14 Sep Intelligence Start-Up Goes Behind Enemy Lines to Get Ahead of Hackers
CHANTILLY, Va. — On a recent Wednesday morning, 100 intelligence analysts crammed into a nondescript conference room here and dialed into a group call with 100 counterparts in Argentina, Brazil, Cyprus, India, the Netherlands, Romania, Spain, Taiwan and Ukraine.
As they worked their way around the room, the analysts briefed one another on the latest developments in the “dark web.”
A security firm in Pakistan was doing a little moonlighting, selling its espionage tools for as little as $500. Several American utility companies were under attack. A group of criminals were up to old tricks, infecting victims with a new form of “ransomware,” which encrypts PCs until victims pay a ransom.
For the last eight years, iSight has been quietly assembling what may be the largest private team of experts in a nascent business called threat intelligence. Of the company’s 311 employees, 243 are so-called cyberintelligence professionals, a statistic that executives there say would rank iSight, if it were a government-run cyberintelligence agency, among the 10 largest in the world, though that statistic is impossible to verify given the secretive nature of these operations.
ISight analysts spend their days digging around the underground web, piecing together hackers’ intentions, targets and techniques to provide their clients with information like warnings of imminent attacks and the latest tools and techniques being used to break into computer networks.
The company’s focus is what John P. Watters, iSight’s chief executive, calls “left of boom,” which is military jargon for the moment before an explosive device detonates. Mr. Watters, a tall, 51-year-old Texan whose standard uniform consists of Hawaiian shirts and custom cowboy boots, frequently invokes war analogies when talking about online threats.
“When we went into Iraq, the biggest loss of life wasn’t from snipers,” he said. It was from concealed explosive devices. “We didn’t get ahead of the threat until we started asking ourselves, ‘Who’s making the bombs? How are they getting their materials? How are they detonating them? And how do we get into that cycle before the bombs are ever placed there?’”