August 29, 2023 By Mark Stone 4 min read

The security industry has always dreamed about an impenetrable internet where threats are neutralized and attackers cannot thrive. Many have tried to conceptualize this theory into reality, but for the time being, it remains a dream.

But one company, Dark Cryptonite, has already created this infrastructure.

If you’re still dreaming of a world where the internet is inherently secure, keep dreaming. That probably won’t come to fruition in our lifetime. But what if the internet as we know it can co-exist with an alternate internet? What would the impact be on business and the cybersecurity industry?

For one, the security industry would have to think differently about the tools and solutions we use. If this secure network infrastructure gained widespread adoption, everyone would need to find a way to balance it with today’s internet and continue to leverage current security solutions.

How would this all work?

Reengineering the cybersecurity framework

Dark Cryptonite’s co-founder, Tyler Cohen Wood, has extensive experience in special comms from her tenure with the Defense Intelligence Agency. In the context of cyber defense, “special comms” or “special communications” refer to secure, encrypted or otherwise protected communication channels that transmit sensitive information. Broadly speaking, special comms can also refer to any non-standard communication methods used for specific purposes or in specific situations. In a military context, special comms could refer to covert communication methods used for espionage or reconnaissance.

Throughout her time there, Wood realized that traditional methods of defense were increasingly inadequate as attackers continued to target the essential infrastructure of digital connectivity. According to Wood, the solutions that were once effective have now become part of the problem.

“Working with special comms… is a really out-of-the-box way of thinking,” she said. “You’re not using traditional channels, so you’re kind of hidden in the noise, off the grid. I started looking at the problem because I’ve been doing this for a long time, and I realized a few things.”

As the pandemic began, Wood concluded that cybersecurity awareness training was no longer enough. She referred to a report that in 2023, cyber vulnerabilities skyrocketed 589%, underscoring the crucial importance of cybersecurity.

“I started studying the bad guys because I wanted to see why they were winning, and I realized they were actually using special comms,” she said. “So it made perfect sense that was what the good guys had to do, too, because you look at those statistics, and we’re not winning, we’re losing.”

Embracing a new security paradigm

Of course, not all traffic has to be so secure that it has to be off the grid. “But for the things that do have to be completely secured where you cannot have them hacked, you would utilize a technology like Dark Cryptonite,” Wood said. “It gives you that protection, and it’s so obfuscated and goes through so many layers of encryption. And then when you consider that it’s an off-the-grid network, it completely changes the playing field.”

Because at the end of the day, if you have an IP address, they know where you live. If you don’t, they don’t know where you live. “If you have a system that can change its mode of entry on the fly, it can change what it’s connecting to,” Wood explained — such as when the infrastructure uses hashes instead of IP addresses. “It just changes everything.”

Dark Cryptonite is a paradigm shift from the traditional approach to cybersecurity. It doesn’t just add another layer of defense; it shifts the battlefield from where attacks are most potent. This solution operates “off the grid”, providing a secure and private environment for organizations to carry out their digital activities. Unlike conventional solutions that offer more traps or hurdles for threat actors to overcome, Dark Cryptonite essentially takes away the road, making it not just resistant to typical modes of cyberattacks but virtually invisible to them.

Wood envisions the internet as a series of train tracks and malicious programs as the trains. “These malicious programs need a particular infrastructure to operate and propagate,” she said. “Our infrastructure effectively eliminates these tracks, leaving no path for the malicious train to follow. This way, it sidesteps the entire concept of creating more barriers, which attackers invariably find ways around, and instead removes the ground they tread on.”

Integrating secure and traditional infrastructures

Despite its fundamentally different approach, the Dark Cryptonite infrastructure is designed to work effectively within an organization’s existing technology assets. Wood and her engineering team have ensured the solution incorporates a zero trust capability by design. Its Infrastructure as a Service (IaaS) is also in compliance with every standard and regulation.

Wood explained that within the secure environment, organizations cannot remove or copy files or take them home on a laptop, for instance. “Again, not all traffic has to be super secure,” she said. “Your crown jewels do, as do communications between the executive leadership and the board. But not all data needs to be secured at that level.”

Of course, organizations leveraging the infrastructure will still have (and need) endpoint management and firewalls because not all traffic and not all work needs to be at this super secure level. Examples of other crown jewels include backups, intellectual property or mergers and acquisition data. “That information has to remain private and not hackable,” Wood said.

So why has no one thought of this before? Many have pondered the concept of a separate, secure “internet”. But turning these ideas into tangible, workable solutions is a significant challenge.

“It’s the execution that has made the difference,” she said. “We have to really shift that mindset that there’s another way of doing things. And I think about the potential to change our economy. Because if companies are not always under threat of being hacked, they don’t have to have ransomware payments laying around, and a lot more money goes into what that company actually does, right?”

Does all this version of two internets living as codependents sound too good to be true? Time will tell, but a solution like this, at the very least, provides a glimmer of hope.

More from Risk Management

Back to basics: Better security in the AI era

4 min read - The rise of artificial intelligence (AI), large language models (LLM) and IoT solutions has created a new security landscape. From generative AI tools that can be taught to create malicious code to the exploitation of connected devices as a way for attackers to move laterally across networks, enterprise IT teams find themselves constantly running to catch up. According to the Google Cloud Cybersecurity Forecast 2024 report, companies should anticipate a surge in attacks powered by generative AI tools and LLMs…

Mapping attacks on generative AI to business impact

5 min read - In recent months, we’ve seen government and business leaders put an increased focus on securing AI models. If generative AI is the next big platform to transform the services and functions on which society as a whole depends, ensuring that technology is trusted and secure must be businesses’ top priority. While generative AI adoption is in its nascent stages, we must establish effective strategies to secure it from the onset. The IBM Institute for Business Value found that despite 64%…

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today