Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Developing a corporate intelligence strategy from online sources
1. Asia Pacific Training Conference 2009
Crafting, Developing and Executing
a Corporate Intelligence Program
from Online Sources
Jeff Bedser, President/COO
Internet Crimes Group, Inc.
iThreat® Solutions
Copyright ICG, Inc. 2000-2008 All rights reserved
2. Agenda
Threats…
What kinds of threats are out there?
Are they in my neighborhood?
Awareness
RSS, Blogs, Auction Sites…
Analysis
False Positives
Data quality
Action
Copyright ICG, Inc. 2000-2008 All rights reserved
4. Being Aware… of what?
Data loss
Internal/External
Infrastructure manipulation or diversion
Planning of attempts to compromise web based services
Counterfeit product
Consumer product, Pharmaceutical or hardware
Attack on products or infrastructure
Hardware compromise (mobile phone or appliance)
Employee theft
High risk individuals/behaviors
Piracy
Copyright ICG, Inc. 2000-2008 All rights reserved
5. Becoming Aware… Sources of Data
Websites
Blogs
Message boards
Forums
Social networking
Auction sites
Media RSS/XML Feeds
Listservs/email
IRC (Internet Relay Chat)
Copyright ICG, Inc. 2000-2008 All rights reserved
6. Media Data Sources
Mainstream Media
CNN, BBC, NYT, WSG, Globe & Mail, FT, etc.
Trade Specific Periodicals
Pharmaceutical
Industrial
Piracy
Independent Media
Indymedia.org
Alternet.org
Copyright ICG, Inc. 2000-2008 All rights reserved
8. Auction Sites
Remember: The sites you have
heard the least about are the ones
more likely to be used as “fences”
for stolen goods.
Copyright ICG, Inc. 2000-2008 All rights reserved
9. Counterfeiting and Diversion
» The Internet makes it easier
than ever for importers to
obtain counterfeit and
diverted goods.
» Dozens of business-to-
business called “Trade
Boards” websites help
suppliers and importers
connect.
Copyright ICG, Inc. 2000-2008 All rights reserved
10. Auction/Trade Boards/Classified Sites
Where did the medications come from? Are they
counterfeit? Expired? Diverted?
The medical devices and bandaging… same issue… also,
are they sterile?
Is the device safe? Proper codes followed in the
manufacturing process?
Is stolen property from the facility or production line
ending up on these boards being fenced?
Is your purchasing or supply entity reselling company
property online?
Copyright ICG, Inc. 2000-2008 All rights reserved
11. Wholesale Trade Feeds the Internet Pharmacy Threat
Intelligence Identifies Cyber/Physical Relationships
Portal
Websites
Portal
SPAM
Websites
Secondary Mail Order Portal
Market Pharmacy Websites
Wholesalers Popup Ads
Portal
Websites
Portal
Buyers
Websites
eCommerce
Pharmacy
Search Engine
Placement
Anchor Affiliate Programs:
Business Rings of Web Sites
Copyright ICG, Inc. 2000-2008 All rights reserved
12. Special Interest
Groups that target researchers, ties to donors, high
profile staff
Animal rights
Aids Activists
Organized labor
Groups that target financial companies,
private info, credit card data
Phishing
Data markets
Identity theft
Copyright ICG, Inc. 2000-2008 All rights reserved
13. Extremist Group Fixed Geo-location
Copyright ICG, Inc. 2000-2008 All rights reserved
14. Where to find data/intelligence on
these groups?....Networking Sites
Social Business
Anti-Social
Copyright ICG, Inc. 2000-2008 All rights reserved
16. How do you utilize this new stream of
data?
Near-real-time threat data
Events
Warnings
Aggregation of news by topic
Crime
Traffic
Weather
Nation, region, product, person
Copyright ICG, Inc. 2000-2008 All rights reserved
17. Key Issue:
More Sources = More time and effort
More sources of information dictate further and more
comprehensive analysis This of course facilitates
understanding, interpretation and scope of the effort.
Copyright ICG, Inc. 2000-2008 All rights reserved
20. Data Aggregation
Open Source Intelligence
iThreat® Red Flag Intel
Other Information Sources
In-House Human Intelligence
Copyright ICG, Inc. 2000-2008 All rights reserved
22. Create Metrics
Copyright ICG, Inc. 2000-2008 All rights reserved
23. Pitfalls of Open Source Programs
Not specific enough or too specific
CEO has a very common name
Common acronyms have multiple meanings
Language not taken into account – contextual translation
failures
Products have different names in different regions
Copyright ICG, Inc. 2000-2008 All rights reserved
24. Pitfalls of Analysis: False Positives
SHAC: Stop Huntingdon Animal Cruelty … or
Student Honors Advisory Council
Copyright ICG, Inc. 2000-2008 All rights reserved
26. Taking Action
Organizational Challenges
How do you integrate open source intelligence into your
workflow?
How will it change you business practices?
The connection between external and internal threats
Understanding and finding the interrelation between these
threat vectors.
Copyright ICG, Inc. 2000-2008 All rights reserved
27. Summary
Awareness
Do you best to know where and when to look for intelligence.
Much of it is there to find in the public domain.
Analysis
Spend the time to interpret the threat and risk to your
operation.
Action
Force the issue in your organization. Be proactive in your
response.
Copyright ICG, Inc. 2000-2008 All rights reserved
28. Q&A
Jeff Bedser, President/COO
Internet Crimes Group, Inc.
iThreat® Solutions
Copyright ICG, Inc. 2000-2008 All rights reserved