Cyber-HUMINT

Last updated

CyberHumint refers to the set of skills used by hackers, within Cyberspace, in order to obtain private information while attacking the human factor, using various psychological deceptions. [1] CyberHumint includes the use of traditional human espionage methodologies, such as agent recruitment, information gathering through deception, traditionally known as Humint, combined with deception technologies known as Social engineering.

Contents

Background

Intelligence gathering involves a range of specialized approaches - from Signals intelligence (SIGINT), Imagery Intelligence (IMINT), Measurement and Signature Intelligence (MASINT), and Geospatial Intelligence (GEOINT), to Open-source intelligence (OSINT). In many cases, [2] information collected from human sources is still considered highly reliable by intelligence analysts, especially while transforming a collection of disparate data strands into an actionable prevention plan. Mark Lowenthal, [3] a leading intelligence thinker, argues that traditional HUMINT is still considered a crucial element in intelligence, that can significantly tilt the balance of power.

CyberHumint methodology was first coined by Ed Alcantara AFX DBI in Feb 2010. Amit Steinhart [4] argued that the cooperation between skilled HUMINT experts trained with specific HUMINT capabilities, and computer security specialists, who apply "social engineering" techniques, is one of the main advantages of CyberHumint. Steinhart offered a new model of information security strategy that imports concepts from HUMINT espionage, and combines it with social engineering strategies, such as the usage of avatars for agents operating in cyberspace, or information and disinformation spreading through cyberspace.

HUMINT experts often argue that in comparison to the relatively young social engineering concept, HUMINT practices, which had been developed for many years by professionals working at national intelligence services, hold the higher ground in terms of experience, technologies, and practices. [4] New form of cyber capability was created when the technical capabilities of computer experts were combined with the intelligence experience [5] of HUMINT experts.

CyberHumint strategy orientation

CyberHumint is aimed to effectively defend organizations against APT (Advanced Persistent Threat) attacks. In the beginning of the 2010s, organizations such as the American NSA and British GCHQ have started to invest significant resources into acquiring technological and intelligence capabilities, to help identify cyber aggressors [6] and assess their abilities and tactical skills. [5]

Recently, information security has shifted from building firewalls to build systems, in order to provide real-time intelligence. Most near-future scenarios suggest that organizations who fail to adapt to the systematic cyber approach will find themselves in a critical situation. [4]

In 2011, Andress and Winterfeld [7] drew the attention to the fact that while cyber security experts can deliver extensive reports on Internet risks, most of the alerts are still general, unspecific and do not actually meet the expectations of the specific organization. In addition, cyber security companies locate hackers or cyber attackers only when the attack is already in progress or worse - after a given system has already been damaged or compromised.

The majority of cyber security defenders currently use automatic network scans as a routine measure. A human analyst becomes involved only at the final stage of data-gathering, which means the bulk of the available data will not be analyzed in real time. [8]

Hackers and CyberHumint

The majority of cyber security companies has no access to human operators within the Dark Web. Hence, they do not benefit from the key input of informants and agents provocateurs. These companies do not apply the methods of agent recruitment and agent management, which various national intelligence organizations have developed and used effectively for years.

New information technologies allow hackers to acquire the upper hand in any confrontation with the targeted organization. A case in point is APT ñ Advanced persistent threat, which in impact and devastation equals to a military strike against a civilian entity. Many peripheral defense systems are not capable of recognizing indications of incoming attacks in advance, [9] and cannot intercept the attack during its course. The majority of security systems can only acknowledge the attack after the damage has already occurred.

Most organizations prefer to focus their security efforts on inward-facing protection strategies, in an attempt to prevent attackers from entering the organization's network. Their defense protocols are not designed to protect from attempts to exploit the organization's employees, [4] who have become the main target for willful intelligence gathering. Personal behavior, compromising private situations, work habits, passwords and other private and business information can be easily harvested and used to facilitate an attack against the organization. [4]

The interface between Cyber Experts and CyberHumint

The concept of CyberHumint allows cyber experts [10] and human intelligence specialists to use real-life human sources, both in the gt and within many public or secret online social networks and operating systems.

By investigating authentic human sources, intelligence experts and cyber experts can explore the various possible aims of potential attackers and their abilities, by monitoring their electronic activities. Outcomes usually leave much to be desired. Attackers are only identified after the attack has started. In just a handful of cases did companies manage to alert their clients against a pending attack. [11]

CyberHumint involves recruiting human agents and deploying them with strategic efficiency to provide the organization with a clear, focused picture of likely threats and hostile actors with the intention of harming the organization. [4] CyberHumint uses classic HUMINT tactics that had been practiced for more than half a century by the national intelligence agencies. It combines them with hackers' social engineering concepts. [4]

Using CyberHumint requires qualified computer professionals who are well-versed in the behavior patterns, linguistic nuances and conventions accepted within the Darknet, as well as other online networks and subcultures. Conversant computer experts and intelligence specialists work in synchrony to uncover indications of intent, long before it develops into an attack plan, so organizations can decide how, where, and when to expose or incapacitate the potential attackers. [4]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cyber security, digital security or information technology security is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Counterintelligence</span> Offensive measures using enemy information

Counterintelligence (counter-intelligence) or counterespionage (counter-espionage) is any activity aimed at protecting an agency's intelligence program from an opposition's intelligence service. It includes gathering information and conducting activities to prevent espionage, sabotage, assassinations or other intelligence activities conducted by, for, or on behalf of foreign powers, organizations or persons.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime is a type of crime involving a computer or a computer network. The computer may have been used in committing the crime, or it may be the target. Cybercrime may harm someone's security or finances.

<span class="mw-page-title-main">Social engineering (security)</span> Psychological manipulation of people into performing actions or divulging confidential information

In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take an action that may or may not be in their best interests."

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, programming scripts can all be forms of internet terrorism. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

<span class="mw-page-title-main">Computer security software</span> Computer program for information security

Computer security software or cybersecurity software is any computer program designed to influence information security. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense.

Proactive cyber defence, means acting in anticipation to oppose an attack through cyber and cognitive domains. Proactive cyber defence can be understood as options between offensive and defensive measures. It includes interdicting, disrupting or deterring an attack or a threat's preparation to attack, either pre-emptively or in self-defence.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

<span class="mw-page-title-main">Advanced persistent threat</span> Set of stealthy and continuous computer hacking processes

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

<span class="mw-page-title-main">Chinese espionage in the United States</span>

The United States has often accused the government of China of attempting unlawfully to acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Prominent espionage cases include Larry Wu-tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak and Peter Lee. The Ministry of State Security (MSS) maintains a bureau dedicated to espionage against the United States, the United States Bureau.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

<span class="mw-page-title-main">Cyberattack</span> Attack on a computer system

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

The following outline is provided as an overview of and topical guide to computer security:

Cyber threat intelligence (CTI) is knowledge, skills and experience-based information concerning the occurrence and assessment of both cyber and physical threats and threat actors that is intended to help mitigate potential attacks and harmful events occurring in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.

<span class="mw-page-title-main">Iftach Ian Amit</span> Israeli Hacker

Iftach Ian Amit is an Israeli Hacker/computer security researcher and practitioner. He is one of the co-founders of the Tel Aviv DEF CON Group DC9723, the Penetration Testing Execution Standard, and presented at hacker conventions such as DEF CON, Black Hat, BlueHat, RSA Conference. He has been named SC Magazine's top experts and featured at Narratively's cover piece on Attack of the Superhackers and is frequently quoted and interviewed

A threat actor or malicious actor is either a person or a group of people that take part in an action that is intended to cause harm to the cyber realm including: computers, devices, systems, or networks. The term is typically used to describe individuals or groups that perform malicious acts against a person or an organization of any type or size. Threat actors engage in cyber related offenses to exploit open vulnerabilities and disrupt operations. Threat actors have different educational backgrounds, skills, and resources. The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders, and competitors. These threat actors all have distinct motivations, techniques, targets, and uses of stolen data. See Advanced persistent threats for a list of identified threat actors.

In cybersecurity, cyber self-defense refers to self-defense against cyberattack. While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, such as corporate entities or entire nations. Surveillance self-defense is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.

References

  1. Human Intelligence (Humint) - All Humans, All Minds, All the Time
  2. Steele, Robert D. (May 2010), "Human Intelligence: All Humans, All Minds, All the Time", Advancing Strategic Thought Series
  3. Lowenthal, Mark M. (2012), Intelligence: From Secrets to Policy, 5th Ed. Washington, DC: CQ Press
  4. 1 2 3 4 5 6 7 8 Steinhart, Amit (March 30, 2014), "The future is behind us? The human factor in cyber intelligence: Interplay between Cyber-HUMINT, Hackers and Social Engineering", Journal of Diplomacy, Diplomatic Institute, archived from the original on September 3, 2014, retrieved August 28, 2014
  5. 1 2 "UK Intelligence Has Endorsed Cyber Security Courses For Wannabe Spies". Gizmodo . 2014-08-04. Archived from the original on 2016-08-28.
  6. Ventre, Daniel (2011), Cyber Conflict: Competing National Perspectives, London : ISTE ; Hoboken, NJ : John Wiley & Sons, 2012, OCLC   828423696
  7. Andress, J.; Winterfeld, S. (2011). Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners. Boston, MA: Syngress.
  8. "Cyber HUMINT Operational Planning". Archived from the original on 2014-09-03. Retrieved 2014-08-28.
  9. Swanson, Scott; Astrich, Craig; Robinson, Michael (26 July 2012), "Cyber Threat Indications & Warning: Predict, Identify and Counter" (PDF), Small Wars Journal
  10. Cyberspace Is Not a Warfighting Domain, by Martin C. Libicki
  11. Steinhart, Steinhart, Amit & Avramov, Kiril; Avramov, Kiril (2013), "Is Everything Personal?: Political Leaders and Intelligence Organizations: A Typology", International Journal of Intelligence and CounterIntelligence, 26 (3): 530, doi:10.1080/08850607.2013.780556, S2CID   156981169

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.