Shedding light on the dark web: Bluestone Analytics helps law enforcement agencies investigate and shut down illegal activity

As online criminals change tactics to shake off law enforcement, Bluestone Analytics must keep up with the fast-moving trends such as hacking tutorials and cryptocurrencies vital to modern criminal activity. “The dark web has been around for more than a decade and is growing at an alarming rate,” says Nack. “Being able to access these hard-to-get datasets at scale and with persistence is fundamental to our mission.”

Bluestone Analytics has also expanded its service beyond the dark web to infiltrate other open web sources which host illicit activity. This adds to the volume of data that it must collect and process.

To make this possible, Bluestone Analytics developed its DarkBlue Intelligence Platform, a cloud-based tool that enables clients to search, analyze, and visualize data via an intuitive interface. Elastic Enterprise Search and Elastic Observability form the heart of the solution.

Bluestone Analytics runs its solution on AWS cloud and uses Elastic Agents and Fleet to collect and process data. AWS is the preferred cloud provider for Bluestone Analytics as it's easy to set up with Elastic and the integrations work seamlessly. Nack’s team can set up data schemas, policies, and templates just once to ingest almost any kind of structured or unstructured data.

Elastic APM and Real User Monitoring (RUM) are the most recent additions to the Bluestone Analytics’ Elastic environment. This JavaScript Agent provides detailed web application performance metrics and error tracking. It has built-in support for popular platforms and frameworks, and an API for custom instrumentation. The Agent also supports distributed tracing for all outgoing requests.

With Elastic, Bluestone Analytics clients can search data and records without browsing the dark web itself. “Many of these pages include unpleasant and disturbing content. There’s also the risk that you might expose yourself to malware. With DarkBlue Intelligence, powered by Elastic, you can search everything in a text-based, safe environment without having to download a dark web browser to your machine.”

DarkBlue Intelligence supports searches in multiple languages and writing systems, including Chinese, Japanese, and Korean. “Elastic also includes Boolean operations and fuzzy matching which adds to the overall speed and accuracy of client searches,” says Nack.

Filter functionality in Elastic Enterprise Search helps clients close in on their targets. Using keyword fields on targeted selectors, analysts and investigators can perform exact matching to narrow results. Elastic index mappings are also set up to enable both full-text searches and exact matching so users can explore data in ways that match the needs of the investigation.

In addition, Elastic enables Bluestone Analytics to archive its data indefinitely. “Organizations and individuals on the dark web change their identities and communication methods over time. Our clients can easily look at historical data to draw a line that connects these shifting personas,” says Nack.

Investigators can reach back as far as they need to complete their inquiries. “Some people need the data we've just collected to be processed and available straight away,” says Nack. “Others are after information from several years ago. No matter when the information is from, Elastic Enterprise Search is so fast that results are available in a matter of seconds.”

Bluestone Analytics also works with specialist organizations to extend the platform and further bolster cybercriminal identification capabilities. Several leading crypto analyst firms have recently added their expertise to the platform. “Given the rise of cryptocurrencies, our intelligence tools now have the ability to investigate and analyze these types of transactions,” says Nack.

Quick and seamless incorporation of new data sources is yet another example of how Elastic helps future-proof the Bluestone Analytics platform.

“We really appreciate the way Elastic’s core functionality has expanded over the years,” says Nack. “The way that it ingests data and the underlying search technology is incredibly scalable and flexible. It means that we can stay one step ahead of the dark web and open web activities that pose a threat to the public.”

The dark web evolves quickly, and every moment counts when a law enforcement agency is seeking the right information. With Elastic, Bluestone Analytics is able to provide potentially life-saving insights to the right people regardless of how the dark web changes, making a huge difference in the fight against crime.

Above all, Elastic supports the company’s mission to provide clients with everything they need to protect the U.S. and the safety of its citizens.

"This material consists of CACI International Inc general capabilities information that does not contain controlled technical data as defined within the International Traffic in Arms Regulations (ITAR), Part 120.10, or Export Administration Regulations (EAR), Part 734.7-10. (PRR ID711)"