Cyber research on the dark web: An interview with Cynthia Hetherington
Most of us have heard about the dark, the deep web and related concepts and words. But many of us may not really understand these mysterious concepts with their technical nature, which makes it difficult to understand how exactly they relate to our work as security professionals. Luckily we had the opportunity to speak with Cynthia Hetherington, President of the Hetherington Group. She helps us unravel some of the mysteries related to the dark web…
Thank you for taking the time to do this interview Cynthia. Can you briefly introduce yourself, your organization and your occupation?
Yes, of course. I started cyber research as a librarian around 1991 and quickly became known to the law enforcement and investigative community who used libraries as a precursor to Google. In 1999, I formed Hetherington Information Services, now known as Hetherington Group, and am celebrating 20 years in business this month. A fun story about the earlier years is here: https://www.hetheringtongroup.com/20-years-reflection.
Today, I manage a team of intelligence analysts in risk and cyber investigations, due diligence, and open source information (OSINT) gathering. Being a leader in my field entails the trade-crafting of OSINT analysts—for which academic degrees are now being developed across the country—and empowering younger generations of intelligence analysts to keep moving our progress forward.
Hetherington Group is well-known for its specialized investigations work and specifically its understanding and insights of the dark web. Could you explain to us if that impression is correct and could you explain how you and your company ended up in this area of expertise?
Hetherington Group has long been recognized as leaders in the open source intelligence space through our trainings (webinars and seminars) and the authoring of a books, an industry newsletter in its 18th year, and articles on Internet research. We have been at the frontline of dark web investigations and seek to share our expertise.
It’s a constantly changing landscape. The terms we use change often: These days OSINT investigators kick around words like sock puppets, dark and surface web and flash OSINT, as if everyone gets those expressions . Hg’s ability to speak in clear and reasonable terms—and address all the buzzwords—make us a very popular training entity. Add to this our fundamental knowledge of technology and its ever-changing advancements over the last 20 years, and we are well placed to train investigators and analysts in the intricacies of the dark web. For example, to me, the dark web is just another venue and use of TCP/IP and HTML (or similar) pages. It’s a regression to a time prior to reliable DNS servers that point us in the right direction, while Google helps us find everything in between. Using imagery, simple explanations, and removing the techno-speak is a welcomed change when teaching a rather technical and dangerous topic like the dark web.
To many of us the deep web and the dark web are unfamiliar concepts that we mostly know from movies with terrifying plots. Can you demystify this concept a little and then also explain whether we as security managers need to be alarmed about the existence of the dark web?
Deep web content is not a threat: Such content, for example, is the foundation of databases across the Internet. Web sites found easily on the surface (Thanks Google!) lead us to deep content, like hotel websites showing us their inventory of rooms. The dark web, however, takes a turn for the worse from what we know as the WWW in its approach and content. Television and movies would have the dark web as a resource for Marvel Comic book heroes to use to fight crime. Like any new technology, that is a misunderstanding that gets glorified by creative minds.
But let me address the content. At the OSMOSIS Conference I spoke with Andrew Lewman, a well-known leader on dark web technology (darkowl.com), and I said, “Dark Web is 99.8% evil, and there is .2% good;” and he replied, “You’re optimistic.” In truth, there’s basically nothing the dark web offers that can be seen as legal, ethical, or, in many instances, even humane. The level of desperate and ugly material there has me usually teaching a class of accountants or other business types to “not go there, since you have no real business purpose.” I continue to share that we are only two mouse clicks from seeing child pornography and other nasty items, things you can’t unsee.
Technically, the dark web is challenging in that it requires unique software and skill sets—all of which can be obtained for free. The cost is not the dollars you spend, but the time you take to learn this sophisticated and dangerous network of connected computers. You must understand that you are exploring hostile territory; if your computer isn’t fried, your data stolen, and your pride damaged, you will probably end up with images in your head you really wish you’d never seen. There are amazing training programs for those who are tasked with fighting cybercrime. At this point in tech history, it’s imperative that the corporate world recognizes and equips their cyber investigators with the ability to handle their dark web searches smartly and nimbly. Such trained cyber analysts will be able to locate stolen identifying information, protect brands, reputation, physical assets and locations, and—most importantly—they will save lives.
What are some recent trends and developments you see regarding this part of the Internet? Do you foresee significant technical or behavioral changes?
Fortunately, we have a vast and innovative support from cutting edge tech companies hot on the trail of the latest trends and developments. These forward-thinking, analytic teams are creating platforms that are smart—though not necessarily technically complicated—so that analysts in a variety of business ventures can explore the dark web and retrieve reasonable amounts of content. This takes the entire challenge of actually going on the dark web out of the hands of the analysts.
Could you provide us with an example of a typical research project, that involved the dark web, that is illustrative of what you do as a company?
A simple example of casework for the dark web involves a company’s branded product being sold on the dark web. My investigators will go online and search for the rogue product. We may do a number of things such as engaging the seller to determine if the product is real or counterfeit. We may also attempt to purchase the product or create another interaction involving this branded item. Most times, we are just identifying that the brand name is moving around on the dark web and helping the company recognize they have an issue.
What would you advise security managers that would like to understand the basics of the dark web and deep web more? What would be the best way or the best place to start?
Getting security managers to recognize and understand the dark web is paramount. Since they rarely use social media, the concept of the dark web is often quite a foreign one. We have developed a training program for senior security, which explains the threats, the solutions, the trends, and what needs to be managed today. Any education for management in this area is helpful and a good start. I don’t need security managers to be ready to throw tails into Tor, but we need them to support the investigative team that is involved with this type of investigation and to relay the findings to senior management.
There is a lot of talk about converging physical and information security. The dark web is rarely talked about in those conversations. Should we pay more attention to this topic?
Security should be holistic across the board, but it is imperative that there is mutual understanding that different tasks require different skills. Technology skills are vastly different than executive protection, but their reliance on each other is an absolute necessity. A team leader who understands what everyone’s role is at the table is key to success.
Any future plans regarding your business that you would like to share with us?
Hetherington Group is entering its 21st year with gusto and a commitment to ongoing training programs. To that end, we’ll offer additional training courses and webinars—basic ones designed for new professionals entering the field or in need of learning new subject matter and an elite level of training for my colleagues who are challenged daily with the latest cyber threats and security concerns. Having mentioned OSMOSIS, osmosiscon.com is growing 20% each year. This is indicative of the commitment corporate management is making and the importance they place on giving their staff an opportunity to get training in surface, deep, and dark web investigations. The OSMOSIS Conference is also a valuable resource for anyone conducting online research—whether it be a journalist or an academic—because the access to information dating back a century or more to 5 seconds ago is all related to open source investigations. Learning the ins and outs of the nebulous corners of the Internet is at the heart of the OSMOSIS Conference.
Is there something else you would like to share with the security industry?
Perhaps I’m repeating those before me, but I have always emphasized the practicality of our work. As cyber intelligence investigators, we protect people, places, and products. Our job is to make sure everyone gets to operate in a hostile world, safely. At Hetherington Group, we operate as a team the same way we operate with our clients: Keep it simple, listen to staff—both old and young because everyone brings something to the table—and if it isn’t right today, it may be perfect tomorrow.
Thank you very much for your time and allowing us to speak with you Cynthia. Good luck with your business!