DnI DaaS

Who Are We?
BOC Intel founders pioneered many of the darknet intelligence (DnI) methodologies you see today, e.g. CyberHUMINT™. We have been covertly active collecting darknet data since 2009. Ten years ago, the darknet/deep web was unheard of compared to today being a common term heard on television and radio.

In 2014, there were only two commercial entities (our founder’s being one) offering DnI. Cyberattacks and data breaches are part of our day-to-day life so much so, people have become desensitized to the events. In every case the customers’ compromised data recompense is “credit monitoring, free for one year”. We have often heard people joke about how many free credit monitoring packages they have due to the high number of data breaches their information was connected to in a 12-month period.

During DnI infancy our founder developed methodologies used for threat actor attribution. Working with law enforcement the company set records for threat actor attribution of cyberattacks globally.

Using our evidence collected in real-time enabled authorities to arrest and successfully prosecute in record time cyber cases that traditionally take up to 18 months, e.g. attacker was arrested within 72 hours from attack. Developing innovative breakthrough technologies to unmask threats from the unknown is our mission and passion. Leveraging our years of experience and being recognized as darknet subject matter experts affords us the insight required to deliver our clients the highest fidelity raw darknet data near-real-time (NRT). Our support to domestic and foreign, law enforcement agencies, intelligence communities and militaries successfully disrupted large-scale terrorist attacks resulting in some instances thousands of people went home to their families.

This is our mission and passion:
“People First for the Greater Good!”

Our founder is elated to see the numerous DnI companies that have launched since 2015. As the saying goes “Imitation is the greatest form of flattery”. We invite all cyber and non-cyber security providers to consider augmenting their current offerings with our DnI DaaS. Why? DnI at best will always be a piece of the puzzle for clients threat visibility. As of this writing 24 March 2018, there is currently 6,291 peer routers in TOR network. A TOR connection requires 3 random routers to connect to every 6 minutes, “entry guard > relay > exit node”. Probability of same combination consecutively is one-in 41,515,940,466. Logically the odds are too great of any single DnI provider to have full visibility.

The fact of the matter is stand-alone DnI providers can best serve clients by disclosing they can only provide a piece of the puzzle. Augmenting stand-alone DnI with other DnI sources is a unique concept, albeit exactly what intelligence is…verify, verify, verify. We discovered that augmenting with other DnI providers all parties retained their respective proprietary IP while simultaneously enriching clients DnI visibility. DnI is unlike conventional cybersecurity products in terms of threat events monitored; cybersecurity products secure their clients from perimeter surface net attacks among many other vectors; whereas DnI attempts to provide timely intelligence from anonymous peer-to-peer networks.

Currently, choosing a DnI provider is akin to buying a bottle of water; so many brands and prices for the exact same thing – water. DnI providers are packaging the same data sourced from crawling or scraping sites which are synonymous. Some DnI providers claim to index millions of pages every day from darknet sites by scraping. Scraping is possible of some darknet sites but not all.

Since the infamous SilkRoad takedown of October 2013, there hasn’t been recorded actionable intelligence attributed to scraped darknet data. Darknet black markets and forums are generally platforms for narcotics, fraud products, counterfeit goods, tutorials on how to be a cybercriminal, extremists guidebooks and the like.

Experience has taught us the best intelligence is found in invite-only Vetting Required Membership (VRM) darknet sites. VRM sites generally have less than 100 members and anti-bot-scrape code to identify should scrape instances occur then instantly ban the scrape user-id access thus ceasing a scrape.

Darknet Intelligence Secret
DnI providers omit disclosure to clients that scraping cannot bypass all login pages to capture content. We assert this fact based on a commonly adopted authentication method for quality darknet sites are not all CAPTCHA. Authentication can be a randomly generated equation, a trivia question or combination of both giving a limited time to input correct answer. We see some VRM sites that require a darknet history question be solved for authentication e.g. “What new site did TCF admin launch?” This darknet history question pre-dates the existence of most DnI providers back to 2014.

Therefore, scrape methods are often indexing a login page yielding zero actionable intelligence. Concluding, scrape methodologies are likely returning the same results.


San Francisco
Washington D.C.



We are a member of CyberOpsAlliance