Does your OSINT collection plan include foreign research institutes?

Last Updated on Wednesday, 13 January 2010 02:50 Written by Jeffreycarr Wednesday, 13 January 2010 02:50

If your agency or organization relies on open source intelligence, and if that OSINT effort is still focusing solely on public forums, you’re wasting your resources. Cyber intelligence collection and analysis in 2010 must extend broader and deeper than it ever has before. GreyLogic/Project Grey Goose investigators, for example, now incorporate at least six levels of collection and analysis in every investigation. One of those levels is the identification of strategic R&D projects in Russian and Chinese institutions. When you know where a government is investing its research dollars, you can begin to build a more precise future threat matrix.

GreyLogic has begun making its research in this area available to IntelFusion FLASH Traffic (IFT) subscribers. Every week for the past 7 weeks, we have profiled a different Russian institute who’s work has strategic importance for Russian Federation Information Security and Information Warfare operations, including:

• Military Aviation Engineering University at Voronezh
• The Moscow Engineering Physics Institute
• Moscow State Technical University
• Directorates of the FSB Academy (Institute of Cryptography, Telecommunications and Informatics – IKSI)
• Russian State Humanities University (Faculty of Information Security)
• Moscow State Institute of Radio Engineering, Electronics and Automation (MIREA) (Faculty of Information Technology – Faculty of Cybernetics)
• Information Security for RF Networks is Researched and Developed at Moscow State Institute of Electronics and Mathematics – Department of Applied Mathematics

We have additional Russian institutes in the pipeline that will be featured in upcoming issues of IFT. Key Chinese universities will follow. As far as we know, this information is not available from any other UNCLAS resource and is hard to come by even on the “high side”. If a broader and deeper level of OSINT analysis makes sense to you, contact us for further information.

“How can we connect the dots when we don’t have all the dots?”

Last Updated on Friday, 7 November 2008 05:53 Written by admin Friday, 7 November 2008 05:53

The Defense Science Board report that came out 3 days ago continues to make headlines in Government circles. Today’s NextGov.com article underscores the reports findings about the need to include Open Source intelligence in counterterrorism activities.

(t)he board said. “The No. 1 issue in counterterrorism is that we are information-limited,” the report stated. “Many nostrums for improving intelligence in support of counterterrorism focus on ‘connecting the dots’ on the presumption that we have all the dots. We do not, nor are we sufficiently astute and aggressive enough in collecting them.”

The report, “Defense Imperatives for New Administration”, released on Nov. 4, said combating terrorism requires putting domestic intelligence collection on par with foreign intelligence. The creation of the Office of the Director of National Intelligence, which placed all intelligence agencies under an umbrella organization, was supposed to achieve this parity. But the science board said, “successive directors of national intelligence have been slow to embrace domestic intelligence, and that must be remedied.”

The report slammed the agencies for their disdain of open source intelligence, saying that since the Sept. 11 attacks “every commission and every observer and critic of the intelligence community” has touted the value of such information channels.

“Much of what we know about terrorist groups comes from open sources,” the board said. “Much of what we do not know and need to know is to be found in open sources.” But the intelligence community “retains a propensity to undervalue and shortchange” them, the report said.

Some Lessons Learned, and more to come

Last Updated on Sunday, 21 December 2008 01:40 Written by admin Monday, 20 October 2008 08:07

Phase I of Project Grey Goose ended last Thursday, but my work fielding report requests, doing interviews, conducting a post-mortem, and scoping out Phase II is ongoing. Nevertheless I thought now would be a good time to offer a few of the lessons learned:

1. We demonstrated that a handful of bright, motivated people can push Open Source Intelligence to the edge of the envelope working part-time with no money, using free or donated software (thanks Palantir), and, most importantly, stripping away every vestige of bureaucracy until nothing was left but the work itself. 

UPDATE: Blogger pal and Intel vet Mike Tanji makes a similar point in his ThreatsWatch post.

2. We learned where OSINT stops and classified intelligence begins. What goes on inside the FSB and FAPSI may be privy to spies but not to us nor to any OSINT analyst. On occassion, however, we do find a few clues like this one from Silicon Taiga:

The general-major Alexander Burutin, Deputy chief of staff of the Russian armed forces, says that scientists in developed countries are actively developing ‘information weapon’, which will be directed against Russia. He believes there are special troops engaged in developing information operations in the armed forces of several states. Mr. Burutin says that intensive ‘destruction of spiritual values by influencing the individual, group and mass consciousness’ of the Russian citizens is being currently held. The major-general thinks the information warfare against Russia provides for the negative image of Russia. To counteract the information warfare, the RF General Staff has decided to establish the ‘Agency for positive image of Russia’. Simultaneously, the Federal Agency for Government Communications and Information at the RF President, FSB and Ministry of Defence will be engaged in developing special methods for information warfare. (emphasis added)

3. The key is not, as Dancho Danchev wrote, “real-time OSINT versus historical OSINT”. In fact, Danchev’s description of “real-time OSINT” does not differ from our own investigative processes in any respect. We just applied it to historical data. Now that we have a proof-of-concept, Phase II will be a real-time effort over 120 days.

4. There’s a real hunger for Cyber intel, not just within our own government but among our allies as well. I’ve received requests for our “internal-only” report from across the DOD and IC, as well as from some of our allies in Europe and the Pacific.

5. Open Source is not enough. We needed to use proprietary software donated by Palantir Technologies. For Phase II, we’ve had to reach out to another company, Basis Technology, to use their Rosette Linguistics Platform. Additionally, we asked for and received some private network data collected by other agencies that was relevant to our investigation. The bottom line is that data comes in three colors: white, grey, and black, and without access to at least two of the three types, this report could never have been written.

As for Phase II, it will commence shortly. Other than that, I won’t have too much to say about it, except watch for our report in the Spring of 2009.