Jump to content
OpenSecurity.global
  • Recently Browsing   0 members

    No registered users viewing this page.

Matthew Broke

Monitoring Dark Web Activities

Recommended Posts

What solutions exist for dark web monitoring? Both commercial and open-source (regardless of cost).

I'd like to monitor for threat detections that may exist in dark web oriented communities by searching for any mentions of a company's name in third-party data breach leaks, dark web search engines, dark web forums, and dark web marketplaces. Money is no issue.

For data dumps + credentials (don't shame me for calling these 'dark web' oriented):

  • Have I Been Pwned API
  • WeLeakInfo API
  • DeHashed API
  • SnusBase API

For general dark web forums and marketplaces, it seems that commercial solutions are the way to go:

  • DarkOwl
  • RecordedFuture
  • (Kind of) Flashpoint-Intelligence as well

I'd like to emphasize on third-party commercial platforms that are capable of monitoring dark web forums, marketplaces, and ideally more community types that I did not mention. I haven't seen any discussions in security communities covering this, and this discussion will help some threat intelligence analysts and leaders somewhere in the world, surely.

What other solutions exist for "dark web" monitoring solutions, based around the topics discussed in this post? How does your company monitor for "dark web" threats?

Let's get creative!

Edited by Matthew Broke
  • Like 1

Share this post


Link to post

There are many points that I can suggest:

  • If you're looking for a way to identify and verify leakage of credentials, khast3x/h8mail is already includes APIs that you're talking about.
  • A bit difficult to properly setup, but CIRCL/AIL-framework will help you identify a surface of darkweb. It automatically scrape pastes from many sources to identify `.onion`, and roughly scrape each page again to find specified keywords.
  • There are a research about "Digital Risk Protection" market by Forrester which will help find and compare each vendor on the market.
  • Just had a small session with RecordedFuture a little while ago and found that it didn't find the same amount of leaked credentials based on email address compare to HaveIBeenPwned. So, you must request for a PoC or trial if you need to know its true capabilities of the platform.
  • Like 1

Share this post


Link to post

Can I be truly contraversial here?

The whole darkweb as a criminal platform is grossly overhyped, mostly by threat intel firms who tried, and often failed, at building scrapers to look for information. As someone who spent years tracking and mapping onions, I can say that those involved in wholesale breach data collection and disseminating, the onion route is not the place you use. Mostly for a number of reasons, but mainly:

 

  1. It's mostly full of TI firms scraping the crap out of what you do
  2. It's a bitch to use, no matter what anyone says
  3. The criminal communities already have well-established places to sell this, with structure and heritage

Now, your request to monitor for details about breaches would be better directed to places where that actually occurs

  1. https://exploit.in/

The daddy of all criminal networks. Yes you need to speak Russian and yes it is membership driven. Be warned, levels 1-9 are mostly threat intelligence analysts all chatting to each other with their carefully curated personas whilst thinking they are deep inside a criminal conspiracy and scraping the shit out of the site looking for actors. It's only when you go above the higher levels do you actually see real stuff and that requires vetting from those with a high reputation, a fee and you to be an actual criminal with proof.

there are others, they come and go and whilst some are on the dark web, they aren't really big players, but for reference

http://omertavzkmsn6tp6.onion/
 

100 USD to join, a mix of finance and creds but mostly more finance now as easier to monetise in a shorter period than creds.

955005298_ScreenShot2019-08-29at08_08_08.thumb.png.c4fbb069c03634fe7a635d62d4708694.png

http://wallstyizjhkrvmj.onion/
 

Wall Street Market was pretty good but they found out that OPSEC is hard and web application security even harder and they got a visit from LE.

1569702869_ScreenShot2019-08-29at08_11_50.thumb.png.00b67ab243b42d61b763dfb99536bb26.png

The biggest issue with scraping the dark web is that you need a list of every forum offering said services. You can use Ahmia to see who is leaking it via headers and titles, and then write a scraper using Python and Scrapy, register an account, don't go all gung ho and scrape the shit out of the site (hello TI peeps, learn to randomise your scraping so as to not look so blatant) but again this requires a considerable amount of effort, trust me

Now there are plenty of other scam sites and most of them are honeypots, or ones created by TI firms or just flat out scams, so I'd spend a month writing them all with no value if I'm honest. Why most use exploit.in is that it has structure, it has verification of sellers and their warez and it also has tribunals one can go to if they purchase bad goods and want to make a complaint. This is something that others do not have and whilst many report on the fact that the criminal markets are the wild west, there is structure and organisation and buyers and sellers need to be able to trust each other to a degree.

So if I was to use a TI feed to do all the scraping, collating and analysing, there would really be only one, and that's https://www.recordedfuture.com/.

I have known them for a very long time, I've helped them with their dark web datasets and also use them so know the quality of the intel they have. Another firm who specialises in the criminal markets,  Intel471  deserves a mention

To sum up, I hope this was somewhat useful?

A lot of FUD and utter crap has been marketed by many who offer such dark web monitoring and it's all mostly shit. They either use commercial feeds such as RF or Intel471 or they've thrown together a tool based upon the amazing work Sarah has done with https://github.com/s-rah/onionscan/graphs/contributors

 

 

 

 

 

 

Edited by Daniel Cuthbert
  • Like 4

Share this post


Link to post
9 hours ago, Peter Parker said:

There are many points that I can suggest:

  • If you're looking for a way to identify and verify leakage of credentials, khast3x/h8mail is already includes APIs that you're talking about.
  • A bit difficult to properly setup, but CIRCL/AIL-framework will help you identify a surface of darkweb. It automatically scrape pastes from many sources to identify `.onion`, and roughly scrape each page again to find specified keywords.
  • There are a research about "Digital Risk Protection" market by Forrester which will help find and compare each vendor on the market.
  • Just had a small session with RecordedFuture a little while ago and found that it didn't find the same amount of leaked credentials based on email address compare to HaveIBeenPwned. So, you must request for a PoC or trial if you need to know its true capabilities of the platform.

Peter, thank you for taking the time to thoughtfully provide feedback on this subject! I will address each of your points.

1. h8mail. This looks like a great tool for querying multiple of these APIs at once, I will definitely have to test this out. I like that it has capabilities to query so many different solutions, popular and alternative alike. I'm curious to see if it can take the output of search multiple services (i.e. domain search function), and combine the unique results into one (or if I'll have to do this myself).

2. AIL framework. I immediately like that it posseses capabilities to monitor paste sites like Pastebin (Pro), I wonder how it fares with alternatives like Slexy, etc. Anyway, there is a lot to take in here, so I'll have to do a careful analysis of AIL framework's capabilities and come back around with a new discussion on this. It seems like it does a lot!

3. "Digital Risk Protection" report. Have you actually read Forrester reports before? It is hard to justify a USD$499 price tag unless this is well vetted, and the content seems more clear. If you could elaborate on the contents of this type of report, then maybe it will become justifiable for myself and the other intelligence operators reading this.

4. RecordedFuture services. Did they actually give you a trial period? I contacted them months ago (actually, last year) and they did not want to give me a day to try their services for free. They seemed more inclined on doing an analysis on my behalf, then giving me the report findings for a proof-of-concept, but I prefer to do these things myself. I'd love to hear more about your experience with RecordedFuture, and how they fare in the market. On your point of RecordedFuture having "weak" capabilities on leaked credentials, this is no surprise to me, since this appears to be the same with their competitors as well (i.e. DarkOwl).

6 hours ago, Daniel Cuthbert said:

Can I be truly contraversial here?

The whole darkweb as a criminal platform is grossly overhyped, mostly by threat intel firms who tried, and often failed, at building scrapers to look for information. As someone who spent years tracking and mapping onions, I can say that those involved in wholesale breach data collection and disseminating, the onion route is not the place you use. Mostly for a number of reasons, but mainly:

 

  1. It's mostly full of TI firms scraping the crap out of what you do
  2. It's a bitch to use, no matter what anyone says
  3. The criminal communities already have well-established places to sell this, with structure and heritage

Now, your request to monitor for details about breaches would be better directed to places where that actually occurs

  1. https://exploit.in/

The daddy of all criminal networks. Yes you need to speak Russian and yes it is membership driven. Be warned, levels 1-9 are mostly threat intelligence analysts all chatting to each other with their carefully curated personas whilst thinking they are deep inside a criminal conspiracy and scraping the shit out of the site looking for actors. It's only when you go above the higher levels do you actually see real stuff and that requires vetting from those with a high reputation, a fee and you to be an actual criminal with proof.

there are others, they come and go and whilst some are on the dark web, they aren't really big players, but for reference

http://omertavzkmsn6tp6.onion/
 

100 USD to join, a mix of finance and creds but mostly more finance now as easier to monetise in a shorter period than creds.

955005298_ScreenShot2019-08-29at08_08_08.thumb.png.c4fbb069c03634fe7a635d62d4708694.png

http://wallstyizjhkrvmj.onion/
 

Wall Street Market was pretty good but they found out that OPSEC is hard and web application security even harder and they got a visit from LE.

1569702869_ScreenShot2019-08-29at08_11_50.thumb.png.00b67ab243b42d61b763dfb99536bb26.png

The biggest issue with scraping the dark web is that you need a list of every forum offering said services. You can use Ahmia to see who is leaking it via headers and titles, and then write a scraper using Python and Scrapy, register an account, don't go all gung ho and scrape the shit out of the site (hello TI peeps, learn to randomise your scraping so as to not look so blatant) but again this requires a considerable amount of effort, trust me

Now there are plenty of other scam sites and most of them are honeypots, or ones created by TI firms or just flat out scams, so I'd spend a month writing them all with no value if I'm honest. Why most use exploit.in is that it has structure, it has verification of sellers and their warez and it also has tribunals one can go to if they purchase bad goods and want to make a complaint. This is something that others do not have and whilst many report on the fact that the criminal markets are the wild west, there is structure and organisation and buyers and sellers need to be able to trust each other to a degree.

So if I was to use a TI feed to do all the scraping, collating and analysing, there would really be only one, and that's https://www.recordedfuture.com/.

I have known them for a very long time, I've helped them with their dark web datasets and also use them so know the quality of the intel they have. Another firm who specialises in the criminal markets,  Intel471  deserves a mention

To sum up, I hope this was somewhat useful?

A lot of FUD and utter crap has been marketed by many who offer such dark web monitoring and it's all mostly shit. They either use commercial feeds such as RF or Intel471 or they've thrown together a tool based upon the amazing work Sarah has done with https://github.com/s-rah/onionscan/graphs/contributors

Can you be truly controversial here? Yes, certainly, we are "professionals" after all. We need to talk about this stuff.

In fact, I agree with you that Dark Web intelligence capabilities are overhyped in the market. The other fact of the matter is that businesses still demand these services, and desire the reassurance that there is no sensitive exposures relating to their name on the Dark Web (forums, marketplaces, other communities), so we as threat intelligence specialists must have solutions put in place to realize this reassurance. The purpose of monitoring the Dark Web is more for "due diligence" than "true capabilities" in my eyes, and hey, you never know, it might pay off every now and then.

Perhaps non-cybersecurity companies should not blow their budget on Dark Web capabilities, but for cybersecurity-centric companies providing managed services... well, then perhaps it is worth budgeting for Dark Web capabilities so that you can provide this level of "due diligence" for client businesses across the board, at a fraction of the cost of what it would be for them to purchase and operate their own utilities independently.

This is just my perspective though, I welcome you, and anyone else, to push back on this - let's debate, since no one else seems to have responsible and knowledgable discussions on this important, expensive matter (FYI, as you probably know, these services normally cost USD$40,000 - USD$500,000 depending on what you are looking for).

Monitoring for actual breaches. In short, yes, I agree with your take.

We must monitor websites such as Exploit.In, RaidForums, and other breach sharing sites, in addition to traditional paste websites (i.e. Pastebin, Slexy, etc.).

I was thinking that PasteHunter (thanks Kev) would be a good solution for paste collections and analysis, per the thread here (and my own research):

As for RaidForums, other breach sites, and ExploitIn, we will have to find another method to automate the collections of data from these websites to turn them into actionable intelligence. To some degree, manual analysis is OK, but not ideal long-term. And I'm something of a glorified script kiddie, so I'm just doing my best here!

Scraping all the things! (forums and markets). Yep, we gotta be careful about these operations... and also, come on, have some respect that real administrators gotta deal with spam! Just because they're crime ring operators doesn't mean they need us DDoS'ing them! Haha.

I have a pretty good set of lists available, but yeah, keeping up with them is hard and the search engines (special mention to Ahmia and their competitors) are helpful, but not fully complete.

Commercial Threat Intelligence feeds. Thank you for the special mention of Intel471, I will give them some time of day and do a bit of research. I'd love to try RecordedFuture, but I need to justify buying their services. I would really like a trial period with them. Anyway, I'll take note of both of these. Additionally, I'm looking at a local commercial TI feed solution, they're newer, so I'm a bit nervous; what concerns would you personally have with trying a local solution for commercial threat intelligence services (for Dark Web specifically)? I am going to demand a trial period (even if we have to pay), so hopefully I'll be able to comment on my experience later. RecordedFuture and other popular solutions are great, but helping the local businesses and local economy (and keeping your information within your country's jursidiction) is a nice formality as well.

I have more to say, and may speak more on your discussed points later, as I left some things out. But Daniel, I sincerely thank you for the time that you've spent discussing this subject with me.

  • Like 1

Share this post


Link to post
7 hours ago, Matthew Broke said:

On your point of RecordedFuture having "weak" capabilities on leaked credentials, this is no surprise to me, since this appears to be the same with their competitors as well (i.e. DarkOwl).

Like I said in my reply, this isn't as clear cut, let me elaborate if I may?

I'm a seller of leaked credentials, be it a chap who's just breached a loads of corporate networks and acted in a sleeper fashion, undetected for months to harvest a nice bounty. I now need to monetise this, so I either head to the most popular market to flog them or I hand them off to a number of reputable brokers to do it for me and charge me a fee. These brokers usually test a subset of credentials to confirm they are legitimate and assign a value (higher value target, price goes up etc.). Now here's the tricky part. The TI industry has tipped their hands by being very proactive in advertising their capability to scrape markets for stolen credentials. It's a legitimate worry for all, so many saw a business opportunity and started to do the same. A functional spec was drawn up for a scanner, they registered a load of accounts on these markets, fed those creds into the scanner(s) and harvested away.

Thing is, many underestimate the markets and those running them. As Kevin can attest, you can see behavioral patterns from users acting outside of the norm. For example:

  1. A newly registered user account, potentially with a randomly generated username, logging in and then performing hundreds, if not thousands of requests impossibe for a human to do.
  2. Those user accounts don't act like normal users. There are limited, or no, interactions with other users.
  3. The requests themselves often have signatures like that of a script or bot

Site owners are well aware of these and indeed so are sellers and brokers, so we have a cat and mouse game in play. What the broker or seller won't do is jeopardise the sale by giving away too much information. They know if they advertise MAJOR org in a thread with known bots or scrapers, it will mostly start a reaction rendering the goods rather useless. What typically happens are deals making use of brokers known to those on either side, buyer and seller, and comms are usually made via introductions to confirm either party is legit and then deals made outside of the main forum.

Now I will say, many deals do happen in full view of everyone and that's good as we get some indication by the scrapers as to who might have issues.

It's really hard for any provider to effectively perform HUMINT operations at scale without tipping their hand or getting burned. Some are very good at it and have adapted their technology and approaches but at the same time, the criminals themselves are seemingly good at watching what everyone does as no-one really wants to go to jail.

As you might have noticed, I'm not a huge fan of said 'breach credential alert' services as I know from experience how hard they are to get right, to build and to keep running. You'd be better off looking at your own credential store(s) and have monitoring capabilities that alert when anything out of the norm happens (such as dumping of many users over X minutes, or concurrent access by a single user and so on)

Apologies for the long reply

  • Like 1
  • Thanks 1

Share this post


Link to post
15 hours ago, Daniel Cuthbert said:

I'm a seller of leaked credentials, be it a chap who's just breached a loads of corporate networks and acted in a sleeper fashion, undetected for months to harvest a nice bounty. I now need to monetise this, so I either head to the most popular market to flog them or I hand them off to a number of reputable brokers to do it for me and charge me a fee. These brokers usually test a subset of credentials to confirm they are legitimate and assign a value (higher value target, price goes up etc.). Now here's the tricky part. The TI industry has tipped their hands by being very proactive in advertising their capability to scrape markets for stolen credentials. It's a legitimate worry for all, so many saw a business opportunity and started to do the same. A functional spec was drawn up for a scanner, they registered a load of accounts on these markets, fed those creds into the scanner(s) and harvested away.

Thing is, many underestimate the markets and those running them. As Kevin can attest, you can see behavioral patterns from users acting outside of the norm. For example:

  1. A newly registered user account, potentially with a randomly generated username, logging in and then performing hundreds, if not thousands of requests impossibe for a human to do.
  2. Those user accounts don't act like normal users. There are limited, or no, interactions with other users.
  3. The requests themselves often have signatures like that of a script or bot

Site owners are well aware of these and indeed so are sellers and brokers, so we have a cat and mouse game in play. What the broker or seller won't do is jeopardise the sale by giving away too much information. They know if they advertise MAJOR org in a thread with known bots or scrapers, it will mostly start a reaction rendering the goods rather useless. What typically happens are deals making use of brokers known to those on either side, buyer and seller, and comms are usually made via introductions to confirm either party is legit and then deals made outside of the main forum.

I think that we are discussing about different types of credential leaks; I was initially focusing on standard account leaks from various websites, like what we normally see appear on Have I Been Pwned, and others. Although, in terms of validation of data legitimacy, the same constructs apply (i.e. test a subset of credentials, identify correlated users on a website, or whatever). That said, it seems challenging to "scan" for anything beyond this, including alleged internal network access; you comment on this by indicating that it would render these credentials useless.

I mean, if you clearly state that you are selling access to a company's network, then they will be tipped off pretty quickly within the same day by threat intelligence analysts; if not that, the media will kindly inform them in the following days via VICE or something. To even identify what is impacted, you'd have to actually buy the dataset or account access.

When I commented on the "weak" data leak detection capabilities of these services, I was only referring to what we'd normally see on generic data trading communities and forums.

Sorry if I am rambling or misunderstood something here. I want to keep the conversation flowing.

15 hours ago, Daniel Cuthbert said:

Now I will say, many deals do happen in full view of everyone and that's good as we get some indication by the scrapers as to who might have issues.

It's really hard for any provider to effectively perform HUMINT operations at scale without tipping their hand or getting burned. Some are very good at it and have adapted their technology and approaches but at the same time, the criminals themselves are seemingly good at watching what everyone does as no-one really wants to go to jail.

As you might have noticed, I'm not a huge fan of said 'breach credential alert' services as I know from experience how hard they are to get right, to build and to keep running. You'd be better off looking at your own credential store(s) and have monitoring capabilities that alert when anything out of the norm happens (such as dumping of many users over X minutes, or concurrent access by a single user and so on)

Automated scraping definitely won't do the trick, if the goal is to "detect breaches" as an "alert service". Going back to my point earlier in this thread, we still should check what these scrapers find for the sake of due diligence; after all, it would be quite embarassing if we, as threat intelligence analysts, missed something that is seemingly in clear-view to public-ish communities.

HUMINT is absolutely necessary to maintain good intelligence capabilities. We need to create and maintain personas, and understand the markets and crime rings that we are monitoring, first-hand. Without this, we won't know what it is that we are actually looking for. When time frees up, I think I'll make another thread about persona creation for the purpose of threat intelligence operations -- this could be another fun discussion, if others are also interested.

By the way, I don't blame you for not liking "breach credential alert" services. Externally, looking at data leaks on the web, this isn't terribly challenging. Internally, though, that's a different story. Hopefully with more discussions like these, we as a community, can innovate and more reasonable better services to help protect people and businesses.

15 hours ago, Daniel Cuthbert said:

Apologies for the long reply

Thank you for taking the time for your thought out reply; in fact, I prefer this approach to controversial discussions.

Share this post


Link to post
On 8/29/2019 at 3:26 AM, Daniel Cuthbert said:

Another firm who specialises in the criminal markets,  Intel471  deserves a mention

I revisited this discussion, and research Intel 471 a bit. They look cool. Can you tell us a bit more regarding what you know about them, and what prompted you to give them a special mention?

They provide "Adverserial Intelligence" and "Malware Intelligence", both could be useful, depending on how the datasets are presented.

Adversary Intelligence

Data sheet: https://intel471.com/Adversary%20Intelligence%20-%20Mar%202019.pdf

Deliverables within Adversary Intelligence includes:
- Automated forum/marketplace collection
- Intelligence Bulletins
- Information Reports
- Situation Reports (SITREPs)
- Underground Perspectives
- Spotlights
- Intelligence Briefings
- Requests for Information (RFIs)

The 'Adversary Intelligence' sounds like it could be useful for what we discuss in this thread...

  • Tracking dark web forum and marketplace activity
  • Gaining insight through context-specific and industry-specific reports on cybercrime activities
  • Unique insight into closed-source datasets (discussions, groups, whatever)

I'm really interested to know if they have a searchable database of their datasets, like competitors such as DarkOwl. This doesn't exactly seem clear... I guess I'll have to ask.

Malware Intelligence

Data sheet: https://intel471.com/Malware%20Intelligence%20-%20Mar%202019.pdf

Features include:
- Malware intelligence reports
- YARA rules
- IDS signatures
- TTP information
- Malware and botnet configuration information including webinjects
- Malware command and control (C&C) commands
- File and network based indicators
- Everything mapped to MITRE's ATT&CK framework

Well, I won't get into the 'Malware Intelligence' much on this thread -- this is information that should be discussed elsewhere, perhaps in the near future. But I wanted to say that I really like that they track active malware campaigns, identify the malware (with their TTPs and IOCs), and even map out the malware to MITRE's ATT&CK framework; for a threat intelligence specialist, this is extremely useful. I'm going to definitely take a note of this.

Also, the backgrounds that Intel 471 claims that their intelligence operators possess, well, it's incredible. I'm not sure if it's just marketing or what, but if this is legit, then colour me impressed; I hope their product is as good in quality as their claims.

Edited by Matthew Broke

Share this post


Link to post

Hi all,

(Thanks Daniel Cuthbert for the invite code)

I'm the CEO of Intel 471. I'm happy to answer any questions anyone has here. Yes everything of ours is searchable in our platform which has a portal and RESTful API. 30 day no cost POCs are common throughout the CTI industry. Our website is 100% marketing (no corporate website isn't 😉 ) but there's nothing untrue on there. We have a very experienced and globally dispersed intelligence team which comprises of former security service, military and law enforcement folks. We have folks in Eastern Europe, Western Europe, Middle East, Asia, Latin America and of course the US. My own background is software engineering and I'm former Australian Federal Police and iSIGHT Partners (now Fireeye). Our COO is a former Marine (HUMINT), FBI contractor and iSIGHT Partners as well. Monitoring the underground (I hate the term deep and dark web with a passion) is difficult, time consuming and expensive. Ultimately you need people who are actively in there daily in order to identify threat actors of interest (and engage with them as frequently needed) as well as driving where automated collection (scraping) can be directed. Scraping a website and dumping it to text is very easy but doing it on a large number of criminals forums/marketplaces at scale whilst maintaining the structure is technically and operationally difficult. The team that does this at Intel 471 is the only team with permanent vacancies for the team. Running long term personas in the underground and doing engagments (online HUMINT) is our bread and butter as well. It takes very skilled and experienced people to do this over long periods of time without getting burned.

Feel free to contact us via our website and someone will reach out asap.

Regards

Mark Arena

Intel 471

Edited by Mark Arena
  • Like 2

Share this post


Link to post
1 hour ago, Mark Arena said:

Hi all,

(Thanks Daniel Cuthbert for the invite code)

I'm the CEO of Intel 471. I'm happy to answer any questions anyone has here. Yes everything of ours is searchable in our platform which has a portal and RESTful API. 30 day no cost POCs are common throughout the CTI industry. Our website is 100% marketing (no corporate website isn't 😉 ) but there's nothing untrue on there. We have a very experienced and globally dispersed intelligence team which comprises of former security service, military and law enforcement folks. We have folks in Eastern Europe, Western Europe, Middle East, Asia, Latin America and of course the US. My own background is software engineering and I'm former Australian Federal Police and iSIGHT Partners (now Fireeye). Our COO is a former Marine (HUMINT), FBI contractor and iSIGHT Partners as well. Monitoring the underground (I hate the term deep and dark web with a passion) is difficult, time consuming and expensive. Ultimately you need people who are actively in there daily in order to identify threat actors of interest (and engage with them as frequently needed) as well as driving where automated collection (scraping) can be directed. Scraping a website and dumping it to text is very easy but doing it on a large number of criminals forums/marketplaces at scale whilst maintaining the structure is technically and operationally difficult. The team that does this at Intel 471 is the only team with permanent vacancies for the team. Running long term personas in the underground and doing engagments (online HUMINT) is our bread and butter as well. It takes very skilled and experienced people to do this over long periods of time without getting burned.

Feel free to contact us via our website and someone will reach out asap.

Regards

Mark Arena

Intel 471

You earned my contact. I will touch base with you today!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy