Jeff Bardin, the prominent cyber security professional and consultant with enormous background in intelligence, risk management and information security, shares his expertise at Hacktivity conference, delving into the methods and tools for open source cyber intelligence.
Conference Host: It’s my honor to introduce to you our first speaker, our first “rock star”. His name is Jeff Bardin. Jeff was awarded for Excellence in the Field of Security at RSA Conference. And today he’s one of the most recognized experts of cyber crime and cyber security worldwide. He is currently the Chief Intelligence Officer of Treadstone 71. Jeff sits on the Board of Directors of Boston InfraGard, Content Raven, Potomac Institute for Policy Studies, Journal of Law & Cyber Warfare, and Wisegate. And he was also the founding member of the Cloud Security Alliance. So, he’s a very well-known security expert. Moreover, he’s an Adjunct Instructor at Utica College; he is an instructor of master programs in cyber intelligence, counter-intelligence, cyber crime and cyber security. Today, in his presentation, he will cover open source intelligence, and he will talk about the methods of cyber espionage, sock puppet creation, infiltration, data collection, and data analysis.
Jeff Bardin: Morning! I’m not really a “rock star”; I don’t look like it, do I? I don’t have long hair; I have a belly – most rock stars don’t. But he talks about my background in cyber security. There was a time a long time ago where I was actually fired from a job because I hacked a mainframe in a VAX/VMS system1. Anybody here know what a VAX/VMS system is? There’s a few of you; most of you probably weren’t even born when I was fired from that job.
Anyway, today we’re going to talk about open source intelligence, and most of you here are looking at the cyber security arena from a hacking perspective – that’s why you’re here at Hacktivity. But the things we’re going to talk about today are a little bit different than just plain hacking. It’s how you get in to somebody’s site, or someone’s forum, or Facebook sites, and become resident as a friend to them, and stay there for years.
Since around 2005, I’ve been creating sock puppets, and most of my targets have been cyber Jihadist sites. My background – I was in the United States Air Force and I was a cryptologic linguist in Arabic language, and so I’ve carried that forward into the cyber world and been able to create these different sock puppets out there, or cyber personas, to access their sites and actually become one of them for quite a period of time. So, today we’re going to talk about some of those things, and I’ll actually give you some things to take with you so you can actually do this yourself, if you so choose.So, today there’s a lot of different threats out there that we face (see right-hand image), but all of these are different types of threats that impact our cyber security. But there’s only one that we’re really going to talk about today that I believe covers all of these areas, and that’s actually Clandestine Cyber Human Intelligence.
That’s where we’re taking traditional spy tradecraft from the physical world and we’re applying it to the cyber world. And there’s a lot to be had in this area if you know how to go about doing it, so we’ll give you just a few tips today.When you want to go and start to become a cyber spy, you have to create your sock puppet, your cyber persona (see right-hand image). Some of the first things you do is you create email addresses, you create who you’re going to be. Has anybody here ever acted in a play or been an actor, anyone? So, if you’ve been an actor, you definitely understand that you have to fit yourself into the role. When you create these cyber personas, you’re going to create many of them; not just one, you’re going to create several of these personas. We’re going to talk about that as well.
We’ll talk about anonymity, just briefly, because you want to maintain anonymity about your IP and who you are online so that people don’t know who you are when you’re actually penetrating their site. We’ll look at some other things: prepaid phones, establishing Twitter and Facebook accounts, YouTube, LinkedIn, and establishing your persona across the Internet so that it really ties together, so if you’re publishing something on Twitter it follows up on Facebook, it aligns with your resume online, and all these different resumes.
Some of the things you also need to do is really understand your targets; historical, cultural, linguistic and political background, so when you’re online talking to them you can actually refer to things that make sense in their view.
So, those are some of the things we’re going to talk about, but the main thing when you do this is actually patience; it takes a long time. There are sock puppets I’ve had out there for many years, and these sock puppets are still active today, and I have some sock puppets that are very active in the Twitter world, that I’ve actually had interviews with the press through my sock puppets, so it’s pretty interesting, some of the things we’ve done.
But it also follows the cyber intelligence life cycle. Intelligence life cycle is: you get your target, and with your target then you start to collect information; you produce that information and organize it in such a way that you can actually analyze it, and then, when done analyzing it, you produce a document that comes up with recommendations and opportunities, which can actually feed back into the cycle.
1 – VAX/VMS system is a computer server operating system released in 1977, which runs on VAX-based families of computers.