Overview
Intelligence teams are tasked to uncover insights across the surface web, deep web, and dark web illicit communities, to create a comprehensive view of the threat landscape. Without access to relevant data sources, monitoring areas of interest, tracking the movement of assets, and developing entity profiles, this creates gaps in critical intelligence to support security operations.
Illicit online communities remain the key source for critical data and intelligence pertaining to a wide range of physical threats, fraudulent activities, and malicious actors. Intelligence teams recognize the need to gain visibility into the trends and activities of threat actors engaging in illicit activity by utilizing open source intelligence (OSINT). Intelligence teams need a solution with unique access to high value sources that provide signal-rich and relevant information with the context required to evaluate and understand it.
The Flashpoint & Creative Radicals Advantage
Creative Radicals’ OpenIO platform enables security teams to monitor and detect physical security threats across surface web, mobile, social media networks, and online illicit communities. By identifying critical assets, establishing and monitoring areas of interest, security teams make intelligence discoverable to respond to threats from publicly available information (PAI) on illicit communities in a timely manner.
Solution
Multi-source OSINT Ontology
Automatic Search & Extraction
Searching Areas of Interest
Searching Topics of Interest
Searching People of Interest
Rapid Pattern of Life (POL) Development
Enabling Faster, More Efficient Analysts
Designed for Extension, Adaptation, and Integration
Integrated Flashpoint Datasets
Forums:
Access to signal-rich discussions from illicit threat actor communities. Supplement internal data with targeted data from highly curated sources.
Chat Services: Access to around-the-clock conversations within threat-actor channels to monitor and gain insights across threat-actor communities. Chat platforms such as
Telegram, Discord, and QQ include searchable media such as images, and videos.
Paste Sites: Enables access to openly shared research, data leaks, and other plaintext files frequently used by. both anonymous sources and threat actors to share malicious activity, providing a broader view into open web data.
Blogs: Provides a broader view into open web data by providing online sources of news and information related to threat actors and collectives, allowing users to monitor activity in malicious communities more comprehensively, as well as risks impacting the organization or brand.
Message Boards: Provides access to the anonymous boards such as 4chan and 8chan, enabling users to monitor malicious content and discussions ranging from
hacktivism to physical threats.
Social News Aggregation & Discussion Sites: Collections from social news aggregation and discussion websites leveraged by both open and deep & dark web
communities where illicit actors discuss malicious activity, including malware developments, cyber threats, and physical threats.
TECHNICAL DATA
Risk Intelligence Observables (RIOs): Flashpoint leverages its unique access to underground communities to collect and deliver a near real-time stream of cyber observables that can identify illicit activity from inside forums and file-sharing communities focused on cybercrime, hacking, fraud, and extremism/terrorism. These high-fidelity observables include IP address, location (city / country), hosting provider, timestamp, and user-agent string.
INTELLIGENCE REPORTS
Finished Intelligence: Access to analytical reports produced by our intelligence analysts. Reports cover a wide spectrum of illicit underground activity, including crimeware, fraud, emerging malware, violent extremism, and physical threats.
SHOPS
Marketplaces: Access to top-tier marketplaces, where threat actors buy and sell items such as stolen credentials and personally identifiable information (PII).
Use Cases
FORCE PROTECTION
Force protection, situational awareness, and physical security missions involve the discovery and management of human threats. Primary functions in OpenIO, combined with access to illicit online community datasets, are designed to collect and organize intelligence related to people, indicating who is communicating, where they've been, and who they know.
LOCATION SECURITY
Mapping tools within OpenIO identify and visualize threats related to geographical locations, rapidly allowing security teams to monitor an Area of Interest. Combined with access to signal-rich discussions from the illicit online communities, security teams can uncover and assess threats while still in the planning stages.
SENTIMENT ANALYSIS
By utilizing Flashpoint data in the OpenIO platform analysts are able monitor threat-actor discussions to gauge sentiment toward particular organizations, countries, individuals, or other entities. This will help inform physical security measures, understand targeting intent, and make proactive intelligence fed decisions.
INVESTIGATIONS & RESPONSE
Proper handling of a security incident starts with identifying and collecting relevant intelligence and data to enable teams to isolate and contain the threat. With integrations across a wide range of datasets, including illicit online communities, OpenIO automates the process of extracting relevant data across standardized datasets for rapid analysis.