A retail client requested our assistance to identify an individual, who was also a paying customer, who wrote a python script that scraped a backend server. The customer had also previously published a WiFi vulnerability present at the company’s offices in the US. The client was aware of closed forums where this customer and other potential threat actors exchanged ideas about denigrating the client’s reputation, and asked Nisos to help understand the nature of the threat.
The client’s security team did not have the ability to gain this access and required assistance from a partner that could not only gain access to closed forums, but do so with discretion and in a targeted fashion to uncover intelligence about specific threats to the client.
Using mis-attributable internet capabilities, we gained access to a closed group of customers and employees who were talking about bringing legal action against the client. Many of the group members were also identified in another chat channel discussing obtaining insider information from the client’s employees. Using close access to the group, we were able to engage the actor online and build rapport.
Via direct interaction, we were able to identify the individual and determine the method he used to scrape the backend server. Further, after gaining access to a global chat channel with client customers from all over the world, we identified US customer grievances pertaining to payment during the COVID-19 pandemic.
Customers were discussing additional withholding and canceling fees, as well as potential legal action against the client. We collected chat logs on the group’s plans and intentions for client’s counsel to review.
The company used this information to contact the individual and received further vulnerability details about the python script that the client was then able to escalate through their patch management process and avoid an incident. They were also able to use other information collected in chat sessions for administrative legal reviews of employee conduct.