tracking and analyzing evaluated intelligence

Tracking and Analyzing Evaluated IntelligenceAnalyzing the Unknowns, Discovering the Insights

Hong-Eng KohVice President (Corporate)

The Society for the Policing of Cyberspace (POLCYB)

Visiting ResearcherChina Public Security University

Global Lead, Justice & Public SafetyOracle Corporation

@he_koh

Copyright © 2016 Oracle and/or its affiliates. All rights reserved.

Safe Harbor StatementThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

2

Why BlackBerry Messenger was rioters' communication method of choice

7 Dec 2011

“Everyone in edmonton enfield wood green everywhere in north link up at enfield town station at 4 o clock sharp!!!!”

“Ah, who wants to buy rioting kits? Gloves, masks, petrol bombs: £5”Crime-Sourcing

The Independent 20 Apr 2015

• 8 counts of fraud• Posed as staff from Barclays, Lloyds and

Santander• Sometimes putting on a woman’s voice• Duped major organizations such as

Thomas Exchange Global• Over £1,819,000 Neil Moore

SocialEngineering

Prison escape via mobile phone highlights social engineering vulnerability 30 Mar 2015

“Moore created a fake web domain that closely resembled Southwark Crown Court service's official address in order to send bail instruction via email to the prison's custody inbox. After executing what I would consider to be the simplest of all Social Engineering techniques, he was released.”

SocialEngineering

US Government Agency Compromised by Social Engineering4 Nov 2013

2009: “Robin Sage” (The Security Blogger)Information and intelligence obtained from US military personnel

2011: “Emily Williams”“What else can happen outside of data being leaked over social networks?”

Emily Williams

15 Aug 2015

There’s a Will, There’s a Way!

Prisoners use Ministry of Justice laptops to mastermind £30m drug smuggling operation

South London's Wandsworth Prison

London Metropolitan PoliceFebruary 2015

• In 2014, over 6,000 cars and vans across London were stolen without the owners’ keys• That is an average of 17 vehicles a day• Represents 42% of all thefts of cars and vans• The majority of such thefts appear to be the result

of organized criminals using key-programing devices to create duplicate keys for vehicles

*source: http://content.met.police.uk/News/Drivers-urged-to-protect-vehicles-against-keyless-theft/1400029791185/1257246745756

• Possible vulnerabilities: Keyless ignition, Bluetooth, GSM, Wi-Fi, etc.

• Criminals learn how to circumvent modern immobilizer technology

Recent Car Hacking News• Hacker Disables More Than 100 Cars Remotely•Wreaking havoc on a Toyota Prius• Vulnerability within the GM OnStar mobile app • Hacking of the Tesla Model S• Chrysler Recalls 1.4 Million Cars After Jeep Vulnerability Exposed

July 2015

https://youtu.be/MK0SrxBC1xs

Man Attacks NYC Police With Hatchet; Authorities Probe Possible Terror Ties

Social-Enabled Terrorism

“Helicopters, big military will be useless on their own soil. They will not be able to defeat our people if we use guerilla warfare. Attack their weak flanks…”

Suspect’s posting:

23 Oct 2014

Social Media’s Role in Ya’an Earthquake Aftermath is Revealing

22 Apr 2013 New Witness Behavior

“Free this week for a quick gossip/prep before I go and destroy America?”

“3 weeks today, we’re totally in LA pissing people off on Hollywood Blvd and diggin’ Marilyn Monroe up!”

Social Stupidity

Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 13

What’s Happening? Big Data in Action!

SocialNetworking


Trends: Different Uses of Intelligence

Criminal Intelligence

Criminal intelligence to prevent, detect

and solve crime

Social Media

Monitoring social media

for public order

problems

Borders

Advanced risk Profiling

of passengers

& cargo

Safe Cities

Monitoring all aspects of

a city (e.g. video,

sensors)

Cyber Security

Monitoring the network and counter

social engineering

Financial Intelligence

Detecting money

laundering and

terrorism financing


Trends: Different Data Sources

HUMINT

Human Intelligence,

from conversation,

interview, interrogation

GEOINT

Geospatial Intelligence,

from satellite, electro optics, video

VIDINT

Video Intelligence,

from cameras

(fixed, mobile,

wearable), UAV, social

OSINT

Open Source

Intelligence, from openly

published contents including

social

SIGNIT

Signals Intelligence, from CDR,

IPDR, machine

log, interception

FININT

Financial Intelligence, from bank,

financial institution, remittance

house, ePayment

SOCINT

Social Intelligence, from social:

can be public or

private (i.e. warranted

data)


Comprehensive Big Data Architecture• Capture all your data• Perform discovery on data• Develop analytic models

across data warehouse and data reservoir• Deploy models based on

streaming data• Analyze and

operationalize results

Accelerate this Process

Scale to Many Use Cases


Big Data AnalyticsDemo


BuildingAttack

DrunkPerson

Turkey City of Izmir

• SOA• Service Bus• BPEL• Oracle Event

Management• WebCenter

Portal• Database


UAE Abu Dhabi Police

Turkish Police


Identifying person who is relaying messages to others

Finding common Suspects who areinvolved in multiple location event

Identifying people sharing a handset or using multiple SIMs on one handset

Comprehensive summaryof Suspect’s activities

Identifying groups whoare working together

Finding call patterns and people Suspect is calling and their linkages

UAE Dubai Police


Identifying others whois within vicinity of a Suspect

Monitoring movementof Suspects

Intercepted Target – findinghis linkages to other Suspects

Eliminating Falsepositive Suspects

Finding Suspects whomatch patterns of behavior

Monitoring call patterns to International locations

UAE Dubai Police


Australian Crime Commission


US Customs & Border ProtectionAutomated Targeting System (ATS)

• Rules based decision support system• Data sources: government and public• Historical data and trends analysis• Deployed for air, land and sea travel• Massive volume of data• Identify high risk targets• Faster clearance for low risk

traveler/cargo

Source: Internet

National Targeting Center

• Exadata• Exalogic• Exalytics• Discovery


Oracle Big Data Appliance

NoSQL DB Driver

Application

HDFS, Hadoop, CDH

Map ReduceORCH - Stats

Map ReduceHive - Activities

Map ReducePig - Sessionize

Cyber Information Discovery

Complex EventProcessing

Expert SystemDecisionEngine

Cyber Real-time Analysis

API/NBI SIEM/SOC

Mass Analysis\Algorithm

s Layer

Probe/Switch

LAN

Probe/switch

Real-time Access

Batch Processing

System M

onitoring & M

anagement

Big Data Based Cyber Intelligence• DPI-based Router (Deep

Packet Inspection)• Network Behavior

Anomaly Detection (NBAD)• Analytics & Reporting


Big Data Based Cyber Intelligence


[email protected]

@he_koh

linkedin.com/in/hekoh

tracking and analyzing evaluated intelligence

Technology