Although the underlying principle of understanding ‘capability and intention’ and the objective of ‘forewarned is forearmed’ have not dramatically altered overtime, the sheer scale of intelligence available in the Open Source environment means that the greatest risk today is information overload rather than information scarcity.
It is in this context that in order to acquire and analyse asymmetric and potentially outcome-defining intelligence, analysts are required to think more laterally than ever and be able to draw both strategic and tactical conclusions from intelligence which may be independent and accurate as much as it may be deliberately misleading or presented through an emotional prism. SOCial Media INTelligence (SOCMINT) is one such instance of lateral thinking. FINancial INTelligence is another.
Social Intelligence: Turning Noise into Actionable Knowledge
It would be easy to dismiss SOCMINT as uncorroborated and with too many downsides to its use. After all, it is user-generated content with intrinsic user bias and liable to deliberate deception, from the innocent (overstating one’s importance, income, status or even exaggerating events) to the sinister (the dissemination of falsehoods presented as fact or news). Social Media is also comparatively easy for a bad actor to weaponise and turn against an adversary. But there is little doubt that, a mere 14 years since the launch of Facebook and less than 12 years since the launch of Twitter (just to name two platforms), developing an analyst-driven capability to exploit SOCMINT both for defensive and offensive purposes is becoming essential in nature.
In December 2017 the German Secret Service and in January 2018 the Swiss Secret Service separately took the step of publicly warning about the misuse of the business networking platform LinkedIn for espionage purposes. This particular warning pertained what is suspected to be Chinese state-sponsored espionage. In reality, it could’ve come from virtually any adversary familiar with the techniques used by romance fraudsters and confidence tricksters and sufficient cultural sensitivity to turn LinkedIn into a fertile ground for intelligence acquisition and sometimes manipulation.
When, in 2010, a group of British parliamentarians was caught up in a ‘cash for access’ sting where journalists (in time-honoured fashion, one might add) set up a bogus company complete with website to create a veneer of credibility and execute the sting it was the same parliamentarians’ lack of due diligence that left them exposed. Unless a social media profile or even the website itself was specifically created and left to ‘age’, in all likelihood the perpetrators would’ve created recent profiles. Linked with a small number of individuals. Some, most likely impersonated as well. Others, either at first or second degree connection, likely to be linked to ‘red flag’ nominals, such as journalists or researchers. And all this doesn’t take into account the power of networks’ algorithms which, sometimes inadvertently and always usefully for an analyst, can suggest connections opening up whole new networks, therefore assisting in the early identification of threats. Not forgetting the basics: after all, how many have set up a profile using a work email, an address containing the full name or even a nickname replicated across multiple sites and platforms?
Replace journalists for terrorists or any other potential disruptors and the power of networks combined with an analyst’s ability to identify key items of value (are plug sockets as seen in uploaded pictures consistent with the location? Is there any usable metadata? Is the language used consistent with the stated linguistic proficiency or even slang consistent with a specific variety of any given language?) and the principles above can take on a whole new dimension of security. Not to mention potential internal threats. Rogue employees, embedded investigators, saboteurs and the like.
Situational Reports are also greatly enhanced by the harvesting of SOCMINT although this is precisely the environment where an analyst’s ability to rapidly select the valuable and discard the inaccurate and the misleading (deliberate or otherwise) is an absolute must. As the Oxford Street ‘phantom terrorist incident’ of December 2017 clearly exemplified, all the social noise in the world and all the ‘influencers’, celebrities and citizen reporters out there – no matter how often amplified by third parties, some with sinister intents such as destabilising an adversary – still can’t magic up a terrorist attack out of thin air. Sorting the chaff from the wheat matters. And the ability to do so against a noise of media parroting the uncorroborated line can make the difference between achieving an outcome and failure.
And then there’s Profiling. Social Media may be about networks (and the examples above clearly show the importance of ‘panning out’ from an individual item of intelligence to the network it operates within) but for users it is also an image amplifier that can leave them exposed.
Is the subject an extrovert over-sharer? Do they display signs of seeking attention or validation? Is there a propensity to manifest political, social, religious views? Who do they engage with? And do they do so knowingly? And that’s without forgetting the basics. Where do they ‘tag’ themselves? Does that betray a pattern? Whether that’s a behavioural pattern (same place, same time) or an image pattern (they only ‘tag’ themselves in fashionable premises or premises that matter to their reference group creating a true or manufactured sense of belonging).
Financial Intelligence: The New Frontier?
The ability to turn intelligence into profiles that can be actioned upon is also a key benefit of FININT – FINancial INTelligence.
FININT is another discipline in its relative infancy and a much misunderstood one. Suffice to say for now it is not forensic accounting as some assume nor it is restricted to understanding financial matters. It is much, much more.
As the worldwide trend points to the decline of anonymous cash and the rise of electronic payments and some parts of the world (Africa springs to mind) may well jump directly on to electronic payments only, the body of intelligence being built up is phenomenal in both scale and depth. Undoubtedly, the main application of FININT to date has been in the investigation arena. From identifying a cash machine user close to the scene of a murder through their card number even in the absence of CCTV to understanding the deliberately opaque movement of funds that underpins money laundering and terrorist financing it’s not difficult to see the use of financial data for investigative purposes. And then of course there’s the not insignificant matter of corporate records, both legitimate and leak-driven (Panama and Paradise to name two) and the networks they can open up.
But there is more. Financial data can be used to track the movement of parts needed to build explosive devices or the smuggling of weapons. Less dramatically perhaps, it can be used to understand the commonalities between networks of entities. Do two seemingly unconnected individuals spend money at the same time at the same premises on a regular basis?
They may not be so unconnected after all. Or is the same person ‘owning’ multiple companies all sharing the same address and links to, for instance, terrorists? Then this person is either of interest or a front. Effectively, a due diligence force multiplier.
FININT can also help build that all-important profiling.
Take payment card data for instance. What may appear to be a dreary list of transactions opens up a window on to a target. Do they spend beyond their means or are they thrifty? Where do they spend their money? Is there a pattern to it? Where is the repeat spend? And if planning a surveillance job, where am I likely to find them at a given time? Do they create a heat map just by spending? Do they spend at premises that may leave them open to compromise? Do they have a weakness or secret? The answer to all questions is traceable just by analysing what appears to be nothing more than a ledger. And if an operative’s work is to protect an asset then perhaps ‘mixing up’ patterns that an analyst on the adversaries’ payroll may identify could be a life-saving move.
As security and defence continue to evolve to a domain where the private sector is expected to play an extensive role it only played to this extent prior to the State taking over defence and policing in the early 20th century and late 19th century respectively, it’s important for the sector to understand that without new, asymmetric intelligence today’s asymmetric threats cannot be understood let alone mitigated or tackled head-on.
Adversaries today actively seek to deceive and maximise plausible deniability; from the ‘Little Green Men’ in Ukraine to insurgents dressed as women or activists mingling with crowds in conformist clothing following the trend of football fans who, to avoid police detection in the 1980s would dress in expensive sportswear giving rise to the ‘casual’ phenomenon. As today’s adversaries but also benign sources of intelligence often communicate in emojis and shun traditional media, wire each other funds through ‘peer to peer’ mechanisms outside of traditional banks, traditional methods of acquisition and traditional analysis no longer provides the edge they used to.
As threats evolve, so should our approach to intelligence. Embracing new disciplines within it is crucial in remaining on a par with our adversaries, whichever form they may take.
By: Albert James Galloni
Albert James Galloni is an analyst who specialises in OSINT, SOCMINT and FININT. His diverse experience spans across financial crime, counter-terrorist financing, due diligence, investigations, advisory to selected investigative journalists and security. He is the director of Interoperable Services Ltd (www.interoperableservices.co.uk) a British Private Intelligence Company leveraging intelligence disciplines holistically for diverse outcomes, including Security and Defence, Surveillance and Profiling. Albert can be contacted at firstname.lastname@example.org or LinkedIn www.linkedin.com/in/albertjamesgalloni/