Dark Web Monitoring: People vs. Technology

There are all kinds of scary things on the dark web, and smart companies want no part of it. However, like a gang of trick-or-treaters, issues sometimes come knocking at our door. Should we respond with machines, leveraging AI to do our dirty work? Should we fight back using only human resources? Or is the answer somewhere in the middle? The key to effective dark web monitoring lies in striking the right balance between technology efficiencies and human expertise.

The Role of AI and Automation in Dark Web Monitoring

The dark web isn’t just scary; it’s a vast abyss filled with countless pieces of data waiting to be used for nefarious purposes. Artificial intelligence excels at collecting and analyzing large volumes of data, giving you the insights needed for your next move. AI-driven tools not only streamline data collection but also offer unmatched processing power to identify patterns that might elude human observation. Utilizing AI is an effective way to expose activities that adversaries would prefer remain hidden, and it does so at scale.

Data Collection: AI's Strengths and Limitations

When it comes to data collection, it's safe to say automation and AI are unmatched. These technologies can do in seconds what would take humans years to accomplish. For example, artificial intelligence has the ability to scan forums, marketplaces, and websites for potential threats. For context, Reddit generates upwards of 800,000 posts a day (per Reddit). That’s a lot of reading to do, let alone  analyzing. By the time your team was done, they'd not only have explored myriads of unwanted rabbit holes, but it'd also be next year. By comparison, AI models can ingest terabytes, even petabytes, of data every second. That’s 4.7 million Reddit posts, conservatively. 

It's clear AI wins out on data collection. But what about analysis? The disclaimer at the bottom of ChatGPT truthfully reads, "ChatGPT may produce inaccurate information about people, places, or facts." So, we've been warned. AI is only as smart as humans are, so we have to do the analysis ourselves. While AI  can spot patterns, it still doesn't (yet) have the ability to fully comprehend what the patterns mean to an organization or within a scenario. And it can't build the trust needed to access private, encrypted channels to get to what's hiding beneath.

The Human Element: Why It's Indispensable

Only a trained threat intelligence analyst can navigate the subtle intricacies of threats. No amount of AI or data automation can negotiate with cybercriminals to recover stolen data or maneuver through the dark web’s back alleys. These activities rely on human relationships, experience, and trust. While AI can provide data, human judgment is still essential for discerning genuine threats from irrelevant information.

Threat Assessment and Response

Once a threat has been identified, the real work begins: it needs to be categorized, assessed, and addressed appropriately. For instance, AI may uncover a list of consumer credentials during a scan of the dark web. Recognizing the illicit nature of this data, AI could automatically initiate an extensive remediation plan, flagging the issue as a top priority and notifying affected parties via email. However, it's here that the human touch proves invaluable. A seasoned analyst would understand that publicizing the discovery might provoke the seller, potentially a member of a notorious cybercriminal organization. In such cases, a more discreet, human-led negotiation might not only neutralize the threat but could also potentially recover the stolen data under the guise of criminal enterprise. 

As highlighted by The Verge, An AI system might excel at tasks like identifying cancer cells but only within a specific set of parameters. This necessitates a human to ensure that the AI is operating on the correct type of data, followed by additional human oversight to validate the AI's findings. In other words, AI doesn’t eliminate human work; it reorganizes it. AI may be adept at data collection and pattern recognition, but it lacks the ability to understand context or to make nuanced decisions. That's why human intervention remains critical for interpreting and acting on the intelligence gathered, regardless of the volume of data involved.

Collaboration: The Ideal Approach

There are some things that AI does better than humans and vice versa; so the ideal approach  would be to use each resource – AI and humans – for what they do best. Allow AI to handle data collection and perform initial analysis, while humans focus on validating the results and providing essential guidance and training. Human analysts will  make sense of the raw AI analysis and use what they  know of the criminal underground, the personalities of dark web sellers, and the social and political landscape to determine what is a threat versus what is benign–  to develop the best course of action. Combining the strong suits of both humans and AI creates the best proactive threat mitigation capabilities and has the power to make more intelligent threat-hunting decisions than either method alone.

The Ongoing Evolution

We can keep up with the ever-evolving exploits of criminal hackers by continuously updating AI models and human skills. Their livelihood depends on them staying one step ahead of the game, so we need to stay sharp. As they learn, we learn. If teams don't keep up with evolving tactics, we won't know how to train AI to get around new hiding places or adapt to new curveballs in the digital underground. While AI is capable of learning, it gets its marching orders from us. Staying aware, having an ear to the ground, and keeping our AI models updated with the most advanced counter-capabilities are crucial to combating threats on the dark web.

Both AI and human intelligence are essential for monitoring the dark web effectively. While AI can handle the massive data influx, it isn’t a cure-all. Humans, with their contextual understanding and rational judgment, are still required to make sense of the data and act accordingly. Business leaders and security managers should adopt a balanced approach that leverages both AI and human expertise for dark web protection.

Learn more about what AI can and cannot do for security teams.