HUMINT (Human Intelligence) in Quest for "Who"? and the "Why"? behind a Cyberattacks
Picture: Pixabay

HUMINT (Human Intelligence) in Quest for "Who" and the "Why" behind a Cyberattacks

This article is presented as a Sequel to the January 13th 2021 published article on this platform titled “HUMINT (Human intelligence) is the Game Changer to Pro-active Adversary Centric, Actionable Darknet Managed Threat Intelligence (MTI)” https://www.dhirubhai.net/pulse/humint-human-intelligence-game-changer-pro-active-adversary-sen/ which highlighted the essence of HUMINT over the traditional (infosec, automation and keyword based search attributes) and how cyber threat intelligence analysis differs from traditional #informationsecurity in the way it requires skills in the humanities i.e., capability of HUMINT experts to infiltrate in the Darkweb chatters and extract the intelligence with authenticity in advance for supporting the victim organisations. With HUMINT & adversary centric security approach you can move from reactive defence to responsive, proactive, intelligence led cyberresilience.

Cyber attackers aim to steal, compromise or destroy organisational assets that have financial, operational, intellectual, confidential or reputational value. There are clear benefits to be gained from implementing Human Intelligence-led cyber resilience. It helps two folds; firstly, in terms of proactively managing an array of latest and evolving advanced cyber-threats and secondly, the potential for improving risk-management and high-level business strategy. As you read through the article and keep exploring what are the best practices in the production and consumption of cyber threat intelligence? Appreciate the need of Contextual and Finished threat intelligence. Understand what entails the critical gambit of managing human relationships effectively when undertaking #HUMINT. 

HUMINT is the process of collection of information (relating to intelligence) through virtual identities and avatars on darknet and darkweb services. It’s a key to improve Intelligence activities and get useful information. Process that involves gathering of intelligence through interpersonal contact and engagement, rather than by technical processes, feed ingestion or automated monitoring.

The CHALLENGE

HUMINT involves developing your own avatars that appear to be #cybercriminal so that you can engage with other threat actors in #deepweb and #darkweb. It’s similar to how intelligence officers (akin to James Bond of Spy Movies) go undercover and establish sources to help thwart potential attacks or crime. Threat actor engagement requires a very special set of skills and can be dangerous. But when done effectively, it can be your most valuable source of intelligence and the force-multiplier. But, this unique skill (USP in business terms) is scarce and not acquired overnight as it involves significant experiential learning curve!!

Personal Security Measures by HUMINT Operators: Just like any undercover work, it can be risky when you engage directly with your adversaries. If your cover is blown, you and the organisation you represent, immediately become a target. There is a need to protect yourself before you start developing your own dark web avatars. Always use a clean virtual machine when visiting the dark web and don’t save anything to your device. If you are exposed as a threat hunter, hackers will try to hack you back. Therefore, you don’t want anything on your device that could lead back to you or your company.

Scheduling engagement session: Hackers don’t work 9 AM to 5 PM. They are active at all hours of the day, and usually most active at odd times. Therefore, you have to follow similar patterns to appear legitimate. Make sure you spend time logging in at all hours, including nights, weekends and even lunch time. Other threat actors take note of when you’re engaging online, so put the time in to give your avatars more credibility.

Use the Right Jargons and Slags: Hackers adopt a distinct form of communication. It’s cryptic and to the point. HUMINT operator also need to get jargons and slangs right to avoid suspicion. HUMINT operators need to study different communities and understand Threat Actors typical conversations so that they can fit right in. HUMINT operators functioning in different languages and regions, need to be fluent in the concerned language, and avoid suspicion. It takes split seconds to be sniffed out of the darknet chatter if one can not sync with their slang. 

Long Learning Curve: Avatars and sources take years to develop HUMINT core competence. #Entrepreneurs and #Cofounders venturing into threat intelligence space can’t suddenly “Come, See and Conquer”, even if they have #capital and #computersciene talents and resources. HUMINT skills maturity need continuous work and sustained development over time, and once established, can pay dividends in the long run, as it turns out to be the real #differentiator.

Contextual and Accuracy: When done appropriately and with the right precautions, human intelligence through threat actor engagement can be one of your best sources of intelligence. This approach helps alerting the potential victim organisation(s) well in advance, much before the concerned breach incidents do actually occur and are publicised in media.

Trust and Purpose

Intelligence sharing needs to be performed judiciously and in utmost trusted manner, the matter being sensitive to Brand, Reputation and Business operation of the targeted organisation. It requires mature understanding of what is appropriate to share with a wider audience versus a single targeted organisation. It may be noted that, too wide a dissemination is never called for, at the level of Threat Intelligence service providers. The nature of engagement between the Threat Intelligence partner and the targeted enterprises should be cooperative, collaborative directed against the Threat Actors and recover from the breach, meeting the best practices abiding by the relevant laws of the land. Enterprises / Corporations while scouting for selecting the right kind of Threat Intelligence Partner may call for & seek views of their existing clients in terms of their overall user experience including reliability of handling sensitive information.

Thanks for your valuable time. If you found the read interesting, you may please “like”, “comment” and “share” the same. Should you be interested in more relevant information and specific discussions on used cases prevailing in your industry segment, you can DM me for a quick response.

References:

CBEST Intelligence-Led Testing (Understanding Cyber Threat Intelligence Operations) Version 2.0 

Blog: 5 Best Practices for Dark Web Threat Hunting by Nathan Teplow

Legal disclaimer:

The information and opinions expressed in this document are for information purposes only. They are not intended to constitute legal or other professional advice, and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances.


In an era of increasingly sophisticated digital technologies, HUMINT offers a unique perspective, one that is grounded in the nuances of human communication and relationships. By cultivating strong relationships with sources and leveraging the power of human intuition, HUMINT can provide a level of depth and accuracy that is difficult to achieve through automated means alone. #HUMINT#1

Subhro Chakraborty

Accomplished Project Manager with 20+ years of experience and more that 14 years of experience in Govt Sector, known for successfully completing projects within budget and time constraint.

3 年

Really Good Article

Nikhil Raj

Group Chief Information Security Officer @ Aithent Inc. & Trusted Board advisory

3 年

Thanks for sharing, Prabir!

Saurav Kumar Jha

Deputy Manager (Cyber Security) at Adani Group | BITSian | 13xMicrosoft | 3xGoogle | 1xCisco | Security ?? Data ?? Tech Enthusiast

3 年

Insightful Prabir, I really liked the approach of Human Intelligence. We shouldn't only depend on AI or Cybersecurity experts. Mostly countries have well equipped Army but still they have agents (RAW/CIA etc) active 24/7 disguised in between their enemies coz it's a universal belief that 'Precaution is always better than Cure.' Similarly Cyber warriors is the virtual army and we can take #HUMINT as the agent who can use their analytical and social engineering skills to harm the target without actually disclosing the identity or declaring a War.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了