By Tim Wilson
MARCH 6, 2007
Would you know if one of your employees was giving away insider
information in a Web chat room? Would you know if a phisher was using
your company's email template to fake messages to customers? Or if a
competitor or reseller was misusing your company's brand to further
If you're like most companies, you probably answered "no" to all three
questions. True, all three of these are activities that take place on
the public Internet. But who has time to track all of that Web activity?
Increasingly, the answer is cyberintelligence companies.
For a fee, enterprises can now hire a third-party service provider to do
all of the legwork required to investigate the use -- or abuse -- of
company information on the Internet. Collecting this sort of data,
sometimes called "open source intelligence," can help organizations
understand how their data is being used on the Web -- and nip potential
security risks in the bud.
"One of the problems with leak prevention is that you don't know what
you don't know," said Terry Gudaitis, director of open source
intelligence at SAIC, in a presentation at last week's "Defending
Against Insider Threats" conference in Arlington, Va. "And you don't
always have the resources to find out."
Companies such as SAIC, NetFrameworks, and Cyveillance maintain staffs
of researchers trained to find potential security problems by surfing
the Web. Some of them focus on tracking the activity of specific
individuals, such as employees or prospective hires, while others orient
their efforts toward finding any misuse of a company's name or
information, including phishing sites or fraudulent endorsements.
The idea isn't a new one. Way back before there were computers, large
organizations and military units collected open source intelligence by
monitoring radio and local newspapers to help identify potential
security leaks or improper publication of confidential data.
With the emergence of the Web, however, there are many more outlets for
security leaks, because individuals can publish directly to the Web
without a middleman. Less than two years ago, the CIA opened the Open
Source Center, where government staffers do data collection and analysis
of blogs worldwide.
"A lot of blogs now have become very big on the Internet," noted OSC
Director Douglas Naquin in an interview with The Washington Times. "Were
getting a lot of rich information on blogs that are telling us a lot
about social perspectives, and everything from what the general feeling
is to... people putting information on there that doesnt exist anywhere
SAIC, which offers similar services for large corporations, spends a
good deal of time monitoring blogs and chat rooms for misuse of
corporate information, Gudaitis says.
"A lot of what we find is completely unintentional," Gudaitis says. For
example, teenagers with their own blogs sometimes discuss what they've
heard from their parents at the dinner table, and unknowingly give away
confidential information. IT people sometimes reveal confidential
information while seeking technical assistance on bulletin boards or
technology chat rooms. Some employees discuss their activities on social
networking sites, not realizing they could be violating company security
No matter what their initial intent, though, such leaks can cause
companies to expose themselves to attacks, or even run afoul of
"One of the things we can do is find out about the blogging habits of a
prospective employee as part of a background check," says Gudaitis. "If
a person is giving away information about their company in a blog today,
they might not be someone you want to hire tomorrow."
Monitoring blogs can also help warn companies when an employee is about
to go over the edge, Gudaitis observes. In one memorable case, SAIC
found the following blog written by an employee about its employer: "I
don't want to live, and those bastards shouldn't, either. I don't know
whether it would be beter [sic] to blow my brains out in front of them,
or take them with me -- Friday is good, will trash their fairy
weekends." The employee was subsequently approached, and went
voluntarily to a treatment facility for depression.
While this type of online research could be valuable to a company's
security, though, some experts wonder whether it oversteps the bounds of
privacy. "Should somebody in their 30s have to answer for a blog they
wrote when they were in their teens?" wondered Brian Contos, CTO of
ArcSight and author of Enemy at the Water Cooler. "It's something to
Outside the company, the uses of open source intelligence are less
murky. Companies can use the services to find out whether partners,
competitors, or phishers are using their data or trademarks illegally,
and how that activity might be affecting their brands. "That's
information that can help you not only from a security perspective, but
from a marketing perspective," Gudaitis says.
It's also information that doesn't come cheap. Open source intelligence
services can be expensive, costing in the tens of thousands or hundreds
of thousands of dollars, depending on the depth of research and
information the client requires. SAIC's open source intelligence
customers so far are generally in the Fortune 50, Gudaitis says.
Visit the InfoSec News Security Bookstore