This article is an excerpt from GovLoop’s recent report, “How Actionable Intelligence Helps Agencies Combat Cybercrime. Download the full report here.
Illicit communities pose significant risks to federal agencies and are known to support activities that directly undermine or interfere with government actions. These communities support fraud, cybercrime for financial gain, money laundering and other illegal activities that threaten national security.
Government agencies should work to gather intelligence to respond proactively to the communities’ activities. But obtaining information on cybercriminals and others in such communities to prevent or anticipate attacks is challenging. Agencies can find themselves charting unfamiliar territory if they lack the expertise and technology to automate secure and persistent data gathering within these communities.
It can also be difficult for civilian agencies to get permission to build the infrastructure and manage the intelligence operations process that comes with doing this kind of work. Among the issues agencies must consider are the regulations or policies that govern how they go about gathering intelligence on illicit communities.
“Some of our best employees have come out of the government, and they’re focused on these online communities from a different perspective,” said Brian Brown, Vice President of Business Development at Flashpoint. “But in order to gain intelligence on illicit communities you have to really go through some very strict controls that the government overlays on top of their department and agencies.”
Walking through those steps requires time and effort, and the challenge is finding a way to easily navigate within those illicit community spaces as a governmental entity.
Another challenge is building a staff with the correct perspectives to navigate illicit communities. A team with a wide view of these communities, with access to the right resources and with an expansive skillset to understand these groups, is a lot to ask from a specific department or agency. Although the Homeland Security Department (DHS) centralizes that responsibility, it has the added task of defending the entire .gov domain.
Addressing the Exploitation of Government Data and Systems
With all that takes place in illicit communities, agencies without visibility into them face heightened risk. But as we’ve noted, access to information on cybercriminals and other threat actors in these communities is difficult and dangerous to obtain.
Without the necessary expertise and technology to automate secure and persistent data-gathering, agencies attempting to gather such information will require a significant investment of time and resources, and they’ll risk exposing government professionals.
A better approach is risk intelligence accessed and analyzed by experts in penetrating these communities. This provides relevant context to organizations that typically lack the benefits of intelligence derived from illicit communities. Plus, using intelligence to respond to illicit activity will enable agencies to identify trends, and this level of intelligence empowers agencies to better investigate and defend against a variety of threats.
The recent arrest of a white supremacist in Pennsylvania who made dozens of online threats to minorities on the deep and dark web is an example of the efficiency of this approach. Flashpoint’s intelligence and expertise gathering data from illicit communities was critical to the discovery of the suspect’s online presence and true identity, and ultimately brought the severity of the threat to law enforcement’s attention.
To bridge the gap between the information needed to navigate an illicit community and the information agencies have access to as outsiders of that community, agencies should tap into the private sector’s capabilities.
The key, according to Brown, is establishing communication about the requirements to gather intelligence on these communities, both now and in the future.
All of the pieces of a puzzle are important when agencies are trying to identify the risks to their organizations by looking at things that have happened or could happen, and then putting the right controls in place from staff, solutions and policy perspectives.
Flashpoint’s ability to collect critical data on adversaries from surface web sources such as blogs, chat services platforms, and message boards, as well as illicit underground communities makes it a trusted partner. As that partner, Flashpoint supports federal and civilian agencies with finished intelligence, cyber observables, and technical indicators to help them better understand their risks and the intent of threat actors while also bolstering their defenses.
To learn more about how actionable intelligence helps agencies combat cybercrime, as well as best practices, download the full report here.