Offensive IW Open Sources. CSCE 727 - Farkas2 Reading List – Open Source Intelligence: Private...
35
Offensive IW Offensive IW Open Sources Open Sources
-
Upload
stanley-peters -
Category
Documents
-
view
217 -
download
2
Transcript of Offensive IW Open Sources. CSCE 727 - Farkas2 Reading List – Open Source Intelligence: Private...
Offensive IWOffensive IW
Open SourcesOpen Sources
CSCE 727 - Farkas 2
Reading List Reading List – Open Source Intelligence: Private Sector Capabilities to
Support DoD Policy, Acquisitions, and Operations , http://www.fas.org/irp/eprint/oss980501.htm
Interesting Read– INTellingence: Open Source Intelligence, CIA,
https://www.cia.gov/news-information/featured-story-archive/2010-featured-story-archive/open-source-intelligence.html
– Project Grey Goose Report on Critical Infrastructure, 2010, http://dataclonelabs.com/security_talkworkshop/papers/25550091-Proj-Grey-Goose-report-on-Critical-Infrastructure-Attacks-Actors-and-Emerging-Threats.pdf
CSCE 727 - Farkas 3
What is Intelligence?What is Intelligence? Predicting of emergent threats
– Information Relevant to a government’s policy, national security
interests, analyze threats from actual or potential adversaries
– Activities Collection and analysis on intelligence information Counterintelligence
– Organization Central Intelligence Agency (CIA)
Modern Intelligence?Modern Intelligence?
CSCE 727 - Farkas 4
Mata Hari
James Bond
Cyber Intelligence
Source of ThreatsSource of Threats
Physical attacks– Use of IT technology to predict traditional
threats– OSINT
Cyber attacks– Use of IT technology to predict cyber threats– Need: understanding of these threats and their
consequences on national security
CSCE 727 - Farkas 5
CSCE 727 - Farkas 6
InformationInformation “…relevant to a government’s formulation and
implementation of policy to further its national security interests and to deal with threats from actual or potential adversaries.” (A. Shulsky and G. Schmitt, Silent Warfare)
Examples:– Military matters of foreign nations– Diplomatic activities and intentions of foreign nations– Intelligence activities of foreign nations
Other party may or may not want to keep it secret Raw data and analyses and assessments based on raw data
Technical IntelligenceTechnical Intelligence
Interesting read: Office of Scientific Intelligence:The Original Wizards of Langley, http://www.foia.cia.gov/collection/original-wizards-langley
Office of Scientific Intelligence– Track technical challenges– Originates back to 1954-1962– Aim: create and apply innovative technologies to meet
intelligence needs
CSCE 727 - Farkas 7
CSCE 727 - Farkas 8
Open SourceOpen Source
Unclassified information in the public domain or available from commercial services
Example sources: – Traditional: newspapers, magazines, scientific
publications, television and radio broadcasting, etc.
– Emerging: Internet, geospatial data, images
Birth of Open Source Birth of Open Source IntelligenceIntelligence
1946: Central Intelligence Group (CIG) established– Track scientific development abroad and
estimate its importance– Consequences of foreign scientific development
on US national security– Issues: Soviet nuclear weapons, ballistic missile,
space exploration, air defense, chemical and biological weapons, etc.
CSCE 727 - Farkas 9
Open Source ConcernsOpen Source Concerns
Acquisition of information – Open source intelligence– Privacy
Legal and ethical issues– Piracy– Infringement on intellectual property rights– Fraud
CSCE 727 - Farkas 10
What kind of information resources What kind of information resources do YOU use?do YOU use?
How do YOU evaluate the accuracy How do YOU evaluate the accuracy of the data?of the data?
How do YOU analyze the collected How do YOU analyze the collected data?data?
CSCE 727 - Farkas 11
Advances in ITAdvances in IT
Increased: data and analystsRaw data sharing
– Intelligence community– Government offices– Interest groups
CSCE 727 - Farkas 12
CSCE 727 - Farkas 13
ActivityActivity Obtaining or denying information Activities:
– Collection and analysis on intelligence information– Counterintelligence, deception
Collection: wide range (e.g., wiretapping, broadcasts, newspapers, research publications, aerial photography, espionage, etc.)
Analysis: quality of data, correctness of analysis, timeliness, etc.
What are the OSI Challenges?What are the OSI Challenges?Collection?
– Data accuracy (correctness, timeliness, etc.)– Data integration (heterogeneous data, duplicate,
inconsistent data)– Volume of data (processing capability)
Analysis?– Statistical data analysis– Accuracy of results, application of results– Efficiency
CSCE 727 - Farkas 14
CSCE 727 - Farkas 15
CounterintelligenceCounterintelligence
Covert action Protect a nation against the actions of
hostile intelligence services– National Security – Nature of regime– Law
CSCE 727 - Farkas 16
CounterintelligenceCounterintelligencePassive measures
– Blocking access to the information – Information classification:
Top Secret: “exceptionally grave damage” Secret: “serious damage” Confidential: “damage”
Counter espionage– Surveillance, intelligence collections– Defectors and double agents– Deception
CSCE 727 - Farkas 17
CounterintelligenceCounterintelligence Foreign intelligence guidelines: classified
– Investigation of: Illegal activities: detecting and preventing foreign
espionage and terrorist activities Legal activities: foreign legal political activities like fund-
raising, organizational work, etc. Domestic intelligence guidelines (“Levi Guidelines”):
public– Investigation of groups that
hostile to government policies and fundamental principles seeks to deprive some class of people has violent approach to political change
CSCE 727 - Farkas 18
Scope of IntelligenceScope of Intelligence
Government -- national security – Range from peace time to war time intelligence– Type of government
Domestic Intelligence -- depends on nature of regime Business corporations – competitive advantage Economics and Intelligence
– Government-run economy– Economic well-being of nation (post-Cold War era)
Non-traditions Intelligence– Environmental issues
CSCE 727 - Farkas 19
Intelligence and Law Intelligence and Law EnforcementEnforcement
Transnational threats: – Do not originate primarily from a foreign government– Serious threats for nation’s well-being– Fall within law enforcement rather than intelligence– Examples: narcotics trafficking, international terrorism
Law enforcement: waiting until a crime has been committed
Intelligence: collection of convincing evidence Criminal investigation vs. criminal intelligence
investigation – Punishment of a given criminal act vs. struggle with an
organization engaged in criminal activity
CSCE 727 - Farkas 20
Intelligence and Information AgeIntelligence and Information Age
Advent of information age Change the mode of operations for business
corporations and government Technology: communicating and processing
information Behavioral and institutional change: information
as the key of organizational activities Intelligent Services vs. competing organizations
Military AffairsMilitary Affairs
Enhanced usefulness of information– Weapon systems
Enhanced ability to collect, process and disseminate information in a timely manner
CSCE 727 - Farkas 21
Government OperationsGovernment Operations
Circulation and use of information for policy making and implementation– Competitiveness of non-government
organizations– How to exploit information– How to integrate information from
heterogeneous sources
CSCE 727 - Farkas 22
CSCE 727 - Farkas 23
Intelligence and Information Age Intelligence and Information Age (cont.)(cont.)
Globalization: increased flow of information across borders– International trade– Division of labor– Increased travel– Increased penetration by news media
CSCE 727 - Farkas 24
Open Source Information Open Source Information CollectionCollection
Goal oriented Publications and broadcast Additional information available from non-
intelligence sources Special sources (e.g., speeches of political leaders,
legal documents, demographic data, etc. ) Large amount of openly available data Need
processing power
CSCE 727 - Farkas 25
Problem of Increased AvailabilityProblem of Increased Availability
How to locate sources?How to evaluate source reliability?How timely the data is?How to analyze information and integrate
with other intelligence information?How to protect confidentiality of policy
maker’s interest?
CSCE 727 - Farkas 26
Information SpecialistInformation Specialist
Policy makerStaff of policy makerIntelligence analysts
CSCE 727 - Farkas 27
IW and Open Source IW and Open Source IntelligenceIntelligence
Generally legal (uses readily available information)
Attacker gains access to protected information, e.g., – Business trade secrets– Military strategy– Personal information
Protected information: readily available in public domain, can be inferred from public data, or deduced from aggregated public data
CSCE 727 - Farkas 28
Open Source IntelligenceOpen Source Intelligence
Widely used (e.g., Department of Defense) Cheap, fast, or timely Most often legal Advantages: no risk for collector, provides
context, mode of information acquisition, cover for data discovery by secret operations
Disadvantages: may not discover important information, assurance of discovery(?)
CSCE 727 - Farkas 29
Online Open Source Online Open Source IntelligenceIntelligence
Large amount of public data online– Web pages, online databases, digital
collections, organizations on line, government offices, etc.
Freedom and Information Act (FOIA): industry data
U.S. Patent Office: copies of U.S. patentsTrade shows, public records, etc.
CSCE 727 - Farkas 30
PrivacyPrivacy
Use open source to find out confidential data about people
Find confidential data about people while they browse through open source (e.g., Web searches)
Who is Selling Your Personal Who is Selling Your Personal Data?Data?
Online investigative industry Cash strapped government
– Maryland DMV: 1996 – driver’s license info and vehicle registration data
– Virginia: voter registration data– Washington State: 1997 WATCH (criminal history data)
Accidental:– Experian Inc. 08/13/1997, software error in web
application released other customers’ credit standing, http://www.highbeam.com/doc/1P2-738117.html
CSCE 727 - Farkas 31
CSCE 727 - Farkas 32
Privacy ViolationsPrivacy Violations
Snooping via Open SourcesOnline activities
– Questionnaires– Customers’ data– Web site data collection (Cookies, IP address,
operating system, browser, requested page, time of request, etc.) – without user’s permission
CSCE 727 - Farkas 33
LegislationsLegislations Privacy Act of 1974, U.S. Department of Justice
(http://www.justice.gov/opcl/1974privacyact-overview.htm ) Family Educational Rights and Privacy Act (FERPA), U.S.
Department of Education, (http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html )
Health Information Privacy, Health Insurance Portability and Accountability Act of 1996 (HIPAA), (http://www.hhs.gov/ocr/privacy/index.html )
CSCE 727 - Farkas 34
Other Open Source AttacksOther Open Source Attacks Piracy
– Available in open source, but still protected by copyright, patent, trademark, etc.
Copyright Infringement– Acquisition of protected work without the owner’s
permission and sold for a fee– Human perception: not serious crime– Significant loss for
marketing/manufacturing/owner Trademark Infringement
Legal and Ethical IssuesLegal and Ethical Issues
See lecture notes for CSCE 522
Nov. 26, 2012
http://www.cse.sc.edu/~farkas/csce522-2012/lecture.htm
CSCE 727 - Farkas 35
