xorl %eax, %eax

HUMINT in the age of cyber

leave a comment »

For the last few years I have been spending significant amount of time learning, researching, and evaluating different intelligence disciplines for use in the cyber/online domain. One of them was Human Intelligence (HUMINT), and no I don’t mean social engineering, more like adapting traditional HUMINT for cyber intelligence operations. At some point in 2020 I got the opportunity to present some of my findings from this research in a private conference event.

There are many TTPs from traditional HUMINT tradecraft that can be used equally effectively in online intelligence collection operations. I cannot publicly share this slide deck but here is a rough overview of the topics I talked about in that private conference from 2020:

  • Definitions/terminology
  • HUMINT examples as a cyber collector and as a cyber defender
  • Preparation (cover story, infrastructure, OPSEC measures)
  • Deep dive in the two main HUMINT collection approaches
    • Elicitation
    • Recruitment
  • Frameworks – theory & practice
  • How to select your approach
  • Key takeaways

Although I cannot share the content, I can share the some important recommendations in case you are performing, or you are interested, in online HUMINT.

  • Your security is the first priority. Remember that you are dealing with either criminals or intelligence professionals.
  • Don’t limit yourselves in any framework, use them as guidelines.
  • Humans change, don’t assume what you used in the past will still work in the future. Do your assessment.
  • Know (and set) your limits. It’s easy to end up doing criminal activities if you don’t.
  • If you are doing that professionally, make sure you have all required legal sign-offs before starting.

In case you want to get this one step further and perform Information Operations (IO) by exploiting the human nature, I highly recommend you to check out this leaked slide deck from GCHQ’s Human Science Operations Cell (HSOC) which goes through the Online Covert Action Accreditation (OCAA) program the Joint Threat Research Intelligence Group (JTRIG) was setting up in 2012-2013. It covers:

  • Introduction to online HUMINT
  • Introduction to online Influence & Information Operations
  • Introduction to Computer Network Attacks (CNA) & Disruption operations

A video presentation of it is available here. It’s slightly outdated, but it has some really good foundations.

Written by xorl

April 1, 2021 at 16:47

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s