A compelling, first-hand account of the dark web, from its underground ecosystem, to the people responsible for committing data breaches and leaking data, 21st century's most consequential data breaches, the responses to those attacks, and the impact of dark web data and intelligence gathering and can have in the defense and security of our nation.
In Grey Area, veteran hacker and cybersecurity investigations expert Vinny Troia offers an unfiltered, first-person look into the evolving relationship between open-source intelligence (OSINT) and the dark web data ecosystem. Drawing from years of hands-on experience in digital forensics, dark web investigations, and adversarial engagement, Troia explores how publicly available and commercially available information-PAI and CAI-are rapidly becoming the backbone of modern intelligence operations, and how a human intelligence network of known cyber criminals helped identify and stop one of the largest data breaches in known history.
This book examines the legal, operational, and ethical dimensions of collecting and exploiting data from the darkest corners of the internet, including leaked databases, breached credentials, and hidden criminal networks. It breaks down how to discover, process, validate, and operationalize this data in real-world contexts-from attribution and threat actor profiling to national security use cases.
You'll explore the evolution of OSINT within the Department of Defense and the Intelligence Community through exclusive, first-hand accounts from senior officials who helped define its path. You'll also learn how AI and automation tools are being used to validate data at scale, detect disinformation, and supercharge open-source investigations. The book also covers how data is stolen and what happens to it after the theft. Through his direct account as Reddington, Troia provides actual unedited conversations with the cyber criminals responsible for a hack targeting more than 160 companies, including his own interactions leading to the hack, the extortion negotiation and responses with each of the effected organizations, and how the hackers were ultimately brought to justice.
From discussions of the legal grey areas of data collection, ransom negotiations, and a first-hand perspectives of his interaction with well-known hackers, Grey Area is a compelling and honest account of the realities of the dark web, data theft, and ways in which the intelligence community should be leveraging these methods to help strengthen our national security.
Inside the book:
Blow-by-blow accounts of one of the largest data breaches in recorded history
Interviews and commentary from high level officials at the CIA, ODNI, DIA, and DOD.
Informed, insightful commentary on how cybersecurity professionals are using dark web open-source intelligence to strengthen national security, and our country's defenses against hackers and foreign adversaries.
Revealing interviews with experienced hackers who explain a variety of approaches, philosophies, and strategies for combatting and recovering from data breaches
Grey Area is essential reading for cybersecurity professionals, intelligence analysts, investigators, and policy leaders navigating the complex intersection of dark web data, national security, and open-source intelligence. Through real-world case studies and insider accounts, it delivers actionable insight into the future of data-driven investigations, threat attribution, and the expanding role of OSINT in modern intelligence operations.
Sprache
Verlagsort
Produkt-Hinweis
Broschur/Paperback
Klebebindung
Maße
Höhe: 231 mm
Breite: 188 mm
Dicke: 28 mm
Gewicht
ISBN-13
978-1-394-35727-7 (9781394357277)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Klassifikation
VINNY TROIA, PhD, is a lifelong hacker, ransomware negotiator, and dark web investigator. Troia's deep knowledge of the cybercriminal underground has placed him at the center of numerous high-profile investigations. He is the CEO of Shadow Nexus, a firm that delivers dark web data and intelligence to national security organizations.
Foreword xix
Introduction xxi
What Does This Book Cover? xxi
Introducing the Guest Experts xxiv
Part I Underground Field Guide 1
Chapter 1 Where We Left Off 3
Where to Start? 3
Summary 10
Chapter 2 A Cybercrime Economy of Stolen Data 11
The Stolen Account Black Market 11
Infostealers 18
Stolen Account Markets 21
The Com aka Scattered Spider 25
Summary 28
Chapter 3 Dark Market Forums 29
Data Marketplaces 29
Verifying and Validating Your Data 41
Summary 46
Chapter 4 Publicly and Commercially Available Information 47
Defining PAI and CAI 48
Data Acquisition and Oversight 50
Open vs. Closed Networks 54
Dark Web Data 58
Please Secure Your Data 71
Summary 72
Part II Open-Source Intelligence 73
Chapter 5 OSINT 101 75
Open-Source Intelligence 77
The Battle for OSINT 82
A System Under Pressure: The 36-Star Memo 89
Funding and Governance 91
OSINT as a Core Discipline 94
Summary 96
Chapter 6 OSINT for National Security 97
A Strategic Shift Toward OSINT 98
Forward Momentum 101
OSINT's Way Forward 108
Streamlining OSINT Efforts 111
Summary 116
Chapter 7 The Future of OSINT 117
Reimagining OSINT 119
A Path Forward 122
HPSCI OSINT Subcommittee 136
Summary 139
Chapter 8 Investigations 141
An OSINT Primer 142
Hunting Cyber Criminals: Cracked.io Edition 148
Summary 156
Chapter 9 OSINT for Human Trafficking 157
Child Sexual Abuse Material 158
Fighting Human Trafficking 161
Identifying ArtBBS 166
Searching for a Trafficked Child 171
Summary 174
Part III Working with Information 175
Chapter 10 Validation as Tradecraft 177
Disinformation 178
Data Validation 181
ETL Automation 195
Summary 196
Chapter 11 Dark Web Data Processing 197
Working with HBL Data 197
Cleaning CSV Files 201
Data Structure and Formatting 205
Processing Headers 213
Summary 220
Chapter 12 Data Loading and Extraction 221
ClickHouse 221
Aleph 239
Summary 242
Chapter 13 Data Analysis and AI 245
Asking Your First Question 246
Identifying Patterns (of Life) 249
Citations 261
Summary 264
Chapter 14 Gathering Human Intelligence 265
HUMINT 266
Crafting a Persona 277
Summary 290
Part IV Snowflake 291
Chapter 15 Setting the Stage 293
John Binns (aka irdev) 294
April 16, 2024 299
Connor Riley Moucka 306
Summary 310
Chapter 16 The First Few Victims 311
The Arrest Document 311
Victim-2 (Telecom) 312
Victim-5 (The Bank) 319
Victim-4 (Entertainment) 322
Summary 332
Chapter 17 Intrusion Analysis 333
Discovering Snowflake 333
Maintaining Persistent Access 339
EPAM and Initial Entry Point 346
Origin of the Stolen Credentials 355
Summary 360
Chapter 18 Breach Timelines and Disclosures 361
Victim Breach Timeline 362
June 28: Ticketek 380
Breach Disclosures 382
Summary 386
Chapter 19 Identifying Moucka 387
Catist's Ego and Immaturity 388
Hunting Catist 392
Catist's Arrest 395
Identifying Catist 397
Being Grey 400
Chapter 20 Epilogue 401
Loose Ends 401
Thank You! 402
Index 405
