SlideShare une entreprise Scribd logo
1  sur  26
Télécharger pour lire hors ligne
Open Web Data Feeds for
Cybersecurity & Homeland Security Threat Intelligence
Ohad Flinker | Director of Content & Data Insights
February 2017
About Webhose.io Data Feeds
We power big data analytics platforms
(SalesForce, Kantar Media, Hootsuite, Buzzilla, Digitalstakeout, ASRC Federal)
News Sites
Message
Boards
Blogs
Webhose.io platform
OSINT
Media Monitoring
Machine Learning
Financial Analysis
Darknet
OSINT & Big Data
Homeland Security Use Cases
 News and media monitoring
 Threat actor profile compilation
 Crime prevention, investigation, and evidence collecation
 Machine learning
 Incident response and crisis management
DHS Recommendations
• Social media monitoring tools/licenses have been purchased
(commercial off-the-shelf or Software as a Service)
• Data from available technologies has been integrated into common operating picture via
web map or other dynamic data feeds
• Technical requirements have been identified and addressed
• Data available from multiple sources; data is standardized upon publication or receipt
• Social media data integrated with other data to produce enhanced maps (aggregation
and fusion of applicable information); multiple data layers are available for consideration
Table 2.3: Phase Three of the Social Media Integration Maturity Model
Tracking The Digital Trail
Big Data OSINT
To deliver actionable alerts and insights, you need to develop new capabilities:
 Massive volumes of machine readable data (clean, organized, structured)
 Continuous discovery of new data sources
 Up-to-the-minute current information
 Analysis that overcomes anonymity and completeness of information
OSINT 1.0 The dogdaygod murder plot
 Stephen Carl Allwines murder trial reconvenes today February 13th 2017
 Reported suicide of his wife Amy in November 2016
 Forensic evidence collected
 Claimed no knowledge of Darknet
OSINT 1.0 The dogdaygod murder plot
 Digital trail traced to user ‘dogdaygod’ contracting Besa Mafia “hit service”
 … which took his money but never delivered the hit
OSINT 1.0 The dogdaygod murder plot
 They did, however, leak their entire ‘customer’ and ‘contractor’ list
OSINT 1.0 The dogdaygod murder plot
 Physical evidence suggested cover up
 Claimed to have no knowledge of Darknet
 Reddit activity suggests otherwise
Reddit post by the same username
Finding the Needle in the Big Data Haystack
OSINT 2.0
 Exponential volume of data
 Threat actor activity posted in broad daylight
 Anonymized and/or encryptied
Besides eBay, messages are often hidden in the “X-rated pornographic pictures
which conceal documents and orders for the next target,” said one intelligence
source.
Several other Mossad operatives spent their time tracking the Internet message board
Reddit. More than once, it had led an operator to a terrorist using hexadecimal characters
and prime numbers. Decoded, they sometimes indicated an attack was being planned or
even about to happen.
Use Case: Financial Fraud Investigation
The Challenge
 Actionable intel is significant
 Requires a new set of capabilities
 Identify threat patterns as they emerge
 Analyze structured datasets
Case Study: The $5B Credit Card Fraud Market
 Researchers used webhose.io data to expose widespread CC fraud
 The fraudster “market challenge”
Explicit fraudulent activity on social media will get your account shut down
 The fraudster workaround: Create new dummy accounts
Case Study: The $5B Credit Card Fraud Market
 But how can we identify patterns between one digital identity
Case Study: The $5B Credit Card Fraud Market
 And multiple dummy accounts generated by thousands of threat actors
Case Study: The $5B Credit Card Fraud Market
 Complete price list
 Data dump sample
 Anonymized contact information
The Pattern identified by researchers
1. Identify victim talking about CC information on Twitter
while using benign account (e.g. @harmless-good-guy1)
2. Create new dummy account and engage with victim
(follow, friend, RT using fresh new account @harmeless-good-guy2)
3. Send victim link to blog/forum that contains malicious phishing site
4. Harvest victim CC information
5. Post harvested CC database for sale
The system to confirm the pattern is widespread
Obtain two datasets over a 48 hour period
by querying Twitter and Webhose.io API
for fraud signal keywords (ICQ, cvv, cvv2, amex)
Multi-layered graph-based model for social engineering vulnerability assessment
Dataset Mapping
1. Query Twitter API
2. Query Webhose.io API
for blogs & forums
Dataset Mapping
Bad guys apprehended!
Summary
Big Data Challenges
 Quality of Data
 Data source discovery
 Completeness of information
 Threat actor anonymity
 Pattern analysis
Ohad Flinker | Director of Content & Data Insights | @webhose

Contenu connexe

Tendances

Social Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceSocial Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceE Hacking
 
Companies warned over new nsa malware allegations
Companies warned over new nsa malware allegationsCompanies warned over new nsa malware allegations
Companies warned over new nsa malware allegationsJohn Davis
 
News construction from microblogging posts using open data
News construction from microblogging posts using open data News construction from microblogging posts using open data
News construction from microblogging posts using open data Francisco Berrizbeitia
 
KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013Kappa Data
 
Cybersecurity and the Human Psyche
Cybersecurity and the Human PsycheCybersecurity and the Human Psyche
Cybersecurity and the Human PsycheForcepoint LLC
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)festival ICT 2016
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint   c0c0n 2017Empowering red and blue teams with osint   c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Sensecy cti vs cti
Sensecy cti vs cti Sensecy cti vs cti
Sensecy cti vs cti Dori Fisher
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
 

Tendances (20)

Osint
OsintOsint
Osint
 
Data Breach
Data BreachData Breach
Data Breach
 
Social Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceSocial Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligence
 
Companies warned over new nsa malware allegations
Companies warned over new nsa malware allegationsCompanies warned over new nsa malware allegations
Companies warned over new nsa malware allegations
 
News construction from microblogging posts using open data
News construction from microblogging posts using open data News construction from microblogging posts using open data
News construction from microblogging posts using open data
 
KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013
 
Cybersecurity and the Human Psyche
Cybersecurity and the Human PsycheCybersecurity and the Human Psyche
Cybersecurity and the Human Psyche
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
Maltego
MaltegoMaltego
Maltego
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint   c0c0n 2017Empowering red and blue teams with osint   c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc
 
Sensecy cti vs cti
Sensecy cti vs cti Sensecy cti vs cti
Sensecy cti vs cti
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligence
 
Osint primer
Osint primerOsint primer
Osint primer
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human
 

Similaire à Open Web Data Feeds for Cybersecurity & Homeland Security Intelligence

Breach level index_report_2017_gemalto
Breach level index_report_2017_gemaltoBreach level index_report_2017_gemalto
Breach level index_report_2017_gemaltoJonas Mercier
 
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...REVULN
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Digital footprints (preview)
Digital footprints (preview)Digital footprints (preview)
Digital footprints (preview)Neeraj Mahajan
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response PlanningPECB
 
The Real Threat of CyberattacksEmmanuel .docx
The Real Threat of CyberattacksEmmanuel .docxThe Real Threat of CyberattacksEmmanuel .docx
The Real Threat of CyberattacksEmmanuel .docxhelen23456789
 
INSECURE Magazine - 33
INSECURE Magazine - 33INSECURE Magazine - 33
INSECURE Magazine - 33Felipe Prado
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityMuhammad Hamza
 
Top data breaches in 2013
Top data breaches in 2013Top data breaches in 2013
Top data breaches in 2013Shoplet_
 
Top data breaches in 2013
Top data breaches in 2013Top data breaches in 2013
Top data breaches in 2013post_it
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017Dryden Geary
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
 SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docxaryan532920
 
Data Security Breach For Target
Data Security Breach For TargetData Security Breach For Target
Data Security Breach For TargetChristina Santos
 
RSA Monthly Online Fraud Report -- May 2013
RSA Monthly Online Fraud Report -- May 2013RSA Monthly Online Fraud Report -- May 2013
RSA Monthly Online Fraud Report -- May 2013EMC
 
Detecting ARP Spoofing Essay
Detecting ARP Spoofing EssayDetecting ARP Spoofing Essay
Detecting ARP Spoofing EssayKimberly Bundy
 

Similaire à Open Web Data Feeds for Cybersecurity & Homeland Security Intelligence (20)

Breach level index_report_2017_gemalto
Breach level index_report_2017_gemaltoBreach level index_report_2017_gemalto
Breach level index_report_2017_gemalto
 
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Security
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 
Digital footprints (preview)
Digital footprints (preview)Digital footprints (preview)
Digital footprints (preview)
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
 
The Real Threat of CyberattacksEmmanuel .docx
The Real Threat of CyberattacksEmmanuel .docxThe Real Threat of CyberattacksEmmanuel .docx
The Real Threat of CyberattacksEmmanuel .docx
 
INSECURE Magazine - 33
INSECURE Magazine - 33INSECURE Magazine - 33
INSECURE Magazine - 33
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Top data breaches in 2013
Top data breaches in 2013Top data breaches in 2013
Top data breaches in 2013
 
Top data breaches in 2013
Top data breaches in 2013Top data breaches in 2013
Top data breaches in 2013
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
 SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Data Security Breach For Target
Data Security Breach For TargetData Security Breach For Target
Data Security Breach For Target
 
RSA Monthly Online Fraud Report -- May 2013
RSA Monthly Online Fraud Report -- May 2013RSA Monthly Online Fraud Report -- May 2013
RSA Monthly Online Fraud Report -- May 2013
 
Social Network Crime on Rise
Social Network Crime on RiseSocial Network Crime on Rise
Social Network Crime on Rise
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
 
Detecting ARP Spoofing Essay
Detecting ARP Spoofing EssayDetecting ARP Spoofing Essay
Detecting ARP Spoofing Essay
 

Dernier

TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptxTINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptxDwiAyuSitiHartinah
 
Master's Thesis - Data Science - Presentation
Master's Thesis - Data Science - PresentationMaster's Thesis - Data Science - Presentation
Master's Thesis - Data Science - PresentationGiorgio Carbone
 
MEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .pptMEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .pptaigil2
 
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024Guido X Jansen
 
Mapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptxMapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptxVenkatasubramani13
 
SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024Becky Burwell
 
How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?sonikadigital1
 
CI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual interventionCI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual interventionajayrajaganeshkayala
 
Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for ClarityStrategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for ClarityAggregage
 
YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.JasonViviers2
 
ChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics InfrastructureChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics Infrastructuresonikadigital1
 
AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)Data & Analytics Magazin
 
The Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayerThe Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayerPavel Šabatka
 
5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best Practices5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best PracticesDataArchiva
 
Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...PrithaVashisht1
 
Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023Vladislav Solodkiy
 
Virtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product IntroductionVirtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product Introductionsanjaymuralee1
 

Dernier (17)

TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptxTINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
 
Master's Thesis - Data Science - Presentation
Master's Thesis - Data Science - PresentationMaster's Thesis - Data Science - Presentation
Master's Thesis - Data Science - Presentation
 
MEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .pptMEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .ppt
 
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
 
Mapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptxMapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptx
 
SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024
 
How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?
 
CI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual interventionCI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual intervention
 
Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for ClarityStrategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
 
YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.
 
ChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics InfrastructureChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics Infrastructure
 
AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)
 
The Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayerThe Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayer
 
5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best Practices5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best Practices
 
Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...
 
Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023
 
Virtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product IntroductionVirtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product Introduction
 

Open Web Data Feeds for Cybersecurity & Homeland Security Intelligence

  • 1. Open Web Data Feeds for Cybersecurity & Homeland Security Threat Intelligence Ohad Flinker | Director of Content & Data Insights February 2017
  • 2. About Webhose.io Data Feeds We power big data analytics platforms (SalesForce, Kantar Media, Hootsuite, Buzzilla, Digitalstakeout, ASRC Federal) News Sites Message Boards Blogs Webhose.io platform OSINT Media Monitoring Machine Learning Financial Analysis Darknet
  • 3. OSINT & Big Data
  • 4. Homeland Security Use Cases  News and media monitoring  Threat actor profile compilation  Crime prevention, investigation, and evidence collecation  Machine learning  Incident response and crisis management
  • 5. DHS Recommendations • Social media monitoring tools/licenses have been purchased (commercial off-the-shelf or Software as a Service) • Data from available technologies has been integrated into common operating picture via web map or other dynamic data feeds • Technical requirements have been identified and addressed • Data available from multiple sources; data is standardized upon publication or receipt • Social media data integrated with other data to produce enhanced maps (aggregation and fusion of applicable information); multiple data layers are available for consideration Table 2.3: Phase Three of the Social Media Integration Maturity Model
  • 7. Big Data OSINT To deliver actionable alerts and insights, you need to develop new capabilities:  Massive volumes of machine readable data (clean, organized, structured)  Continuous discovery of new data sources  Up-to-the-minute current information  Analysis that overcomes anonymity and completeness of information
  • 8. OSINT 1.0 The dogdaygod murder plot  Stephen Carl Allwines murder trial reconvenes today February 13th 2017  Reported suicide of his wife Amy in November 2016  Forensic evidence collected  Claimed no knowledge of Darknet
  • 9. OSINT 1.0 The dogdaygod murder plot  Digital trail traced to user ‘dogdaygod’ contracting Besa Mafia “hit service”  … which took his money but never delivered the hit
  • 10. OSINT 1.0 The dogdaygod murder plot  They did, however, leak their entire ‘customer’ and ‘contractor’ list
  • 11. OSINT 1.0 The dogdaygod murder plot  Physical evidence suggested cover up  Claimed to have no knowledge of Darknet  Reddit activity suggests otherwise Reddit post by the same username
  • 12. Finding the Needle in the Big Data Haystack
  • 13. OSINT 2.0  Exponential volume of data  Threat actor activity posted in broad daylight  Anonymized and/or encryptied Besides eBay, messages are often hidden in the “X-rated pornographic pictures which conceal documents and orders for the next target,” said one intelligence source. Several other Mossad operatives spent their time tracking the Internet message board Reddit. More than once, it had led an operator to a terrorist using hexadecimal characters and prime numbers. Decoded, they sometimes indicated an attack was being planned or even about to happen.
  • 14. Use Case: Financial Fraud Investigation
  • 15. The Challenge  Actionable intel is significant  Requires a new set of capabilities  Identify threat patterns as they emerge  Analyze structured datasets
  • 16. Case Study: The $5B Credit Card Fraud Market  Researchers used webhose.io data to expose widespread CC fraud  The fraudster “market challenge” Explicit fraudulent activity on social media will get your account shut down  The fraudster workaround: Create new dummy accounts
  • 17. Case Study: The $5B Credit Card Fraud Market  But how can we identify patterns between one digital identity
  • 18. Case Study: The $5B Credit Card Fraud Market  And multiple dummy accounts generated by thousands of threat actors
  • 19. Case Study: The $5B Credit Card Fraud Market  Complete price list  Data dump sample  Anonymized contact information
  • 20. The Pattern identified by researchers 1. Identify victim talking about CC information on Twitter while using benign account (e.g. @harmless-good-guy1) 2. Create new dummy account and engage with victim (follow, friend, RT using fresh new account @harmeless-good-guy2) 3. Send victim link to blog/forum that contains malicious phishing site 4. Harvest victim CC information 5. Post harvested CC database for sale
  • 21. The system to confirm the pattern is widespread Obtain two datasets over a 48 hour period by querying Twitter and Webhose.io API for fraud signal keywords (ICQ, cvv, cvv2, amex) Multi-layered graph-based model for social engineering vulnerability assessment
  • 22. Dataset Mapping 1. Query Twitter API 2. Query Webhose.io API for blogs & forums
  • 23. Dataset Mapping Bad guys apprehended!
  • 25. Big Data Challenges  Quality of Data  Data source discovery  Completeness of information  Threat actor anonymity  Pattern analysis
  • 26. Ohad Flinker | Director of Content & Data Insights | @webhose