Redefining OSINT To Win The Cybercrime War

A large percentage of investigators in the private sector enter the industry either via law enforcement, government or the military and transition into private investigations as a second career.

Others are employed by insurance companies, library sciences, research bodies or other corporations and a small percentage of investigators come straight out of school into private investigations, security, risk management, data analysis or another related field. 

How and if someone receives formal training in online open-source intelligence (OSINT) gathering, analysis and investigations will influence which tools they employ, their knowledge of privacy and security, and their competence in applying available technology. Coupled with the skills to validate data and sources and derive useful intelligence from the abundance of raw data available via open sources on the world wide web, these attributes form the framework of successful online investigations. As it is, many online sleuths get extensive training using online tools available for free or at low cost using video tutorials demonstrating specific skills or software, in message forums or via social media. There is currently no industry standard or required qualification for OSINT investigations anywhere in the world.

Although the term “OSINT” is only now gaining recognition as a stand-alone discipline, it has been utilized since the second world war when intelligence centres and departments were created by governments to monitor, translate and verify information obtained from news media and foreign governments, along with telegrams and voice communications. The period before the widely adopted use of the world wide web can be considered to be OSINT 1.0, which was focused on telecommunications, news media and translation. The earliest available evidence of the intelligence cycle being used in military training dates back to 1948, however, research suggests it was in use before then in one form or another.

The internet revolutionized the OSINT industry by making previously unavailable information attainable. By creating and automating the processes used for gathering, analyzing, verifying and sharing data along with revolutionizing communications through the adoption of email and other direct messaging systems, users rapidly developed and deployed platforms to give every internet-connected individual a global voice. The period known as Web 2.0 brought us user-generated content, blogs, social networks, geolocation tools, and mobile apps, and accelerated the adoption and transformation of technology in every sector of business and society.

As available data and sources have expanded, finding ways to adapt established intelligence protocols to accommodate novel algorithms and processes has become more difficult, and although in theory, the intelligence cycle is a fluid framework that is still relevant for many types of data, particularly structured data or information that follows a uniform format, unstructured data is becoming more challenging to process.

Further, while data transactions are faster than ever they are also less secure, and tools designed to enhance security can be complex and cumbersome. This is the aspect of OSINT investigations that I believe is failing, resulting in substandard intelligence products and unsafe dissemination. The ever-increasing likelihood of sensitive data falling into the wrong hands or being intercepted and tampered with during transmission further puts clients, subjects and investigators at risk. 

Those professionals in the private sector who investigate high net worth individuals, international organized crime, money laundering, fraud, human and organ trafficking, child sexual exploitation, financial crime including cryptocurrency-related crime, gangs, terrorism, ransomware, hacking and any other cybercrime, have security mechanisms available at each stage of the intelligence cycle. Their effectiveness is very much dependent on their technical competence, integrity, attention to detail, and their ability to anticipate or detect threats in the online realm, as well as the tools and methods being deployed to move data around.

It is my belief that the greatest vulnerabilities to the intelligence process do not lie in the steps we all recognize, rather in the transitions between the steps during which data must invariably be exposed or moved from one platform, program or system to another. It is these “gaps” that I also believe renders the intelligence cycle obsolete, along with the definition of OSINT itself.

While robust end-to-end encryption exists, along with virtual private networks and virtual machines, these can be slow, difficult to install and manage, and not compatible with some of the tools required by investigators to effectively mine both structured and unstructured data. They are also increasingly the target of attacks, are ineffectively built and maintained, or are of questionable origin and integrity. Of the professional investigators I have spoken to, only a very small number feel competent in their use of such technologies, with generation Z and other “digital natives” being most likely to use encryption and VPN’s, and being most comfortable writing script and code to increase functionality and security. Even then, because OSINT is derived from publicly available, and therefore, unclassified, information, it is often considered non-sensitive and low risk and is treated as such.

While encryption is still relatively secure, the sharp rise in data breaches orchestrated via a combination of social engineering, phishing and hacking increases the security vulnerability every time the data is accessed, decrypted, or moved.

While a wealth of information exists about digital footprints, oversharing of personal information on social media, privacy and security best practices, identity theft, data breach vulnerability and social engineering, we are in the midst of an a cybercrime crisis, with the global cost of cybercrime now estimated to be around 3.2 trillion dollars per year. This number is expected to increase to over 6 trillion US dollars by 2021. We are rapidly losing the war on cybercrime and there is no slow-down in sight. 

Organized criminals, terrorists, and corrupt governments and corporations have the time, resources and motivation to invent new, technologically advanced and dynamic ways to steal people’s money and data, while law enforcement, governments and the private sector are continually pushed to do more with less and often lack the knowledge, resources or time to stay on top of technological developments. They require fast results at the lowest cost which invariably leads to cutting corners on security and training.

For many years it has been argued in intelligence communities that the intelligence cycle is antiquated and inadequate for today’s technological environment, however, with no other framework available through which an investigator can follow a semi-structured format in investigations and OSINT production, in particular, it continues to be prescribed as the most appropriate guide for intelligence production.

The steps in the cycle, while labelled differently depending on the environment and version used, follow a very similar path:

  •  Direction (also known as/includes planning, requirements)
  •  Collection (also known as/includes gathering, collation)
  • Processing (also known as/includes validation, verification, exploitation)
  • Analysis (also known as/includes visualization, production)
  • Dissemination (includes decision making)

Each of these steps necessitates a broad scope of actions, often utilizing a variety of technical and digital tools. These actions include, but are not limited to, electronic or cellular communication, locating, storing, moving, analyzing and otherwise processing raw data, verifying sources and data, reformatting information, and sharing of highly confidential intelligence. Each of these steps may incorporate several micro-steps including direct messaging, downloading software and/or the use of cloud-based systems, transfer of data between hardware devices, the use of virtual machines, peer review and word processing.

There are hundreds of tools continually in development for each of these steps, some of which have become industry standards; in most cases, these are limited to certain functions relating to specific types and formats of data. While these tools are valuable to investigators and we would be severely hobbled without them, they bring a new set of problems in that, the ingestion of information and the resulting product is often incompatible with other data processing tools, the data therein cannot easily be verified or processed, cannot be presented or disseminated in a useable format, and cannot be transmitted securely to and from the platform.

As the quantity and complexity of data increases, and as organized criminals become more aggressive and creative in their efforts to obtain private information, it is my belief that the investigations industry is urgently in need of the following:

  • An impenetrable method of obtaining data from the client, including the secure transmission of large files of all media types.
  • A secure system for data storage and movement, both online and offline.
  • A secure way of accessing online data that not just protects but establishes the integrity of the investigator, the data and the investigation process. 
  • Integrated analysis of structured and unstructured data from a variety of sources and in a variety of formats.
  • A standardized process for verifying data AND it’s source regardless of structure or origin.
  • Logical written, and perhaps audio and visual reporting methods for sharing intelligence in a format usable by the client.
  • A secure way of transmitting the intelligence product to the client that maintains it’s unquestionable integrity up to and including the point of delivery.
  • A secure method for longer-term storage of evidence, communications, raw data, investigation process, timelines, and personal data that is not dependent on software or hardware versions or updates, or specific technical knowledge.

I believe that the most urgent requirement is around the security of dynamic data to prevent loss as a result of corruption, interception, or theft.  This would be followed by secure custodial systems for maintaining operational integrity, minimizing risk and securing static data.  The next step would be to create conformity around the integrity of the data itself via source and data verification and then ensuring the data, once verified, cannot become corrupted. The final logical step would be to produce an intelligence product in a format that meets the needs of the client and can be transmitted securely while maintaining the integrity of the data and investigation.

While the blockchain shows great promise for data custody and control, we must be aware of the development of counter-intelligence tools including homomorphic encryption and deep fakes. Both public and private sector investigators and security workers face challenging times as technology advances and those with harmful intent, from low-level criminals that stalk and harass to cross-jurisdictional organized criminals’ intent on inflicting fear, exploitation, and terror innovate and iterate unencumbered. While those on the side of good struggle to legislate, regulate and investigate effectively, the rate of successful prosecutions continues to decline and currently sits at around 0.05% in developed nations. Law enforcement, government, military and the intelligence community hold the legislative key to cybercrime reduction while corporations, start-ups and other private sector stakeholders possess the technological and innovative solutions necessary to exceed the capabilities of cybercriminals.

The public and private sectors must commit to unprecedented collaboration at all levels if we are to take the internet back from the tightening grip of bad actors and win the cybercrime war.

Julie Clegg is Founder & CEO Human-i Intelligence.                       Image: Dreamstime

Her book 'How to Become a World-Class Investigator: An Insider's Guide to a Secretive Industry' is available now. 

You Might Also Read: 

Attack Vectors Are Proliferating

 

 

 

« Coronavirus And Your Phone
Warning: Coronavirus Scams Surging »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

Resilience First

Resilience First

Resilience First is a not-for-profit organisation, led and funded by business to strengthen collective business resilience in all areas, including cyber security.

Vector Informatik

Vector Informatik

Vector Informatik is a specialist in automotove electronics and provides services, embedded software and tools for securing embedded systems against cyber-attacks.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

DataNumen

DataNumen

The fundamental mission of DataNumen is to recover as much data from inadvertent data disasters as possible.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

Hyperproof

Hyperproof

Hyperproof is a cloud-based compliance operations software. Launch new programs immediately, collect evidence automatically, and manage a compliance program intelligently.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

Pillr

Pillr

Pillr is a cybersecurity operations platform capable of adapting to the demands of your business and team — and the global threat landscape.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Laneden

Laneden

Laneden specialise in helping organisations identify security concerns and quantify the risks you may have across your assets, using Penetration Testing, Threat Simulation and Compliance Testing.

InfoSight

InfoSight

InfoSight offers proven Cyber Security, Regulatory Compliance, Risk Management and Infrastructure Solutions to protect your business and your customers from cyber crime and fraud.