's unique about your product, Dark-i?
- How does dark web monitoring help prevent targeted attacks?
- Part of your work involves mapping and profiling of Dark Web malicious actors. Could this be the answer to effective cyber law enforcement?
- Sixgill has recently published a report on ISIS activity which has been found on Telegram. Can you summarize your finding?
- How do you see the future of cyber in 5 years from now?
Sixgill is an Israeli Cyber intelligence firm that specializes in disruptive technology. Their main product, Dark-i, is designed to automatically gather relevant intelligence from within the dark web, disrupt malicious communications, and even get criminals arrested. In this article, I was honored to interview the brilliant mind behind Sixgill, CEO Avi Kasztan, and get a taste of the great mystery called the Dark Web. Share
Please describe your background and the company background.
Born in Uruguay, I came to Israel as a teenager and started my studies at the Technion. Later on, I started my career developing strategic projects for IDF in the field of encrypted communications.
Some years later I did my MBA in Management of Hi-Tech firms, also at the Technion. In my career, I was lucky to work next to some very talented people that left their stamp on the Israel Hi-Tech community. I worked at CheckPoint and VocalTec. Some years ago I founded Sixgill together with Elad Lavie.
The amazing thing about Sixgill is the way it all came together. I was offered to be at an Elite talent incubator and received the investment before I even had the idea. As good as it may seem, it was a huge responsibility and the expectations were accordingly. Based on that, I started to look for 2 things:
Disruptive technology, which at the time was not being addressed by the market; my experience in the cyber field has led me to conclude that Cyber-attacks will be getting worse, both in terms of quantity and complexity. The amount of damage that each attack can do will be constantly growing, and disruptive technology seemed to me like the best way forward.
Great people, with a proven and very successful track record, which I invited to join Sixgill, and together we created a great company.
Most of our team is made up of people who came from the Israeli elite intelligence security community, like the former CTO of the Mossad, head of 8200 eisp, former CEO’s, and of course Elad our top-notch CTO, among others, all of which are very sharp people one by one. Each of our team members was recruited meticulously.
What's unique about your product, Dark-i?
Dark-i automatically monitors and analyzes dark web activity to provide our customers with a comprehensive view of potential damages. We see most cyber-attacks before they happen, and give real-time alerts on data leaks of sensitive information.
The dark web is a very unique social network. We use it to learn the modus operandi of potential cybercriminals. They may change their names and locations, but if it's still the same person, we would recognize that.
Also, certain characteristics are very unique. For example, they have hierarchy. This is very important because it helps us to understand their decision making, which by the way is not always rational and is not necessarily motivated by money; ego adds a lot to the decision-making equation, with people wanting to be "the worst criminal in the world". It roots back to how we make decisions as human beings. We know and see that these patterns keep coming back again and again.
As individuals, we have a certain body language, not only physical but also behavioral, and this is what we try to understand.
There are 2 ways to approach cybersecurity:
- React to the attack. In most cases, this is a consequence of ignorance. You have no idea what will be the next step and what are the real intentions behind the scenes. This approach can serve in a limited way for a short time but will eventually fail.
- Know your enemy- Learn how he thinks; what motivates him; what has he done before, his successes and failure; who are his friends, and what do they think of him; Is he trying to impress someone to get into a closed group? You may be surprised by human psychology.
This is the bigger picture that we are trying to capture, and for that purpose, cyber intelligence is a must. Technology is just a means.
How does dark web monitoring help prevent targeted attacks?
The dark web is a social network in which people create their own relationships, but it's in no way similar to Facebook or Twitter. People don’t join to make new friends, and they don’t post pictures of their kids. They aim to do something, mostly illegal or with bad intentions, which cannot be spoken of openly. If everything we said from now on was anonymous and encrypted, the type of communications and social relationships would change more than a little bit.
The dark web is a place where you can discover everything from narcotics and human trafficking to contract killers, and from digital assaults to physical attacks. A glimpse at the significant amount of money that exchanges hands within the dark web clearly illustrates that the incentive is exceedingly high.
Part of your work involves mapping and profiling of Dark Web malicious actors. Could this be the answer to effective cyber law enforcement?
We profile attackers to find their social networks and modus operandi, and keep tracking them even when they change names and places.
Our primary assumption is that one person cannot plan a good cyber-attack alone. They'll need to cooperate with other hackers; they'll need QA testing; and, like any legitimate company, they will need to pay their employees, who can also get sick or dissatisfied- that's a strong human factor.
I will not go into details but we've had many cases where we got people arrested for their illegal online activity by passing what we know about them to the authorities. Our objective however is to mitigate them and interrupt their work.
Sixgill has recently published a report on ISIS activity which has been found on Telegram. Can you summarize your finding?
Early this year we started covering Telegram, a fully encrypted cloud storage and messaging app that serves as a safe haven for criminals. Our system can find, follow, monitor, and analyze hundreds of telegram channels.
Over the last few months, we've seen lots of discussions about weaponized drones on Arabic terrorist groups. They have folks who are giving commentary on how to make the UAV more lethal with chemical weapons; videos on how to make homemade bombs, classroom lessons, lots of propaganda, and some very effective guidelines.
Some dark web actors may cross-reference with other streams of information. From our point of view, anytime we see a platform with value, we start collecting every bit of information that's ever been on there. Since we're talking about a very large database, you can really get a lot of intelligence.
How do you see the future of cyber in 5 years from now?
Everything today is connected to the internet. Where there is motivation there are the means to perform an attack. The Dark Web enables an encrypted and anonymous way to speak, share ideas, plan, and finally execute. In this way, it creates a collective intelligence that constantly defies the level of previous sophistication and complexity. It is very interesting that the amount of money that exchanges hands within the Dark Web is huge and growing constantly. Connected cars, IoT, terrorism, they all create a strong infrastructure for crime and huge damages. Combined with rapidly growing technology, cybercrime is not stopping anytime soon, and I have no doubt that at some point everyone will be affected.
For these reasons, Cyber intelligence in general is critical, and the Sixgill solution platform, in particular, is essential.