Make the most of digital data to improve security planning, writes David Purcell, founder and managing director of Netwatch Global, a social media and claims investigation company.
The growth in digital communications is often identified as a security weak spot, with the threat of cyber attacks, information leaks and cloud security causing many security professionals sleepless nights. However, that same growth in digital communications also offers the security industry a range of additional weapons that can be used to predict threats and improve security operations, offering valuable intelligence that can inform investigations, both before and after the event.
The challenge lies in harnessing that data: knowing where to find it, how to legally access it and interpret the findings to inform your organisation’s security planning. At Netwatch, we work with customers across the security, fraud and corporate sectors, helping organisations identify and quantify security risks and enhancing the power of open source data to inform their own security planning.
Used correctly, it can help with a wide range of security issues, from simply identifying individuals behind online profiles to tracking movements of goods and people across international borders. Better still, this desktop technology offers low-risk, cost-effective data that is legally admissible in court, without leaving behind a tell-tale digital footprint that could alert individuals being monitored to the fact. So, how does the technology work and how can it improve security operations?
Firstly, it’s important to be clear that all information sourced using desktop investigation techniques is drawn from open source data. This includes social media accounts such as facebook, twitter and instagram, though only accounts with security settings set to public can be accessed legally in this way. Data drawn from private accounts can not be used and would not be legally admissible.
While that may seem to be a significant limitation on the scope of desktop social media investigations, it’s important to remember that different applications and data sources have different data security settings, many of which make the provision of public data a key condition of setting up an account.
Similarly, people and organisations are constantly changing the security settings on data sources, including social media accounts. It’s relatively straight forward to set up alerts to let customers know when previously private ‘accounts of interest’ become public – even if only temporarily. So long as the account is public when the information is accessed, that data can be used by security professionals, even if the account was private at the time the initial investigation brief was provided. So, how can security teams be sure they are looking at the correct individuals?
The answer, again, is straightforward. Most digital applications require an email address when they are set up – both as a means to communicate with the account’s owner and also to identify who owns that particular account. This is one of the best ways for an investigator to ensure accounts they are looking at are attributed to the subject of the investigation. Our tools also enable investigators to go straight to that account – avoiding potential data protection pitfalls associated with viewing accounts that do not belong to the subject of the investigation. Where security work involves monitoring social media chatter, this can be particularly valuable information, allowing investigation teams to identify links between social media accounts, gathering information across all available sources, as well as real names and addresses behind internet pseudonyms.
Typical scenarios where this information could be useful to security professionals include monitoring internet chatter around protest activities or planned civil unrest. Pooling all available sources – even interacting with those sources in some cases – can help security teams quantify the size and likely impact of planned activities, scaling their responses appropriately.
Similarly, identifying the names and addresses of those involved in anti-social or criminal activities – and the extent of their involvement with that activity – can also provide invaluable evidence for court hearings or intelligence to authorities tasked with monitoring these threats.
One of the biggest benefits of the widespread adoption of mobile technologies since the turn of the century is in the amount of location data that is now available in the public domain. Whether through mobile phone records themselves or the use of location services in mobile apps – such as social media, cameras and internet search engines – the information it provides is invaluable to security, corporate and crime prevention professionals.
GPS and location services allow investigators to monitor individual’s travel patterns, both within the UK and across international borders. Careful analysis of this data can reveal patterns of behaviour that can be used to inform live investigations and improve the likelihood of successful operations.
For example, data obtained from mobile phone databases can help investigators identify where in the world a particular mobile phone is at any one time. As well as accessing real time data, we can also set up email alerts that inform investigators within 24 hours of a mobile leaving or returning to a specific country, informing surveillance operations. This allows security professionals to plan the timing of their operations to increase the likelihood of finding the individuals or evidence they need, investing in more expensive surveillance tactics at the times and places they are most likely to succeed.
Organisations already using these technologies include corporate businesses analysing the movements of gangs known to be smuggling illegal, counterfeit goods across international borders, and even criminal investigators tracking goods and people smuggling across international borders. In many ways, the use of location services is where desktop investigation services – such as those provided by Netwatch – really come into their own.
Where previously, monitoring the international movements of gangs and individuals required costly, time-intensive monitoring ‘on the street’, much of this work can now be carried out by specialist, office-based researchers located hundreds, if not thousands, of miles away. This removes a huge amount of the risk associated with getting close to the operation, and allows better planning for that risk when it does become necessary to have boots on the ground.
This approach also means more activity can also be monitored at any one time – increasing the likelihood of identifying security threats at an early stage and allowing interesting lines of investigation to be explored further without the weight of evidence that would be needed to deploy more expensive, time consuming surveillance techniques. As with all security activities, success comes in combining as many sources of reliable data as possible to identify the size and nature of the risk and the level of proactive or responsive security work required to combat that threat.
However, the very act of compiling that data can pose a security risk in itself; both to the organisation concerned if that data is leaked, and also to security operations if those being monitored become aware of that activity. Using a professional outside organisation is one way to do this, ensuring strict service levels are adhered too, though Netwatch also trains in-house teams in the safest and best ways to conduct open source investigations.
Gathering digital data certainly reduces the risk of monitoring operations being exposed at an early stage but it’s crucial that this is protected professionally too.
Again, we’ve developed a suite of specialist tools to carry out our work that are specifically designed to ensure no digital trails are left behind and that sensitive information can not be shared beyond the confines of the team or authorised customer personnel working on that case.
But there are steps security professionals can take to protect the integrity of this crucial data, which makes use of the very same technology too. Pre-employment screening is always big news in the security industry and this is another area that lends itself to digital applications, with specialist services allowing organisations to carry out professional screening before employment offers are made, making sure they recruit trustworthy, capable employees in the first place.
Tools used to monitor online activity can also be adapted for use inside organisations, helping those responsible for security to mitigate the risk of insider threat undermining their sensitive operations. At Netwatch we have worked with a number of companies to set up a red flag system to monitor online chatter and alert organisations to potential insider threat risks.
The digital world is often compared to the Wild West, with its relative lack of regulation and capabilities that seem to evolve far quicker than control measures needed to secure the digital environment. Yes, this is a challenge for the security industry – with many experienced professionals facing challenges today they could never have dreamed of when they first entered the profession – but with that risk comes real opportunity too.
The challenge for everyone is to take ownership of the digital landscape, harnessing the specialist knowledge of experts in this area to deploy low-risk, time and cost-effective tools that can enhance security planning and investigations, creating a safer environment for all.
Visit www.netwatchglobal.com.
