Why Clustering Malicious Actors Using Artificial Intelligence Can Help with Organizational Cyber Risk - Part One

Clustering Malicious Actors: A Three Part Artificial Intelligence Story

In today’s digital world, malicious actors have access to a multitude of ways to preserve and increase their anonymity online. We recently posted an article highlighting various Open-Source Intelligence (OSINT) methods to profile cybercriminals on the darkweb, and you could consider this a follow-up and in-depth dive into the Artificial Intelligence (AI) based technologies we use to track, identify, and compare malicious actors. 

As we have covered in the article mentioned above, there are a myriad of reasons a malicious actor may utilize a different username on various platforms, ranging from a desire to increase their anonymity and hide from law enforcement to attempting to escape a previously ruined reputation.

Whilst we previously covered some ways to identify the same actor across multiple platforms or various monikers, the following approach is focused on identifying similarities between actors and by doing so, revealing similar actors. Indeed, using techniques from the field of Natural Language Processing (NLP), AI allows us to easily and rapidly identify similar actors to a previously selected actor.
Unfamiliar with NLP? Stay tuned for a deep technical dive into the various technologies used for the development of this project!

Identifying similar actors offers a wide range of benefits, of course including potentially detecting a change of moniker in a malicious actor. Additionally, actor similarities may be of vital importance to various investigations when it comes to threat intelligence, allowing the interested party to identify potential threats before any malicious action is taken. Using this process can provide valuable information in identifying the risk a certain actor may pose to your organization. The opposite stays true as well, where a low-risk darkweb actor’s activities as well as the activities of similar actors can be ignored, helping reduce noise encountered in investigations.

Another advantage that our Similar Actor Model offers, is the capacity to identify actors based exclusively on the language and wording employed, posting volume notwithstanding; this allows for easy detection of actors that like to keep a low-profile and may have otherwise stayed under the radar. All things considered, volume isn’t nearly as important as specific wording and verbiage when it comes to identifying the intent of a cyber-criminal.

The objective when implementing this technology was to allow our users to easily identify malicious actors that could be related to an ongoing investigation, whether participants from various darkweb forums or vendors from darknet marketplaces. This idea stems entirely from our AI expert, Olivier Michaud. If you’d like a sneak peek of Olivier’s insights on AI in 2022 watch our 2022 Cybersecurity predictions video and jump to 24:15!

To give you an idea of the challenge ahead, our new Similar Actor Model has to consolidate and analyze all the information currently available in our ever-growing database. At the present moment, this accounts to: more than 2.8 million unique forum profiles, more than 1.6 million forum discussion topics, and nearly 1.9 million darknet market listings!

Number of actors AI cyber

Amount of unique forum profiles found in Flare’s database

Meet Our AI Expert Olivier Michaud

olivier michaud AI cybersecurity

Olivier has been working with us since the start of his third internship, back in summer 2020. At that time, he was completing his bachelor’s degree in software engineering at the École de Technologies Supérieure whilst simultaneously starting his master’s in artificial intelligence at the same university. He completed his master’s degree in collaboration with Flare; his research project being the automatization of data extraction from various darkweb forums using Natural Language Processing.

Olivier’s experience with NLP goes a long way. In fact, his first NLP project was a personal venture of his, Star Wars. Using his recently acquired knowledge in Artificial Intelligence and Web Scraping tools, Olivier’s idea was to generate a visualization of his favorite saga. Head over to Medium to read the full story! 

This wraps up Part 1 of this Artificial Intelligence mini-series! Stay tuned for Part 2, where we will be taking a deep dive into the field of Natural Language Processing and the inner workings of our new Similar Actor Model