Our browsers only show us a small section of the internet. Beneath the visible sites of the internet lie a series of encrypted sites making up what you know as the Dark Web, a catch-all term for sections of the internet inaccessible without specific software. In the 1990’s, a group of researchers for the Department of Defence wanted a way for spies across the globe to communicate. They imagined an anonymised and encrypted network, an internet hidden beneath our current one, unknown to all, which would serve the intelligence community. But, in order to do that, they needed other noise, other civilian traffic, to hide the spies’ communications. The Naval Research Laboratory freely released the core principle of open-source software like The Onion Router (TOR) which randomly bounces encrypted traffic around the globe. If you asked The Tor Project, the non-profit now responsible for maintaining the TOR network, they would say the goal is allowing activists and dissidents to access material through a firewall. The anonymity granted by TOR attracted not just dissidents and activists but criminals. Within a short time the Dark Web was a haven for illegal activity across the world, offering a platform for drugs, weapons, ransomware, and human trafficking. Whether TOR is a good or a bad is an academic question according to Dr. Gareth Owenson, CTO and co-founder of Searchlight. “At the end of the day there is a substantial and malicious criminal element that society needs to be informed of and protected against.”
Protection drove Searchlight’s founders from the start of their careers. Ben Jones, the CEO and co-founder of Searchlight, spent years as an aerospace engineer working with military defence aircraft but soon realised the field did not align with his personal desire to do social good. “I realised that I wanted to run a business which could make a profit but also benefit wider society.” Ben transitioned into looking at systems rather than hardware, working with the University of Portsmouth on cybersecurity projects. Here he reconnected with his co-founder and CTO Dr. Gareth Owenson, a long time-friend from primary school and an expert with over a decade of experience in cybersecurity. As he said, “I’ve been working in cybersecurity since it was still called computer security”. In his academic career, Gareth has been published in papers on the cryptocurrency networks and encrypted networks which make up the Dark Web. Together they established Searchlight Security with a unique mission of providing a social good, protecting all elements of society from threat actors working and coordinating undetected with TOR, in addition to profitability.
They started from the beginning, with Greek mythology. Well not exactly. Searchlight began with Cereberus, named after the mythical three-headed hound of hell which keeps wrongdoers in the Underworld. Searchlight’s Cerberus was after a similar goal, keeping threat actors contained within the Dark Web and policing the underground economy. The Cerberus investigative platform catapulted Searchlight into the market. Within 3 months of developing the prototype Searchlight was running a paid proof of concept for the UK government which turned into a long-term contract two months later. What made the product so valuable was its ability to turn a thread of information, such as a potentially compromised IP address, into a far-reaching analysis of its presence on the Dark Web. The firewalls company’s spend time and money developing to protect against attacks from certain vectors won’t stop a breach from compromised credentials floating around the Dark Web. With Cerberus companies could examine the potential threats to their business beyond firewalls, looking at who was selling their information and the capabilities of threat-actors.
But, as with most investigations, Cerberus needed an investigator. “With a system like [Cerberus] it is very analyst driven,” Ben admitted, “and, so, you need a skilled analyst to be able to deliver on the product.” The time and availability of skilled analysts drove the usability of Searchlight’s project. So Searchlight began working on a product which would automate the essential functions of their investigative platform, releasing Dark IQ after 3 years to do exactly this. Since the release of Dark IQ, and with established trust in law enforcement, Searchlight has been expanding into the commercial sphere. “More and more we are looking at the pre-attack threat and auditing space, while continued automation and integration expand DarkIQ’s usability. Being able to establish the threat and continue to monitor it,” Jones said. Consider the purchase of a new company. “Currently, they may check the financials or what their credit statements are. But, at the moment, checking their cybersecurity and whether they’ve been breached and what data is being held for ransom is not available.”
And then of course, there’s the threat from Russia on Western infrastructure. Something which Owenson says is not unusual. “There’s certainly been an uptick in Russian attacks on Western infrastructure, which is not a new phenomenon. We’ve also seen some of the ransomware groups which are often based in Russia taking particular positions in favour of or against the Russian government… but a lot of these groups are implicitly supported by the Russian government so they want to be seen as aligned with the Russian government, otherwise they risk getting chucked in jail for what they’ve been doing.”
Jones added that quite often some of these rumours or gangs’ considerations of their next targets can get started in dark web forums, so if someone was looking to test certain positions or leak certain information, sometimes monitoring these forums can help detect what’s going on to pre-empt cyberattacks.
In cybersecurity there are few companies with as significant of a human impact as Searchlight Security. This is something the founders take pride in, as does the rest of the team at Searchlight: “We’re a mission-based company. It’s rewarding work because you’re doing a greater good. We do have stories that we share within the company where we have had direct impact on individuals’ lives and also on companies as a whole – we’ve helped prevent attacks, so there is real value in getting up and going to work in the morning and being a part of that,” Jones said.
Consequently, the team is also hiring and looking to expand by partnering with managed security service providers (MSSPs) or large enterprises with their own SOCs who can use narrowly focused, actionable intelligence, without spending lots of time analysing too many alerts and trawling through big data sets.