Show Posts
1
Hacking and Security / Cybercrime Data - Who to allow access
« on: February 18, 2016, 07:54:52 pm »
Hi all,
so I'd like to hear you opinionon this.
I am currently building a system that provides the possibility to search and analyze undeground markets (boards selling credit cards, stolen identities, ...) - you probably know such boards yourself.
The service is far from finished but I plan to bring it online in the next months.
Now my problem: The nature of this service is that data from underground boards is made accesible for users. The data will very likely contain information that can be misused e.g., Credit Card Data. How can I make sure that this service is not used as something like "all you can grab" buffet for cyber criminals ?
I thought about restricting access to people who "identify" themselves e.g., via their LinkedIn profile but
I want the system to be usable by many people.
I could implement some methods that try to hide/remove sensible information but I am quite sure that these methods will miss something.
Another possibility would be to restrict the number queries allowed for non registered users - as done by Shodan. This still has the risk that sensible information is exposed within these few queries.
Any ideas/tips/...
Thank you !
so I'd like to hear you opinionon this.
I am currently building a system that provides the possibility to search and analyze undeground markets (boards selling credit cards, stolen identities, ...) - you probably know such boards yourself.
The service is far from finished but I plan to bring it online in the next months.
Now my problem: The nature of this service is that data from underground boards is made accesible for users. The data will very likely contain information that can be misused e.g., Credit Card Data. How can I make sure that this service is not used as something like "all you can grab" buffet for cyber criminals ?
I thought about restricting access to people who "identify" themselves e.g., via their LinkedIn profile but
I want the system to be usable by many people.
I could implement some methods that try to hide/remove sensible information but I am quite sure that these methods will miss something.
Another possibility would be to restrict the number queries allowed for non registered users - as done by Shodan. This still has the risk that sensible information is exposed within these few queries.
Any ideas/tips/...
Thank you !