The Weaknesses of Unclassified Intelligence
Little bits of data offer big chances for exploitation.
The open source domain has a set of vulnerabilities unique in the intelligence world in terms of both what enemies can misuse and critical pieces that might be absent. Because of the public nature of open source, some experts tend to discount its value, while that same feature means that patient malefactors can put together different sources of data leaking through various measures until they develop a comprehensive, damaging picture. Different technologies are helping to mitigate the dangers as the public and private sectors also work to educate their people on safer practices.
According to a report under copyright by The Center for Security Studies and posted on the Research Institute for European and American Studies website, open source intelligence provides 80 to 95 percent of the information used by the intelligence community. But debate surrounds how to make best use of it. Author Chris Pallaris writes that, “For traditional intelligence agencies, it is unlikely to offer a 100 percent solution to their information needs. Indeed, it is only likely to compound the problems they already face, the greatest of which is information overload.”
During the past two years, the dangers of open sources have become public fodder with scandals such as the Wikileaks and Edward Snowden incidents. However, the dangers of revealing classified information, or of the press revealing sensitive topics, is nothing new. An official at the Defense Department says the same issues have existed for “a long time. It’s something we live with.” Standard operational security standards are in place, but as events show, those work only when people follow them.
The advent of the Internet and especially social media have made the problems more pervasive. “It’s very troubling how quickly things get out,” the official states. Policies are in place to help mitigate perils, but confusion, ignorance or plain disregard of what is appropriate to reveal remains a problem for some in the Defense Department and across government. In March, the National Guard Bureau sent a message out reminding members to be mindful of what they post online, sharing links to the U.S. Army and U.S. Air Force social media handbooks.
Also, unlike other forms of intelligence, open source veers into the private sector and away from the pure intelligence world. Attackers can target companies by gathering seemingly innocuous pieces of information posted on websites, including email addresses, titles and business reports. Vishal Gupta, the chief executive officer of Seclore Technology, says, “There are lots of ways today that information can be misused.” He cites the example of the Boston Marathon bombing. According to him, the attack actually went off plan, at least in part. The bombers expected more people to be at the detonation location based on social media platforms such as Foursquare.
Gupta explains that physical terrorists use location-based social media to find crowded places to inflict maximum damage. Naturally, when military members release such information, similar results can occur, but potentially with even worse results, depending on the nature of the incident.
Companies are offering technologies to help address these issues. Seclore has created a product that moves security of electronic documents to the document itself. The files will know specifically which individuals should access them, keeping the wrong eyes out. Furthermore, if a relationship changes—an employee is fired or a troop separates from service—the owner of the document can make the file simply disappear from other machines. “It’s a little ‘Mission Impossible’,” Gupta says. Users can customize how a document recognizes who readers are through customizable measures such as Social Security numbers, banking identifications, links to mobile phones or other methods of validation.
Beyond that application, the technology also makes employing social media platforms such as Facebook more secure. While it cannot stop people from posting an update that might contain inappropriate information, it can secure uploaded files. If someone wants to post a picture but make it visible to only five people, completely hidden from anyone else, they can use this technology to do that, then decide when the picture should vanish. At that point, it no longer is available for viewing by anyone.
According to the company, defense and investigative agencies in nine countries, including the United Arab Emirates, Singapore and the Netherlands, are using the product now; none are located in the United States. Several large corporations also employ the technology. “All of these organizations are realizing it’s very, very difficult to restrict confidential information from leaving the enterprise,” Gupta explains.
Keeping small pieces of data from leaking to the wrong person in order to maintain overall security becomes difficult the more that groups share. Organizations often must release to outside sources such as lawyers, auditors, medical personnel or payroll companies the very pieces of sensitive information that can cause the most damage. Gupta believes his company’s product helps prevent others from misusing the information for nefarious purposes.
In the national security realm, open source information helps investigative agencies at the national level share more securely with regional groups or international partners. If the information were to reach the wrong hands, it could mean the killing of witnesses or better planning for new terrorist attacks. All of the information might be unclassified, but if enough is cobbled together by the wrong sources, the results could be the same as if someone had a complete classified file.
On the other side of the vulnerability coin is when analysts go through the massive amounts of data coming in and try to make sense of it. David Murgatroyd, vice president of engineering at Basis Technology, explains that in the traditional intelligence world—versus the general world of massive data—granularity, connections and finding the needle in the haystack can be much more important. Missing a few facts might not have much impact in the normal course of events, “but in intelligence, false negatives are a bad thing,” he states. If a crucial piece of information is missed, it can mean the difference between security and disaster.
Basis has a product called Odyssey with an open source intelligence application built onto it that allows better text analytics. The interface helps users to understand how confident the machine is in the data and allows them to interact with the technology efficiently. It can handle text in a variety of languages, exploiting a wider variety of open sources, and performing useful tasks such as converting kilograms to pounds and understanding subtleties and nuances. The technology makes translations only just before presenting the data to analysts, not along the way, keeping as much context as possible. “Translation is an information destroying process,” Murgatroyd explains.
By using algorithms that unveil levels of certainty with the source, the technology reduces the vulnerability of following the wrong leads in the open source realm. If someone searches Vladimir Putin, for example, the technology can look across languages, spelling differences and other factors. It might return 2 million references, but it categorizes them based on how strong the algorithms indicate the data matches the inquiry. “That’s the idea of expressing that uncertainty to the users in a consumable way so they can decide where to dig deeper,” Murgatroyd says.
Finding the right user interface is critical. Enemies might be releasing plenty of data out to the public that analysts can exploit. However, they need to obtain results in ways that help them, not bog them down in percentages. Murgatroyd explains that different situations also have different vulnerabilities. Countries with freedom of press and speech obviously have more to exploit. Blogs also have potential for releasing what could be used for intelligence purposes, and platforms such as Twitter are becoming increasingly concerning across the world. Someone might tweet about weaknesses at a certain airport’s security checkpoint or how to sneak past police at a location.
While news stories are relatively easy to scan and interpret, social media is more difficult, both in terms of reliability of the information and through the fact that people could talk in very specific terms or even code. In certain cases, analysts also have to be aware of the dangers of disinformation put out in public purposely to mislead. Murgatroyd says all of those are different types of vulnerabilities intelligence professionals have to consider.
Pallaris’ report points out that multiple news agencies reporting on a story does not guarantee accuracy or truth. “Governments and non-state actors are just as likely to use open sources of information to broadcast inaccurate or misleading information. On occasion, [open source intelligence] needs to be verified against information from classified sources.”
Additionally, information gathered does not necessarily ensure actionable intelligence at the tactical or operational level. “As militant groups and organized crime syndicates become aware of just how large their ‘digital footprint’ really is, they are more likely to go offline and stay below the radar,” the report says.
Other challenges include the rise of multimedia. Tweets often include pictures; Facebook videos now play right in news feeds. So integrating security across different types of information files is growing in importance. Odyssey focuses on text, but there is an understanding that analysis has to be able to exploit across offerings in the real world. Video analysis algorithms should create references to the same common inventory to allow for a wider exploitation. Otherwise, those critical vulnerabilities put out through open sources will remain bits of data instead of weaving into the intelligence picture.