tracking and analyzing evaluated intelligence
TRANSCRIPT
Tracking and Analyzing Evaluated IntelligenceAnalyzing the Unknowns, Discovering the Insights
Hong-Eng KohVice President (Corporate)
The Society for the Policing of Cyberspace (POLCYB)
Visiting ResearcherChina Public Security University
Global Lead, Justice & Public SafetyOracle Corporation
@he_koh
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Safe Harbor StatementThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Why BlackBerry Messenger was rioters' communication method of choice
7 Dec 2011
“Everyone in edmonton enfield wood green everywhere in north link up at enfield town station at 4 o clock sharp!!!!”
“Ah, who wants to buy rioting kits? Gloves, masks, petrol bombs: £5”Crime-Sourcing
The Independent 20 Apr 2015
• 8 counts of fraud• Posed as staff from Barclays, Lloyds and
Santander• Sometimes putting on a woman’s voice• Duped major organizations such as
Thomas Exchange Global• Over £1,819,000 Neil Moore
SocialEngineering
Prison escape via mobile phone highlights social engineering vulnerability 30 Mar 2015
“Moore created a fake web domain that closely resembled Southwark Crown Court service's official address in order to send bail instruction via email to the prison's custody inbox. After executing what I would consider to be the simplest of all Social Engineering techniques, he was released.”
SocialEngineering
US Government Agency Compromised by Social Engineering4 Nov 2013
2009: “Robin Sage” (The Security Blogger)Information and intelligence obtained from US military personnel
2011: “Emily Williams”“What else can happen outside of data being leaked over social networks?”
Emily Williams
15 Aug 2015
There’s a Will, There’s a Way!
Prisoners use Ministry of Justice laptops to mastermind £30m drug smuggling operation
South London's Wandsworth Prison
London Metropolitan PoliceFebruary 2015
• In 2014, over 6,000 cars and vans across London were stolen without the owners’ keys• That is an average of 17 vehicles a day• Represents 42% of all thefts of cars and vans• The majority of such thefts appear to be the result
of organized criminals using key-programing devices to create duplicate keys for vehicles
*source: http://content.met.police.uk/News/Drivers-urged-to-protect-vehicles-against-keyless-theft/1400029791185/1257246745756
• Possible vulnerabilities: Keyless ignition, Bluetooth, GSM, Wi-Fi, etc.
• Criminals learn how to circumvent modern immobilizer technology
Recent Car Hacking News• Hacker Disables More Than 100 Cars Remotely•Wreaking havoc on a Toyota Prius• Vulnerability within the GM OnStar mobile app • Hacking of the Tesla Model S• Chrysler Recalls 1.4 Million Cars After Jeep Vulnerability Exposed
July 2015
https://youtu.be/MK0SrxBC1xs
Man Attacks NYC Police With Hatchet; Authorities Probe Possible Terror Ties
Social-Enabled Terrorism
“Helicopters, big military will be useless on their own soil. They will not be able to defeat our people if we use guerilla warfare. Attack their weak flanks…”
Suspect’s posting:
23 Oct 2014
“Free this week for a quick gossip/prep before I go and destroy America?”
“3 weeks today, we’re totally in LA pissing people off on Hollywood Blvd and diggin’ Marilyn Monroe up!”
Social Stupidity
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 13
What’s Happening? Big Data in Action!
SocialNetworking
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 14
Trends: Different Uses of Intelligence
Criminal Intelligence
Criminal intelligence to prevent, detect
and solve crime
Social Media
Monitoring social media
for public order
problems
Borders
Advanced risk Profiling
of passengers
& cargo
Safe Cities
Monitoring all aspects of
a city (e.g. video,
sensors)
Cyber Security
Monitoring the network and counter
social engineering
Financial Intelligence
Detecting money
laundering and
terrorism financing
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 15
Trends: Different Data Sources
HUMINT
Human Intelligence,
from conversation,
interview, interrogation
GEOINT
Geospatial Intelligence,
from satellite, electro optics, video
VIDINT
Video Intelligence,
from cameras
(fixed, mobile,
wearable), UAV, social
OSINT
Open Source
Intelligence, from openly
published contents including
social
SIGNIT
Signals Intelligence, from CDR,
IPDR, machine
log, interception
FININT
Financial Intelligence, from bank,
financial institution, remittance
house, ePayment
SOCINT
Social Intelligence, from social:
can be public or
private (i.e. warranted
data)
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 16
Comprehensive Big Data Architecture• Capture all your data• Perform discovery on data• Develop analytic models
across data warehouse and data reservoir• Deploy models based on
streaming data• Analyze and
operationalize results
Accelerate this Process
Scale to Many Use Cases
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 18
BuildingAttack
DrunkPerson
Turkey City of Izmir
• SOA• Service Bus• BPEL• Oracle Event
Management• WebCenter
Portal• Database
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 19
UAE Abu Dhabi Police
Turkish Police
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 20
Identifying person who is relaying messages to others
Finding common Suspects who areinvolved in multiple location event
Identifying people sharing a handset or using multiple SIMs on one handset
Comprehensive summaryof Suspect’s activities
Identifying groups whoare working together
Finding call patterns and people Suspect is calling and their linkages
UAE Dubai Police
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 21
Identifying others whois within vicinity of a Suspect
Monitoring movementof Suspects
Intercepted Target – findinghis linkages to other Suspects
Eliminating Falsepositive Suspects
Finding Suspects whomatch patterns of behavior
Monitoring call patterns to International locations
UAE Dubai Police
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 23
US Customs & Border ProtectionAutomated Targeting System (ATS)
• Rules based decision support system• Data sources: government and public• Historical data and trends analysis• Deployed for air, land and sea travel• Massive volume of data• Identify high risk targets• Faster clearance for low risk
traveler/cargo
Source: Internet
National Targeting Center
• Exadata• Exalogic• Exalytics• Discovery
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 24
Oracle Big Data Appliance
NoSQL DB Driver
Application
HDFS, Hadoop, CDH
Map ReduceORCH - Stats
Map ReduceHive - Activities
Map ReducePig - Sessionize
Cyber Information Discovery
Complex EventProcessing
Expert SystemDecisionEngine
Cyber Real-time Analysis
API/NBI SIEM/SOC
Mass Analysis\Algorithm
s Layer
Probe/Switch
LAN
Probe/switch
Real-time Access
Batch Processing
System M
onitoring & M
anagement
Big Data Based Cyber Intelligence• DPI-based Router (Deep
Packet Inspection)• Network Behavior
Anomaly Detection (NBAD)• Analytics & Reporting
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 25
Big Data Based Cyber Intelligence
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 26
@he_koh
linkedin.com/in/hekoh