Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Open Web Data Feeds for
Cybersecurity & Homeland Security Threat Intelligence
Ohad Flinker | Director of Content & Data In...
About Webhose.io Data Feeds
We power big data analytics platforms
(SalesForce, Kantar Media, Hootsuite, Buzzilla, Digitals...
OSINT & Big Data
Homeland Security Use Cases
 News and media monitoring
 Threat actor profile compilation
 Crime prevention, investigati...
DHS Recommendations
• Social media monitoring tools/licenses have been purchased
(commercial off-the-shelf or Software as ...
Tracking The Digital Trail
Big Data OSINT
To deliver actionable alerts and insights, you need to develop new capabilities:
 Massive volumes of machi...
OSINT 1.0 The dogdaygod murder plot
 Stephen Carl Allwines murder trial reconvenes today February 13th 2017
 Reported su...
OSINT 1.0 The dogdaygod murder plot
 Digital trail traced to user ‘dogdaygod’ contracting Besa Mafia “hit service”
 … wh...
OSINT 1.0 The dogdaygod murder plot
 They did, however, leak their entire ‘customer’ and ‘contractor’ list
OSINT 1.0 The dogdaygod murder plot
 Physical evidence suggested cover up
 Claimed to have no knowledge of Darknet
 Red...
Finding the Needle in the Big Data Haystack
OSINT 2.0
 Exponential volume of data
 Threat actor activity posted in broad daylight
 Anonymized and/or encryptied
Bes...
Use Case: Financial Fraud Investigation
The Challenge
 Actionable intel is significant
 Requires a new set of capabilities
 Identify threat patterns as they em...
Case Study: The $5B Credit Card Fraud Market
 Researchers used webhose.io data to expose widespread CC fraud
 The frauds...
Case Study: The $5B Credit Card Fraud Market
 But how can we identify patterns between one digital identity
Case Study: The $5B Credit Card Fraud Market
 And multiple dummy accounts generated by thousands of threat actors
Case Study: The $5B Credit Card Fraud Market
 Complete price list
 Data dump sample
 Anonymized contact information
The Pattern identified by researchers
1. Identify victim talking about CC information on Twitter
while using benign accoun...
The system to confirm the pattern is widespread
Obtain two datasets over a 48 hour period
by querying Twitter and Webhose....
Dataset Mapping
1. Query Twitter API
2. Query Webhose.io API
for blogs & forums
Dataset Mapping
Bad guys apprehended!
Summary
Big Data Challenges
 Quality of Data
 Data source discovery
 Completeness of information
 Threat actor anonymity
 Pat...
Ohad Flinker | Director of Content & Data Insights | @webhose
Upcoming SlideShare
Loading in …5
×
Upcoming SlideShare
Colman Hackathon Webhose.io API Reference
Next
Download to read offline and view in fullscreen.

0

Share

Download to read offline

Open Web Data Feeds for Cybersecurity & Homeland Security Intelligence

Download to read offline

How homeland security and law enforcement use web data feeds to save lives, collect threat intelligence, and bring criminals to justice

  • Be the first to like this

Open Web Data Feeds for Cybersecurity & Homeland Security Intelligence

  1. 1. Open Web Data Feeds for Cybersecurity & Homeland Security Threat Intelligence Ohad Flinker | Director of Content & Data Insights February 2017
  2. 2. About Webhose.io Data Feeds We power big data analytics platforms (SalesForce, Kantar Media, Hootsuite, Buzzilla, Digitalstakeout, ASRC Federal) News Sites Message Boards Blogs Webhose.io platform OSINT Media Monitoring Machine Learning Financial Analysis Darknet
  3. 3. OSINT & Big Data
  4. 4. Homeland Security Use Cases  News and media monitoring  Threat actor profile compilation  Crime prevention, investigation, and evidence collecation  Machine learning  Incident response and crisis management
  5. 5. DHS Recommendations • Social media monitoring tools/licenses have been purchased (commercial off-the-shelf or Software as a Service) • Data from available technologies has been integrated into common operating picture via web map or other dynamic data feeds • Technical requirements have been identified and addressed • Data available from multiple sources; data is standardized upon publication or receipt • Social media data integrated with other data to produce enhanced maps (aggregation and fusion of applicable information); multiple data layers are available for consideration Table 2.3: Phase Three of the Social Media Integration Maturity Model
  6. 6. Tracking The Digital Trail
  7. 7. Big Data OSINT To deliver actionable alerts and insights, you need to develop new capabilities:  Massive volumes of machine readable data (clean, organized, structured)  Continuous discovery of new data sources  Up-to-the-minute current information  Analysis that overcomes anonymity and completeness of information
  8. 8. OSINT 1.0 The dogdaygod murder plot  Stephen Carl Allwines murder trial reconvenes today February 13th 2017  Reported suicide of his wife Amy in November 2016  Forensic evidence collected  Claimed no knowledge of Darknet
  9. 9. OSINT 1.0 The dogdaygod murder plot  Digital trail traced to user ‘dogdaygod’ contracting Besa Mafia “hit service”  … which took his money but never delivered the hit
  10. 10. OSINT 1.0 The dogdaygod murder plot  They did, however, leak their entire ‘customer’ and ‘contractor’ list
  11. 11. OSINT 1.0 The dogdaygod murder plot  Physical evidence suggested cover up  Claimed to have no knowledge of Darknet  Reddit activity suggests otherwise Reddit post by the same username
  12. 12. Finding the Needle in the Big Data Haystack
  13. 13. OSINT 2.0  Exponential volume of data  Threat actor activity posted in broad daylight  Anonymized and/or encryptied Besides eBay, messages are often hidden in the “X-rated pornographic pictures which conceal documents and orders for the next target,” said one intelligence source. Several other Mossad operatives spent their time tracking the Internet message board Reddit. More than once, it had led an operator to a terrorist using hexadecimal characters and prime numbers. Decoded, they sometimes indicated an attack was being planned or even about to happen.
  14. 14. Use Case: Financial Fraud Investigation
  15. 15. The Challenge  Actionable intel is significant  Requires a new set of capabilities  Identify threat patterns as they emerge  Analyze structured datasets
  16. 16. Case Study: The $5B Credit Card Fraud Market  Researchers used webhose.io data to expose widespread CC fraud  The fraudster “market challenge” Explicit fraudulent activity on social media will get your account shut down  The fraudster workaround: Create new dummy accounts
  17. 17. Case Study: The $5B Credit Card Fraud Market  But how can we identify patterns between one digital identity
  18. 18. Case Study: The $5B Credit Card Fraud Market  And multiple dummy accounts generated by thousands of threat actors
  19. 19. Case Study: The $5B Credit Card Fraud Market  Complete price list  Data dump sample  Anonymized contact information
  20. 20. The Pattern identified by researchers 1. Identify victim talking about CC information on Twitter while using benign account (e.g. @harmless-good-guy1) 2. Create new dummy account and engage with victim (follow, friend, RT using fresh new account @harmeless-good-guy2) 3. Send victim link to blog/forum that contains malicious phishing site 4. Harvest victim CC information 5. Post harvested CC database for sale
  21. 21. The system to confirm the pattern is widespread Obtain two datasets over a 48 hour period by querying Twitter and Webhose.io API for fraud signal keywords (ICQ, cvv, cvv2, amex) Multi-layered graph-based model for social engineering vulnerability assessment
  22. 22. Dataset Mapping 1. Query Twitter API 2. Query Webhose.io API for blogs & forums
  23. 23. Dataset Mapping Bad guys apprehended!
  24. 24. Summary
  25. 25. Big Data Challenges  Quality of Data  Data source discovery  Completeness of information  Threat actor anonymity  Pattern analysis
  26. 26. Ohad Flinker | Director of Content & Data Insights | @webhose

How homeland security and law enforcement use web data feeds to save lives, collect threat intelligence, and bring criminals to justice

Views

Total views

945

On Slideshare

0

From embeds

0

Number of embeds

42

Actions

Downloads

15

Shares

0

Comments

0

Likes

0

×