Over the past decade, the Deep & Dark Web has emerged as a staggering repository of tens of billions of exposed identities adding up to more than one trillion identity assets exposed, an unprecedented volume that defied all expectations. These identities stem mostly from massive breaches, leakages affecting some of the world’s largest companies and organizations.

Classic Open Source Intelligence (OSINT) primarily depends on publicly available information that individuals consciously choose to share or make public. It involves gathering data from sources like social media, public records, websites, and publications. In this approach, investigators primarily work with data that authors, individuals, or organizations have intentionally put into the public domain. Classic OSINT very often depends on the mistakes or disclosures made by the subjects themselves, as they control what they choose to publish.

In stark contrast Deep OSINT data consists of information that was never intended for such widespread disclosure. It was very hard to imagine 10 years ago that our private information would be share in such scale. That is why Deep OSINT is so powerful in finding connection of bad actors: it’s information that they it was unintended, and they never thought that it would be made public.

Actor Investigations and the Role of Deep OSINT

What makes this reservoir of data truly remarkable is that it encapsulates the digital histories of most internet users spanning the last 15 years. This treasure trove of information has opened new horizons for large-scale investigations into actors operating on the internet.

Examples of this investigations are Reuters investigations of North Korean IT workers using fake names, sham LinkedIn profiles, counterfeit work papers and mock interview scripts,  and the many investigations that Brian Krebs has held taking down criminal networks

It’s crucial to emphasize that this resource should only be harnessed in the realms of fraud and crime investigations, where it can be an invaluable tool in the pursuit of justice and security.

Deep OSINT’s Critical Role in Fraud Detection

Automating these investigations at scale using AI allows the assessment of thousands or even millions of profiles for fraud detection.

In the fight against fraud, deep OSINT plays a pivotal role through:

• Advanced KYC (Know Your Customer)
• KYE (Know Your Employee) screening and Insider Detection,
• Synthetic identity fraud detection, which spots fictitious identities created by merging real and fake information.

By harnessing the power of a data lake consisting of over one trillion assets, Constella Intelligence provides an unparalleled level of detection abilities, crucial in today’s intricate cyber threat landscape.

Deep OSINT as the New Frontier in Cyber Investigations and Fraud

Fraud detection Security service providers and enterprises can benefit immensely from deep OSINT capabilities. As evidenced by Constella Intelligence, whose expertise in AI-driven identity risk intelligence and deep OSINT investigations has set a benchmark in the industry, the integration of deep OSINT into security measures is not just an option—it is a necessity for robust digital defense mechanisms.

Never before have our identities been so publicly available, minimizing privacy.

From our exact location (mobile phone GPS) to evolving physical appearances (Instagram) and even our internal thoughts (X, formally-Twitter), the internet is a treasure trove for validating and attributing identity and intentions.

The birth of the OSINT expert

The explosion of Open Source Intelligence (OSINT) professionals shows us that a lot of skill and effort is involved to weave together all this personal exposure into an actionable piece of intelligence. If there was a magic button to profile an identity, we wouldn’t need OSINT experts. Far from falling victim to automation, the OSINT expert community is actually booming.

The OSINT community is full of helpful ‘How to’ guides and libraries showcases 100s of tools to help finding people. Yes, Social Media is a primary source, but from wedding gift registries, flight records, archived webpage capture, vehicle history and electoral rolls, there’s plenty more to keep an investigator busy when identifying someone.

OSINT done right is a highly specialized and laborious task. And it’s only getting harder.

Criminals are painting us into a corner – minimizing privacy

Meta recently stopped API access to Facebook Groups, and in 2023 X started what many deem as phase one of monetizing or gating API access to its rich content.

This comes just as End-2-End Encryption (E2EE) is being rolled out in earnest across all remaining social messengers. A perfect storm for OSINT investigators. Less data (or exclusionary data) equals less intelligence.

For the sake of privacy, many welcome these initiatives, and indeed privacy is often the trigger for these policies in the first place. But you don’t need to go far to find investigators, especially tasked with unmasking criminals, unhappy with this direction.

Such is the reaction from OSINT community that one start up even became a privacy champion in response to X’s API restrictions , switching from consuming X … to protecting users from X.

This response from the market is to be expected. Without co-dependence between platforms and 3^rd parties, a quasi-adversarial culture of VPNs, privacy tools and takedown services have sprung up in response.

Identity: A weapon for criminals

But a boom in any market brings with it fraudsters and manipulators. There are criminals in all walks of life. Ironically, the privacy industry can’t escape identity thieves.

For example, Brian Krebs (with the help of Constella) recently investigated various consumer data brokers and people-search providers – such as OneRep and Radaris – both of which have links to Belarus and Russia… respectively raising suspicions.

Criminals have more options: more privacy tools at their disposal…to fight an increasingly disjointed enemy of manual OSINT investigators, regulators and privacy activists.

Identity: A weapon for us

Here’s where we believe exposed identity data – that is, the mass dumps of identity information found online – can changes things for the better.

Apart from the obvious protection that being aware of exposed credentials offer individuals and business (social engineering, ATO and synthetic ID fraud remain top threat vectors of attack), exposed identity data fills the gap for an OSINT investigator searching for an effective response to new online profiling obstacles.

As outlined by Krebs above, and in countless other OSINT investigations, aliases identified in breached datasets join the dots between people and networks the surface web cannot resolve by itself. What’s more, it’s a dataset which, by its nature, can’t be put back in the box and subject to takedown. It’s a decentralized and uncontrolled treasure chest. There’s nothing a criminal can do to stop it.

By Lindsay Whyte

How are we revolutionizing identity theft with AI? In an age where digital footprints are as unique as fingerprints, the concept of identity has become the new perimeter in cybersecurity. Each compromised identity represents a potential vulnerability, an entry point that can be exploited through sophisticated identity attacks. Against this backdrop, Constella Intelligence leads the charge against digital identity threats with a cutting-edge, AI-driven approach. This comprehensive strategy not only anticipates potential threats but also actively engages users in safeguarding their digital presence through innovative technologies and simulations. Here’s a closer look at how Constella is reshaping the landscape of identity theft protection.

Introduction to AI-Driven Identity Theft

As we navigate the digital age, marked by unparalleled connectivity and convenience, we’re also faced with sophisticated threats to personal identity security. Cybercriminals are constantly crafting new methods to exploit personal information for malicious ends. In response, Constella Intelligence harnesses the power of Artificial Intelligence (AI) to establish a dynamic and robust defense mechanism. This initiative goes beyond merely responding to threats, aiming instead to preempt them and marking a proactive shift in the cybersecurity paradigm.

Simulating Fraudsters’ AI Tools to Gather Information

In the shadowy corners of the internet, a service known as FraudGPT is being sold to criminals eager to exploit AI for malicious purposes. Constella’s response is to fight fire with fire. By employing the same advanced AI technologies used by cybercriminals, Constella introduces AI-Driven Identity Resolution as a shield against identity theft. This method utilizes Constella’s vast data repositories to generate a sophisticated risk intelligence graph, crafting a detailed Risk Profile for each individual.

This approach delves deep into the digital identity mosaic of each user, examining Personally Identifiable Information (PII), online behaviors, and social connections to uncover vulnerabilities. By comprehending the intricate web of a user’s digital life, Constella can anticipate and neutralize potential threats with unparalleled precision. This proactive defense mechanism provides users with a personalized shield, leveling the playing field in the ongoing battle for digital security.

Hypertargeted Attack Simulations with AI

A fundamental aspect of Constella’s strategy for user education and preparedness is the deployment of hypertargeted attack simulations. These AI-powered simulations are intricately designed based on the specific vulnerabilities and exposed data of an individual. By simulating realistic scam scenarios, Constella offers a safe and informative environment for users to learn, react, and adapt. Far from being generic, these simulations are tailor-made to reflect the threats that an individual is most likely to face, significantly enhancing the learning experience. This hands-on approach equips users with the ability to discern and counteract identity theft attempts, thus bolstering their digital resilience.

Setting a New Standard – Revolutionizing Identity Theft Protection

Constella Intelligence’s AI-driven approach to identity theft protection heralds a paradigm shift in cybersecurity. Through meticulous monitoring, personalized scam simulations, and an emphasis on user education, Constella tackles not just the symptoms of digital threats but their root causes. By empowering users to defend themselves effectively, Constella not only boosts individual security but also fosters a safer digital ecosystem for all.

As digital threats continue to evolve, the importance of informed, proactive individuals in the fight against identity theft cannot be overstated. Constella’s initiative serves as a testament to the belief that in this battle, an educated user is the best defense, underscoring the critical role of each digital identity in the broader cybersecurity perimeter.

In the dynamic landscape of cybersecurity, Constella transcends its role as a data company, revolutionizing Identity Risk through cutting-edge AI-driven intelligence. The new AI model leverages Constella’s vast repository of greater than one trillion assets to protect Identity Theft and assess Identity Risk.  

From a Massive Data Lake into an Intelligence Risk Graph 

Constella has transformed its extensive identity data lake, sourced from various internet domains, including the Dark Web and social media, into a sophisticated risk intelligence graph that gathers all the different exposed information from a person through 15 years of activity, providing a complete Surface of Attack and comprehensive Risk Profile. 

A New Era of Identity Theft Protection: AI-Driven Scam Simulations 

As the leader in Digital Identity Theft monitoring, Constella focuses on proactive defense mechanisms against identity theft by scanning underground communities for unauthorized information exposure.  

This new phase introduces an advanced AI model designed to produce simulated hyper-targeted and customized identity scams, serving as a crucial educational and awareness tool. Constella aims to train and educate consumers about potential cyber-attacks by simulating real attacks from a criminal’s perspective. 

Each compromised identity in the hands of criminals represents a potential vulnerability that targeted identity attacks will exploit. The new AI-driven simulations mimic those attacks, building a human firewall to protect themselves in the digital world better. 

An Investigation Copilot to Reveal Bad Actors  

Constella’s data lake also powers fraud, law enforcement OSINT investigation teams Uncover bad actors and insiders with unparalleled depth, enabling a new level of scrutiny in the fight against cyber threats. 

With Constella’s AI model, investigators now have access to an AI Copilot that automates the investigation and assessment of potential bad actors on an unprecedented scale. The actual process of pivoting, finding new data, reviewing, and pivoting again is now done by the Copilot, gaining great efficiency for the investigators. 

Monitoring Identity Risk at Scale to Protect from Fraud 

Leveraging Constella’s data lake with a rich digital history spanning 15 years, the new Constella AI automatically assesses millions of identities, offering fraud teams a powerful new tool to combat online fraud.    

Key applications include: 

Screening at Onboarding (KYC): Identifying and preventing onboarding of bad actors and risky profiles using 15 years of user activity history while preserving privacy. 

Detection of Synthetic Identities: Simulating and scoring the risk of new onboarded users being fake or fabricated. 

Automatic Monitoring of Potential Insiders: Vigilantly tracking organizational activities to promptly identify and address insider threats. 

A Company Transformation into an Intelligence Powerhouse 

The leap from a data-centric company to an intelligence-focused organization marks a significant milestone for Constella. The automation of AI Identity Resolution, coupled with Identity Theft scam generation provided by Generative AI Large Language Models, enables the creation of thorough attack surfaces and customized scam simulations to protect and educate users.  This transition reflects a significant evolution in the fight against cybercrime. Constella, now an intelligence hub, is a testament to innovation’s power in creating a safer digital world. 

Stay informed and prepared. In the digital age, knowledge is not just power but protection. 

6 Steps for Digital Risk Protection to Safeguard Your Data

Improve your cybersecurity hygiene and reduce exposure.

Digital risk means compromised credentials or other sensitive data falls into the wrong hands, and it can have serious financial consequences as well as negatively impact your brand reputation.

Protect your employees and organization from digital risk such as credential theft and data leakage that could lead to account takeover, ransomware, and other cyber threats by employing these 6 Steps for digital risk protection:

Prevent identity thieves from impersonating key staff and executives.

Mandate the use of virtual private networks (VPNs), password management applications that automatically change passwords, and multifactor authentication (MFA). Secure, encrypted, remote access to the company’s network reduces the potential for unauthorized access.

Protect corporate brands from online disinformation campaigns.

Continuously monitoring the internet and the Dark Web for organized activity that impersonates or misrepresents your brand. Advance warning alerts protect your corporate reputation from digital risk before it’s too late.

Protect personally identifiable information (PII) for Key Employees and their families.

Proactive employee monitoring uncovers employee compromised credentials for sale on the Dark Web – before phone numbers, locations, and other information can be used to build impersonation profiles.

Minimize ransomware and ATO attacks by securing sensitive employee data and accounts.

Wherever that data might reside. Corporate computers, tablets, and smartphones need standardized security directed by a centralized internal authority. Strongly consider extending protection to personal devices for executives and essential staff.

Strictly segregate corporate and personal devices and accounts.

Avoid using personal laptops or devices for work purposes to ensure that poor digital risk protection & data hygiene outside the office does not put your business at risk.

Mandate cybersecurity awareness training of all employees.

Ongoing training and regular reviews will combat compliance fatigue. Consider ongoing incentives to ensure continued good practices and rapid recognition and reporting for suspicious emails, texts, files, or activity.

Finally, treat this process as a continuous cycle for digital risk protection and reduction rather than a final checklist. Go back to the beginning regularly, starting with a Cyber Exposure Risk Assessment to see if you or your company is at risk.

These steps’ powerful benefits include:

• Corporate and personal protection for brand equity, finances, credit ratings, and reputation
• Fewer spam and phishing emails
• Lower risk of account compromise or credential theft
• Better control over personal and corporate data usage across the internet

Find out if you have been exposed – FREE.

CHECK YOUR EXPOSURE RISK

In response to the growing concerns surrounding AI-driven identity scams, Constella is not only taking steps to understand and reproduce these harmful tools but is also leveraging the potential of our trained Language Models (LLMs) and Generative AI to prepare our users against potential scams.

One of our strategic initiatives is to simulate customized scams using the specific exposed data of our users in a safe and secure environment. The aim is to alert and educate users about how their information could potentially be used in scams and provide them with an experiential learning opportunity to respond appropriately. This will help users understand the potential risks they face, the form that these attacks may take, and the possible tactics scammers could employ.

Training Users through Personalized Simulations

As an Identity Theft protection company, we possess a unique advantage in our battle against AI-driven identity scams: a spectrum of exposed attributes, including Personally Identifiable Information (PII), related parties, and online activity that we collect to alert exposed users. Rather than letting this information lie dormant, we leverage it to construct a vulnerability profile – a Surface of Attack – by compiling users exposed data, we gain insights that enable us to create a detailed profile – a digital identity mosaic that delves into their lives, both personal and professional. This comprehensive understanding goes beyond the mere surface level, allowing us to craft an intricate picture of their attributes, behaviors, job roles, hobbies, and even relationships. With this intricate web of information, we can gain the power to anticipate the strategies malicious actors might employ. Generating AI-driven narratives that simulate scams based on this gathered information enables us to provide users with a virtual battleground where they can master the art of defense.

Building Human Defenses for AI-Driven Identity Scams

Imagine a scenario where a user is presented with a simulated scam tailored to their unique attributes. This simulated scam mirrors real-world tactics that attackers might employ. The user is then guided through the intricacies of identifying red flags, evaluating risks, and making informed decisions. It’s not merely theoretical education; it’s a hands-on experience that cultivates practical skills. Users learn to discern fraudulent schemes from genuine interactions, ultimately arming themselves with the ability to outsmart even the most sophisticated AI-generated threats.

The beauty of this approach lies in its dynamic nature. Just as the threat landscape is in constant flux, our strategy evolves in tandem. The Surface of Attack adapts, incorporating new exposed information that become attack vectors. This adaptability ensures that users are continuously trained making the “Human Firewall” an ever-vigilant shield against the onslaught of AI-driven scams.

In this age of unprecedented digital connectivity, arming ourselves against AI-driven identity scams requires a multi-faceted approach. Constella’s fusion of user data analysis, AI-generated simulations, and personalized training is poised to rewrite the rules of engagement. Through this holistic strategy, we don’t just fend off threats – we empower our users to become sentinels of their own digital realms.

Conclusion: The Unyielding Power of the Informed User

In a digital landscape fraught with ever-evolving threats, relying solely on automated defenses or conventional protective mechanisms is no longer sufficient. The stark reality is that the most technologically advanced defense systems can still be compromised if the end user remains uninformed or unprepared.

At Constella, we firmly believe that the most robust line of defense is the user themselves. By providing them with the tools, experiences, and knowledge to recognize and combat AI-driven scams, we’re empowering individuals to stand as sentinels of their digital domains. It’s akin to equipping a city not just with walls and watchtowers, but with vigilant, well-trained guards at every possible point of entry.

Every simulation we create, every potential scam we expose, and every experiential lesson we offer is a step towards molding our users into the ultimate deterrent against cyber threats. It’s not just about identifying the dangers out there; it’s about understanding one’s own vulnerabilities and turning them into strengths.

In our journey towards a safer digital future, technology will undoubtedly play an instrumental role. However, the human element – informed, alert, and proactive – remains irreplaceable. At the heart of Constella’s strategy lies this belief: that in the battle against AI-driven identity scams, a well-prepared human mind is, and will always be, the most formidable asset we possess.

Twitter
Linkedin

Julio Casal

CIO & Founder

In the vast realm of cyber threats, where hackers and cybercriminals are constantly honing their skills, one danger that often flies under the radar is cookie capture. Cookies, those innocuous-looking bits of data stored on your computer, play a crucial role in modern web browsing. However, they have also become a prime target for cyber attackers looking to gain unauthorized access to sensitive information. In this blog post, we will delve into the dangers posed by cookie capture in the realm of cyber security and explore how you can safeguard yourself against this stealthy threat.

Understanding Cookies

Cookies are small pieces of data that websites store on your computer to remember information about your interactions. They can store user preferences, login credentials, and even items in your shopping cart. These files are meant to enhance your browsing experience by saving you from having to re-enter information every time you visit a site.

The Dangers of Cookie Capture

1. Session Hijacking: One of the most significant dangers associated with cookie capture is session hijacking, also known as session replay or session theft. If a hacker manages to intercept your cookie data, they can impersonate you and gain access to your online accounts without needing your login credentials. This can lead to unauthorized access to your email, social media, or even financial accounts.

2. Cross-Site Scripting (XSS): Cyber attackers can exploit vulnerabilities in websites to inject malicious scripts that capture cookies from unsuspecting visitors. This can allow the attacker to steal user cookies and potentially gain unauthorized access to the victim’s accounts.

3. Eavesdropping: If you’re using a public Wi-Fi network without proper encryption, attackers can intercept your data traffic and capture cookies as they are transmitted between your device and the websites you’re visiting. This is especially dangerous when browsing sensitive websites such as online banking platforms.

4. Personalized Attacks: With access to your cookies, attackers can gather personal information about your browsing habits, interests, and online behavior. This data can be used to launch more convincing and personalized phishing attacks.

Mitigation and Prevention

1. HTTPS Encryption: Always ensure you’re browsing websites that use HTTPS, especially when entering sensitive information. HTTPS encrypts the data transmitted between your device and the website, making it significantly harder for attackers to intercept and capture cookies.

2. Public Wi-Fi Caution: Avoid using public Wi-Fi networks for sensitive activities, as they are more susceptible to eavesdropping. If necessary, consider using a Virtual Private Network (VPN) to encrypt your internet connection.

3. Regular Logouts: After using online services, make sure to log out, especially if you’re on a shared or public computer. Logging out invalidates the session cookie, reducing the risk of session hijacking.

4. Cookie Settings: Review and adjust your browser’s cookie settings to minimize the amount of information stored and shared. Consider blocking third-party cookies, which are often used for tracking.

5. Security Updates and Antivirus Software: Keep your browsers and operating systems up to date to ensure you’re protected against known vulnerabilities that attackers could exploit. Furthermore, consider running reputable antivirus software, which can be instrumental in detecting known malware and malicious files that can capture your sensitive data, including your session cookies, from your computer without your knowledge.

6. Subscribe to Identity Monitoring: Unfortunately, despite out best efforts, sometimes our sensitive data can be exposed, even when we take every reasonable step to prevent it. Our data may be exposed unintentionally by a third party, or our personal devices may become infected with malware that captures our credentials and session cookies. Since these exposures often happen without our knowledge, a reputable identity monitoring service can alert you to an exposure as soon as it happens, allowing you to work to resolve the issue as quickly as possible.

Conclusion

In an increasingly interconnected world, the threats to our digital security are constantly evolving. Cookie capture might not be as well-known as some other cyber threats, but its potential for harm is significant. By understanding the risks and implementing preventive measures, you can better protect your online identity, data, and sensitive information from falling into the wrong hands. Stay vigilant, stay informed, and stay secure.

Twitter
Linkedin

Keon Ramezani

Sr. Sales Engineer

The Achilles Heel of Large Language Models: FraudGPT, WormGPT and Constella’s Proactive Response to AI-Powered Cyber Threats

The capabilities of large language models (LLMs) have come into sharp focus recently, with applications ranging from generating complex and creative texts to mimicking human-like conversation creating AI-Powered Cyber Threats. However, this power isn’t without its shortcomings. The Achilles heel of these advanced AI models appears to be their potential misuse for scam creation, underlining the necessity of robust cybersecurity measures.

Emerging AI-driven threats, such as WormGPT and FraudGPT, have leveraged the capabilities of LLMs to aid in phishing and malware creation, posing new challenges to cybersecurity efforts. While these models usher in a new age of technological marvels, their potential exploitation by threat actors highlights the criticality of countering the threats they pose and protecting users from their misuse.

New Threat Landscape

Recent reports from cybersecurity forums and platforms, including the Security Boulevard, have detailed the use of models like WormGPT and FraudGPT. These LLMs are utilized to generate phishing emails and potentially malicious code, indicating a worrying trend towards the weaponization of AI for harmful purposes. The WormGPT model, purportedly based on the GPT-J architecture by EleutherAI, is believed to be trained on a wide array of data sources, with a focus on malware-related data.

Another threat, FraudGPT, is described as a tool capable of creating “undetectable malware” and uncovering websites vulnerable to credit card fraud. However, experts believe that the actual capabilities of these models may not be as high as advertised, and they may indeed be used more as tools to deceive less tech-savvy individuals.

Constella’s Response

In response to this concerning development, Constella is taking proactive steps to safeguard its user base. We are currently testing various LLMs, aiming to reproduce these potentially harmful tools in a controlled and secure environment. This approach enables us to gain deep insights into the mechanics of these AI models and understand how they may be employed for malicious purposes.

By replicating the potential threats, Constella aims to improve our security systems’ responsiveness and effectiveness. This initiative aligns with our commitment to staying one step ahead of cybercriminals, continually innovating, and reinforcing our users’ security.

The Way Forward

Understanding the dynamics of these new AI threats allows Constella to devise advanced protective strategies and reinforce our existing cybersecurity infrastructure. As a part of our continuous effort to ensure the safety of our users, we are investing in research and development to advance our AI-powered security measures.

While the current threat level from AI-powered tools like WormGPT and FraudGPT may not be as severe as some believe, it’s critical to anticipate and prepare for the potential advancements in this field. As such, Constella is committed to developing cutting-edge solutions to combat the evolving threats in the cyber landscape, upholding our promise to offer secure and reliable services to our users.

In conclusion, the potential misuse of LLMs for scam creation underscores the need for vigilance in the face of evolving cybersecurity threats. As AI continues to play a dual role as a cybersecurity tool and potential cyber threat, Constella remains committed to protecting our users, staying vigilant and prepared for whatever the future may hold.

Julio Casal

CIO & Founder