Studying Cyber Threats with Open Source Intelligence


Published on

Corporate security teams and government agencies are faced with fast evolving cyber threats and Recorded Future provides groundbreaking temporal analysis to help analysts find intelligence buried in big data on the web.

This presentation covers a number of different analysis and monitoring scenarios including the evaluation of an emerging security threat such as mobile malware, identification of quality sources according to credibility and speed of delivery, and ways to track known actors. This is done through the scope of Recorded Future visualization tools that enable an efficient way to timeline past scenarios and the means to better forecast future events.

If you'd like to see more, consider joining us on Thursday, March 29, 2012 for a webcast - - introducing how our temporal analytic technology supports cyber defense or stop by

Published in: Technology, News & Politics
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • What information useful to cyber security can we actually get out of examining these stated future events? Explicit Threats: Hackers, organizations, or states warning of action at a particular date Trigger Events: From past analysis, map out future events such as product releases, political support, or campaigns dates. Analyst Expectations: Crowd source statements from experts and trusted media channels on the future of threats. Sociopolitical events: Dates or protests, elections, or controversial lawsuits.Unstructured text has analytic & predictive power.Time and temporal reasoning is central.
  • Moments of interest: The absence of coverage in early 2009 when threats and attention to threats were in their infancy. In aggregate, the most mentioned products and companies include Android, Apple, and Windows: Actions from companies (maybe competitors) to actually bulk up their security through partnerships, contracts, and acquisitions.
  • The network describes relationships, whether a partnership or attacker/target, between Lulz Security and Anonymous during a twelve month period from February 2011 through January 2012.
  • How can we use temporal analytics to
  • Studying Cyber Threats with Open Source Intelligence

    1. 1. Studying Cyber Threatswith Open Source Intelligence Recorded Future on Cybersecurity COMPANYCONFIDENTIAL
    2. 2. Seismic Shift in Intelligence Temporal Indexing of Web Enables Novel IntelligenceCOMPANYCONFIDENTIAL 2
    3. 3. Text Is Loaded with Temporal Signals “North Korea apparently began pursuing a uranium enrichment Drought and malnutrition hinder next spring’s program in 1996 at the latest” expansion plans in Kabul... ...In June, officials said the network encryption was operational “2012 is the year when China will export “...opposition organizers more chemicals according to this source” plan to meet on Thursday to protest...” “ Dr Sarkar says the new facility will be operational by March 2014...” “Going to see Sarcozy “According to CellBlog, speak this weekend...” Pakistan’s 4G network will “New Russian worm be deployed by mid-2011” set to unleash botnet on 4/1/2012...”COMPANYCONFIDENTIAL
    4. 4. Tools for Temporal event extraction from textTemporal Analysis Search through time Interactive timelining Temporal network analysis Temporal source scoringCOMPANYCONFIDENTIAL 4
    5. 5. Record what the world knowsabout the future… Explicit Threats Scheduled Planned civil political & legal events Analyze unrest & protests Analyst ExpectationsCOMPANYCONFIDENTIAL 5
    6. 6. Cyber Analysis Profile Monitor Historic Trends A Actors Recent Threats B Explicit Threats Trusted Sources C Sociopolitical EventsCOMPANYCONFIDENTIAL 6
    7. 7. 1a. Profile Trends: Mobile Malware Q4 2011 the Reports suggest busiest period forMinimal attention to malware attacks Investment & mobile malwarethe issue in 2009. on Googles acquisitions around according to Android mobile mobile security McAfee. OS rose fourfold in pick up. 2010 COMPANYCONFIDENTIAL 7
    8. 8. Focus Time - Two Months of Mobile Malware Evaluating peaks in sentiment from December 2011 through February 2012 The AndroidMcAfee report says iOS Marketplace, which is lesssafer than Android; mobile tightly regulated thanOS security generally Apple’s mobile appimproving store, leaves more leeway for things like malware… …thieves are “ready and Lookout Mobile Security waiting with highly targeted took Symantec to task for malware and attacks Counterclank malware, employing mobile arguing that it’s just an applications.” aggressive ad network. COMPANYCONFIDENTIAL 8
    9. 9. Focus Time - Two Months of Mobile Malware Companies, organizations, and products mentioned affected by mobile malware from December 2011 through February 2012.COMPANYCONFIDENTIAL 9
    10. 10. Looking Forward – Predictions about mobile malware for 2012Time frames for events are described by lines across the x-axis. In this case, predictions rangefrom very specific days (March 1, 2012) to rough estimates (end of the year) to an annual period(2012). COMPANYCONFIDENTIAL 10
    11. 11. 1b. Profile Threats: Organizations February 2011 to February 2012COMPANYCONFIDENTIAL 11
    12. 12. Attacks Forewarned by Anonymous during 2011COMPANYCONFIDENTIAL 12
    13. 13. 1c. Evaluation of SourcesGoals • Prioritize valuable sources for monitoring and analysisVariables • Credibility of sources on subject matter • Speed of reporting on critical events event • Forecasting successSource Details • Location • Nature of source (visibility, specialization)COMPANYCONFIDENTIAL 13
    14. 14. Evaluate Predictive Sources by TypeCOMPANYCONFIDENTIAL 14
    15. 15. Analyze ForecastersRanked According to Speed, Quantity, & Predictions Need to Evaluate Credibility, Accuracy, & TimingCOMPANYCONFIDENTIAL 15
    16. 16. 1a. Monitor: Organizations & IndividualsCOMPANYCONFIDENTIAL 16
    17. 17. 1b. Explicit Threats: Hackers warning of action during the next 60 daysCOMPANYCONFIDENTIAL
    18. 18. 1c. Monitor: Forces behind past attacksSony hit by hackers after Data on Mexican drug Lulz Security attacks PBSbring lawsuit against Hackers supporting cartels released after an website over Wikileaksgamers modifying their #Occupy movement. Anonymous member documentary.hardware. kidnapped. COMPANYCONFIDENTIAL 18
    19. 19. Social • Occupy Movement • Minority Rights (#OpArgentina)Political Retaliation• SOPA • MegaUpload• Personal • Zetas Cartel Property • Sony Lawsuit• Partisan Support Why?COMPANYCONFIDENTIAL
    20. 20. Key Dates to Watch: PoliticalCOMPANYCONFIDENTIAL 20
    21. 21. Key Dates to Watch: SocialCOMPANYCONFIDENTIAL 21
    22. 22. Key Dates to Watch: CorporateCOMPANYCONFIDENTIAL 22
    23. 23. Want to learn more? Visit or contact us directly: sales@recordedfuture.comCOMPANYCONFIDENTIAL