Cyber Intelligence From the Deep Web – An Interview with SenseCy CEO Gadi Aviran

Below is a shortened version of an interview with SenseCy CEO, Gadi Aviran. The full interview is available in vpnMentor Blog.

Gadi Aviran is a man of many talents. Formerly the head of the technical intelligence analysis desk at the IDF (Israeli Defense force), Aviran has been involved in technical terror intelligence analysis for over a decade, serving as one of Israel’s leading authorities in the field of Explosive Ordnance Disposal (EOD) and in Disposal of Improvised Explosive Devices (IEDs). Since his retirement from the military, Aviran has founded a number of companies that all deal with different aspects of OSINT/WEBINT intelligence, including SenseCy, where he currently serves as CEO. In this rare interview he talks about cyber intelligent from the detective’s perspective, and explains why successful cyber intelligence can never be done by machines only.

vpnMentor: Please tell us about your personal background and the companies you’re involved in.

Lets not start in the middle ages, we’ll start when I got out of the military and founded a company which ended up being Terrogence in 2004. Terrogence took it upon itself to look for intelligence in the open web, but use a different methodology than what most of the companies out there are doing. Normally, a company would set up crawlers to collect all the data they can, and then look through the data to find those pieces of information that are important for them, but like a needle in the hay, it’s a long and insufficient process.

At Terrogence, we decided to answer questions instead, meaning, we ask our clients what kind of information are they interested in, and use assumed identities or ‘virtual humant’ in order to penetrate and infiltrate closed areas within the web to find the answers.

As time went by, we developed our own technology, which supports us very much in doing what we do. We incorporated a new technological company called “Webintpro”, which provides software solutions for intelligence gathering, while Terrogence remained a service provider.

About 5 years ago we started receiving requests from customers, asking about threats in the cyber domain, and that’s when we started dealing with cyber security. We changed our name to SenseCy about 2 years ago due to market responses to the word ‘Terrogence’, bearing in mind that the market is mainly civilian.

vpnMentor: So what can you tell about the work of SenseCy?

SenseCy is an interesting creature. It’s very focused on the customers, providing them insights from dark and distant parts of the web. In order to do that we look into their DNA and see who’s talking about them, who’s selling their information, who’s interested in their domain, their software and their personal activities, and that gives us a very unique perspective.  There are only about 5-10 companies in the world that actually do what we do, so it’s a very interesting and very challenging business to be in.

We have been operating in the cyber domain for the past 5 years, offering very unique capabilities which attract the attention of potential customers and partners. We represent a very narrow and interesting niche in the cyber protection arena. As you know the industry had gone through a whole set of changes, but at the end of the day the answers are not sufficient; what people are interested in is not how dangerous the web is as a whole, but what are the dangers FOR THEM?

For example, if someone is interested in buying emails of your c-level personnel, or shows specific interest in your company in order to obtain information or funds from and about the company, it’s a dangerous situation for everyone involved. This is what we call a personalized threat, and if you were a target, you’d definitely want to know about it.

vpnMentor: What type of clients do you work with and what types of threats are they facing?

Our customers come from different walks of life. We have of course clients from the finance, health and insurance industries which are constantly threatened by cyber activities, but it’s a changing landscape. Finance used to be the hottest thing and get the most threats, but now we can see that the health industry is becoming a much greater target, because they have information that’s worth a lot of money.

Hackers who do it for money will find whoever’s willing to pay, and exploit them in every way they can. In some cases they may sell the information to many people, or ask their victim to pay a ransom for receiving their data back. As you probably know, ransomware is a huge business these days.

vpnMentor: Surely, money isn’t the only motive for attackers of such scale.

That’s right. Bear in mind though that the world of cyber is segmented into 3 general types of threats. I’ve already mentioned the money-driven hackers. There are also of course state sponsored threats, where we have very little visibility over what is going on. There are exceptions, for instance, in places like Iran, where state and private activities are often mixed up, but generally speaking, we do not investigate or report about state abilities because states normally don’t operate on the web, they do it in a much more private way.

The third type of threat is hacktivism, where each player has his own sources and in some cases his own malware or tools. In their eyes, they do it for “justice”.

Take Anonymous for instance, who attacked Japanese companies and government institutions, including those of Prime Minister Shinzo Abe, the Ministry of Finance, the Financial Services Agency and Nissan Motors, because they endanger dolphins and whales. It used to be that the hacktivists were relatively low key. Their technology wasn’t very advanced and relied mainly on DDOS capability, but that is completely changed now. The tools that are now being used for hacktivism campaigns are the most advanced tools that we are finding, but they are not tools that are made to make money, they are tools made to destruct.

vpnMentor: What is the difference between your work and the work of a professional hacker?

The 2 companies that came out of Terrogence only deal with open source intelligence (OSINT). A source can be a news article in the New York Times, or an Arabic newspaper, which is published online but is only available to people who understand Arabic.

The information can hide behind various doors of privacy but at the end of the day it’s all in the public domain. We don’t hack into sources of information, we don’t use backdoors into them, and we are very overt about what we do.

In addition to our business clients, we’ve also been working for many governments, meaning that what we do is legal. We are very careful not to cross the legality lines, so whenever we’re asked to do something, we look into it, and if a task’s legality is uncertain, we will not follow it through. To sum things up, we are not hackers and we’re not hacker-wanabees: We’re a business. We’ve been doing it for quite a long time and we do it well.

vpnMentor: I suppose as an intelligence provider you’d prefer to remain under the radar.

Yes our work is very tailored, we work for customers that have a name and that name is something we hold very closely. We share some of it in our blog and give lectures here and there, but generally we go into the light very little. We don’t participate in trade conferences and things like that, and it’s not where we find our customers- the customers normally come to us. The fact that I’m talking to you is not something that we normally do.

At the end of the day, it’s an industry of essence. You are not judged by how much PR you have, but by the intelligence that you provide to the customer.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s