Start-up goes behind enemy lines to get ahead of hackers

The analysts provide intelligence about threats to computer security in much the same way military scouts provide intelligence about enemy troops

On a recent Wednesday morning, 100 intelligence analysts crammed into a nondescript conference room here and dialled into a group call with 100 counterparts in Argentina, Brazil, Cyprus, India, the Netherlands, Romania, Spain, Taiwan and Ukraine.

As they worked their way around the room, the analysts briefed one another on the latest developments in the "dark web."

A security firm in Pakistan was doing a little moonlighting, selling its espionage tools for as little as $500. Several American utility companies were under attack. A group of criminals were up to old tricks, infecting victims with a new form of "ransomware," which encrypts PCs until victims pay a ransom.

The analysts, employees of iSight Partners, a company that provides intelligence about threats to computer security in much the same way military scouts provide intelligence about enemy troops, were careful not to name names or clients, in case someone, somewhere, was listening on the open line.

Within 30 minutes, they were all back at their keyboards, monitoring underground chatter and markets, analysing computer code meant to cause harm, watching the networks of potential attackers and poring over social media channels for signs of imminent attacks.

For the last eight years, iSight has been quietly assembling what may be the largest private team of experts in a nascent business called threat intelligence. Of the company's 311 employees, 243 are so-called cyberintelligence professionals, a statistic that executives there say would rank iSight, if it were a government-run cyberintelligence agency, among the 10 largest in the world, though that statistic is impossible to verify given the secretive nature of these operations. ISight analysts spend their days digging around the underground web, piecing together hackers' intentions, targets and techniques to provide their clients with information like warnings of imminent attacks and the latest tools and techniques being used to break into computer networks.

The company's focus is what John P Watters, iSight's chief executive, calls "left of boom," which is military jargon for the moment before an explosive device detonates. Watters, a tall, 51-year-old Texan whose standard uniform consists of Hawaiian shirts and custom cowboy boots, frequently invokes war analogies when talking about online threats.

"When we went into Iraq, the biggest loss of life wasn't from snipers," he said. It was from concealed explosive devices. "We didn't get ahead of the threat until we started asking ourselves, 'Who's making the bombs? How are they getting their materials? How are they detonating them? And how do we get into that cycle before the bombs are ever placed there?'"

© 2015 The New York Times News Service