Offensive IW Open Sources Reading List Open Source
- Slides: 34
Offensive IW Open Sources
Reading List – Open Source Intelligence: Private Sector Capabilities to Support Do. D Policy, Acquisitions, and Operations , http: //www. fas. org/irp/eprint/oss 980501. htm l Interesting Read – INTellingence: Open Source Intelligence, CIA, https: //www. cia. gov/news-information/featured-storyarchive/2010 -featured-story-archive/open-sourceintelligence. html – Project Grey Goose Report on Critical Infrastructure, 2010, http: //dataclonelabs. com/security_talkworkshop/papers/255 50091 -Proj-Grey-Goose-report-on-Critical-Infrastructure. Attacks-Actors-and-Emerging-Threats. pdf CSCE 727 - Farkas 2
What is Intelligence? l Predicting of emergent threats – Information l Relevant to a government’s policy, national security interests, analyze threats from actual or potential adversaries – Activities l Collection and analysis on intelligence information l Counterintelligence – Organization l Central Intelligence Agency (CIA) CSCE 727 - Farkas 3
Modern Intelligence? James Bond Cyber Intelligence Mata Hari CSCE 727 - Farkas 4
Source of Threats l Physical attacks – Use of IT technology to predict traditional threats – OSINT l Cyber attacks – Use of IT technology to predict cyber threats – Need: understanding of these threats and their consequences on national security CSCE 727 - Farkas 5
Information “…relevant to a government’s formulation and implementation of policy to further its national security interests and to deal with threats from actual or potential adversaries. ” (A. Shulsky and G. Schmitt, Silent Warfare) l Examples: – Military matters of foreign nations – Diplomatic activities and intentions of foreign nations – Intelligence activities of foreign nations l Other party may or may not want to keep it secret l Raw data and analyses and assessments based on raw data l CSCE 727 - Farkas 6
Technical Intelligence Interesting read: Office of Scientific Intelligence: The Original Wizards of Langley, http: //www. foia. cia. gov/collection/original-wizardslangley l Office of Scientific Intelligence – Track technical challenges – Originates back to 1954 -1962 – Aim: create and apply innovative technologies to meet intelligence needs l CSCE 727 - Farkas 7
Open Source l Unclassified information in the public domain or available from commercial services l Example sources: – Traditional: newspapers, magazines, scientific publications, television and radio broadcasting, etc. – Emerging: Internet, geospatial data, images CSCE 727 - Farkas 8
Birth of Open Source Intelligence l 1946: Central Intelligence Group (CIG) established – Track scientific development abroad and estimate its importance – Consequences of foreign scientific development on US national security – Issues: Soviet nuclear weapons, ballistic missile, space exploration, air defense, chemical and biological weapons, etc. CSCE 727 - Farkas 9
Open Source Concerns l Acquisition of information – Open source intelligence – Privacy l Legal and ethical issues – Piracy – Infringement on intellectual property rights – Fraud CSCE 727 - Farkas 10
What kind of information resources do YOU use? How do YOU evaluate the accuracy of the data? How do YOU analyze the collected data? CSCE 727 - Farkas 11
Advances in IT l Increased: data and analysts l Raw data sharing – Intelligence community – Government offices – Interest groups CSCE 727 - Farkas 12
Activity Obtaining or denying information l Activities: l – Collection and analysis on intelligence information – Counterintelligence, deception Collection: wide range (e. g. , wiretapping, broadcasts, newspapers, research publications, aerial photography, espionage, etc. ) l Analysis: quality of data, correctness of analysis, timeliness, etc. l CSCE 727 - Farkas 13
What are the OSI Challenges? l Collection? – Data accuracy (correctness, timeliness, etc. ) – Data integration (heterogeneous data, duplicate, inconsistent data) – Volume of data (processing capability) l Analysis? – Statistical data analysis – Accuracy of results, application of results – Efficiency CSCE 727 - Farkas 14
Counterintelligence l Covert action l Protect a nation against the actions of hostile intelligence services – National Security – Nature of regime – Law CSCE 727 - Farkas 15
Counterintelligence l Passive measures – Blocking access to the information – Information classification: l l l Top Secret: “exceptionally grave damage” Secret: “serious damage” Confidential: “damage” l Counter espionage – Surveillance, intelligence collections – Defectors and double agents – Deception CSCE 727 - Farkas 16
Counterintelligence l Foreign intelligence guidelines: classified – Investigation of: Illegal activities: detecting and preventing foreign espionage and terrorist activities l Legal activities: foreign legal political activities like fund-raising, organizational work, etc. l l Domestic intelligence guidelines (“Levi Guidelines”): public – Investigation of groups that hostile to government policies and fundamental principles l seeks to deprive some class of people l has violent approach to political change l CSCE 727 - Farkas 17
Scope of Intelligence l Government -- national security – Range from peace time to war time intelligence – Type of government l l l Domestic Intelligence -- depends on nature of regime Business corporations – competitive advantage Economics and Intelligence – Government-run economy – Economic well-being of nation (post-Cold War era) l Non-traditions Intelligence – Environmental issues CSCE 727 - Farkas 18
Intelligence and Law Enforcement l Transnational threats: – – Do not originate primarily from a foreign government Serious threats for nation’s well-being Fall within law enforcement rather than intelligence Examples: narcotics trafficking, international terrorism Law enforcement: waiting until a crime has been committed l Intelligence: collection of convincing evidence l Criminal investigation vs. criminal intelligence investigation l – Punishment of a given criminal act vs. struggle with an organization engaged in criminal activity CSCE 727 - Farkas 19
Intelligence and Information Age l l l Advent of information age Change the mode of operations for business corporations and government Technology: communicating and processing information Behavioral and institutional change: information as the key of organizational activities Intelligent Services vs. competing organizations CSCE 727 - Farkas 20
Military Affairs l Enhanced usefulness of information – Weapon systems l Enhanced ability to collect, process and disseminate information in a timely manner CSCE 727 - Farkas 21
Government Operations l Circulation and use of information for policy making and implementation – Competitiveness of non-government organizations – How to exploit information – How to integrate information from heterogeneous sources CSCE 727 - Farkas 22
Intelligence and Information Age (cont. ) l Globalization: increased flow of information across borders – International trade – Division of labor – Increased travel – Increased penetration by news media CSCE 727 - Farkas 23
Open Source Information Collection l l l Goal oriented Publications and broadcast Additional information available from nonintelligence sources Special sources (e. g. , speeches of political leaders, legal documents, demographic data, etc. ) Large amount of openly available data Need processing power CSCE 727 - Farkas 24
Problem of Increased Availability l How to locate sources? l How to evaluate source reliability? l How timely the data is? l How to analyze information and integrate with other intelligence information? l How to protect confidentiality of policy maker’s interest? CSCE 727 - Farkas 25
Information Specialist l Policy maker l Staff of policy maker l Intelligence analysts CSCE 727 - Farkas 26
IW and Open Source Intelligence Generally legal (uses readily available information) l Attacker gains access to protected information, e. g. , l – Business trade secrets – Military strategy – Personal information l Protected information: readily available in public domain, can be inferred from public data, or deduced from aggregated public data CSCE 727 - Farkas 27
Open Source Intelligence l l l Widely used (e. g. , Department of Defense) Cheap, fast, or timely Most often legal Advantages: no risk for collector, provides context, mode of information acquisition, cover for data discovery by secret operations Disadvantages: may not discover important information, assurance of discovery(? ) CSCE 727 - Farkas 28
Online Open Source Intelligence l Large amount of public data online – Web pages, online databases, digital collections, organizations on line, government offices, etc. l Freedom and Information Act (FOIA): industry data l U. S. Patent Office: copies of U. S. patents l Trade shows, public records, etc. CSCE 727 - Farkas 29
Privacy l Use open source to find out confidential data about people l Find confidential data about people while they browse through open source (e. g. , Web searches) CSCE 727 - Farkas 30
Who is Selling Your Personal Data? Online investigative industry l Cash strapped government – Maryland DMV: 1996 – driver’s license info and vehicle registration data – Virginia: voter registration data – Washington State: 1997 WATCH (criminal history data) l Accidental: – Experian Inc. 08/13/1997, software error in web application released other customers’ credit standing, http: //www. highbeam. com/doc/1 P 2 -738117. html l CSCE 727 - Farkas 31
Privacy Violations l Snooping via Open Sources l Online activities – Questionnaires – Customers’ data – Web site data collection (Cookies, IP address, operating system, browser, requested page, time of request, etc. ) – without user’s permission CSCE 727 - Farkas 32
Legislations Privacy Act of 1974, U. S. Department of Justice (http: //www. justice. gov/opcl/1974 privacyact-overview. htm ) l Family Educational Rights and Privacy Act (FERPA), U. S. Department of Education, (http: //www. ed. gov/policy/gen/guid/fpco/ferpa/index. html ) l Health Information Privacy, Health Insurance Portability and Accountability Act of 1996 (HIPAA), (http: //www. hhs. gov/ocr/privacy/index. html ) l CSCE 727 - Farkas 33
Other Open Source Attacks Piracy – Available in open source, but still protected by copyright, patent, trademark, etc. l Copyright Infringement – Acquisition of protected work without the owner’s permission and sold for a fee – Human perception: not serious crime – Significant loss for marketing/manufacturing/owner l Trademark Infringement l CSCE 727 - Farkas 34
- Pre reading while reading and post reading activities
- Print and web sources
- Water management importance
- Complaints were made by teachers and administrators also
- Intro to offensive security
- Being zealous without being offensive means---
- Msf metasploit
- Defensive line get off drills
- Chapter 3 achieving mental and emotional health answer key
- Types of offensive strokes in table tennis
- Penguin elbow name
- Offensive rationale for government intervention
- Corkspin.com
- We found the film repulsive offensive and embarrassing
- Offensive language in the workplace
- Offensive language in the workplace
- Professionalism skills for workplace success
- The tet offensive
- Mearsheimer offensive realism
- Parallel structure examples
- What is defensive realism
- The least offensive play in the whole darn world
- A blue ocean type of offensive strategy
- Offensive apologetics
- Meuse argonne offensive apush
- 영국 beis
- Sources of job leads
- Round robin reading vs popcorn reading
- Aims of teaching
- Kinds of reading skills
- Guided reading vs shared reading
- Goshgarian critical reading
- Intensive reading and extensive reading
- Extensive reading
- Developing effective reading skills