SafeHorizon offers computer law enforcement agencies (LEAs), emergency response teams (CERTs), and computer security incident response teams (CSIRTs) a toolbox with underdevelopment and improved open-source solutions that will be simple to plug-and-play, maintain, and adapt.
SaferHorizon aims to disrupt ‘Crime-as-a-Service’ (CaaS) paradigm by harnessing intelligence collected from internet-facing services (the clear, deep, and dark web), public dumps and leaks (from ransomware groups and hacking forums and channels), as well as datasets from LEAs and security providers, and using machine learning (ML) to identify correlations and extract actionable evidence that can be used in court. Beyond crawling for information, SafeHorizon will actively search for possible leaks of information on illegal services, forums, and software that would allow LEAs to track down users, developers, and operators.
SafeHorizon will deliver:
- a toolkit that is broken down into individual and interoperable easy-to-use tools (in the form of Docker containers),
- a monitoring platform that integrates the output of these tools,
- a correlation engine to find the connections among diverse and big datasets, and
- datasets and notebooks that will be shared with all EU LEAs and vetted organisations and companies to enable the easy uptake and processing of data to deliver tangible results.
Moreover, SafeHorizon aims to give cybercriminals a taste of their own medicine by, e.g., spreading disinformation on hacking, carding, forums and channels to dismantle their rings of trust.
The project has received funding from the European Union’s Horizon Research and Innovation Programme under Grant Agreement nº 101168562.