"Why Threat Intelligence Gathering Can Be a Legal Minefield"

The Department of Justice (DoJ) released a report, titled "Legal Considerations When Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources." The report highlights the risks that security researchers and organizations face when collecting threat intelligence from Dark Web forums and other online sources where cybercriminals gather to plan attacks or trade stolen data. Security practitioners and researchers run the risk of getting into deep legal trouble when gathering adversary intelligence or tracking cybercriminals on online forums. The purpose of the DoJ's report is to help organizations and researchers that engage in such activities identify the legal issues they may face. One of the essential takeaways from the report is the ease at which threat intelligence gatherers could cross the legal if they ask questions and request intelligence on a Dark Web forum about illegal activities. Exchanges with others, involving criminal conduct, on such illicit platforms could incriminate the researcher. This article continues to discuss the issues highlighted by the report that security researchers and threat intelligence firms need to be mindful of when engaging with criminals or collecting information in underground online marketplaces, as well as the rules that need to be followed when performing such activities. 

Dark Reading reports "Why Threat Intelligence Gathering Can Be a Legal Minefield"