Stay ahead of cyber threats with immersion-style training in Reston, VA! Save $150 thru 1/29.

SANS Security Insights

The Dark Side of Threat Research

White hat threat researchers, security pros and cyber investigators share tips for protecting their personal lives from bad guys they encounter online.

By Deb Radcliff, Creative Director, SANS Analyst Program

Before starting any cyber investigation into the dark web, Bryan Seely scrubs his social media profiles, creates a fake identity, opens an anonymous Google voice account and buys a new burner phone. These are just a few safeguards he takes to protect himself from being attacked by some of the shadowy characters he interacts with online during his dark-web research.

"I've had death threats appear in texts and online. Probably some of my sources that I got information from while I was doing the shady work and was pretending to be someone I wasn't," says Seely, an ethical hacker and speaker known for pranking the Secret Service, FBI and White House during live demonstrations.

Seely's not paranoid; he's careful. Those responsible for the glut of malware and cybercrime are not nice people. And their elite black hat skills make them dangerous enemies to have.

"There's a lot of vigilantism on the dark web and in the whole online community," says Mark D. Rasch, cyber attorney and investigator. "If you piss someone off, they'll make death threats and will come after you using cyber and physical means to get to you."


The bad guys retaliate by trying to find human weaknesses that they can use as leverage. (Such was the case in my previous blog on mental health). So it's important to go through your digital history and scour old blog and social media posts, delete old email accounts, ensure old court records are closed and sealed, etc.

"When you go that deep, you have to understand that anything and everything can and will be used against you by people who want to discredit you," says a security pro who asked not to be identified. "Say that you were busted for shoplifting at 17, burned the flag when you were 19, told a dirty joke or commented on a questionable video on the internet. If it can be found, they will find it and use it against you."

Fake a New Identity

Beyond assessing your risk and scrubbing your social media and online accounts, experts also recommend creating a fake, but believable identity.

"I proxy to other parts of the world, build a new identity as comprehensive as I can with social media accounts, create a different origin story, and don't tie anything back to anything that can be secondary or tertiary tied to me," says John Toney, a former government agent who now runs a cyber intelligence practice group in the private sector. "The bad people in this space are very good at doing their own investigations and tying things back to you."

Also be sure to use disposable technologies, including a disposable VPN, and isolate your research systems from your personal and business systems. To protect against unwanted spyware, be careful what you download, adds Toney. Searching images for steganography, for example, can introduce unwanted malware.

Keep a Low Profile

Finally, Seely advises staying out of the limelight, no matter how magnificently you took down that botnet network or ransomware operator. Seely adds that when he became a public figure, the threats against him escalated.

"Don't go public just because your employer asks," Seely adds. "They don't always have your best interests at heart."

Each of the investigators and researchers interviewed for this blog agrees that the onus is on the employees (rather than the employers) to protect themselves and their families from counterattacks by the criminal groups they encounter during their research or investigations.

"Your best bet is to take every precaution to protect yourself," says the anonymous security pro quoted earlier in this blog. "Be diligent, but not paranoid."

Shameless SANS Promotion

For more ways to protect yourself and set up for dark web research, check out our new SANS course on Open Source Intelligence here.

Post a Comment


* Indicates a required field.