If Offensive cyber is yesterday’s news, what will replace it?

Embed from Getty Images

Three events in the past week mark a shift in direction for the world of intelligence gathering by cyber tools.

The first concerns the vigorous activity of the U.S. government against NSO. This activity should not be seen directed against only one company, but it seems that in many ways this activity is indicative to the policy of the US administration and other Western countries towards companies that offer offensive cyber tools in general. The severe breach of privacy, along with the pressure directed by those big companies (like Facebook or Apple) that have been allegedly a target by these companies, are increasing the political and economical pressure on these companies, and raises serious doubts about the ability of these companies to continue operating in the Western world over time. The gathering of private or sensitive information without the consent or awareness of a social media user, with an emphasis on the difference in rules and laws between countries and organizations, is becoming harder and harder.

The second development is connected to a report published last week that the Defense Intelligence Agency is expected to the U.S. military’s ‘Open Source’ data. This important news given that open-source intelligence (OSINT) has the potential to change the intelligence industry in a truly profound way. The amount of information available online and the ease with which it can be accessed, creates an almost unimaginable amount of opportunity for the intelligence community.

The third development concerns the National Cyber Center in Israel, during which cybersecurity week it conducted an exercise in which it sent hundreds of thousands of users so-called fake messages from their credit card company – the kind we all routinely receive. This exercise highlights one of the uses of the social engineering concept: when the attacker sends an engineered link, and after the target clicks the link, he could find out what a person’s browsing and consumption habits are, which platforms they typically use, and what messages they typically receive. The fact that more than 30% clicked the link shows the harming potential of this tool.

In the past, even before companies engaged in the field of offensive cyber were established, most of the ability to obtain private information in the cyber world was through the use of the WEBINT tools. Specifically, Social media intelligence (SOCMINT) is a newcomer within the increasingly important discipline of OSINT. The rising use of social media coupled with the rapid development of analytical tools (often created by private industry, particularly marketing and online advertising companies) has provided law enforcement with a new opportunity to gather intelligence that could identify criminal activity, provide early warning of disorder, and help understand and respond to public concerns.

Before the idea of exploiting the weakness of the computer software came into the world, many companies tried to offer an “offensive” web intelligence (WEBINT) approach. The company would provide capabilities to law enforcement or security agencies with the ability to interact with their targets (by using “Avatars”), and later offered Social engineering capabilities to exploit the weakness of the human being.

But there was a reason why the use of WEBINT tools (including social engineering) was not enough. Handling Big Data was becoming too complex; the technology to obtain the information became more expensive. Between social media companies’ actions and malicious actors online, the public have become much more wary of the internet. As a result, many of these users have moved to closed groups and niche forums, leaving behind the more mainstream social media platforms. As the detection algorithms on mainstream platforms continue to improve, it is transforming the ability to acquire relevant data to be extremely difficult.

This led companies to seek ways to bypass the human factor and find ways to hack into his / her account without being dependent on his actions. Exploiting highly popular software systems weaknesses provided a golden opportunity to receive highly precious information that directly connected to the target. It wasn’t easy but companies who managed to find these weaknesses hit a “gold mine.”

But the future for offensive cyber capabilities is questionable. In many ways these companies must step back and try to improve the concept of human error exploitation. It seems that the “compensation” of losing the offensive cyber capabilities will be to return to the “classic world of cyber.” Meaning using Advanced WEBINT tools, that evolved over time and today include geolocation data, intel fusion capabilities, and advanced social engineering tools will be the compensation of loosing the offensive cyber capabilities.

Moreover, developments in the world of Web Intelligence, especially the phenomenon of leaks of information on the Internet, lead to the fact that the ability to find confidential information on the Internet, which was once achieved only through technological hacking, is now accessible to all. Passwords, email addresses and phone numbers of millions of users of different apps are now exposed to all, and a simple internet search can bring this information.

In many ways, even if the offensive cyber world would have continued uninterrupted, the ability to “harvest” more and more information from all layers of the Internet would have changed. The advances in technological tools that equip an individual or company to handle “Big Data” has radically reduced the gap in the quality and quantity of information that can be collected using Internet collection tools. This is enormous shift in comparison to the offensive cyber tools.

On top of that, the notion that only classified information can reveal various malicious activities, is fundamentally wrong. The recent example of Hezbollah with its extensive activity on social networks led to the organization operating entire networks in Israel through the same networks.

It is important to note that the vanishing world of offensive cyber concerns mainly countries and companies that have sought to buy “shelf products” that allowed them to use these capabilities. When these shelf products disappear, countries with advanced technological capabilities will still be capable of developing their own offensive cyber capabilities. Countries like China and Russia do not need private companies and they will continue to look for and find technological weaknesses that will enable them to continue to hack devices and networks in the future.

And there is one other important point – countries’ addiction to phone hacking has caused them to miss quite a bit of information that can come from widely available sources whose value is no less than the information collected from phone hacks. Therefore, in many ways, the disappearance of these tools will force countries (using the money that will be saved from buying hacking capabilities) to spend more on training their research personnel, and to invest in diversifying their intelligence sources.

The need to catch the “bad guys” is only increasing. The mounting obstacles that offensive cyber companies are coping with today will force this industry to return to the drawing board and find ways to significantly improve the ability to exploit the human factor weaknesses. The massive advancement of web intelligence tools highlight the fact that even without offensive cyber, the ability to find those “bad guys” still existed, and with the relevant investment, it can only be improved.

23+ years of experience in 8200, IDI Research Division and the Israeli Embassy in the US. Retired from the Israel Defense Forces and today senior WEBINT instructor
About the Author
Danny (Dennis) Citrinowicz is a nonresident fellow with the Atlantic Council’s Middle East Programs and a senior WEBINT instructor at Cyberpro. Previously, he was senior fellow at the Institute of Policy and Strategy (IPS) and the Abba Eban institute at Reichman University. Danny served 25 years in a variety of command positions units in Israel Defense Intelligence (IDI) including as the head of the Iran branch in the Research and Analysis Division (RAD) in the Israeli defense intelligence and as the division’s representative in the United States.
Related Topics
Related Posts