Presentation is loading. Please wait.

Presentation is loading. Please wait.

Offensive IW Open Sources. CSCE 727 - Farkas2 Reading List – Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisitions,

Published byMeredith Lindsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Offensive IW Open Sources. CSCE 727 - Farkas2 Reading List – Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisitions,"— Presentation transcript:

1 Offensive IW Open Sources

2 CSCE 727 - Farkas2 Reading List – Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisitions, and Operations, http://www.fas.org/irp/eprint/oss980501.htm http://www.fas.org/irp/eprint/oss980501.htm Interesting Read – INTellingence: Open Source Intelligence, CIA, https://www.cia.gov/news-information/featured-story- archive/2010-featured-story-archive/open-source- intelligence.html https://www.cia.gov/news-information/featured-story- archive/2010-featured-story-archive/open-source- intelligence.html – Project Grey Goose Report on Critical Infrastructure, 2010, http://dataclonelabs.com/security_talkworkshop/papers/255 50091-Proj-Grey-Goose-report-on-Critical-Infrastructure- Attacks-Actors-and-Emerging-Threats.pdf http://dataclonelabs.com/security_talkworkshop/papers/255 50091-Proj-Grey-Goose-report-on-Critical-Infrastructure- Attacks-Actors-and-Emerging-Threats.pdf

3 CSCE 727 - Farkas3 What is Intelligence? Predicting of emergent threats – Information Relevant to a government’s policy, national security interests, analyze threats from actual or potential adversaries – Activities Collection and analysis on intelligence information Counterintelligence – Organization Central Intelligence Agency (CIA)

4 Modern Intelligence? CSCE 727 - Farkas4 Mata Hari James Bond Cyber Intelligence

5 Source of Threats Physical attacks – Use of IT technology to predict traditional threats – OSINT Cyber attacks – Use of IT technology to predict cyber threats – Need: understanding of these threats and their consequences on national security CSCE 727 - Farkas5

6 6 Information “…relevant to a government’s formulation and implementation of policy to further its national security interests and to deal with threats from actual or potential adversaries.” (A. Shulsky and G. Schmitt, Silent Warfare) Examples: – Military matters of foreign nations – Diplomatic activities and intentions of foreign nations – Intelligence activities of foreign nations Other party may or may not want to keep it secret Raw data and analyses and assessments based on raw data

7 Technical Intelligence Interesting read: Office of Scientific Intelligence: The Original Wizards of Langley, http://www.foia.cia.gov/collection/original-wizards- langley http://www.foia.cia.gov/collection/original-wizards- langley Office of Scientific Intelligence – Track technical challenges – Originates back to 1954-1962 – Aim: create and apply innovative technologies to meet intelligence needs CSCE 727 - Farkas7

8 8 Open Source Unclassified information in the public domain or available from commercial services Example sources: – Traditional: newspapers, magazines, scientific publications, television and radio broadcasting, etc. – Emerging: Internet, geospatial data, images

9 Birth of Open Source Intelligence 1946: Central Intelligence Group (CIG) established – Track scientific development abroad and estimate its importance – Consequences of foreign scientific development on US national security – Issues: Soviet nuclear weapons, ballistic missile, space exploration, air defense, chemical and biological weapons, etc. CSCE 727 - Farkas9

10 Open Source Concerns Acquisition of information – Open source intelligence – Privacy Legal and ethical issues – Piracy – Infringement on intellectual property rights – Fraud CSCE 727 - Farkas10

11 What kind of information resources do YOU use? How do YOU evaluate the accuracy of the data? How do YOU analyze the collected data? CSCE 727 - Farkas11

12 Advances in IT Increased: data and analysts Raw data sharing – Intelligence community – Government offices – Interest groups CSCE 727 - Farkas12

13 CSCE 727 - Farkas13 Activity Obtaining or denying information Activities: – Collection and analysis on intelligence information – Counterintelligence, deception Collection: wide range (e.g., wiretapping, broadcasts, newspapers, research publications, aerial photography, espionage, etc.) Analysis: quality of data, correctness of analysis, timeliness, etc.

14 What are the OSI Challenges? Collection? – Data accuracy (correctness, timeliness, etc.) – Data integration (heterogeneous data, duplicate, inconsistent data) – Volume of data (processing capability) Analysis? – Statistical data analysis – Accuracy of results, application of results – Efficiency CSCE 727 - Farkas14

15 CSCE 727 - Farkas15 Counterintelligence Covert action Protect a nation against the actions of hostile intelligence services – National Security – Nature of regime – Law

16 CSCE 727 - Farkas16 Counterintelligence Passive measures – Blocking access to the information – Information classification: Top Secret: “exceptionally grave damage” Secret: “serious damage” Confidential: “damage” Counter espionage – Surveillance, intelligence collections – Defectors and double agents – Deception

17 CSCE 727 - Farkas17 Counterintelligence Foreign intelligence guidelines: classified – Investigation of: Illegal activities: detecting and preventing foreign espionage and terrorist activities Legal activities: foreign legal political activities like fund-raising, organizational work, etc. Domestic intelligence guidelines (“Levi Guidelines”): public – Investigation of groups that hostile to government policies and fundamental principles seeks to deprive some class of people has violent approach to political change

18 CSCE 727 - Farkas18 Scope of Intelligence Government -- national security – Range from peace time to war time intelligence – Type of government Domestic Intelligence -- depends on nature of regime Business corporations – competitive advantage Economics and Intelligence – Government-run economy – Economic well-being of nation (post-Cold War era) Non-traditions Intelligence – Environmental issues

19 CSCE 727 - Farkas19 Intelligence and Law Enforcement Transnational threats: – Do not originate primarily from a foreign government – Serious threats for nation’s well-being – Fall within law enforcement rather than intelligence – Examples: narcotics trafficking, international terrorism Law enforcement: waiting until a crime has been committed Intelligence: collection of convincing evidence Criminal investigation vs. criminal intelligence investigation – Punishment of a given criminal act vs. struggle with an organization engaged in criminal activity

20 CSCE 727 - Farkas20 Intelligence and Information Age Advent of information age Change the mode of operations for business corporations and government Technology: communicating and processing information Behavioral and institutional change: information as the key of organizational activities Intelligent Services vs. competing organizations

21 Military Affairs Enhanced usefulness of information – Weapon systems Enhanced ability to collect, process and disseminate information in a timely manner CSCE 727 - Farkas21

22 Government Operations Circulation and use of information for policy making and implementation – Competitiveness of non-government organizations – How to exploit information – How to integrate information from heterogeneous sources CSCE 727 - Farkas22

23 CSCE 727 - Farkas23 Intelligence and Information Age (cont.) Globalization: increased flow of information across borders – International trade – Division of labor – Increased travel – Increased penetration by news media

24 CSCE 727 - Farkas24 Open Source Information Collection Goal oriented Publications and broadcast Additional information available from non- intelligence sources Special sources (e.g., speeches of political leaders, legal documents, demographic data, etc. ) Large amount of openly available data  Need processing power

25 CSCE 727 - Farkas25 Problem of Increased Availability How to locate sources? How to evaluate source reliability? How timely the data is? How to analyze information and integrate with other intelligence information? How to protect confidentiality of policy maker’s interest?

26 CSCE 727 - Farkas26 Information Specialist Policy maker Staff of policy maker Intelligence analysts

27 CSCE 727 - Farkas27 IW and Open Source Intelligence Generally legal (uses readily available information) Attacker gains access to protected information, e.g., – Business trade secrets – Military strategy – Personal information Protected information: readily available in public domain, can be inferred from public data, or deduced from aggregated public data

28 CSCE 727 - Farkas28 Open Source Intelligence Widely used (e.g., Department of Defense) Cheap, fast, or timely Most often legal Advantages: no risk for collector, provides context, mode of information acquisition, cover for data discovery by secret operations Disadvantages: may not discover important information, assurance of discovery(?)

29 CSCE 727 - Farkas29 Online Open Source Intelligence Large amount of public data online – Web pages, online databases, digital collections, organizations on line, government offices, etc. Freedom and Information Act (FOIA): industry data U.S. Patent Office: copies of U.S. patents Trade shows, public records, etc.

30 CSCE 727 - Farkas30 Privacy Use open source to find out confidential data about people Find confidential data about people while they browse through open source (e.g., Web searches)

31 Who is Selling Your Personal Data? Online investigative industry Cash strapped government – Maryland DMV: 1996 – driver’s license info and vehicle registration data – Virginia: voter registration data – Washington State: 1997 WATCH (criminal history data) Accidental: – Experian Inc. 08/13/1997, software error in web application  released other customers’ credit standing, http://www.highbeam.com/doc/1P2-738117.html http://www.highbeam.com/doc/1P2-738117.html CSCE 727 - Farkas31

32 CSCE 727 - Farkas32 Privacy Violations Snooping via Open Sources Online activities – Questionnaires – Customers’ data – Web site data collection (Cookies, IP address, operating system, browser, requested page, time of request, etc.) – without user’s permission

33 CSCE 727 - Farkas33 Legislations Privacy Act of 1974, U.S. Department of Justice (http://www.justice.gov/opcl/1974privacyact-overview.htm )http://www.justice.gov/opcl/1974privacyact-overview.htm Family Educational Rights and Privacy Act (FERPA), U.S. Department of Education, (http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html )http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html Health Information Privacy, Health Insurance Portability and Accountability Act of 1996 (HIPAA), (http://www.hhs.gov/ocr/privacy/index.html )http://www.hhs.gov/ocr/privacy/index.html

34 CSCE 727 - Farkas34 Other Open Source Attacks Piracy – Available in open source, but still protected by copyright, patent, trademark, etc. Copyright Infringement – Acquisition of protected work without the owner’s permission and sold for a fee – Human perception: not serious crime – Significant loss for marketing/manufacturing/owner Trademark Infringement

Download ppt "Offensive IW Open Sources. CSCE 727 - Farkas2 Reading List – Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisitions,"

Similar presentations

FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.

FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.
Licensing Export Control in China --Experiences and Challenges Wang Daxue Department of Arms Control and Disarmament Ministry of Foreign Affairs, China.

Licensing Export Control in China --Experiences and Challenges Wang Daxue Department of Arms Control and Disarmament Ministry of Foreign Affairs, China.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context
Brian Connett, LCDR, USN US NAVAL ACADEMY

Brian Connett, LCDR, USN US NAVAL ACADEMY
Copyright Atomic Dog Publishing, 2003 1/18 Social Responsibility and Management Ethics Chapter 3.

Copyright Atomic Dog Publishing, /18 Social Responsibility and Management Ethics Chapter 3.
Big Brother Might be Watching. Agenda: US Patriot Act Copyright Infringement Social Media Packets.

Big Brother Might be Watching. Agenda: US Patriot Act Copyright Infringement Social Media Packets.
Information Warfare Theory of Information Warfare

Information Warfare Theory of Information Warfare
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
Legal, Ethical, and Professional Issues in Information Security

Legal, Ethical, and Professional Issues in Information Security
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
Ethical and Social Issues. Ethics Principles of right and wrong used by individuals as free moral agents to guide behavior.

Ethical and Social Issues. Ethics Principles of right and wrong used by individuals as free moral agents to guide behavior.
Information Systems Security Officer

Information Systems Security Officer
1 Trade Facilitation A narrow sense –A reduction/streamlining of the logistics of moving goods through ports or the documentation requirements at a customs.

1 Trade Facilitation A narrow sense –A reduction/streamlining of the logistics of moving goods through ports or the documentation requirements at a customs.
1 Intelligence Community and Classified Information.

1 Intelligence Community and Classified Information.

Similar presentations

Ads by Google