- Nov 3, 2019
- 413
The U.S. Department of Justice’s Cybersecurity Unit has released guidelines for organizations that want to gather cyber threat intelligence from dark web forums/markets but, at the same time, want to stay on the right side of the (U.S. federal criminal) law.
The document focuses on “information security practitioners’ cyber threat intelligence-gathering efforts that involve online forums in which computer crimes are discussed and planned and stolen data is bought and sold. It also contemplates situations in which private actors attempt to purchase malware, security vulnerabilities, or their own stolen data—or stolen data belonging to others with the data owners’ authorization—in Dark Markets.”
It was compiled based on input from the US DOJ’s various divisions, the FBI, the U.S. Secret Service and the U.S. Treasury Department’s Office of Foreign Asset Control. In it, DOJ’s Cybersecurity Unit advises organizations on how to avoid becoming a perpertrator (consult with legat counsel, ask the FBI’s opinion before engaging in some legally murky activities) and a victim (institute security safeguards and adhere to cybersecurity practices that will minimize the risk of being victimized).
DOs and DON’Ts
Organizations can:
The document focuses on “information security practitioners’ cyber threat intelligence-gathering efforts that involve online forums in which computer crimes are discussed and planned and stolen data is bought and sold. It also contemplates situations in which private actors attempt to purchase malware, security vulnerabilities, or their own stolen data—or stolen data belonging to others with the data owners’ authorization—in Dark Markets.”
It was compiled based on input from the US DOJ’s various divisions, the FBI, the U.S. Secret Service and the U.S. Treasury Department’s Office of Foreign Asset Control. In it, DOJ’s Cybersecurity Unit advises organizations on how to avoid becoming a perpertrator (consult with legat counsel, ask the FBI’s opinion before engaging in some legally murky activities) and a victim (institute security safeguards and adhere to cybersecurity practices that will minimize the risk of being victimized).
DOs and DON’Ts
Organizations can:
- Gather cyber threat intelligence passively
- Access forums lawfully (by obtaining login credentials legitimately, for entirely fake personas)
- Ask questions and solicit advice on the forum (but document that they are doing that just for the purpose of gathering info, not committing a crime)
- Access forums unlawfully (by using stolen credentials, impersonating the identity of an actual person, including a government official, or using an exploit)
- Surreptitiously intercept communications occurring on a forum
- Provide the forum operator with malware or stolen personal info in order to gain access to the forum or provide other forum participants with useful information, services, or tools that can be used to commit crimes in order to get their trust
- Solicit or induce the commission of a computer crime
- Assist others engaged in criminal conduct (through advice or action)
- Involve their legal department in operational planning
- Share information about an ongoing or impending computer crime uncovered during intelligence gathering activities with law enforcement