Insider threat

Human reconnaissance: The solution to insider threats

Waqas
July 19, 2021 by
Waqas

The rapid digitization of information and the spread of online communities have made them a crucial part of our lifestyles. With the Covid-19 pandemic, digitized online communities have provided a new communication and information sharing method. However, this has introduced new threats to organizations.

In addition, the information and data trade continues to thrive unnoticed within the dark and the deep web. Statistics show that the dark web activity has increased by 300% in the last three years.

According to a study in 2019, In The Web of Profit by Dr. Micheal McGuires, 60% of the information on the dark web is potentially harmful to enterprises. Amidst this, cybersecurity experts are scrambling to mitigate such risks by introducing new cyber protection methods such as human reconnaissance.

What is human reconnaissance?

Human reconnaissance, or human recon, is a unique service designed to provide an extra level of insight into an organization’s cyber strategy. It offers much-needed awareness regarding how your organization is most likely to fall victim to hacks, data breaches or other vulnerabilities.

Humans are the main component of an organization, from business partners to employees. A bad fish in the pond can cripple your organization. The human reconnaissance strategy profiles an individual's digital footprints utilizing open-source deep web and dark web intelligence. It provides an organization with online behavioral traits that might later become a threat. 

With human recon, you can achieve the following:

  • Identify any partner or employee that might be pursuing criminal or fraudulent activities over the dark web
  • Identify any employee or partner with compromised account credentials
  • Carry out the required diligence on strategic partners or potential hires
  • Perform due diligence during mergers and acquisition activities

While creating a typical digital profile, human recon experts focus on social media profiles, interactions over online forums such as Reddit or Quora, publicly posted information and any compromised information or accounts.

With these new insights, organizations can reduce risks related to reputational damages, cyber incidents or unplanned costs.

How to implement human reconnaissance

A human recon engagement is a complex process. Since an organization's long-term reputation and finances are at stake, human recon experts must remain vigilant while compiling the required digital report.

A typical human recon engagement contains the following three stages:

1. Cross-platform collection

During this stage, human recon experts sweep across various platforms to search for suspicious activity requiring further investigation. While doing so, the experts explore the following surfaces:

Surface web

To start, the human recon experts go through social media platforms, public information, news and media platforms, and any general information available on the surface web.

The information obtained at this surface collection consists of the target's birthday, hobbies, interests, pictures of themselves, friends, family members and pets. At this point, the experts also collect information on the target individual's workplaces, joint meet-up locations, home and educational institutions for further use in stage two.

Since Facebook, Instagram and Twitter are the most popular social media platforms, experts usually start by going through them. They also go through additional accounts such as Snapchat and TikTok, if available. Moreover, to get an insight on work ethics and workplace relationships, experts go through the LinkedIn profile of the target individual. All this time, they carefully monitor posts, comments and interactions with other people to gain behavioral insights.

Besides gaining personal information from social media platforms, the experts also search for the target individual on several online forums such as Quora or Reddit. These forums are open spaces where discussion happens around several topics, and going through comments and threads gives a better insight into behavior, belief systems and social-communicative skills.

Deep web inspection

After scouring the surface web, the human recon experts dive into exploiting the deep web. The deep web contains information that is not usually indexed by search engines and unreachable by conventional technology. 

Here experts might come across new insights regarding the target individual. Any information available on the deep web is only accessible via thorough investigation, which requires knowledge of the internet and cybersecurity. 

Dark web investigation

After scouring through the surface web and the deep web, human recon experts dive into the dark web to find more information on the target individual.

The dark web is part of the internet that is only accessible through Tor browsers and other anonymity tools such as VPNs. It is often used for criminal activities such as drug trading, human trafficking and other illicit activities. 

Within the dark web, the experts might come across a piece of compromised information regarding the target individual, such as credit card numbers, Social Security numbers, bank account information, email IDs and more.

Additionally, scouring the dark web also reveals if the individual has any criminal association or criminal records.

2. Investigating geography, relationships and tangibility

After scouring the internet, the experts try to identify behavioral patterns. While doing so, they observe the individual within the workplace, home and usual meet-up places.

They carry out a complete evaluation of relationships between the raw data collected in stage one and the data contained in stage two. This evaluation helps eliminate all false positives. The validation of the data collected in stages one and two is carried out using multiple sources of information.

This step is crucial as online information can easily be false or manipulated. Also, people tend to be different in person and behind screens, so the evaluations help provide a better insight into who the target individual is.

3. Compiling and reporting the collected data

Once all the data is collected and evaluated, human recon experts compile it in a comprehensive report and present it to the interested party. The report contains all the methods and hypotheses, which paints a clear picture of any potential issues related to the individual. 

Along with providing the report, the human recon experts sit with the party and debriefs the report contents. This debriefing session helps the party realize the authenticity of the whole procedure.

Why do I need human recon for my organization?

Humans are the most critical part of an organization, but they can also be a weak link in your cybersecurity posture. According to the Verizon 2021 Data Breach and Investigation Report, insiders are responsible for 22% of security incidents within organizations.

While hiring, the HR team can't judge someone's intentions within one or two interviews. Also, simply "googling" the individual will not provide the same level of insight human recon can.

An organization might opt for human recon for various reasons, including finding criminal associations or criminal backgrounds. Cybercriminals may be excellent social engineers, making it is easy for them to con their way into organizations to steal data or perform other nefarious activities. Using human recon can help reduce that risk since criminal affiliations often come up during these deep investigations.

Apart from that, an individual may simply be unaware of good cybersecurity practices. A human recon investigation can uncover issues such as compromised credentials and the oversharing of sensitive information. A naive employee is an easy target of malware and phishing campaigns which can cause massive damages to an organization. According to RedefinePrivacy, 66% of businesses experienced phishing attacks in 2020 alone.

Therefore, implementing human recon within an organization can help evaluate risks and damages. Moreover, it can help the organization avoid the reputational damage that accompanies a cyber incident due to malicious or non-malicious insiders. 

Sources

Dark web activity has spiked over 300 percent, Times Now News

Into the Web of Profit, Bromium 

DBIR - 2021 Data Breach Investigations Report, Verizon 

Cybersecurity Statistics 2021, RedefinePrivacy 

Waqas
Waqas

Waqas is a cybersecurity journalist and writer who has a knack for writing technology and online privacy-centric articles. Waqas runs the DontSpoof.com project, which presents expert opinions on online privacy and security.