Intellectual Property (IP) is one of the main assets of an organization. IP not only drives innovation, but it is also instrumental for the organization’s growth and differentiation. Loss of IP due to a cyberattack has many consequences, including endangering a potential IPO, reduced contract revenue, potential devaluation of the victimized organization’s stock, loss of customers, and brand damage. IP theft is a major problem since IP is highly susceptible to cyberattack as an intangible asset that operates at many different levels and in all types of industries.
Notable cases of stolen IP include the breach of chipmaker AMD. Threat actors were able to steal and leak the Xbox Series X graphics source code and test files for current and upcoming graphics hardware. In the case of SolarWinds, threat actors breached the organization and mined data on U.S. government and private organization IP. Chinese threat actor group Turbine Panda targeted multiple companies that were component suppliers to CFM International, a joint venture between American General Electric and French Safran Aircraft Engines. Turbine Panda stole IP from insiders, joint ventures, and forced technology transfer to obtain the technical information needed to copy an engine design. But stolen IP is also put up for sale on the dark web.
Threat actors use the dark web to buy and sell stolen intellectual property. Such IP normally includes source code, stolen customer lists, trade secrets, and other sensitive data stolen from organizations.
Recently, an organization wanted to find out if any of their intellectual property was leaked to the dark web. The organization was planning to list on the NASDAQ and was submitted to pre-IPO review. Since it had been the victim of a cyberattack a few months before, it feared that some compromised data might have been posted on the dark web. As a high-tech organization, its intellectual property is its core value. Due to the time restraints and limited resources, the organization could not conduct its own due diligence for the IPO proceed. Since the dark web is not easily accessible and also risky, it was looking for a dark web scanning solution that would use open-source dark web scanning software to detect if any of its stolen IP had ended up on the dark web so it could take appropriate action.
Such a dark web scanning solution can quickly go through vast amount of data and files that are publicly accessible on the dark web in just a fraction of the time it would take a human investigator and analyst. The organization also wanted to instruct the tool to alert the organization when flagged information, such as specific IP or keywords and phrases used, appeared, and would appear on the dark web to take preventive or reactive action. In other words, such an AI cybersecurity tool should be able to scan the dark web dynamically and in real-time for those specific keywords and phrases that were entered into the search parameters by the organization’s analysts.
The organization used our AI-powered WEBINT solution to search and detect relevant big data, based on the entered search parameters, to identify the stolen IP on the dark web. Using smart algorithms such as natural language processing (NLP) and machine learning (ML), the monitoring solution was able to locate the stolen IP up for sale on a dark web marketplace run by a well-known crime syndicate. The organization was able to retrieve its stolen IP and safeguard its IP, and law enforcement was informed.