The Hacker Mind Podcast: When The Dark Web Discovered ChatGPT

Robert Vamosi
March 22, 2023
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

We’ve seen drug marketplaces and extremists use the Dark Web. Will generative AI tools like ChatGPT make things crazier by lowering the barrier to entry?

Delilah Schwartz, from Cybersixgill, brings her extensive background with online extremists to The Hacker Mind to talk about how she’s seeing a lot of chatter in the Dark Web about generative AI being used online for scams. She discusses what is and what is not likely to happen next. 

VAMOSI: We hear a lot about the Dark Web. We hear a lot of hyperbole. We hear about spectacular crimes such as those committed by Ross Ulbricht.

ABC News : News of that stunning arrest of the drug kingpin who goes by the name Dread Pirate Roberts who has cornered the internet drug market. His real name is Ross Ulbricht and his website, Silk Road, is packed with products like cocaine and heroin. If you see Gio Benitez here with all the details Good morning, Gio. George, good morning to you. The FBI calls it the most sophisticated criminal marketplace on the internet. 1000s of drug dealers used to sell drugs and completely hide their identity having a market…

VAMOSI: Having a marketplace that was located on the hard to reach dark web was not new. Like most successful entrepreneurs, Ulbricht streamlined and perfected various aspects so that he could offer the sale of illegal drugs to anyone who could access the site. 

When the Silk Road fell, it was replaced by Silk Road II, and then AlphaBay, and others. It seems that these high-profile marketplaces were too profitable for others not to try their hands at it. Of course, over time, law enforcement would find ways to intercept the administration of these site, take them over, and arrest their owners. It may take some time, but in the end law enforcement from around the world invariably shut these sites down, if not also apprehend their owners.

Those are the headlines. But what about the day-to-day operations of the Dark Web?  We don’t hear enough about that. For example, there are extremists who also use the Dark Web. Why not?

In a moment we will meet someone who actually works on the side of good within the Dark Web. 

[Music]

Welcome to The Hacker Mind, an original podcast from ForAllSecure. It’s about challenging our expectations about the people who hack for a living.  I’m Robert Vamosi and in this episode I’m exploring the Dark Web, its history with extremism, and also how new generative AI tools, such as ChatGPT, are poised to make things even crazier if that’s at all possible.

[Music]

VAMOSI: I don’t know about you, but I hear all these tales from the dark side that drop the phrase Dark Web along with creepy background music as though we all -- wink, wink, nod, nod --  understand what the Dark Web is. Sure, it’s a region of the internet not addressable from your common browser, a special place where bad folks tend to be found, and it’s dark because it’s not searchable, hard to find, but, really, there’s so much more to the story than your occasional AlphaBay or SilkRoad marketplace. So I wanted to find out a few things, such as how big the dark web really is, and then what is the day to day life in the dark web even like. For that I reached out to an expert. 

SCHWARTZ:  Hi, my name is Delilah Schwartz. I'm the Product Marketing Manager at Cybersixgill. I also dabble in research and the cybercriminal underground. My background is in political science in researching extremism and digitally enabled radicalization.

VAMOSI: Delilah works for Cybersixgill, one of a handful of cyber threat intelligence companies that shines a light on the dark web and its various activities.

SCHWARTZ: Okay, so Cybersixgill is a cyber threat intelligence company at its core. Our foundation, our product, ultimately is our database. We have the broadest collection of deep dark and clear web threat intelligence on the market by virtual about automated collection mechanisms, infiltrate and extract data in real time from many various different types of sources across all the different webs. We analyze this data with advanced machine learning, extract insights and entities and without the information that we extract we provide our customers with the earliest possible indications of risk to help them better protect against cyber attacks before they actually happen.

VAMOSI: Let’s start with the definition of the dark web as opposed to the web we use everyday, either password-protected or open. 

SCHWARTZ: Oh, I can one of my favorite topics to define for the non technical audience. So the web is more than just what we see on our web browsers. The surface web, which is essentially whatever you can find through Google or through your regular web browser. Whatever sites you have access to like your news sites, Amazon, e-commerce, etc. That is the surface web and amounts to only 4% of the internet. Beyond that, we have deep web content, which is 90% of the internet. The deep web is content that you can reach through your standard internet browsers but it's not information that is accessible or available to all. You need some form of authentication to access it that might be through a login and password or through a paywall or other sorts of authentication methods. That is your private emails. It might be your bank app. It might be your Instagram direct messages, university databases, stuff that you need specific access and authorization to get to the dark web is another animal entirely. It amounts to 6% of the internet. It's sort of this overlay on the existing internet. You can't access it through your standard web browsers like Safari, Firefox or Chrome. You need a specialized program web browser. The most popular one today is Tor, the onion browser, which scrambles IP location identity and sort of exists as sort of a layer on top of the internet. It's not a www dot website name.com with randomized strings of string of negative letters and numbers. It's not searchable, it's not indexed, you need expertise to be able to navigate the sites on it. 

VAMOSI: That said, anyone can download TOR and start with a known dark web address. Like the early days of bulletin boards, you hear about other sites on the dark web. There are a few listings. But really, it’s the wild, wild west. Untamed.

SCHWARTZ:  It's not censored or regulated by any sort of body. So essentially, it's free for all wild west of the internet. It's become a haven for those that want free speech that are seeking to evade censorship laws for example, in Russia recently said many dark websites opening by Twitter by BBC Facebook to allow citizens that want free access to information, the free access to that information, but it's also become a hub of cybercrime. Because, of course, who would want a forum or platform that can give you private anonymity and keep your identity secret and your location secret more than criminals? 

VAMOSI: And as I mentioned, there are marketplaces for just about anything. ANYTHING. But how large of a market is this?

SCHWARTZ: So a massive Dark Web economy has been expanding, expanding and expanding. It's actually the third largest economy if it's measured as GDP as a country, right behind the US and China, so it's a pretty big entity.

[MUSIC]

VAMOSI: so, before we get far into this, how does one decide to become a dark web researcher? What’s Deliliah’s background? How did she get started? It actually wasn’t because of the dark web markets. It was actually because of something else.

SCHWARTZ: So my entering path into my company cyber six skill, because I was actually studying extremism and counterterrorism and at the time, I was focusing first on the Middle East. And then in my final year, I did an internship with the International Institute of Counterterrorism here in Israel, and I began in 2020. And I think we remember what was going on in 2020. And I began to research the Far Right and how the Far Right was discussing the COVID virus on these deep and dark web forms. So I had to learn how to download Tor (the onion router) and learn how to navigate that. I had to buy a fake German mobile number with bitcoin so that I could join their Telegram groups without them having my real information and I started to infiltrate these communities and you know, extract intel from what they were discussing and the incitements to terror, which was definitely going on a lot throughout the George Floyd protests in 2020. And I was doing all this manually. 

VAMOSI: I am reminded of moderators for social media who have to wade through image after image of pornography, or text after text of hateful content, so they can block that content from reaching a wide audience. I mean, someone has to do that. And we see from Twitter right now what happens when those people are fired or their teams dissolved -- that extremist content starts bleeding out of our social media platforms. On the dark web, Delilah was doing this manually-- joining forums, following trails. And then she found it could be automated. 

SCHWARTZ:  And towards the end of my internship, I was discussing what I was doing with a friend of mine who said, Oh, but it's a company that my friend works at called Cyber six skill and they do everything that you're doing manually. It's like a Google for the deep and dark web. And I was like, Excuse me, how does that work? But interestingly, the digital enablement of it on the far right, in fact, white supremacists in the United States were the earliest adopters of the internet. The Klu Klux Klan had some of the first bulletin boards that existed on the web before the web was even the worldwide web. This nexus of communication, the collapse of international borders and the hub allowing people to communicate without being traced or located. really provide the perfect way for someone to be pulled down into the rabbit hole, and to begin being indoctrinated by propaganda.

VAMOSI: To think that we’re now being exposed to radicalization on the clear internet. I had no idea that like the KKK was an early adopter of that. I'm assuming that in Europe, some of the far right have embraced it as well.

SCHWARTZ:  Well, you know, this goes back to my background rather than my current. Okay, my parents. I'm happy to let you know from my research, interestingly, what's happened with the far right and I actually wrote a paper on this with the International Institute of Counterterrorism back when I was researching and working as a research analyst there. And that's that the far right has embraced what's called the leaderless resistance, which is a Leninist state concept. Vanguard ism and was initially promoted by Lewis Beam, who was an ex-KKK member who said, organizations the organizational hierarchy will be our downfall because if they figure out who the leader is they can topple it, and then we're able to be taken down. But if there's no leader, and there's no organizational hierarchy, and we're unified by ideology, rather than an organization with a doctrine, then no one can stop us because we're just a group of lone wolves that are carrying out these you know, attacks I guess in the name of ideology, and the Internet became the means through which that ideology was spread. And the internet essentially became the central nucleus of the far right and the way that they actually promote their ideology radicalized others into the same type. of belief system. There are also many different types of manifestation of foreign ideology, but they all end around similar concepts and conspiracies. But it's very interesting to see how the Internet has emerged as pretty much the main organizing factor and particularly the deep and dark web. And now with access into all these different forums and groups and multiple different platforms, we are able to see in real time how these groups are radicalizing, inciting terror. without me having to go and manually look for all these different sorts of items. It's right in front of our face, and it's very obvious and very evident how powerful this underground ecosystem is. So there's the, there's the cybercriminal underground ecosystem, there's the you know, far right red and brown ecosystem, there's, you know, conspiratorial underground ecosystems and they're all sort of interconnected in some way. Some of them are completely separate, but very different, difficult to be able to navigate, know where to go in order to find these different sources to be able to really get that critical detail, to either prevent an next attack, whether it's a physical terrorist attack, or a you know, a shooting, like the Incel community is another like community that exists very much on the underground. We've heard there's been a couple of attacks early this year in the States with that being a main sort of source of the reason why that attack was taken out.

VAMOSI: Beyond extremism , though, there is organized crime, which also uses a distributed hierarchies, which also likes to hide in the shadows. So the Dark Web is a perfect location for that activity. 

SCHWARTZ: Of course, cybercrime. And the cyber criminals are really the kingpins of the underground because they know how to use it best. And the same thing was saying in the cybercriminal underground, where cyber criminals that are sort of dipping their toes in cybercrime and getting you know, the tools and the resources and the help that they need to gain their sophistication and become more adept and expert at all of these tools and processes, etc. and becoming more and more sophisticated, unable to lodge much more advanced attacks day by day. So the internet is a very interesting place.

[Music]

VAMOSI:  As I said, we often only hear of the dark web in association with AlphaBay, or Silk Road. Those are few and luckily far between. What, I wonder, is the day to day like with the dark web?

SCHWARTZ:  So my company collects on average about 10 million Intel items per day. So that's not just from the dark web that also includes messaging platforms like telegram or discord or pay sites on the clear web. But the dark web is pretty much a complex ecosystem of communities, platforms and communication centers. So there are these markets like the ones that you've described, which are now defunct, closed and of course, when one falls down a few more pop up in its place. To sell those markets you were discussing mostly for drugs or other illicit substances. There are also markets for weapons and markets for hacking. Tools and markets for every thing that you could possibly imagine counterfeit items. It says cards which are also missing in the decline. But it's also forums and platforms where cyber criminals share and transact the illicit tools good services, resources that they need to launch their attacks.

VAMOSI: So in gathering all this intelligence, then what is the output? In other words, bend it back to like a business sense? How would we benefit from this knowledge?

SCHWARTZ: So I like to say that cybersecurity, much like national security, you need to know what your best rates are in order to properly defend against the attack. So you can't deploy your horses everywhere. That's impossible. You need to know what the enemy's planning , what they're, what weapons they have, what kind of forces they're deploying, what do they know about what we're doing? They know our weak spots, what are their weak spots? What kind of Arsenal do they have at their disposal and what day and what time which area they plan to attack? That is the critical information that is using national intelligence to defend against attacks and defend the nation. The same thing is a must be said for cybersecurity. So you need to know what's going on behind enemy lines. If you're only reacting to an attack as it happens, you're always on the back foot and you're never going to be able to actually really make sure your organization is protected. So what my company specializes in is providing that early indication of risk we capture as soon as the cybercriminal lists a compromised access endpoint on the underground on a dark web market forum, etc. We capture that we can say in flagged that company, you're an employee and if that your organization has been compromised, and it's now being listed for sale, we can then purchase it for them at the company so chooses but they also get an alert with that information they can put they can protect and mitigate that threat. Accordingly, not waiting for the attack actually to happen. 

VAMOSI: So give me an example or explain how a company's endpoint might end up on the dark web. What does that look like?

SCHWARTZ: There are multiple different ways that a company and then an endpoint or a device could be compromised. So a company has multiple employees, a lot of them are working from home. Some of the time each of them have their laptops and their own work devices they might be using Google Drive or other types of workplace productivity apps on their phone. They're all the devices that are connected, right? Every single employee, their device, their connection to that enterprise network is a potential vulnerability or they could be exposed to attack so one way is through a standard phishing attack where an employee clicks on a malicious link that will download for example, a new productive productivity app. And then that unwittingly, they compromise their computer they continue on without knowing working on their day to day without even knowing that their computer has been compromised. And then we set up as a compromised endpoint potentially on all cell access markets, or the initial access birth markets. And then that provides cyber tools the first entry point to attack and now the way the exploitation of software vulnerabilities. So software vulnerabilities refer to weaknesses in software products, services that are used in the enterprise systems downloaded and installed on the enterprise systems. And there are always updates. So you might say they'll update on the side of your computer, whatever say update version 2.56 It says security patches and people think, Oh, I don't care. There's no new feature. There's no nothing special for me to do to download that. Why would I update my computer and disrupt my workday and whatever else might be. But actually those are really crucial because those security patches are patching these vulnerabilities and these weaknesses that have been found within that software, which can then be exploited by cybercriminals. To gain access again to your systems and networks. Those are just two examples.

VAMOSI: Some of this intel is very interesting when viewed in the aggregate.

SCHWARTZ: One of my colleagues wrote a report about the middle of last year connecting these initial access broken markets to ransomware attacks. And what we found was that almost 20% of all ransomware attacks in 2021 had their access to the organization compromised just 190 days beforehand. So within 180 days before and so if you know what's happening if you know where you need to defend before the attack actually happens. You're able to be more proactive, preemptive and just make sure that your defenses are fully armed where they need to be you need to be able to focus your time, your effort, your resources where they matter most because otherwise, you're just flailing. There's too many things to protect digitization that has created this massive amount of assets, net worth assets that potentially expose the organization to risk. If you don't even know where all these assets are. You don't know where all of your externally facing assets are either you don't know that you have them. Your IT security team isn't even managing them. Then you don't know when that could be a potential exposure that could be the entry point for a cyber criminal to attack your organization. Without that visibility and the insight into what cyber criminals are actually doing and saying on the underground. your challenges, your chances of protecting yourself adequately are pretty, pretty low, I would say.

VAMOSI: Over the years I’ve worked with and talked to people monitor activities in the dark web. One of the ways that they gathered their intelligence was through chats and forums that they participated in. Given that she started out doing this manually, I wondered how Delilah is able to listen to the dark web today?

SCHWARTZ: Yeah. Our company was founded based on having patented technology using automation to automatically infiltrate and spread across these deep and dark web chats, network systems. What you'll find when you're on the dark web or the web under web is deep web being for example, the telegram groups or discord or those kinds of things that instant messaging groups have by definition, deep web, as opposed to the dark web forms and marketplaces where you need to be using that specialized browser I mentioned earlier. So they also have I saw this on this one. Here's a link to another chat, or I mentioned this on this forum earlier, or whatever that might be. So they all sort of discussed interlink with one another. And there might be an actor that's active in three forums. And we can see that the same actor is using the same alias across those three forums. But we're using automation most of our competitors are using human analysts to infiltrate collection from the systems. Our intelligence collection team, as opposed to our services team, which is another body entirely, is only five people, five people. Their job is to make sure that our automation is working properly to be able to spread our little spiders across these sources, infiltrate new sources, and we add new sources all the time every day. We refresh these sources to make sure that they're still active. And we have by far the largest source base on the market by virtue of these automated processes.

VAMOSI: If learning about activities on the dark web is one part of the problem, the other side of the problem is the intelligence. Mining the dark web for actionable intelligence is one thing, but what about all the output? Delilah mentions that things int he workplace have gotten a lot more digital since COVID. That means there’s more intelligence to be mined both in the clear web and the dark web.

SCHWARTZ:  When I first came into the company it was right in the wake of COVID. We saw how remote work had a massive effect on not only work life and just the global society as a whole, but also on the way that we operate in terms of our remote work. Remote  work has become part of our daily life, work and all these rapid digitization processes where companies realize that they have to be digital in order to be functioning in today's world. It cannot still use analog systems anymore. Everything's got to be digital. Everything's got to be available on an app on the cloud wherever what's happened is that it's led to a proliferation of these assets that nobody has control over anymore. And not only that, but sort of losing control over the network perimeter, unable to see these external assets that are connected we're releasing very shortly, our attack surface Management module within our investigative portal which sort of unifies these two critical components, which is the attack surface management allows you to sort of wrap your arms around the perimeter and really understand your attack surface from A to B and then also tie that in with our cyber threat intelligence. So using that to tie in together to give you hyper focus on intelligence, specifically tailored to your organization, because there's so much threat intelligence data out there. It's overwhelming. It's the information we're getting from so many people in the industry. They don't know what to do with all the fees, the alerts, whatever it's too much it's overwhelming. They're already overwhelmed with the existing work that they have in their teams. What we realized by talking to customers and other people in the industry, is that people need hyper personalized threat intelligence, which just wasn't something they've been getting. That's fine. We've been doing our best to get us there with our existing threat intelligence module, but with attack service management incorporated in it to act as a filter for the massive quantities of threat intelligence that we already have. Were able to give the most prioritized hyperfocus type of refined threat intelligence that is specific to that organization's attack, surface needs, assets, etc. And really help organizations prioritize where to be focusing their time and their resources which are also in today's economy. Very important and need to be put in the right places in order to maximize productivity and optimize security at the same time. So hopefully, with this, we're going to be making a lot of lives easier within our industry. And we'll be really looking forward to hearing the feedback from our customers, which is the most important part in our product roadmap.

[MUSIC]

VAMOSI: ChatGPT You can’t avoid it, it seems. Everyone from Microsoft to your local deli is talking about it. Here's the BBC.

BBC: Chat GPT maybe you've heard of it. If you haven't, then get ready because this promises to be the viral sensation that could completely reset how we do things. It is the embryonic version of online artificial intelligence, the only front runner that reportedly has just secured a $10 billion shot in the arm from Microsoft. It is then the new frontier for the tech giants. The initials GPT stand for generative pre-trained transformers, it automatically answers questions based on written prompts. You do not need to be a techie.

VAMOSI:  And we’re seeing the rise of chat GPT and other AI system being used by potential adversarial users as well. Delilah postponed her company’s annual report just to include analysis of ChatGPT.

SCHWARTZ:  I can't say in my report that the state of the underground sort of gives an overview of what's been going on on the deep and dark web in 2022 and a little bit into 2023. And we intentionally made it a little bit into ‘23 because when I saw what was going on with ChatGPT and the other AI, generative AI technologies that are coming out, I said, I think we should push this a little bit more so we can analyze this and include this because I feel like it's a really important thing to discuss. I know that many of your listeners, especially highly technical ones, might be rolling their eyes a little bit because ChatGPT has been very much you know spoken about in the media, it's dominated the headlines, and people are sort of bored of hearing about it. But let me tell you what we're seeing on the underground is concerning. So obviously we know that ChatGPT can generate an emulated human speech, which makes it very promising for cyber criminals that are not native English speakers to be crafting far more convincing phishing and spear phishing emails. I had ChatGPT pretend to be my boss to send a follow up email to my teammates and ask them to put two days aside for a planning meeting and it sounded exactly like my boss and it would have convinced every single person on the team if I hadn't told them that it was an email that was generated by ChatGPT and, of course, open AI understanding the potential abuses on this, this module has put in these protective mechanisms but it's not only speech or written text that to be taken due we're seeing cyber criminals use ChatGPT to create scripts for Dark Web marketplaces. To write scripts for malware. 

VAMOSI: Oh, so that’s interesting. Now generative AI can produce malware. Or can it really?

SCHWARTZ:  I had ChatGPT write me a keylogging malware, not using that prompt they didn't didn't want me a keylogging malware when I asked it straight up but when I prompted it a little bit more cunningly, as was recommended to me by a cyber criminal on one of the forums that we monitor. It ended up producing keylogging malware. Now I haven't checked it out. I don't know if it works, so I can't confirm that it's all working okay. But it said at the end note, this is for educational purposes only. But it still wrote me a script. And even if it wasn't working, I'm probably able to still use chat to better refine and see what wasn't working for it. So what I've done in the report, which I'm really excited about actually, is what I've gone through after spending a long time with ChatGPT, I'd say I spent a long time talking to the algorithm reminding it what its purpose was, reminding him what I was trying to do by writing the report. I ended up working out our chat shipping to automate and streamline and optimize pretty much the entire pre ransomware attack chain and wrote very clearly what the task was and what ChatGPT they could do to help cyber criminals actually complete that task. So if it's using ChatGPT to pretend to be a tell it to roleplay as a pen tester it can scan for exploits vulnerabilities like we discussed earlier. Where are the vulnerabilities in the system? I can attach it to write me a very convincing spear phishing email targeting a specific employee. I can have it write me a key logging well malware and other info stealer or other sorts of malware. 

VAMOSI: So effectively ChatGPT could be used to disguise tools used, such as specific malware. But could it also automate launches for ransomware as well?

SCHWARTZ:   We could go further down the ransomware attack chain, this is where it becomes a little bit more complicated. You need to be very you already need to know what you're asking ChatGPT  to be able to produce for you what you would like it to so it's not the ChatGPTthat on its own can launch ransomware attack end to end, there needs to be a cyber criminal that an advanced cyber criminal and technical cyber criminals. They're carefully wording the prompts, making sure and also bypassing the restrictions, which is something that we're seeing that cyber criminals are also doing on the underground using either the API or other sorts of techniques to bypass the protective mechanisms that OpenAI put on ChatGPT to then be producing scripts, all sorts of other components of the ransomware attack chain that could then sort of optimize processes streamline operations, and as you said, automation but for the for the bad guy.

VAMOSI: So it seems that from the law enforcement side from the side of good that there might be a degree of chasing ghosts. That law enforcement might be sifting through various pieces of AI-generated evidence until you actually get to that human being that's orchestrating it.

SCHWARTZ:  Well in some capacity,, yes, but as I said, ChatGPT is a tool. It's not going to be doing it on its own. We're not going to be saying ChatGPT is going to commit a ransomware attack simply by putting in a prompt, ChatGPT, please launch a ransomware attack against organization X. It's simply an optimizing tool. That would help the cyber criminals that are already doing these jobs, to be able to do it better. And what's more concerning from my perspective, is that it's allowing these less technical, less expert, less sophisticated cyber criminals to do the attacks they would have been able to do before so it's allowing the novice cyber criminals to break into cybercrime at a much easier, faster pace. So my concern is that we've already been saying that the barriers of entry to cybercrime have been collapsing in the past years with the initial assets, broken markets and as a service offerings and charge of BT and AI the democratization of AI which is free for everybody to be using. It's completely erased from my perspective on these rising the barriers of entry to cybercrime, allowing almost any one of these cyber criminals to complete attacks that were only able to be conducted by these really expert, highly sophisticated cyber criminals.

VAMOSI: So might that change like indicators of compromise, the so-called fingerprints?

SCHWARTZ: Exactly right. So just by asking ChatGPT to rewrite a single component within a script or a malware, it sort of makes it more difficult to track so that the malware does the same purpose by changing a single little line of code. It makes it easier for cyber criminals to bypass the security mechanisms. That is intended to detect this malware and flag it in firewalls or other similar systems. So yes, it is concerning and we need to continuously be inside the underground. We can't be waiting for the indicators of compromise to show up within our system.

VAMOSI: So you mentioned postponing your report and wanting to get some analysis on this. January was the time period when the mainstream media picked up on it pretty much. How early were you seeing signs of this?

SCHWARTZ:  immediately. And then again, we can't identify specifically, which are the malware strains that have been created using ChatGPT. But what I can tell you is that cyber criminals are talking about it excessively, immediately. I would say towards mid December. We're already seeing a lot of get rich quick schemes using chapter Beatty, with various different sorts  of tactics. Some of them are, you know, taking freelance work from fiber and so having a fake CV might be hacking gaming sites, or gaming platforms or digital gambling platforms to sort of rig the game in your favor. But immediately after that, we also started saying cyber criminals talking about how ChatGPT a as I mentioned earlier, can actually create a dark web website or dark web marketplace it accepts crypto currencies, we saw that ChatGPT telling you how to fix your malware with detailed tutorials, really detailed tutorials. There, most of these tutorials are actually great. No one's offering them in a price and then I did a report by the cybersecurity firms and talked about these tutorials being offered at a price that I'm sure they are. But I also show that no cyber criminals are buying them because there are so many tutorials already available that are completely free. Just discussions happening on the forums and marketplaces and other discussion centers in the deep and dark web about how you can exploit championship and say or in their words abused chaptered btw, in order to fast track and streamline their cyber criminal activities.

[MUSIC]

VAMOSI: we've talked a lot about criminals for money. There's also nation states that are taking advantage of this and how much would you say percentage wise, are nation states taking advantage of this or is it really the enterprising thieves that are taking advantage of dark web activities?

SCHWARTZ:  Well, it's difficult to say definitively. The advanced persistent threat groups a PTS which are typically associated with nation states are the most dangerous and most sophisticated and most worrisome cyber criminal groups out there. And they are there are many of them that are sponsored by nation states and that have the support and the help of nation states or at least they are acting with the authorization even if it's implicit by nation states. It is very difficult to tell sometimes because a lot of the times these do these groups do work for profit in order to sort of cover the tracks of the real intention. There's a lot of cyber espionage going on. We were concerned the beginning of the Russia Ukraine, conflict war last year, a lot of people thought that an all out cyber war was going to be blowing out because of you know, the massive cyber cyber sphere presence of the war there was like the war was happening on multiple arenas, the physical Battlefield, the media Battlefield, and of course, the cyber battlefield and we saw that was manifesting as well. My colleagues have written multiple reports on it. There was also one that just came out a couple of weeks ago about giving a summary of the Russia Ukraine war thus far on the cybercriminal underground what we found was a telegram became a major hub. But these are the groups that are most concerning the nation states. Again, this that particularly isn't my area of expertise simply because it is such a mammoth thing to be trying to wrap your arms around with so much secrecy and so much obfuscation and so much sophistication. But it's difficult to know the percentage.  This is why the proactive preemptive threat intelligence from my perspective is so critical in order to sort of understand where you potentially are exposed and protect that part before you're actually attacked it know what tools and what are the tactics, tools and procedures that cyber criminals are using in your industry or geography or whatever it might be and know how to defend against understand what's going on in the cyber criminal underground. By having that understanding. By having that insight you're able to preempt the attack rather than waiting for it to strike. We always know that pre emptive defense is the best form of cybersecurity by waiting for someone to hit you. Ultimately, you're gonna get hit. You've got to take a step forward and be looking proactively in order to actually stop it before it strikes.

VAMOSI: You're incredibly well spoken. I appreciate that. These are these are difficult topics and you've managed to explain it in a very conversational way which I appreciate that worked well for a podcaster that's actually

SCHWARTZ:  my personal passion. I have to say, I think that I'm not cyber. I'm not a technical person by any capacity. I cannot script I can code. I, you know, got into this because I'm interested in the cyber arena and the nexus of extremism and nefarious sort of activities and internet digitization, enablement sort of components of that all but I feel like these are topics that needs to be understood by a wider audience. And I'm passionate about making this cyberspace stuff that's usually only directed at this technical audience. I want to open that conversation up because that's why we're still getting attacked. That's why your mom is getting a phishing email and she's going, Oh, I got this nice email. Someone's offering me a gift card. I might just click on that and then mom's been compromised, or you know, employees that don't quite have enough cyber awareness are getting compromised and people are left right and center getting their personally identifiable information linked. This is a really important topic. It's something that the world needs to understand the world. laymen people that don't that don't operate inside the industry need to be able to understand. So I want to make cyberspace accessible to a non technical audience. So thank you so much for that compliment.

Share this post

Fancy some inbox Mayhem?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem