As Constella analyzed in the first part of this blog series, which focused on exhibitions in the emerging AI sector, we’ll delve deeper into the risks and vulnerabilities in this field, along with the threat of Infostealer exposures. Constella has evaluated some of the most relevant and utilized tools in the AI field, revealing concerning Infostealer exposures.

Diving Into the Data: Understanding the Impact

Our analysis exposes a stark reality: Over one million user accounts are at risk, predominantly due to devices infected by Infostealers. Among the compromised data, we’ve identified corporate credentials representing a substantial security threat. This discovery highlights the critical need for strengthened protective measures to safeguard sensitive information.

Through our analysis, we have uncovered significant credential exposures at several AI-focused companies, specifically: Openai, Wondershare, Figma, Zapier, Cutout, Elevenlabs, Huggingface, Make, and Heygen among others.

Understanding the Impact of Infostealer Exposures and Taking Action

A threat actor can exploit exposed credentials from AI companies to orchestrate sophisticated attacks, even if multi-factor authentication (MFA) is in use.

Personal account information, when compromised by an infostealer infection, can be exploited through social engineering strategies such as phishing campaigns. These tactics deceive employees into unwittingly providing access or divulging further confidential details. The stakes are particularly high in AI companies, where such breaches can lead to several specific threats:

1. Data Privacy and Confidentiality Risks: Access to AI tools like ChatGPT by unauthorized parties could result in the exposure of sensitive information, violating confidentiality agreements and privacy norms.

• Surveillance and Tracking: Compromised AI systems could be used for covert surveillance, enabling unauthorized tracking of individuals or organizational activities.

• Model Poisoning: Interference with the training data of AI models by malicious entities can corrupt their outputs, producing biased or harmful results and compromising the integrity of the AI applications.

To safeguard against the risks associated with infostealer infections and enhance security in AI environments, consider implementing the following strategies:

• Regularly Update and Patch Systems: Ensure that all systems are up-to-date with the latest security patches. Regular updates can close vulnerabilities that could be exploited by threat actors.

• Monitor and Audit AI Model Inputs and Outputs: Regularly review the inputs and outputs of AI models to detect any signs of model poisoning or other anomalies that could indicate tampering.
• Limit Data Retention: Establish clear data retention policies to reduce exposure risks.

Constella Intelligence, a pioneer in Deep OSINT investigations, unlocks the power of the deep and dark web to uncover cyber criminals and create the world’s most extensive database of malicious actors. This blog delves into Deep OSINT and explores how Constella Intelligence leverages it for superior Cyber-Investigations, Fraud Detection, and Insider Monitoring. 

Finding Actors Beyond the Surface 

Traditional Open-Source Intelligence (OSINT) gathers information from readily available online sources like social media and public records. Deep OSINT ventures far deeper. It delves into the hidden corners of the web, the deep and dark web, uncovering data that was never meant for public eyes. 

Constella Intelligence leverages Deep OSINT to build the world’s largest data lake, which exceeds one trillion digital assets. Even though the raw data from the deep and dark web can be messy and inconsistent, once is processed it can be used at scale:

• Data Normalization Provides Scalability: Constella applies sophisticated data normalization and verification techniques. This ensures the data is formatted consistently and the information is real and not fabricated. Imagine millions of data points from various sources speaking a universal language – that’s the power of data normalization. 

• ID Fusion Algorithms Connect the Dots: Once normalized, Constella’s ID Fusion algorithms take center stage. These advanced algorithms connect the dots, meticulously linking disparate data records into comprehensive profiles of individuals. Social media handles, forum aliases, dark web fingerprints – all these scattered pieces are woven together to create a holistic picture. 

A Digital Treasure Trove for Uncovering Cyber Criminals:  

• Identify Criminals Behind Incidents: After a security incident, Deep OSINT helps identify the perpetrators by tracing their digital footprints across the web. ID Fusion then connects these footprints to build a complete profile of the attacker. Categorization allows you to identify if the attacker is a hacker, a phisher, or an insider based on their past activities and affiliations. 

• Monitor Insider Threats: Mitigate insider threats by uncovering hidden connections, past activities, and potential red flags associated with employees. ID Fusion helps link seemingly unconnected data points to reveal a more comprehensive picture of an employee’s digital footprint, flagging potential insiders. 

• Analyze Third-Party Vendors: Deep OSINT investigations provide a comprehensive analysis of third-party vendors, uncovering potential risks before establishing partnerships. ID Fusion helps ensure a complete vendor profile is established, identifying any inconsistencies or red flags that may indicate money laundering or other illicit activities. 

• Digital Background Checks: Conduct thorough digital background checks on individuals, identifying any concerning activity lurking in the deep and dark web. ID Fusion connects the dots across various data sources to provide a holistic view of the individual’s digital presence, including potential ties to human trafficking or other harmful activities. 

• Advanced KYC (Know Your Customer): Deep OSINT helps verify customer identities with unparalleled thoroughness, uncovering potential discrepancies and preventing fraud. ID Fusion ensures all aspects of a customer’s identity are examined and linked together for a watertight KYC process, identifying potential money launderers or other financial criminals. 

Constella Intelligence’s Database: A Categorized Arsenal Against Malicious Actors 

Constella Intelligence’s database isn’t just vast; it’s meticulously categorized. This categorization allows for targeted searches and identifications. Here’s a glimpse into the malicious actor categories within the database: 

• Hackers: Individuals with advanced technical skills who exploit computer systems for malicious purposes. 
• Carders: Criminals who steal and sell credit card information on the dark web. 
• Hitmen: Individuals who are allegedly hired to commit murder. 
• Pedophiles: Those who engage in illegal activities involving child exploitation.) 
• Phishers: Deceptive individuals who attempt to steal personal information by impersonating legitimate entities. 
• Insiders: Employees or trusted individuals who misuse their access privileges to harm an organization. 
• Money Launderers: Criminals who disguise the source of illegally obtained money. 
• Human Traffickers: Individuals who exploit and trade human beings for forced labor, sexual exploitation, or organ harvesting. 
• Nation-State Actors: Government agencies that engage in cyber espionage or other malicious activities. 

By leveraging Deep OSINT, data normalization, and ID Fusion, Constella Intelligence empowers businesses and security service providers to: 

• Shorten investigation times: Quickly identify the perpetrators behind security incidents. 
• Strengthen insider threat detection: Proactively identify potential insider threats before they can cause harm. 
• Make informed decisions about third-party vendors: Partner with trustworthy vendors who minimize security risks. 
• Conduct comprehensive background checks: Hire with confidence by uncovering any concerning activities in an individual’s digital footprint. 
• Comply with KYC regulations: Ensure robust KYC procedures to prevent money laundering and other financial crimes. 

Deep OSINT: The Future of Security 

Deep OSINT offers a revolutionary approach to security. By integrating Constella Intelligence’s database and expertise into your security measures, you gain a significant advantage in the fight against cybercrime and fraud. Constella Intelligence sets a benchmark for robust digital defense mechanisms in today’s complex threat landscape. 

Don’t Wait Until It’s Too Late: Secure Your Digital World Today 

Deep OSINT is not a luxury; it’s a necessity for robust cybersecurity. Explore how Constella Intelligence can empower you to create new revenue streams, improve customer retention, and ultimately, secure your digital world in the face of ever-evolving threats. 

The rapid proliferation of AI also introduces a new frontier for cyber threats against your digital DNA. As businesses and individuals increasingly adopt AI technologies, they inadvertently become prime targets for cybercriminals. The allure lies in the vast amounts of sensitive data handled by AI applications, spanning from financial records to personal information.

AI has transformed from niche technology into a mainstream powerhouse, revolutionizing industries and reshaping the way we interact with technology. From predictive analytics to autonomous vehicles, AI tools have become indispensable assets for companies seeking efficiency, innovation, and competitive advantage.

Moreover, the predominance of paid tools and services within the AI sector makes it an enticing prospect for cyber attackers seeking economic gain. Breaching AI companies provides access to valuable assets such as bank data, proprietary algorithms, and project details, while exploiting vulnerabilities in AI systems can lead to unauthorized extraction of personal information. Consequently, as we witness the expansion of the AI industry, it’s imperative for businesses and individuals to bolster their defenses against potential breaches and data compromises.

Hackers can read private Ai-assisted chats even though they are encrypted

Recently, security breaches have been reported at prominent companies in the field of Artificial Intelligence (AI), such as Cutout.pro and Leadzen.ai. These incidents have exposed a range of critical data, raising serious concerns about the protection of personal and confidential information.

Cutout.pro, founded in 2018 and based in China, is known for its innovative AI-based image processing technology. The potential attack occurred on February 28, 2024, where approximately 20M records were exposed.

Data exposed in the Cutout.pro breach:

• Email addresses
• Passwords
• Names
• Surnames
• Phone numbers
• IP addresses

On the other hand, Leadzen.ai, established in 2020 and headquartered in India, is known for its lead generation automation platform using AI. The attack potentially happened on March 29th, 2024, and approximately 780K records were compromised.

Data exposed in the Leadzen.ai breach:

• Email
• Full Name
• User Social Networks
• Job Position
• Country
• Location
• Company Information
• Location
• Phone

The compromised data was similar to those exposed on Cutout.pro potential attack, highlighting the critical importance of cybersecurity in an ever-evolving digital environment.

These attacks underscore the urgent need for companies to strengthen their cybersecurity measures and adopt robust practices to protect the sensitive data of their users and employees. In an increasingly interconnected digital world, safeguarding personal and confidential information is crucial to ensuring trust and integrity online.

Types of Attacks and Associated Risks: Given the nature of the data exposed in the breaches at Cutout.pro and Leadzen.ai, companies must be vigilant against several types of cyber threats:

• Phishing and Spear Phishing Attacks: Cybercriminals can use the stolen email addresses and personal information to craft personalized phishing emails, tricking recipients into revealing more sensitive data or downloading malware.
• Identity Theft: With access to full names, job positions, and other personal identifiers, attackers can impersonate individuals to commit fraud or other crimes.
• Financial Fraud: Exposed financial and company information can be used to create fake accounts or authorize fraudulent transactions.

To enhance cybersecurity and protect against the risks associated with the increasing use of AI technologies, consider these three essential tips:

1. Implement Multi-Factor Authentication (MFA): This adds an extra layer of security by requiring more than one form of verification to access accounts, significantly reducing the risk of unauthorized access.
2. Regularly Update and Patch Systems: Keeping software and systems up to date ensures that security vulnerabilities are addressed promptly, reducing the likelihood of exploitation by cybercriminals.
3. Educate and Train Users: Continuous education on the latest cyber threats and safe practices can empower individuals and employees to recognize and avoid potential cybersecurity risks, such as phishing attempts and other social engineering tactics.

As AI technologies continue to advance and become integral to various industries, they also open up new cybersecurity vulnerabilities. Recent breaches at companies like Cutout.pro and Leadzen.ai highlight the importance of stringent security measures. Adopting practices such as multi-factor authentication, regular updates and patches, and ongoing user education can significantly bolster our defenses. These steps are crucial not only for protecting sensitive data but also for preserving trust and integrity in an increasingly digital world, underscoring the need for a collective effort in enhancing our cybersecurity framework.

In an era where digital integration is pervasive, cybersecurity crisis and the threat of cybersecurity breaches has emerged as a formidable challenge, impacting millions across the globe. Recent posts of potential breaches involving EsSalud, Movistar Perú, and Sunarp serve as a stark reminder of these risks, highlighting the critical vulnerabilities within our digital infrastructure.

While Peru’s situation is merely one example that has come to light, the recent acknowledgment of the AT&T breach underscores that this is a widespread issue, affecting countries globally and leaving us, the citizens, feeling increasingly vulnerable to these digital incursions.

EsSalud, a key player in healthcare, potentially saw 3.3 million records exposed, revealing sensitive information such as sex, age, date of birth, address, national ID, and phone number. This breach, dating back to 2021, exemplifies the long-lasting impact of cybersecurity incidents.

According to another threat actor who got access to Movistar Perú, 5 million records including phone numbers, email, national ids, and full names were exposed in a different channel.

Sunarp, the national registry responsible for managing public records in Peru, was potentially another victim of such cyber-attacks, with a significant breach compromising 4 million records until 2019. This breach disclosed a vast array of personal data, encompassing vehicle identification numbers (VINs), owners’ full names, vehicle descriptions, brands, and fabrication dates, thus highlighting the extensive range of personal information that’s vulnerable.

These breaches occur against a backdrop of significant political and social unrest in Peru. The country has been grappling with almost daily protests and political turmoil since December 2021, following the impeachment of President Pedro Castillo Terrones. This political crisis, marked by demands for new general elections and allegations of illegitimacy against President Dina Boluarte Zegarra, has plunged Peru into a state of unrest, affecting its economy, and potentially impacting regional stability​  (Council on Foreign Relations)​​ (Al Jazeera)​​ (Eurasia Review)​.

Threat actors can exploit the vast amounts of personal information exposed by these breaches in several ways. From identity theft, creating fraudulent identities using the detailed personal information available, to targeted phishing campaigns that leverage the specific data points to trick individuals into revealing more information or making payments. Moreover, the exposure of such detailed personal records can facilitate more sophisticated scams, including loan fraud or the creation of fake documents for illegal activities.

To mitigate the risks posed by such breaches, individuals should take proactive steps, including monitoring financial accounts for unauthorized transactions, using credit freezes to prevent unauthorized credit checks, and being vigilant against phishing attempts. Organizations must also bolster their cybersecurity measures, and robust data protection policies to safeguard against future breaches.

In the digital age, the interplay between cybersecurity and political stability is increasingly apparent, with the potential to affect not just individual privacy but also national security and economic prosperity.

Over the past decade, the Deep & Dark Web has emerged as a staggering repository of tens of billions of exposed identities adding up to more than one trillion identity assets exposed, an unprecedented volume that defied all expectations. These identities stem mostly from massive breaches, leakages affecting some of the world’s largest companies and organizations.

Classic Open Source Intelligence (OSINT) primarily depends on publicly available information that individuals consciously choose to share or make public. It involves gathering data from sources like social media, public records, websites, and publications. In this approach, investigators primarily work with data that authors, individuals, or organizations have intentionally put into the public domain. Classic OSINT very often depends on the mistakes or disclosures made by the subjects themselves, as they control what they choose to publish.

In stark contrast Deep OSINT data consists of information that was never intended for such widespread disclosure. It was very hard to imagine 10 years ago that our private information would be share in such scale. That is why Deep OSINT is so powerful in finding connection of bad actors: it’s information that they it was unintended, and they never thought that it would be made public.

Actor Investigations and the Role of Deep OSINT

What makes this reservoir of data truly remarkable is that it encapsulates the digital histories of most internet users spanning the last 15 years. This treasure trove of information has opened new horizons for large-scale investigations into actors operating on the internet.

Examples of this investigations are Reuters investigations of North Korean IT workers using fake names, sham LinkedIn profiles, counterfeit work papers and mock interview scripts,  and the many investigations that Brian Krebs has held taking down criminal networks

It’s crucial to emphasize that this resource should only be harnessed in the realms of fraud and crime investigations, where it can be an invaluable tool in the pursuit of justice and security.

Deep OSINT’s Critical Role in Fraud Detection

Automating these investigations at scale using AI allows the assessment of thousands or even millions of profiles for fraud detection.

In the fight against fraud, deep OSINT plays a pivotal role through:

• Advanced KYC (Know Your Customer)
• KYE (Know Your Employee) screening and Insider Detection,
• Synthetic identity fraud detection, which spots fictitious identities created by merging real and fake information.

By harnessing the power of a data lake consisting of over one trillion assets, Constella Intelligence provides an unparalleled level of detection abilities, crucial in today’s intricate cyber threat landscape.

Deep OSINT as the New Frontier in Cyber Investigations and Fraud

Fraud detection Security service providers and enterprises can benefit immensely from deep OSINT capabilities. As evidenced by Constella Intelligence, whose expertise in AI-driven identity risk intelligence and deep OSINT investigations has set a benchmark in the industry, the integration of deep OSINT into security measures is not just an option—it is a necessity for robust digital defense mechanisms.

Never before have our identities been so publicly available, minimizing privacy.

From our exact location (mobile phone GPS) to evolving physical appearances (Instagram) and even our internal thoughts (X, formally-Twitter), the internet is a treasure trove for validating and attributing identity and intentions.

The birth of the OSINT expert

The explosion of Open Source Intelligence (OSINT) professionals shows us that a lot of skill and effort is involved to weave together all this personal exposure into an actionable piece of intelligence. If there was a magic button to profile an identity, we wouldn’t need OSINT experts. Far from falling victim to automation, the OSINT expert community is actually booming.

The OSINT community is full of helpful ‘How to’ guides and libraries showcases 100s of tools to help finding people. Yes, Social Media is a primary source, but from wedding gift registries, flight records, archived webpage capture, vehicle history and electoral rolls, there’s plenty more to keep an investigator busy when identifying someone.

OSINT done right is a highly specialized and laborious task. And it’s only getting harder.

Criminals are painting us into a corner – minimizing privacy

Meta recently stopped API access to Facebook Groups, and in 2023 X started what many deem as phase one of monetizing or gating API access to its rich content.

This comes just as End-2-End Encryption (E2EE) is being rolled out in earnest across all remaining social messengers. A perfect storm for OSINT investigators. Less data (or exclusionary data) equals less intelligence.

For the sake of privacy, many welcome these initiatives, and indeed privacy is often the trigger for these policies in the first place. But you don’t need to go far to find investigators, especially tasked with unmasking criminals, unhappy with this direction.

Such is the reaction from OSINT community that one start up even became a privacy champion in response to X’s API restrictions , switching from consuming X … to protecting users from X.

This response from the market is to be expected. Without co-dependence between platforms and 3^rd parties, a quasi-adversarial culture of VPNs, privacy tools and takedown services have sprung up in response.

Identity: A weapon for criminals

But a boom in any market brings with it fraudsters and manipulators. There are criminals in all walks of life. Ironically, the privacy industry can’t escape identity thieves.

For example, Brian Krebs (with the help of Constella) recently investigated various consumer data brokers and people-search providers – such as OneRep and Radaris – both of which have links to Belarus and Russia… respectively raising suspicions.

Criminals have more options: more privacy tools at their disposal…to fight an increasingly disjointed enemy of manual OSINT investigators, regulators and privacy activists.

Identity: A weapon for us

Here’s where we believe exposed identity data – that is, the mass dumps of identity information found online – can changes things for the better.

Apart from the obvious protection that being aware of exposed credentials offer individuals and business (social engineering, ATO and synthetic ID fraud remain top threat vectors of attack), exposed identity data fills the gap for an OSINT investigator searching for an effective response to new online profiling obstacles.

As outlined by Krebs above, and in countless other OSINT investigations, aliases identified in breached datasets join the dots between people and networks the surface web cannot resolve by itself. What’s more, it’s a dataset which, by its nature, can’t be put back in the box and subject to takedown. It’s a decentralized and uncontrolled treasure chest. There’s nothing a criminal can do to stop it.

By Lindsay Whyte

How are we revolutionizing identity theft with AI? In an age where digital footprints are as unique as fingerprints, the concept of identity has become the new perimeter in cybersecurity. Each compromised identity represents a potential vulnerability, an entry point that can be exploited through sophisticated identity attacks. Against this backdrop, Constella Intelligence leads the charge against digital identity threats with a cutting-edge, AI-driven approach. This comprehensive strategy not only anticipates potential threats but also actively engages users in safeguarding their digital presence through innovative technologies and simulations. Here’s a closer look at how Constella is reshaping the landscape of identity theft protection.

Introduction to AI-Driven Identity Theft

As we navigate the digital age, marked by unparalleled connectivity and convenience, we’re also faced with sophisticated threats to personal identity security. Cybercriminals are constantly crafting new methods to exploit personal information for malicious ends. In response, Constella Intelligence harnesses the power of Artificial Intelligence (AI) to establish a dynamic and robust defense mechanism. This initiative goes beyond merely responding to threats, aiming instead to preempt them and marking a proactive shift in the cybersecurity paradigm.

Simulating Fraudsters’ AI Tools to Gather Information

In the shadowy corners of the internet, a service known as FraudGPT is being sold to criminals eager to exploit AI for malicious purposes. Constella’s response is to fight fire with fire. By employing the same advanced AI technologies used by cybercriminals, Constella introduces AI-Driven Identity Resolution as a shield against identity theft. This method utilizes Constella’s vast data repositories to generate a sophisticated risk intelligence graph, crafting a detailed Risk Profile for each individual.

This approach delves deep into the digital identity mosaic of each user, examining Personally Identifiable Information (PII), online behaviors, and social connections to uncover vulnerabilities. By comprehending the intricate web of a user’s digital life, Constella can anticipate and neutralize potential threats with unparalleled precision. This proactive defense mechanism provides users with a personalized shield, leveling the playing field in the ongoing battle for digital security.

Hypertargeted Attack Simulations with AI

A fundamental aspect of Constella’s strategy for user education and preparedness is the deployment of hypertargeted attack simulations. These AI-powered simulations are intricately designed based on the specific vulnerabilities and exposed data of an individual. By simulating realistic scam scenarios, Constella offers a safe and informative environment for users to learn, react, and adapt. Far from being generic, these simulations are tailor-made to reflect the threats that an individual is most likely to face, significantly enhancing the learning experience. This hands-on approach equips users with the ability to discern and counteract identity theft attempts, thus bolstering their digital resilience.

Setting a New Standard – Revolutionizing Identity Theft Protection

Constella Intelligence’s AI-driven approach to identity theft protection heralds a paradigm shift in cybersecurity. Through meticulous monitoring, personalized scam simulations, and an emphasis on user education, Constella tackles not just the symptoms of digital threats but their root causes. By empowering users to defend themselves effectively, Constella not only boosts individual security but also fosters a safer digital ecosystem for all.

As digital threats continue to evolve, the importance of informed, proactive individuals in the fight against identity theft cannot be overstated. Constella’s initiative serves as a testament to the belief that in this battle, an educated user is the best defense, underscoring the critical role of each digital identity in the broader cybersecurity perimeter.

In the dynamic landscape of cybersecurity, Constella transcends its role as a data company, revolutionizing Identity Risk through cutting-edge AI-driven intelligence. The new AI model leverages Constella’s vast repository of greater than one trillion assets to protect Identity Theft and assess Identity Risk.  

From a Massive Data Lake into an Intelligence Risk Graph 

Constella has transformed its extensive identity data lake, sourced from various internet domains, including the Dark Web and social media, into a sophisticated risk intelligence graph that gathers all the different exposed information from a person through 15 years of activity, providing a complete Surface of Attack and comprehensive Risk Profile. 

A New Era of Identity Theft Protection: AI-Driven Scam Simulations 

As the leader in Digital Identity Theft monitoring, Constella focuses on proactive defense mechanisms against identity theft by scanning underground communities for unauthorized information exposure.  

This new phase introduces an advanced AI model designed to produce simulated hyper-targeted and customized identity scams, serving as a crucial educational and awareness tool. Constella aims to train and educate consumers about potential cyber-attacks by simulating real attacks from a criminal’s perspective. 

Each compromised identity in the hands of criminals represents a potential vulnerability that targeted identity attacks will exploit. The new AI-driven simulations mimic those attacks, building a human firewall to protect themselves in the digital world better. 

An Investigation Copilot to Reveal Bad Actors  

Constella’s data lake also powers fraud, law enforcement OSINT investigation teams Uncover bad actors and insiders with unparalleled depth, enabling a new level of scrutiny in the fight against cyber threats. 

With Constella’s AI model, investigators now have access to an AI Copilot that automates the investigation and assessment of potential bad actors on an unprecedented scale. The actual process of pivoting, finding new data, reviewing, and pivoting again is now done by the Copilot, gaining great efficiency for the investigators. 

Monitoring Identity Risk at Scale to Protect from Fraud 

Leveraging Constella’s data lake with a rich digital history spanning 15 years, the new Constella AI automatically assesses millions of identities, offering fraud teams a powerful new tool to combat online fraud.    

Key applications include: 

Screening at Onboarding (KYC): Identifying and preventing onboarding of bad actors and risky profiles using 15 years of user activity history while preserving privacy. 

Detection of Synthetic Identities: Simulating and scoring the risk of new onboarded users being fake or fabricated. 

Automatic Monitoring of Potential Insiders: Vigilantly tracking organizational activities to promptly identify and address insider threats. 

A Company Transformation into an Intelligence Powerhouse 

The leap from a data-centric company to an intelligence-focused organization marks a significant milestone for Constella. The automation of AI Identity Resolution, coupled with Identity Theft scam generation provided by Generative AI Large Language Models, enables the creation of thorough attack surfaces and customized scam simulations to protect and educate users.  This transition reflects a significant evolution in the fight against cybercrime. Constella, now an intelligence hub, is a testament to innovation’s power in creating a safer digital world. 

Stay informed and prepared. In the digital age, knowledge is not just power but protection.