After the Webinar: Open Source Intelligence: Performing Research and Developing Findings. Q&A with Valarie Findlay

Webinar presenter Valarie Findlay answered a number of your questions after her presentation, Open Source Intelligence: Performing Research and Developing Findings.  Here are just a few of her responses.

 

Audience Question: What is the difference between the deep web and the dark web? 

Valarie Findlay: So, we talked about the deep web was probably the first iteration, emerging as an unindexed version of the web where at the time, I’m sure a lot of you will recall Silk Road, there were a lot of very unscrupulous marketplaces popping up. As much as law enforcement started to move in and dismantle some of those marketplaces another Web layer formed, the dark web, offering everything illicit that you could possibly imagine. So, when we get into the dark web, criminals are going to keep moving into new venues – it’s displacement that occurred with interdiction. Unlike the Surface Web that you can see and easily navigate, the deep web and the dark web are very hard to navigate. And I would anticipate that as much as interdiction increases and law enforcement moves into these areas, new areas are going to develop, and we’ll have other layers of the web. Some already are just not as popular. Some built as infrastructure and are not necessarily for trade and trafficking and marketplaces, but, more so, the infrastructure to build out and allow things like end-to-end encrypted communication. So, I think, in the next decade new versions of the deep web and dark web are going to be commensurate with law enforcement’s interdiction in the current areas.

 

Audience Question: Can you provide any advice or resources for researching Canadian business entities? 

Valarie Findlay: Yeah, it depends on what you’re looking for. So provincially and federally Industry Canada or I think it used to be called Strategies. They keep a repository or a searchable database of federally incorporated companies. Now again, it depends on what you’re looking for. So, if you want to search businesses, Canadian businesses, that are incorporated, that is certainly the first place to go. So, Industry Canada. If you contact me, I can send you that link by province. Every province does it differently naturally. But you can search at the provincial level because obviously, we have provincial incorporation, a number of companies where you can go right in and search these companies. You can obtain their certificate of operation or their Articles of Incorporation and there are third-party companies that will do this for you, depending on what you need access to. And, I would say, at the general level, if you have a registered business, those are the first two places to start. Not all companies are going to be federally registered and/or provincially registered, but I would check those two places. But then I think you might even be shifting towards, again, depending on what the investigation is. And if you’re in Ontario, I’d be looking at court records to identify some of these companies, because a lot of the unregistered ones, you will find that they’re using a company name in their public records. In the US, it’s probably a lot more complicated, but there are similar tools there, but really what it comes down to is you have to make a determination. Are you going to scope in registered businesses and scope out the unregistered businesses and what we defined as a business right? Is it a mom-and-pop shop, or a company of maybe 50 people that are operating under a numbered company, but maybe publicly they use another name, maybe it’s their trademark name? So, I think that’s one of the things I was trying to get at with OSINT. You really have to be nimble and open to searching other areas and making sure that the data element that you’re given, say it’s a company name, that your company name is only going to have legitimacy in certain processes. And it’s up to you to find out what those processes are, and where it’s valid. So, I hope that helps, but certainly, contact me if you want those links directly.

 

Audience Question: Is data from a subscription service such as Dun and Bradstreet or Bloomberg considered OSINT?

Valarie Findlay: Yes, it would be. So, although, I would say, I would look at your subscriber agreement to make sure that you’re using that data in the allowable contexts per that contract. So, it is open source. And it would be something that’s available from other public sources. However, if it’s D&B, they may have a proprietary use of it in its current iteration. So, I’d say just be very cognizant of, if you’re getting data from any subscription service directly other than an OSINT service, be very cautious around what you’ve agreed to as a subscriber, and how you can use that information for your own purposes and your own publishing as well.

 

Audience Question: Are you aware of any AI/artificial intelligence programs that synthesize information and evidence? 

Valarie Findlay: I believe, I want to say Shadow Dragon and Flashpoint provide elements of AI. To what extent do they synthesize those data elements together? I’m not sure. I can certainly get back to you on that. I think, when we talk about the synthesis of two or more things, it gets rather complex. AI has come a long way, but it’s, it’s certainly not, at least not in terms of the OSINT tools, it’s not as predominant. So, I mean, there are different ways to create associations and trends without AI. AI just provides the machine learning or the generated learning element of that, so it’s going to generate. And then, you get into some ethical questions with AI, and the use of evidence that you may not be prepared for. So, I would say something you really want to research in the context of the investigations that you’re performing. And certainly, reach out to me, I can get a bit more information on Shadow Dragon and Flashpoint, but I believe both of them do have an AI element. But again, we get into some sort of uncharted waters. And I would say there is a, maybe, a legal assessment for sure that you would want to obtain if you’re moving this into judicial proceedings. Because you want to be really, really sure that nobody’s going to poke holes in the AI domain around the integrity of your evidence. If you know what I’m getting at?

 

Audience Question: Can you define the term offensive OSINT? 

Valarie Findlay: Yeah, so offensive is just like pre-emptive. So, you’re doing it in, so a good example is threat hunting. So, if you’re doing threat hunting or you have a Security Operations Center that you’re managing, you may employ offensive techniques that relate to scanning, particular actors, websites, or databases. Probably because you’ve already established that either you’ve been a target, or they have an interest in maybe one of your assets, so it’s purely just it’s really predominantly related to entities. So, you’re really just monitoring and scanning other appliances. It’s similar to passive in a way, I guess, but passive, you’re just looking at historical, what’s already been published, what’s already been digitized and made available to the public? Where things get a little bit dicey, as I mentioned with active. You’re dealing specifically with individuals typically, and you’re making contact. So, when you look at offensive, essentially you’re sitting back, and you’re letting a tool run and monitor and survey the traffic. Any elements data that you can ascertain in transmission legally. So, it’s I wouldn’t say an armchair activity, but it’s definitely more on the IT side of things. And the threat hunting side of things. Not to say that law enforcement won’t be doing this for various reasons, and maybe for their own internal systems as well.

Audience Question: Are you able to share any examples of OSINT project templates?

Valarie Findlay:  It depends on what you mean by template. So, if you’re talking about actual artifacts that you would develop within the project management process or the investigation process, I can certainly provide some to you if you want to shoot me an e-mail. They’re fairly generic, and they’re very, very similar to project management templates that you would use in a regular project. However, it is a little bit of a pick and choose. Because, depending on the size of the project or the investigation, you may use maybe 20 deliverables, 20 artifacts that you’re going to produce. In a smaller investigation or a smaller service where you have less resources. Maybe you’re going to take the priority ones. And there’s only three of them, because that’s really all you have the resources for, and it’s the biggest bang for your buck. When you think about those templates, those templates are just a way to manage your data, and it’s really around that project strategy, and planning. It’s all that information you want to get in there to cement your project and then you’re going to have templates that may or may not be produced by the tools you use. If they’re not, then that’s where, you might have some specific templates that you might need to customize, but there are certainly ones that I can send you that, basically capture that data and record it. So that once you created that, the final draft or that final version, that’s what you’re working off. So, certainly, feel free to reach out to me, and I’ll get some to you.

 

Click Here to Watch a Recording of Open Source Intelligence: Performing Research and Developing Findings.  

 

 

Additional Resources
3 years ago
Patrol Intelligence Officers: Intelligence-Led Policing in Action
Patrol officers are the ones that spend most time on the field so it makes sense that they’re able […]
3 years ago
Partner Webinar: Using Online Marketplaces for Valuable Open Source Intelligence Data
As we all move towards an online life, so are the bad guys and the crimes. From cybercrimes that put […]
5 years ago
Thoughts about Data from Mitch Volkart
Love this quote from GTL's Mitch Volkart, about the importance of quality data. "Success isn't me […]
5 years ago
Intelligence-Driven Strategies: Creating an Integrated Approach for Justice Agencies
The shift towards intelligence based practices rose post-9/11. From being a largely response-focused […]