OSINT, June 2022: World Wide Cyberwar, LinkedIn Fakes, OSINT vs Spies, North Korea Penetrates US Corporations, GEOINT Popularity, Biometric Open Data

LinkedIn Fakes Penetrates Your Contacts

Nobody wants to believe they’ll fall for a scam. Especially not any of you, my intelligent, savvy, and OPSEC-conscious friends. Your radar is always on and carefully protecting your personal information, so you’d never click the link in that fortune-promising email, you’d never open an unexpected file attachment, and you’d certainly never send some stranger a document with your personal details on it, that’s inconceivable! Or is it?

The crucial case “A wolf in business casual clothing ” prepared by Griffin Glynn in 2021 becomes even more relevant during the current worldwide cyberwar. The investigation is dedicated to the network of fake LinkedIn accounts that were trying to get into the connection list of users on the platform. The organized network of fake accounts managed to bypass all the layers of verification that have been set in place at registration and is now connected to thousands of unsuspecting potential victims.

This is the type of threat in the professional environment that can literally ruin lives, careers, or even bring down a company if the wrong person clicks on a link, sends their resume, agrees to a bogus consultation, or provides too much access or information.

Be careful and cautious when adding new connections.

The Lessons from the Cyber War by Microsoft

Microsoft published a new intelligence report “Defending Ukraine: Early Lessons from the Cyber War ”. This report represents research conducted by Microsoft’s threat intelligence and data science teams with the goal of sharpening our understanding of the threat landscape in the ongoing war in Ukraine. The report also offers a series of lessons and conclusions resulting from the data gathered and analyzed. Notably, the report reveals new information about Russian efforts including an increase in network penetration and espionage activities amongst allied governments, non-profits and other organizations outside Ukraine. This report also unveils detail about sophisticated and widespread Russian foreign influence operations being used among other things, to undermine Western unity and bolster their war efforts.?

Microsoft has been seeing these foreign influence operations enacted in force in a coordinated fashion along with the full range of cyber destructive and espionage campaigns. Finally, the report calls for a coordinated and comprehensive strategy to strengthen collective defenses - a task that will require the private sector, public sector, nonprofits and civil society to come together. Written by Microsoft President and Vice Chair Brad Smith .

OSINT Helps to Identify Spies

With the current amount of open data sources available and deep penetration of that digital data into people's lives, OSINT becomes one of the most powerful tools for KYC, AML and counterintelligence.

Last month, Netherlands identified allegedly Russian spy planned to infiltrate International Criminal Court. The General Intelligence and Security Service (AIVD) made a surprise announcement Thursday that they had refused entry to a Russian spy posing as a Brazilian national to infiltrate the International Criminal Court. Authorities speculated that the man was seeking to gain access to information relating to the ICC investigations of alleged Russian war crimes.

That document describes the extensive and complex cover identity of this particular intelligence officer, providing a glimpse of his modus operandi.

North Korean Agents Penetrate US Corporations via HR Departments

We tend to think of data security in terms of digital safeguards, but by overlooking the human element corporations are leaving themselves vulnerable to infiltration and theft from inside the organization. It has recently been discovered by Wired that a lot of Western companies have been hacked through HR departments insufficiently screening job candidates.

Having been under severe sanctions for many years, the North Korean government has been hard pushed to up the country’s inflow of dollars into and finance various state programs. In such a fix, hacking has become a common offshoot by which North Korea can pursue its own interests. While the West is perfectly aware of this, it doesn’t seem to have been wise to all of the tactics being employed.

A ploy which seemed to have slipped the net involved North Korean agents simply posing as casual IT professionals from China, South Korea, Japan and even Russia seeking work, thereby gaining access to sensitive company data. In response, the FBI recently issued instructions for businesses on how to detect scam workers from the DPRK applying for freelance contracts.

According to the FBI, North Koreans earn more than $3M each year for their government via this scheme, the proceeds of which could be used to finance the national weapons development program. And such infiltration is not limited to theft, but can also include sabotage such as the deployment of malware into corporate systems. However, detecting such agents is no mean feat and HR departments need all the advice they can get.

GEOINT

Once mainly the purview of government bureaus and military services, geospatial intelligence has been working its way into the private sector for years now. Today, the public have access to satellite image databases such as LandSat by NASA or Sentinel by the European Space Agency, which renew their contents on a daily basis, providing up-to-date global geodata to anyone who’s interested.

Meanwhile, the ever-increasing fleet of commercial satellites in our orbit are delivering a daily influx of hi-res geospatial photos, and driving the cost of geodata down year by year.

For data science enthusiasts this represents a world of possibilities, and this incredible resource of data is already being put to good use. According to a UNESCO report , there are already more than a hundred ML models aimed at solving sustainable development problems with data analysis.

Unauthorized fishing is a global problem that is not considered strictly criminal, but is nevertheless a huge hazard to the marine ecosystem. When vessels have their trackers turned off, it is usually a sign that some questionable activity is on the cards - most probably poaching. By combining open-source GPS vessel tracking data with satellite imagery, maritime police can track ‘hidden’ vessels and reign in activities that are environmentally detrimental.

Hunger is one of the most dangerous threats to the world population. With most of Europe’s arable land in Europe either occupied or protected, the world is now looking to Africa and its untapped tracts of fertile land. Although finding good arable land in underdeveloped regions is an onerous task, open-source satellite imagery helps to detect the territories that are best-suited for farming, helping to fight global food shortages.

While this is a non-issue for most in the first world, many people in developing countries suffer from the lack of a serviceable address. This causes significant problems for logistics and communication, negatively impacting the quality of life. Using geospatial data, analysts from public organizations can generate city and village maps and automatically assign addresses so that all the populated areas will be covered by governmental services.

Through the use of publicly available satellite imagery, open source investigative techniques, and a bit of creativity, we can find where and when a photo or video was taken. But sometimes, geolocating footage comes with unique challenges – all of which differ depending on the country, landscape, availability of data, or the quality of the footage you are trying to geolocate. In these brilliant GEOINT case study , Benjamin Strick explains the geolocation of footage in remote environments, and how Google Earth’s mountain ranges can play tricks on our confidence levels of locations.

Voice Analysis and Biometric Open Data

Voice recognition is a new hit on the data analysis market. However, few seem to understand how powerful and dangerous voice recon may be for open-source intelligence.

Utilizing over a hundred muscles, human speech is a hugely complex phenomenon that has huge potential for biometrics. And with each individual possessing a totally unique vocal signature, the uses of such data are not lost on major tech companies. Siri and Alexa already use voice analysis for authentication while the voice recognition market is booming and projected to reach $21B by 2026 .

Such technologies tend to be embraced as progressive, but a question which tends to be overlooked is: How might such data be used for cynical and exploitative ends? Afterall, the human voice can reveal a wealth of information on its owner including the speaker’s age, gender, ethnicity, native language, health, emotional state, cultural background and behavioral patterns.

Spoofing techniques are already being adopted to imitate a speaker in fraudulent payment authentications, and vocal deepfake models are being developed which could carry out even more complicated biometric scams. In such a climate, researchers are predicting that without the development of voice anonymization tools, personal data will be at a greater risk than ever before .

But another relevant question might be: Are people ready to sacrifice the naturalistic character of their online voice to secure their vocal data against misuse?