Articles
Pages
Products
Research Papers
Blogs
Search Engines
Events
Webinar, Seminar, Live Classes
Friday, 19 April 2019 00:09

Beacon, A Dark Web Search Engine Can Be Your Eyes In The Internet Underworld

Author:  [This article is originally published in hothardware.com written by Rod Scher]

[This article is originally published in hothardware.com written by Rod Scher - Uploaded by AIRS Member: Jasper Solander] 

We have all heard of the dark web: a lawless digital world, uncharted and unstructured, full of data -- much of it illegally acquired and illegally for sale -- that cannot be viewed without special tools: proxy servers, TOR browsers, and the like. It's a murky and mysterious place, a place where much information resides but is difficult to unearth for the uninitiated.

Until now. Canada's Echosec Systems Ltd. recently released Beacon, a security tool that's designed to shed some light on the dark web.

Karl1 Karl Swannie is the CEO of Echosec, the company behind Beacon.

"Beacon is a dark web search engine that allows users to search anonymously, without the need for a TOR browser," says Echosec CTO Michael Raypold. "We’ve designed Beacon to be simple to interact with, while incorporating powerful advanced search tools, making searching unindexed data in the dark web as easy as using a surface web search engine."

The idea behind Beacon is that it can be used by a company to potentially head off -- or at the very least mitigate -- a potential disaster. Since the bulk of the data on the dark web is essentially unstructured, the Echosec team crawled the dark web, indexed its content and then build a natural language query interface that allows non-hackers to access that information quickly and easily. Simply put, Beacon is like Google for the dark web.

beacongrabWith Beacon, dark web data can be searched by a variety of criteria. Specific types of data (credit cards, emails, etc.) can be searched for explicitly.

Keep in mind, of course, that not everything on the dark web is illegal.

Says Raypold, "The dark web is a place where you can source illegal or illicit materials because the inherent privacy and anonymity baked into platforms like the TOR network makes buying and selling these goods easier to achieve without repercussions. However, that isn’t to say everything on the dark web is illegal. News organization like the NYTimes and Pro Publica maintain Onion sites for their more privacy-conscious users and to help disseminate news that might otherwise be censored." Still, much of the dark web's content was acquired illegally and can be misused to spread misinformation, victimize vulnerable populations, execute social engineering exploits, or engage in various forms of identity theft.

We all know that information in the wrong hands can be dangerous. Raypold cites the story of Coca-Cola's attempt, some years back, to acquire a Chinese soft drink company. Unbeknownst to high-level Coca-Cola executives, the company's secret plans and negotiation tactics were in fact not secret at all, because Coca-Cola had been previously hacked, thanks to a phishing email opened by a Coca-Cola exec.

Beacon did not exist at that time (2009), but it's likely that some of the information retrieved from the hack and many pilfered emails would have ended up on the dark web; if so, Beacon could have unearthed them, letting the company know of its vulnerability long before 2009 and perhaps allowing Coca-Cola to mitigate the damage. (In the end, the acquisition fell through, most likely because Coca-Cola -- having lost control of its confidential information -- had also lost any leverage it might have had in the negotiations.)

The goal of Beacon, says Raypold, is to allow companies to easily examine data on the dark web as a way of locating the potentially harmful information that’s stored there: this could include stolen corporate emails, company documents, personal info, or other such data that could be detrimental to a company, its brand, or its customers. After all, if your data has been compromised, it's always better to know than not to know.
MikeMike Raypold is the CTO of Echosec, LTD.

"Beacon allows teams to more quickly identify and respond to information that can materially damage a company’s brand and consumer trust," says Raypold. "Being able to quickly identify a sensitive problem also means that you can start putting a solution in place and notify your customers before they find out through other means."



Of course, a security tool is but another weapon in the wrong hands, and weapons can be misused; it's one thing for a pen-tester or white-hat hacker to be in possession of systems that can locate or uncover data, but what about someone finding a way to misuse Beacon? While Raypold notes that it is possible to misuse Beacon, since the tool makes it easier for users to locate data they might otherwise have difficulty finding, he says that the company has taken steps to mitigate that danger.

"First, every Echosec customer must go through a use-case approval process to determine how the customer is using the application and to make sure they are in compliance with the vendors from whom the data Is sourced," says Raypold. "If a potential customer cannot pass the use-case approval process, they do not get access to the system."

Beacon Black

Second, the company has built automated tools and manual processes into its platform and into the company workflows to notify the Echosec team if users attempt to run searches that are in violation of their approved use case.

"The checks built into the platform will outright prevent some searches from being run so that users never receive data that we perceive could be used with malicious intent. Furthermore, some of the vendors from whom we source data have asked us to prevent certain queries from being run, regardless of a customer's use case," says Raypold. (Naturally, the company publishes an "acceptable use" policy, which can be found here.)

Echosec expects to sell Beacon mainly to corporate customers interested in keeping tabs on their intellectual property, corporate secrets, and other sensitive data. White-hat hackers -- such as pen-testers -- could conceivably be a market as well, but the company feels that would be fairly uncommon. And if it did occur, it would simply be viewed as an example of contracted security experts acting on behalf of the ultimate corporate customer.

However, (and by whomever) Beacon is used, it looks as if the murky landscape of the dark web is no longer quite as dark as it once was.

2 comments

  • Comment Link Osvaldo Thursday, 25 April 2019 15:53 posted by Osvaldo

    This is a superb drone and with completely impressive camera and video quality,
    the flying distance allows you take it very high and that’s the place the issue is, it is advisable be careful and keep away from getting it caught on bushes.
    Fpv real time transmission: with the built-in Wi-Fi module, you'll get a reside video of your camera in your
    cellphone, making it easy and convenient to share to your mates directly.
    ]: Along with your good cellphone, you'll be able to direct the drone's GPS, permitting it to automatically observe you while simultaneously
    capturing all the movies & pictures you want.
    THIS REVOLUTIONARY DRONE WILL Help You're taking The perfect SELFIES AND
    Photos OF YOUR LIFE! Best alternative with sufficient fun for rookies.

    No need to worry in regards to the orientation, with a easy press of a button your
    drone will ascend or descend, this is perfect
    for rookies. Simply press one button, it's going to take off, land or
    return to your command. You possibly can inspect objects, gather aerial pictures and data, and take videos with quality that blows away other methods.

  • Comment Link Dean Wednesday, 24 April 2019 01:49 posted by Dean

    Hi there just wanted to give you a quick heads up. The
    words in your content seem to be running off the screen in Chrome.
    I'm not sure if this is a formatting issue or something to do with browser
    compatibility but I figured I'd post to let you know. The design look great though!
    Hope you get the issue solved soon. Thanks

Leave a comment

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait
online research banner

airs logo

AIRS is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Subscribe to AIRS Newsletter

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media