Deep Web Konek is no ordinary cybersecurity group. They trace their roots back to a community of Deep Web enthusiasts in the Philippines circa 2014. Their initial goal was to demystify the hidden corners of the internet. However, major events like the Medusa ransomware attack that crippled PhilHealth and the Philippine Statistics Authority data leak exposed a dire need beyond the dark web. They realized the vulnerabilities threatening Filipino organizations extended far into the familiar Surface Web. That's when they pivoted towards identifying and exposing weaknesses, shifting from curious explorers to active cybersecurity agents.

"The word 'hacker' is unfairly burdened with negative connotations," a representative from Deep Web Konek explains. "We want to change that. Sure, there are malicious actors, but hackers can also be protectors. Ethical hacking is the reason cybersecurity improves at all."

Many businesses view hacking with understandable fear. Deep Web Konek works to transform that fear into proactive collaboration. They've seen companies quickly fix exposed vulnerabilities after their reports. Sadly, some organizations downplay the threat, with cases in Davao and General Santos leaving government offices open to attack. Deep Web Konek wants to empower companies and build partnerships instead of just inspiring panic.

Deep Web Konek doesn't hack directly. They are cyber threat intelligence advocates, monitoring threat actors across platforms. They use various tools to assess vulnerabilities, aligning their analysis with frameworks like Mitre Att&ck. In crafting actionable reports, they follow the six phases of the threat intelligence cycle.

A major question is how they publicize discoveries. Sensitivity matters. Unconfirmed leaks are posted cautiously. In cases like a recent financial institution breach, they quickly confirmed it but protected user privacy by not directly exposing sample data. Often, affected organizations will contact Deep Web Konek for help understanding the breach and patching the vulnerability.

Improvements are tangible. Compromised organizations sometimes mandate immediate password changes for employees. The PSA, PNP, and DOST incidents were success stories—those agencies patched vulnerabilities swiftly after being notified.

There's a delicate balance between helpful exposure and making things worse. Deep Web Konek prioritizes caution. They'll often inform those affected about a vulnerability before going public, minimizing further risk. They support data controllers affected by breaches and encourage incident reporting through proper channels. While there can be pushback or accusations, they focus on collaboration and resolution.

Deep Web Konek is about more than fixing individual websites. Their ultimate goal is to transform the cybersecurity landscape in the Philippines. They want a secure cyberspace where ordinary citizens understand cyber hygiene. Education plus their vulnerability reports are a decisive step in that direction.

"Don't just focus on technical fixes," Deep Web Konek urges. "Strengthen your policies and provide ongoing security training for all staff, especially non-IT personnel. Build a culture of awareness within your organization – that's how you stop being a target."

I reached out to the group via FB Messenger to request an interview. I received a reply from Marko Santiago, who introduced himself as the Head of External Relations for Deep Web Connect. Here's our conversation:

Motivations & Philosophy

1. Tell me about your group's origin story. What sparked the decision to focus on exposing vulnerabilities instead of exploiting them?

Our origin story started from the defunct community of Deep Web enthusiasts in the Philippines traced back in 2014. Similar to them, we created our group to educate people about the hidden corners of the internet known as the Deep Web and Dark Web. But at first, our goal was to only shed light on the mysteries and dangers lurking inside this unseen space. However, what sparked the decision to shift our focus towards exposing vulnerabilities instead of exploiting them was the Medusa Ransomware attack in the PhilHealth incident. The situation piqued our interest and led us to delve deeper into the issue. As we investigated further, we found other similar vulnerabilities and threats that were not limited to the dark corners of the internet but also the Surface Web too. One significant event that underscored the need for our shift in focus was the Philippine Statistics Authority data leak incident. This realization prompted us to redirect our efforts towards not only exploring the depths of the internet but also actively uncovering and addressing vulnerabilities across all platforms.

2. In your view, what is the biggest misconception about hackers that you wish to change?

As we are closely monitoring a wide range of malicious activities coming from unskilled ones up to organized groups, many will agree that their actions affect the overall opinion of the word hacker. Despite some not having technical expertise, they still negatively affect the reputation of hackers in the world of cybersecurity. And with the negative connotation embedded in the word "hacking" nowadays, what we can only wish to change is the way they treat cybersecurity. Hackers are not only people who try to take advantage of any vulnerable infrastructure, they can also be anyone with means to protect you and your organization. After all, ethical hacking is one the reasons why we are able to improve our cybersecurity to this date.

3. Many businesses view hacking with fear. How do you hope to change the way companies and organizations interact with cybersecurity and your group specifically?

The fear factor of compromised infrastructure is already embedded in our cybersecurity space but the idea we wanted to change is the way they treat data security and data breach. In our experience, some of the organization we have covered took immediate action in order to delimit the damage to their infrastructure yet there are also those who brushed of the issue and never got their system patched like some government offices in Davao and General Santos which are vulnerable to both local and international threat actors.

Methods & Impact

4. Can you walk me through your process? How do you identify websites and servers with weaknesses, and what tools or techniques do you use to assess them?

We are not a hacking organization nor directly interact with the reported vulnerabilities as Deep Web Konek is primarily an advocate of Cyber Threat Intelligence. We only monitor movements of multiple different threat actors in various mediums by utilizing closed and open-source tools in order to further investigate. When investigating an incident, attack or breach, we align our findings with the Mitre Att&ck framework to analyze what techniques are used to execute the attack. When it comes to creating a report on threat intelligence and understanding the threat landscape of an organization or Philippines in general, we align our work with the six (6) phases of the Threat Intelligence cycle to gain more insights and assist affected infrastructures.

5. Once you've detected or learned about vulnerabilities, what steps do you take to make them public? Do you work directly with the affected organizations, or do you utilize other platforms?

We, as an organization, have set some policies on how to handle this kind of information, especially those with high levels of sensitivity. In most cases, we post these data breach notifications with a grain of salt if the source is inconclusive or without proper evidence to prove it such as screenshots and data samples. But with confirmed data leaks such as the recent data leak from a financial institution in the Philippines, we quickly update the confirmation of such data without directly showing the data for privacy reasons.

In some cases, affected organizations reach out to us to determine the nature of the breach and how much data has been compromised. And we also provide the gathered information and sample data leaked from various channels to help patch any system vulnerability.

6. Have you seen improvements in the cybersecurity practices of Philippine websites/servers since you began your work?

We sometimes receive reports about changes to policies and immediate course of action done by organizations to prevent another case of breach to occur. Information from employees that receives notification to change passwords is one of many reports we receive after covering these incidents. One of the biggest improvements is probably the PSA, PNP, and DOST incident, which they are to patch quickly after receiving the data leak notifications.

Ethics & Legality

7. There's a fine line between helpful exposure and putting targets at further risk. How do you ensure your actions don't inadvertently cause more harm?

In most scenarios, we exercise caution into putting the victims in danger by withholding information about the vulnerabilities and breach we've discovered first. This approach allows us to provide the affected parties an opportunity to review and address the vulnerability or attack before potentially exposing them to broader scrutiny. Afterwards, we post the report to provide everyone who are in the field of cybersecurity or not be aware of what is happening to their data. We also provide these affected organizations insights as to the severity of the issue by giving all the necessary information.

8. How do you navigate the legal complexities surrounding your activities? Have you faced any challenges or pushback from law enforcement?

At Deep Web Konek, we prioritize transparency and support for data controllers affected by breaches or leaks. We encourage them to report such incidents through proper channels to receive assistance promptly. While challenges may arise, including misleading content or accusations, our focus remains on assisting data controllers and ensuring these incidents are addressed effectively. Through this approach, we aim to provide valuable support and guidance to mitigate the impact of data breaches or leaks.

Greater Goals

9. Beyond individual website fixes, what do you hope your group's work will ultimately impact the cybersecurity landscape in the Philippines?

Our vision is to establish a safe cyberspace. By focusing not only on individual website fixes but also on the broader cybersecurity awareness and education initiatives. We aim to empower all citizens with the knowledge of basic cyber hygiene practices. And ultimately, we hope that our efforts will contribute to a gradual transition towards a more secured and protected cyber environment for everyone in the Philippines.

10. What advice would you give to businesses or website owners who want to proactively strengthen their security before they become a target?

Do not forget to improve their policies, change into training, and make other people be more aware of cybersecurity, especially the non-IT personnel who are the most vulnerable users of the information system.