HUMINT Engage Your Cyber Adversaries T hreat Int el l igence Realized. Introduction, Threat hunters and incident responders rely on intelligence to see identify. and respond to attacks Historically they have used Open Source Intelligence. OSINT which is data collected from publicly available sources and Machine. Intelligence also known as Signals Intelligence SIGINT which involves. the interception of signals from both communications and electronic sources. e g cell phones and computers In addition Social Media Intelligence. SOCMINT has provided another source of intelligence which can be used. to identify potential brand and customer focused attacks However the one. constant behind all attacks is that they are human driven As threat actors. keep innovating to make their attacks more difficult to see and stop another. form of intelligence has become critical for cybersecurity success Human. Intelligence HUMINT, Because attacks are human driven the best way to anticipate identify and. respond to them requires human skill and effort Gathering HUMINT can be. one of the most difficult and most dangerous forms of intelligence as we ll. explain later but it can also be one of the most valuable sources of intelligence. available to organizations Cybersecurity researchers threat hunters and. incident responders need to leverage all of the tools and intelligence sources. at their disposal to prevent attacks minimize data leakage and try to stay one. step ahead of threat actors, This paper focuses on HUMINT defining it discussing how it can be gathered. and used and the important role it plays in helping threat hunters defeat threat. actors in the increasingly high stakes world of cyber threats. 2 HUMINT The Key to Successfully Engaging Your Cyber Enemies. T hreat Int ell i, HUMINT Engage Your Cyber Adversaries T hreat Int el l igence Realized. What is HUMINT, In The Art of War Chinese military strategist Sun Tzu wrote To know. your Enemy you must become your Enemy That advice from 2 500. years ago remains very applicable to today s world of cyber warfare. What makes cyber attacks so difficult to see identify and stop is the HUMINT can be defined. fact that they are very often planned and executed by savvy well trained. experts who use their skill and cunning along with an impressive array. as the process of, of high tech cyber weaponry to deliver stealthy attacks that often gathering intelligence. begin and end before the victims even notice,through interpersonal. HUMINT can be defined as the process of gathering intelligence contact and. through interpersonal contact and engagement rather than by engagement rather. technical processes feed ingestion or automated monitoring HUMINT. can be performed by both threat hunters and threat actors meaning it. than by technical, could be recruiting an intelligence source by threat hunter or through processes feed. misrepresentation and social engineering by threat actor It s typically a. manual process requiring a very specific set of skills and knowledge to. ingestion or automated, remain undercover and not raise suspicion monitoring. While difficult human intelligence is the key to seeing identifying and. effectively thwarting the efforts of cyber attackers whether they seek. financial gain are looking to advance their political and social agendas. or are commissioned by nation state espionage aimed at disrupting. operations and national security, Both threat actors and cyber security professionals have impressive. technology at their disposal but they also deploy perhaps the most. useful and dangerous weapon of all in their work human knowledge. and experience That s why the advent of HUMINT is a critical intelligence. source for threat hunters and incident responders Understanding the. motives and tendencies behind your adversaries is a key to any type of. warfare including cyber warfare Therefore threat hunters must know. their enemy by becoming their enemy as Sun Tzu advised over 2 500. years ago The good news for cybersecurity experts is that while the. enemy may be virtual and anonymous they are not invisible. 3 HUMINT The Key to Successfully Engaging Your Cyber Enemies. T hreat Int ell i, HUMINT Engage Your Cyber Adversaries T hreat Int el l igence Realized. Meet Joe A HUMINT and Threat Hunting Expert, We conducted an in depth interview with a professional such practitioners you are analyzed constantly There are. threat hunter we ll call him Joe to protect his identity many cases in the forums I ve joined where the administrators. who currently works as head of cyber threat intelligence for or moderators scrutinize everything about you to determine. a multinational corporation Joe also spent several years if you re really a fellow threat actor or a security researcher. earlier in his career working as a senior intelligence analyst They want to know who you are and where you re coming. for the Israeli government He is an expert at using HUMINT from If they even suspect that you are in law enforcement or. to infiltrate threat actor forums on the dark web to gather a security researcher they will ban you very quickly. information that helps identify and defend attacks aimed at. his organization Before starting to engage with threat actors on these. forums operational security for threat hunters is critical. The key for a threat researcher Researchers need tools to help them. or hunter to successfully obtain hide their identity It can be a VPN. and use HUMINT is to learn how a proxy a virtual machine or TOR. threat actors think what tools and The more precautions and tools. techniques they use and what they It s the high tech you use the better Joe said For. are targeting That requires the ability, equivalent of what an threat researchers who work for. to engage with and infiltrate threat corporations getting unmasked by. actors to gain their trust and learn, undercover FBI agent the hackers we re trying to infiltrate is. how they operate It s the high tech does when he or she the biggest problem It s also possible. equivalent of what an undercover FBI spends months or years to run afoul with law enforcement with. agent does when he or she spends, working to infiltrate a some of the things we have to do. months or years working to infiltrate a but the biggest concern for us is to. criminal organization It s painstaking, criminal organization incur the wrath of our own corporate. and nerve racking work and means Joe legal departments. Head of Cyber Threat Intelligence,going where threat actors congregate. at a Multi National Corporation, and share information which usually Because HUMINT gathering can be. includes dark web forums IRC chat such a time consuming activity Joe. rooms and black markets It can be says people who do the work rely. a dangerous activity for an individual on cutting edge technologies that. no matter how experienced and skilled they are can provide them with the HUMINT they need to do their. jobs effectively I have a few key products that provide me. When a threat researcher relies on HUMINT as a key with strong intelligence about organizations that may have. investigatory technique it can be very risky said Joe When acquired information from my company that they re trying to. you are entering a realm via the dark web especially one monetize or share with fellow hackers It s my job to prevent. frequented by threat actors from parts of the world rife with that valuable information from being sold on the dark web. 4 HUMINT The Key to Successfully Engaging Your Cyber Enemies. T hreat Int ell i, HUMINT Engage Your Cyber Adversaries T hreat Int el l igence Realized. The Risks Challenges of Solo HUMINT Gathering, While HUMINT can be an incredibly valuable to an organization it doesn t come without its risks Avoiding mistakes that can. reveal a threat hunter s identity is vitally important The last thing you want is to become a target and that s exactly what will. happen if your true identity is exposed,Taking Appropriate Precautions. You never use your own computer Joe explained You never save anything onto the machine you re using when you re. engaging with hackers Everything needs to be deleted each time you access the dark web That s how I work And that s what. I did when I worked for the Israeli government I always have an image and each time I go into the dark web I load from that. image Meaning operational system and all the files are deleted every time I shut down my computer I don t want anyone to. know who I am where I m from what I m doing and what my MO is he emphasized. A colleague of mine an Israeli researcher was investigating an APT from North Korea Joe recalled Basically he wasn t as. cautious as he should have been with his operational security and he was hacked He was using his personal computer for. HUMINT gathering Threat actors put all of his personal data online It s a cautionary tale of how not to do things That s why I. supplement my own HUMINT gathering work with the best security products and services on the market that provide me with. not only HUMINT but also OSINT and machine intelligence which help me achieve my goals while minimizing my risks. Establishing Multiple Sources, With all of that pressure to infiltrate threat actors domains while also protecting. their own identities HUMINT researchers need help Fortunately when starting I currently have. an investigation threat hunters don t have to rely solely on their own efforts to. 20 to 30 threat, acquire the information they need to achieve their goals My preference is to. use information collected by a trusted cybersecurity company said Joe I have. actor sources so, two goals when I m trying to find threat actors and recover stolen information every time I have a. get the data back and protect my identity from people who would like nothing question such as. more than to hack and expose me The more information I have the better job. what new tools or, I can do That information can come from the dark web social media or other. sources But there s too much information for one person to obtain That s why. botnets are out, finding the right company with a team of highly skilled analysts collecting data is there I go to them. the best way to achieve my goals Joe, 5 HUMINT The Key to Successfully Engaging Your Cyber Enemies. T hreat Int ell i, HUMINT Engage Your Cyber Adversaries T hreat Int el l igence Realized. According to Joe the majority of HUMINT work is not who works to infiltrate the threat actor underground is a list. necessarily approaching random threat actors You need to of contacts Having a good list mimics how threat actors. have a strong list of threat actors that are already among operate Once established you can work with those people. your contacts or sources in the lingo of threat hunters I If you need somebody to write a botnet you have someone. currently have 20 to 30 threat actor sources so every time I from forum A who can do that If you need somebody to ask. have a question such as what new tools or botnets are out about a new way of cashing out then you have another guy. there I go to them I have sources that are developers threat a carder from forum B said Joe. actors who are carders people who steal trade and buy. credit card information and PINs and threat actors who are Each avatar that I operate has its own persona and its. moderators on different forums There is a list on Jabber the own list on Jabber of people he can contact The best part. secure messenger that threat actors use and I have a list of about this approach is there s nothing illegal about it I m. the people that I can approach anytime if I have a question very cautious I m not buying anything That s what I use my. or if there is a lead that I need to investigate security solutions for But I do speak to those people and. I m trying to build a bond Over the years there are some. But to be as successful as Joe is in pursuing threat targets sources that I consider to be very good sources because I ve. it s unnecessary and unwise to rely solely on your own been talking to them for a very long time. resources One of the key tools for any good threat researcher. A 24x7 Side Project, One of the main reasons why professional threat hunters choose to work with leading HUMINT tools is the limitations the lifestyle. poses on their personal lives If you collect your own HUMINT by spending time on social media sites forums or other darknet. sites you have to be willing to change the hours you work said Joe You simply can t work 9 to 5 as you would in a typical. corporate job because that will be a big tipoff that you might be a threat analyst and not a threat actor The hackers will ask you. Hey why are you only online at certain hours So to maintain the credibility of my avatars I would have to log in on Friday and. Saturday nights or Sunday mornings Just to check in with a few people to ask What s up What s going on Have you heard. about the new Tor forum that was opened I put in the effort to make them think that I m a real threat actor like them I need. to make a strong impression that I m a fraudster not a security researcher. But what about companies that don t allow their security teams to work unusual hours or take risks to establish themselves as. credible threat actors so they can get close to hackers That s where the value of using HUMINT from a cybersecurity firm that. has a team of people working around the clock and around the world gathering HUMINT SIGINT SOCMINT and OSINT to. provide to their clients Joe says that enterprise legal departments often frown on in house researchers spending time on dark. web forums gathering information on threat actors, 6 HUMINT The Key to Successfully Engaging Your Cyber Enemies. T hreat Int ell i, HUMINT Engage Your Cyber Adversaries T hreat Int el l igence Realized. It s a lot of work for any individual to work their regular day job and then spend time at night and on weekends trying to dig. out HUMINT on their own That s why even skilled professionals like Joe see the value in working with a leading vendor that. can do a lot of the heavy lifting for them A solo HUMINT practitioner has to put a great deal of time and effort into creating. and maintaining the avatars that if done well will allow them to gain access to hacker forums If you have a story behind your. avatar for example one of my avatars is a Russian student you need to back up your avatar s persona said Joe You need. to know about the university you claim to attend because you will be questioned about it As part of the process for threat actors. to get comfortable with a new avatar they will press you about what classes you take and other aspects of campus life You. need to be a good liar as well and to log in at hours that will convince threat actors that you are who you say you are. The name of the game is mimicking the threat actors behavior That s why I spend so much time logging into forums I study. the moderators and the biggest threat actors in a forum I read everything they write and I try to understand how I can write. the same way You want to mimic their behavior said Joe It s a tremendous amount of work and that s why I don t try to do. everything myself I have access to excellent HUMINT from my top security vendor That takes some of the load off me and. provides me with a great deal of information because the team is so good at infiltrating hacker forums. Supplementing Research with HUMINT Tools, People like Joe who have the skills cunning and years of experience to conduct their own HUMINT are a rarity in most. enterprise organizations While many have spent years honing their ability to successfully infiltrate dark net forums most threat. researchers need help so they can more effectively use HUMINT to protect their organization and their customers. In fact most threat hunters even ones as talented as Joe need to supplement their own research and HUMINT gathering with. other solutions and sources of intelligence Working in isolation or even with a team of colleagues only enables threat hunters. to obtain a fraction of the HUMINT they need,I appreciate having. access to a platform,that provides me,with the first lead. to threat actors, 7 HUMINT The Key to Successfully Engaging Your Cyber Enemies. T hreat Int ell i, HUMINT Engage Your Cyber Adversaries T hreat Int el l igence Realized. I appreciate having access to a platform that provides me with the first lead to threat actors For example there was a. threat actor that I was pursuing and I made good progress with my investigation because I was able to get a name from the. cybersecurity provider I rely on Once I had the name it gave me the option of talking directly to him in the forum or asking my. contacts if they know him Having accurate reliable HUMINT made it much easier to determine if he were legitimate so I could. start building an investigation into his activities It takes a lot of time and expertise to get effective intel on a threat actor such. as how long he has been active and what other threat actors think about him The big question is Is he legitimate or is he just. a scammer who is trying to sell things that do not really exist That level of detail is incredibly valuable to someone who does. what I do for a living Joe said,Using HUMINT For Security Action. It s clear that gathering HUMINT is a challenge and comes with many risks So why is it worth the hassle and how do you. use this intelligence for security action Here are a few use cases. Post Attack Investigation Extortion Attack New Attack Vector Discovery. Hackers will often make claims or, Damage Assessment As a part of threat hunting process. Extortion attacks have been on, take credit for attacks online If the HUMINT can be used to discover. the rise over the past year If, attack mentions your company or new scamming methods new. your company is being extorted, perhaps another in your industry exploits and other hacker TTPs that. you might want to verify what, it may be worth contacting the may be used against you Threat. information has been stolen and if, threat actor to investigate how they intelligence solutions can provide. the threat actor has actually stolen, performed the attack figure out their you with a lot of this intelligence. any valuable information This can, entry point and learn what tools they but supplementing it with your own. be used to assess the potential, used This intelligence can be used HUMINT gathering can help you. impact of a breach, to stop further damage or protect gain an even deeper understanding. against a similar attack of current threats, Because sources and avatars take time to develop you shouldn t wait until after one of the above scenarios happens to. begin collecting HUMINT You need to start developing your HUMINT process now so that you have the credibility and. sources to go to if you find yourself in one of these situations If you reach out to threat actors as a new avatar right after. a recent security incident they will immediately be suspicious of your motives. 8 HUMINT The Key to Successfully Engaging Your Cyber Enemies. T hreat Int ell i, HUMINT Engage Your Cyber Adversaries T hreat Int el l igence Realized. Adding HUMINT into Your Threat,Intelligence Program. Most organizations do not have an experienced skilled threat hunter. like Joe on staff who can perform his own HUMINT work But there are. a variety of tools that allow organizations to leverage HUMINT as well as. OSINT and machine intelligence to proactively uncover cyber threats. Here are three recommendations on how any enterprise can start using. HUMINT to see identify and stop threat actors intent on stealing or. destroying your intellectual property customer information and other. sensitive data,Take Personal Security Measures, First of all said Joe personal security is critical Any computer that is used for HUMINT work is a dirty machine. You need to perform HUMINT work on a computer that is not connected to your network You can t be recognized. as an employee of your organization If threat actors determine that you are not a fellow hacker but you work for a. specific company they will come after you and the results won t be good So first and foremost you need to build. your dark net capability and persona with a thorough commitment to your own and your organization s security. Tell a Good Story, Second you need to be able to tell a good story that is to create an avatar and persona with a thorough and. believable story behind it When it comes to that good story Joe says that also applies to the skills that you. present as part of your persona For example if your goal is to infiltrate a forum full of actors who perform. financial fraud you need to have a deep understanding of the subject That means you have either technological. understanding of programming and creating botnets or you need to present yourself as an expert in physical. fraud such as the ability to hack ATMs You must be able to talk knowledgeably about various aspects of the. field If you know how to talk shop about those things you will be accepted into the dark net forums you re. targeting It will be also easier for you to bring your avatar and persona up to a level the incumbents will trust. Develop Appropriate Language Skills, The third capability you need to perform HUMINT investigations according to Joe is language skills If you don t. speak reasonably good Russian and you re trying to establish yourself on Russia based forums you need to work. with a colleague who not only speaks Russian but who understands the lingo and the slang When you speak. to Russians they will quickly figure out if you are using Google Translate and are not a Russian speaker Why is. it important Because they trust you more if you have good language capabilities and can convincingly present. yourself as one of them, 9 HUMINT The Key to Successfully Engaging Your Cyber Enemies. T hreat Int ell i, HUMINT Engage Your Cyber Adversaries T hreat Int el l igence Realized. The learning curve to become a credible HUMINT threat hunter can be up to six months according to Joe with a lot of trial. and error This may involve getting thrown out of forums for asking the wrong questions or not having the right answers to. questions you re asked However if you take the appropriate precautions and protect your identity you can continue working. to develop new avatars and sources laying the foundation for successful HUMINT gathering. The IntSights Advantage, So where can someone with the experience Joe has each morning said Joe I have the keywords the name of. not to mention those who haven t spent years perfecting the threat actor the address of the dark net forum and the. avatars and methods for accessing threat actors get the screen shots of what was said what s relevant to me Since. information they need to effectively secure their organization s I started using IntSights for HUMINT OSINT and machine. data That s where the team and technology from IntSights intelligence I don t have to do all the prep work myself I get. come in the page and the post I need to look at For example there. were a hundred posts in one thread and I only needed to look. When I started doing HUMINT in 2008 I had to do everything at page 45 I no longer have to do it all manually Everything is. manually by myself recalled Joe I investigated forums and automatic That is the biggest advantage IntSights gives me. looked for relevant information on my own when I was working as a HUMINT researcher. for the Israeli government But now I rely on IntSights for a. lot of that information I put my keywords into their crawler IntSights provides two types of information to enterprise. and get information 24 7 from the dark net That means I threat hunters and researchers For those who lack the. don t need to search for everything manually If I find a new resources to conduct their own HUMINT on the dark web. forum while I m doing my own HUMINT I send it to IntSights they can get all their information from the IntSights team. and then the information becomes part of the service and it s and use it to protect their organizations data Alternativey. available to the entire threat hunting community IntSights experienced uniquely skilled researchers such as Joe. delivers many advantages to threat hunters and researchers can use IntSights information gathered from continuous. like Joe freeing them from having to spend countless hours Internet and dark web crawling to pinpoint their efforts. frequenting forums to painstakingly gather information piece and make their forays into forums quicker safer and more. by piece productive Clients can search IntSights database of forums. and all of the information gathered from them Researchers. The bottom line is IntSights saves me time I have all of the can look for keywords or certain emails intellectual property. information gathered and checked by the IntSights team IP indicators of compromise IOC or related information. 10 HUMINT The Key to Successfully Engaging Your Cyber Enemies. T hreat Int ell i, HUMINT Engage Your Cyber Adversaries T hreat Int el l igence Realized. IntSights also enables enterprise researchers to conduct a combination of OSINT and HUMINT so they can bring the entire. investigation picture to company executives to demonstrate the threat its ramifications and how they will respond to it The. IntSights global team generates a tremendous amount of actionable data for its clients including. Who are the most important threat actors in forums. What information they are selling,The abilities they have. Which programming languages they know,What their offensive capabilities are. IntSights information enables enterprise security professionals to truly understand the motive relevance and context of the. threat actors who are targeting their organizations As Joe says This information helps me see the motive of specific threat. actors and what they re thinking, So whichever approach to HUMINT works best for you the intelligence provided by IntSights can complement your own efforts. or give you the advantage of having a team of HUMINT experts feeding you valuable insights every day Or you can stay up all. night and work weekends to gather the intelligence you need The choice is yours. Conclusion, While tools technology and tactics change all cyber attacks have one thing in common they re all human driven Knowing the. motivations and tendencies behind your cyberadversaries can help you make the right strategic decisions and investments to. better protect your organization, Human Intelligence HUMINT can be incredibly valuable yet incredibly dangerous to collect You need to have the right set. of skills expertise and time to gather HUMINT effectively and ensure your true identity and intentions are hidden Whether. you re looking to get started with HUMINT gathering or want to enhance your existing program leveraging HUMINT and other. intelligence tools can be incredibly helpful, When it comes to protecting your organization from cyber threats you re only as good as your intelligence Cyber security. professionals and threat hunters need to have access to the right information so they can take appropriate action and mitigate. threats before they cause damage Leveraging tools that ingest process and contextualize these different sources of intelligence. can be the difference between stopping an attack and getting breached Make sure your team is armed with the right tools and. intelligence so that you can effectively protect your company your employees and your customers. 11 HUMINT The Key to Successfully Engaging Your Cyber Enemies. T hreat Int ell i,HUMINT Engage Your Cyber Adversaries. WHITEPAPER Th reat I n tellig ence Realized,About IntSights. IntSights is redefining cyber security with the industry s first and only enterprise threat management platform. that transforms tailored threat intelligence into automated security operations Our ground breaking data. mining algorithms and unique machine learning capabilities continuously monitor an enterprise s external. digital profile across the surface deep and dark web categorize and analyze tens of thousands of threats. and automate the risk remediation lifecycle streamlining workflows maximizing resources and securing. business operations This has made IntSights one of the fastest growing cyber security companies. in the world IntSights has offices in Tel Aviv Amsterdam New York Tokyo Singapore and Dallas and. is backed by Glilot Capital Partners Blumberg Capital Blackstone Tola Capital and Wipro Ventures. To learn more visit www intsights com,T hreat I n tel ligence Realized.
Financing via Export and Agency Finance (ECA) Characteristics and Benefits . Table of Contents 1. Agency Financing Overview 2. Latest Developments 3. How and When to Use EAF 4. Select Case Studies A. EAF Case Studies for Global Clients B. EAF Case Studies for Sellers of Strategic Commodities C. EAF Case Studies for Financial Institutions D. EAF Case Studies for Public Sector E. EAF Case ...
IV Abstract The feeling of being moved has only received marginal attention by emotion research during the last decades. Recently, an emotion framework termed kama muta has been introduced giving a first overview and suggesting that being moved is a positive cultural-dependent
total acidity, titration of fruit juices kit, flinn science #ap6690 or approved equal kit includes reproducible student handouts detailed background information, complete teacher notes with sample data and answers to questions, and all chemicals needed to perform the lab. complete for 30 students working in pairs.
2016. The Three Investigators and related characters are trademarks owned and copyrighted by Random House and the Estate of Robert Arthur (Elizabeth Arthur, Robert Andrew Arthur) 1996. The Secret of the Ancient Astronauts is a work of fan fiction intended for enter-tainment purposes only and may not be reproduced or sold.
3.1.3 Mixtures or solutions . NOTE: Where a substance is specifically listed by name in the Dangerous Goods List, it shall be identified in transport by the proper shipping name in the Dangerous Goods List. Such substances may contain technical impurities (for example those deriving from the production process) or additives for
Erythematosus (SLE), which is a chronic auto-inflammatory disease of unknown etiology; Multiple Sclerosis (MS), which affects the brain and the central nervous system, and Autoimmune Pancreatitis (AIP), which produces pancreatic masses and ductal strictures [11,12]. ADs show abnormal autoimmune responses by auto-antibodies and T- cell
Power & Signal Quality TRABTECH Monitoring Residual current monitoring Arrester testing Lightning current monitoring. 2 PhoeNix CoNtaCt Interference-free mains supply and signal transmission Services Monitoring EMC solutions Surge protection Device circuit breakers A constant power supply and secure data links are especially important for the operational reliability of electrical systems ...
COLORADO COURT OF APPEALS, STATE OF COLORADO 2 East 14th Avenue, Suite 300 Denver, CO 80203 COURT USE ONLY COLORADO CIVIL RIGHTS COMMISSION DEPARTMENT OF REGULATORY AGENCIES 1560 Broadway, Suite 1050 Denver, CO 80202 Case No. 2013-0008 RESPONDENTS -APPELLANTS: MASTERPIECE CAKESHOP, INC., and any