Redefining OSINT To Win The Cybercrime War

A large percentage of investigators in the private sector enter the industry either via law enforcement, government or the military and transition into private investigations as a second career.

Others are employed by insurance companies, library sciences, research bodies or other corporations and a small percentage of investigators come straight out of school into private investigations, security, risk management, data analysis or another related field. 

How and if someone receives formal training in online open-source intelligence (OSINT) gathering, analysis and investigations will influence which tools they employ, their knowledge of privacy and security, and their competence in applying available technology. Coupled with the skills to validate data and sources and derive useful intelligence from the abundance of raw data available via open sources on the world wide web, these attributes form the framework of successful online investigations. As it is, many online sleuths get extensive training using online tools available for free or at low cost using video tutorials demonstrating specific skills or software, in message forums or via social media. There is currently no industry standard or required qualification for OSINT investigations anywhere in the world.

Although the term “OSINT” is only now gaining recognition as a stand-alone discipline, it has been utilized since the second world war when intelligence centres and departments were created by governments to monitor, translate and verify information obtained from news media and foreign governments, along with telegrams and voice communications. The period before the widely adopted use of the world wide web can be considered to be OSINT 1.0, which was focused on telecommunications, news media and translation. The earliest available evidence of the intelligence cycle being used in military training dates back to 1948, however, research suggests it was in use before then in one form or another.

The internet revolutionized the OSINT industry by making previously unavailable information attainable. By creating and automating the processes used for gathering, analyzing, verifying and sharing data along with revolutionizing communications through the adoption of email and other direct messaging systems, users rapidly developed and deployed platforms to give every internet-connected individual a global voice. The period known as Web 2.0 brought us user-generated content, blogs, social networks, geolocation tools, and mobile apps, and accelerated the adoption and transformation of technology in every sector of business and society.

As available data and sources have expanded, finding ways to adapt established intelligence protocols to accommodate novel algorithms and processes has become more difficult, and although in theory, the intelligence cycle is a fluid framework that is still relevant for many types of data, particularly structured data or information that follows a uniform format, unstructured data is becoming more challenging to process.

Further, while data transactions are faster than ever they are also less secure, and tools designed to enhance security can be complex and cumbersome. This is the aspect of OSINT investigations that I believe is failing, resulting in substandard intelligence products and unsafe dissemination. The ever-increasing likelihood of sensitive data falling into the wrong hands or being intercepted and tampered with during transmission further puts clients, subjects and investigators at risk. 

Those professionals in the private sector who investigate high net worth individuals, international organized crime, money laundering, fraud, human and organ trafficking, child sexual exploitation, financial crime including cryptocurrency-related crime, gangs, terrorism, ransomware, hacking and any other cybercrime, have security mechanisms available at each stage of the intelligence cycle. Their effectiveness is very much dependent on their technical competence, integrity, attention to detail, and their ability to anticipate or detect threats in the online realm, as well as the tools and methods being deployed to move data around.

It is my belief that the greatest vulnerabilities to the intelligence process do not lie in the steps we all recognize, rather in the transitions between the steps during which data must invariably be exposed or moved from one platform, program or system to another. It is these “gaps” that I also believe renders the intelligence cycle obsolete, along with the definition of OSINT itself.

While robust end-to-end encryption exists, along with virtual private networks and virtual machines, these can be slow, difficult to install and manage, and not compatible with some of the tools required by investigators to effectively mine both structured and unstructured data. They are also increasingly the target of attacks, are ineffectively built and maintained, or are of questionable origin and integrity. Of the professional investigators I have spoken to, only a very small number feel competent in their use of such technologies, with generation Z and other “digital natives” being most likely to use encryption and VPN’s, and being most comfortable writing script and code to increase functionality and security. Even then, because OSINT is derived from publicly available, and therefore, unclassified, information, it is often considered non-sensitive and low risk and is treated as such.

While encryption is still relatively secure, the sharp rise in data breaches orchestrated via a combination of social engineering, phishing and hacking increases the security vulnerability every time the data is accessed, decrypted, or moved.

While a wealth of information exists about digital footprints, oversharing of personal information on social media, privacy and security best practices, identity theft, data breach vulnerability and social engineering, we are in the midst of an a cybercrime crisis, with the global cost of cybercrime now estimated to be around 3.2 trillion dollars per year. This number is expected to increase to over 6 trillion US dollars by 2021. We are rapidly losing the war on cybercrime and there is no slow-down in sight. 

Organized criminals, terrorists, and corrupt governments and corporations have the time, resources and motivation to invent new, technologically advanced and dynamic ways to steal people’s money and data, while law enforcement, governments and the private sector are continually pushed to do more with less and often lack the knowledge, resources or time to stay on top of technological developments. They require fast results at the lowest cost which invariably leads to cutting corners on security and training.

For many years it has been argued in intelligence communities that the intelligence cycle is antiquated and inadequate for today’s technological environment, however, with no other framework available through which an investigator can follow a semi-structured format in investigations and OSINT production, in particular, it continues to be prescribed as the most appropriate guide for intelligence production.

The steps in the cycle, while labelled differently depending on the environment and version used, follow a very similar path:

  •  Direction (also known as/includes planning, requirements)
  •  Collection (also known as/includes gathering, collation)
  • Processing (also known as/includes validation, verification, exploitation)
  • Analysis (also known as/includes visualization, production)
  • Dissemination (includes decision making)

Each of these steps necessitates a broad scope of actions, often utilizing a variety of technical and digital tools. These actions include, but are not limited to, electronic or cellular communication, locating, storing, moving, analyzing and otherwise processing raw data, verifying sources and data, reformatting information, and sharing of highly confidential intelligence. Each of these steps may incorporate several micro-steps including direct messaging, downloading software and/or the use of cloud-based systems, transfer of data between hardware devices, the use of virtual machines, peer review and word processing.

There are hundreds of tools continually in development for each of these steps, some of which have become industry standards; in most cases, these are limited to certain functions relating to specific types and formats of data. While these tools are valuable to investigators and we would be severely hobbled without them, they bring a new set of problems in that, the ingestion of information and the resulting product is often incompatible with other data processing tools, the data therein cannot easily be verified or processed, cannot be presented or disseminated in a useable format, and cannot be transmitted securely to and from the platform.

As the quantity and complexity of data increases, and as organized criminals become more aggressive and creative in their efforts to obtain private information, it is my belief that the investigations industry is urgently in need of the following:

  • An impenetrable method of obtaining data from the client, including the secure transmission of large files of all media types.
  • A secure system for data storage and movement, both online and offline.
  • A secure way of accessing online data that not just protects but establishes the integrity of the investigator, the data and the investigation process. 
  • Integrated analysis of structured and unstructured data from a variety of sources and in a variety of formats.
  • A standardized process for verifying data AND it’s source regardless of structure or origin.
  • Logical written, and perhaps audio and visual reporting methods for sharing intelligence in a format usable by the client.
  • A secure way of transmitting the intelligence product to the client that maintains it’s unquestionable integrity up to and including the point of delivery.
  • A secure method for longer-term storage of evidence, communications, raw data, investigation process, timelines, and personal data that is not dependent on software or hardware versions or updates, or specific technical knowledge.

I believe that the most urgent requirement is around the security of dynamic data to prevent loss as a result of corruption, interception, or theft.  This would be followed by secure custodial systems for maintaining operational integrity, minimizing risk and securing static data.  The next step would be to create conformity around the integrity of the data itself via source and data verification and then ensuring the data, once verified, cannot become corrupted. The final logical step would be to produce an intelligence product in a format that meets the needs of the client and can be transmitted securely while maintaining the integrity of the data and investigation.

While the blockchain shows great promise for data custody and control, we must be aware of the development of counter-intelligence tools including homomorphic encryption and deep fakes. Both public and private sector investigators and security workers face challenging times as technology advances and those with harmful intent, from low-level criminals that stalk and harass to cross-jurisdictional organized criminals’ intent on inflicting fear, exploitation, and terror innovate and iterate unencumbered. While those on the side of good struggle to legislate, regulate and investigate effectively, the rate of successful prosecutions continues to decline and currently sits at around 0.05% in developed nations. Law enforcement, government, military and the intelligence community hold the legislative key to cybercrime reduction while corporations, start-ups and other private sector stakeholders possess the technological and innovative solutions necessary to exceed the capabilities of cybercriminals.

The public and private sectors must commit to unprecedented collaboration at all levels if we are to take the internet back from the tightening grip of bad actors and win the cybercrime war.

Julie Clegg is Founder & CEO Human-i Intelligence.                       Image: Dreamstime

Her book 'How to Become a World-Class Investigator: An Insider's Guide to a Secretive Industry' is available now. 

You Might Also Read: 

Attack Vectors Are Proliferating

 

 

 

« Coronavirus And Your Phone
Warning: Coronavirus Scams Surging »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Purdicom

Purdicom

Purdicom (formerly known as Selcoms) is an award winning distributor specialising in Wireless, Cloud & Security technologies.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

Repository of Industrial Security Incidents (RISI)

Repository of Industrial Security Incidents (RISI)

RISI is a database of cyber security incidents that have (or could have) affected process control, industrial automation or SCADA systems.

Raytheon Technologies

Raytheon Technologies

Raytheon Intelligence & Space delivers solutions that protect every side of cyber for government agencies, businesses and nations.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

Touchstone Security

Touchstone Security

Touchstone Security is a company with a passion for technology, a hyper-focus on cybersecurity, and a special affinity for cloud technology.

GroupSense

GroupSense

GroupSense helps governments and enterprises take control of digital risk with cyber reconnaissance, counterintelligence and monitoring for breached credentials.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

AWARE7

AWARE7

IT security for human and machine. With the help of our products and services, we work with you to increase the IT security level of your organization.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

63 Moons Technologies (63MT)

63 Moons Technologies (63MT)

63 Moons Technologies is a world leader in providing next-generation technology ventures, innovations, platforms, and solutions.

Viatel Technology Group

Viatel Technology Group

Viatel Technology Group is a complete digital services provider. We have over 26 years’ experience delivering fully managed security, networking, cloud and communications services.