Analytics Brief: Can we win the war against hackers, terrorists and criminals?

Digital Marketing Lead, Public Services Sector, IBM Analytics

Pundits attribute the agility of today’s threat actors to technological advances. We’re hit on all sides by increasing crime, advanced cyber attacks, intricate fraud schemes, random terrorist attacks and even homegrown terrorism. In a recent article on cybersecurity in The Guardian, Professor John Walker, a lecturer at Nottingham Trent University, was quoted to say that cyber crime as a service is big business—and governmental, police and business communities are way behind in their efforts to thwart cyber threats.

Taking advantage of technology

With sophisticated criminals seemingly winning the cyber threat war, what can governments, cities, law enforcement agencies and even citizens do to create a safer planet? The Internet of Things, connected devices, increased dependence on mobile devices and social media create security gaps and provide a hotbed of platforms for criminal activity. How can we utilize these advanced technologies to our advantage? This question and those that follow highlight my discussions with security experts in a recent Analytics Brief: 

  • What responsibility should private organizations and the public take to stay ahead of ISIS?
  • How can we utilize new data sources such as social media to improve threat intelligence?
  • Is predicting threats possible, including those from homegrown terrorists, cyber threats and fraud? How can we better manage and minimize these threats? 

Morgan Wright is a Senior Fellow at the Center For Digital Government, former Senior Advisor for the US State Department Antiterrorism Assistance Program, and primary author of the OneDOJ concept of operations and DOJ’s strategy to share law enforcement information.

For the public, the answer is simple. Report suspicious activity and behavior. How many attacks could have been prevented? Some of them could have been prevented, especially individually inspired attacks such as what happened in Orlando, Florida; San Bernardino, California; and maybe even in Nice, France. For private organizations, it depends. If you are a social media company such as Facebook, Instagram, Twitter, WhatsApp and so on, you have an absolute moral, ethical—and increasingly legal—obligation to prevent the posting of terrorist material and propaganda.

You will never achieve clarity in understanding the threat until you have clearly defined the enemy. That approach is more of a policy issue. However, we can understand some things about how terrorism operates to help us identify more quickly and precisely the quality of our intelligence. The usual pattern consists of the following elements: 

  • Broad target selection
  • Specific target selection
  • Intelligence and surveillance
  • Pre-attack surveillance and planning
  • Attack rehearsal
  • Actions on objective
  • Escape and evasion 

I think this understanding has changed, and technology—smartphones and apps, video, social media and so on—has enhanced the ability to achieve some of these steps without physical presence, such as target selection. For example, Google Earth significantly reduces the risk of being spotted physically when conducting surveillance of a location. We need to think differently about the threat, instead of the traditional failed approach of looking for a needle in a haystack. We need to quit trying to make the haystack smaller, which is a waste of time. Use a bigger magnet. Data, social media, patterns such as the planning cycle just mentioned, habits and so on can allow us to better identify early indicators.

Of course, predicting threats is possible, but you cannot stop all of them. Data can help illuminate behaviors, actions and indicators that define how vulnerable a person, company, business sector or country is to any of these threats. That definition begins with policy. If you haven’t clearly defined the problem, then any answer will do. I talk about policy, behavior, technology. If you want to better manage and minimize any threat, define the policy first, train for the behaviors you want to achieve based on that policy and then deliberately apply the technology to support the policy. There are no shortcuts in this world of instant gratification. 

Michael Goedeker is an author and researcher at the front end of cyber warfare, espionage and crime, and he researches for academia, press and security professionals globally.

We live in a connected and dynamic world that works well for international business, but unfortunately it also works well for criminals. Daesh—a new name for ISIS—has adopted new technology to attempt to scare the world at large. This tactic brings us to a disturbing use of hybrid warfare that highlights again why I and others in the security community share knowledge for protection, creating awareness and deterring terrorists and thugs. We are all responsible for defense and security, and knowing the enemy and understanding the threats as well as the risks are part of our job in security. A threat can be hacked infrastructure or distributed denial of service (DDoS) campaigns on utilities. As a society we must embrace security awareness and training as a part of global security responsibility.

I have moved beyond threat intelligence and have created the world’s first risk information platform engine (RIPE), one that analyzes multiple data and what I call an open source risk intelligence ecosystem (OSRIE). Threat intel is the simple collection of honey nets put through open source mathematical—and not proprietary—algorithms. Risk intelligence requires understanding how threats evolve into risks. This approach is the new norm in my opinion. CyberVue does exactly this. Threat intelligence is so 1980s; new attacks require new thinking. Understanding emerging risks means using multiple data sources, standardizing that data and using it to identify, categorize and stop risks from happening—at least to a better degree than is possible with commercial solutions currently in the market.

Mitigating risks requires actionable, standardized and qualified intelligence based on reality, Bayesian probabilities and neural network–based learning—or tweakable artificial intelligence (AI). Part of it can be automated, and another part exists that will always require human interaction and experience. The key to detection is finding that balance of real experience and better modeling algorithms. My research indicates that CyberVue is the next step in this direction. It’s not just about one solution, however, but about coordinated efforts to create, validate and research continuously into what, how and why threats and risks happen. In addition, great research back in the early 2000s into attacker profiles by Raoul Chesa and the United Nations Interregional Crime and Justice Research Institute (UNIRCRI) also predicted today’s threats using traditional profiling and forensic science. 

Shahid Shah is CEO, Netspective Communications, and a cybersecurity and risk management consultant.

If terrorists or criminals are using software, hardware or other infrastructure facilities provided by private organizations to further their violence or other harmful aims, then private organizations should hold themselves responsible to assist law enforcement and other communities combating them. Because the code and intellectual property in private organizations is opaque, only they can truly change their solutions to be more helpful. Private companies need to run machine learning or provide manual flagging tools and similar tools to understand how their systems are being used by criminals and terrorists. Slippery slopes exist here, but if lives are at stake we need to learn how to navigate those slopes.

This approach is not easy, but threat intelligence needs to be built into the software. Almost all major software has been retooled over the past few years to accommodate social media, and now that same social media functionality needs to accommodate threat intelligence. For example, many online communities allow flag as inappropriate or flag as spam next to comments and other content. Perhaps we need flag as criminal or flag as terrorist propaganda features. Creating a giant relationship graph of violent criminals and terrorists would be a great first step. Private companies need to take the responsibility to provide innovative ways of taking huge volumes of data and help law enforcement or other good guys combat terrorism and other violent crimes—not because it’s a legal requirement, but because it’s the right thing to do.

Accurate predictions of threats are of course still difficult, but we now have good enough directional pointers that allow humans to focus their attention on the right targets. Using machine learning, deep learning and AI techniques on unstructured conversations is possible to help with predictions; having relationship graphs that flag data would be even more useful. 

Scott N. Schober is president and CEO, Berkeley Varitronics Systems, Inc., and a cybersecurity expert.

Information sharing is fundamental to thwart extremists. In September 2015, The House of Representatives Homeland Security Committee published the Final Report of the Task Force on Combating Terrorist and Foreign Fighter Travel that lays out specific recommendations to counter terrorist travel. The report indicated that the US government should do more in sharing information on terrorist travel with international partners. The report also emphasized the importance of bolstering law enforcement so it could better handle the growing threat. Furthermore, the report stressed the importance of enhancing community awareness about the growing problem of youth radicalization. All these recommendations require sharing of information and resources between private law enforcement and the communities they serve to stay ahead of ISIS growth and attacks.

ISIS effectively utilizes the Internet to plan as well as carry out attacks by communicating securely and anonymously with their cells and agents around the globe. They continually use social media to spread their propaganda and encourage radicalism. When social media channels are closely monitored, much intelligence can be gathered, but this approach takes manpower, resources and some automation. Twitter claims to have already suspended 125,000 user accounts for “threatening or promoting terrorist acts, primarily related to ISIS.” New accounts are springing up every day, so media companies and the US government working closely together is vital to keep this mass influx of social propaganda at bay.

ISIS has attracted more than 25,000 fighters from outside its own territory and has developed a sophisticated Internet and social media presence. To effectively combat ISIS’s efforts and anticipate its next target, advanced algorithms used by security personnel need to diligently monitor social media, extract intelligence and share that information. Most cyber experts agree that ISIS is developing its online expertise to effectively hack and disrupt the national infrastructure. Successful disruption and hacking can quickly paralyze any nation.

Creating a safer planet 

In the face of mounting crime and threat attacks, is creating a safer planet a pipe dream? What can we do to combat and prevent both physical- and cyber-based threats to our nations?

Attend IBM i2 Summit for a Safer Planet to learn more about innovative and advanced human-led intelligence analysis solutions.

Learn how we can create a safer planet