In a recent conversation, a business associate began describing to me the old “cloak and dagger” days of competitive intelligence. It was time intensive, very active and required much more innovative thinking. In his eyes I was spoiled by the internet’s ability to find information easily and quickly. In one of his stories, a company was providing him figures that didn’t match up with the amount of product the company’s clients were receiving. It may have been slightly more complicated than that, but it’s safe to say something didn’t add up. One step he took to investigate the discrepancies was hiring a plane to fly over the company’s building during working shifts. He counted the number of cars in the parking lot and was able to guess approximately how many workers were on duty. That, combined with other methods, led him to believe this company was grossly exaggerating their output. Modern methods make this a far more simple process. Gathering publicly provided information is a low risk and often high reward method of intelligence collection.
This collection method is called Open Source Intelligence (OSINT) and previously meant governments crawling through foreign newspapers and TV news reports. It still does. However, technology has increased the scope and tempo of this process. It has become more complex, since blogging and other social media have decreased the ability to determine what is credible. Disinformation is easier to implement and more difficult to identify. The complexity of the problem has gotten so large, the Director of National Intelligence created an open source center to collect information available from “the Internet, databases, press, radio, television, video, geospatial data, photos and commercial imagery.” Fortunately, they have established Facebook to ease this process, saving them millions of dollars. (For all of you conspiracy theorist, that was a joke)
While the government hasn’t established Facebook, they have funded and (possibly even created) several companies that seek to make it so the average intelligence officer doesn’t have to read that you just made waffles for breakfast. Recorded Future and Visible Technology are two such companies that automate the process of aggregating data and finding meaning for that data. The first time I heard about Recorded Future I mentioned it to an ex-intelligence officer, asking whether they have heard of it. Later I found out that it was probably created by the Intelligence Community. Those moments when you realize how little you truly know are quite humbling. I’m sure automating such a process is highly complex. How can you automate deception detection? What about important information that slips through and does automation truly replace a human analysis? How do you scale the process to the needs of the project?
It is one of my geeky dreams to see the Open Source center in operation one day. It’s funny that many must begrudgingly show up to work there every day as a 9-5 job (although I’m sure it operates 24/7) and here it’s my aspiration to catch a glimpse of a room there. It is amazing that meaning can be found by combining a bunch of meaningless information. After researching and learning so much about Open Source Intelligence and its possibilities, I wonder what kind of countermeasures will come out. There is the one brave man who started an identity protection service, known as LifeLock, and advertised it by posting his social security number. Even as the CEO of LifeLock, his identity was stolen over 13 times. I have a feeling that countermeasures to this won’t come from technological advances. Similar to James Lewis’ belief that a more sophisticated cyber-defense will only result in more sophisticated attacks, regular people can’t rely on technology or services to protect their identity. We must change how we work and view technology to truly protect ourselves. Maybe I’m wrong and I most likely am. Time will tell and until then I’ll just try not to end up like this guy:
No comments:
Post a Comment