July’s OSINT News: US Intelligence Champions AI, North Korean Recruitment Scams, and the Online Payment Fraud Boom
Welcome to our July Digest!
It’s a familiar adage that shrewd scammers are always one step ahead of the law. And it’s certainly true that criminals are constantly searching for ever more sophisticated methods and new technologies in their attempts to steal money and cover their tracks. For instance, Deepfake imagery is now being used to apply for remote work then hack into corporate IT networks. Such breaches demonstrate both the level of criminal ingenuity at play as well as the immense challenges posed by these shifting criminal innovations.
However, no matter how skilled a criminal actor is at cloaking his online activity, erasing all data points is practically impossible. Every individual has an extensive network of connections which details their online presence – a picture we refer to as a digital footprint. These are huge networks of data points and can span all domains of the datasphere from the Surface to Dark Web. And OSINT technologies have become a crucial tool mapping out footprints and connecting criminals with crimes.
Let’s take a closer look at the latest global developments.
US Intelligence: The AI-Future of OSINT
Following recent studies on the possible use cases of AI within national security, the US Defense Intelligence Agency has concluded that machine learning will be to its greatest advantage when used in parallel with OSINT.
Although AI will likely be able to simulate human activity in the future, its best assets at present focus on collecting, structuring and preparing colossal volumes of data for intelligence analysts. Thanks to ML algorithms, such oceans of diverse data can be compiled and analyzed in a fraction of the time it would take to achieve manually. To date, the CIA has already employed AI with OSINT for news monitoring and alerts. It’s also been utilized as a connecting channel between HUMINT (Human Intelligence) and OSINT, facilitating intelligence that makes use of all available sources.
US Intelligence is not alone in its reasoning. Wired magazine has recently claimed that the increased use of open-source data is key to superior AI, as big data is essential for the algorithms to make quantitative judgements. The scale and relevance of open data is something that simply can’t be engineered through classified material.
And it’s not just intelligence bureaus that are benefitting from AI processes – it’s now essential for various spheres, not least the financial sector. According to a recent survey by Revinitiv, the respondent financial institutions with an annual revenue of more than $1bn all made use of AI to a greater or lesser extent.
The future is already here, depending where you look. Through the use of natural language processing and image analysis, OSINT solutions such as SL Professional already boast sophisticated AI modules that deliver the precise information required for effective investigations.
North Korean Scammers Land a Big Catch through Phishing
In our February digest, we detailed some innovative tactics employed by North Korean scammers. Well, the latest wheeze coming out of the region has taken things a step further. Hackers are now posing as IT recruiters within the NFT marketplace, to hack into the credentials of upper-tier developers, and by extension, their products. After taking control of private blockchain keys that ran gaming platform Axie, scammers were able to extract all the crypto stored within it – an amount worth around $540m.
So how was this possible? Well, the ‘recruiters’ identified potential ‘candidates’ through online profiles such as LinkedIn – individuals who potentially possessed access keys to the target blockchain. Then, following a fake interview stage, ‘candidates’ were sent lavish job offers on PDFs with encrypted malware. Anyone who opened the PDF got a lot more than they bargained for.
Guarding against such well-developed phishing tactics isn’t easy, but modern OSINT solutions can employ sophisticated algorithms to pick up on any digital profile inconsistencies relating to the scammers. If OSINT had been employed by Axie, they could have dodged a very costly bullet.
Online Payment Fraud is Set to Explode
Online payment fraud is set to reach $343B by the year 2027, according to a new study from Juniper Research. Compared to last year’s figures, which ‘only’ reached $20B, this forecast is staggering.
Common fraud methods such as account takeover or identity theft are presently one step ahead of current identity verification tools. Scam tactics exploit the likes of money transfers, crypto wallets and online purchases, with the physical goods trade making up 49% of the total losses.
Encrypted security measures such as address verification and multi-factor authentication really should be employed wholesale to guard against this oncoming tidal wave of fraud. But also, by analyzing past instances, it may also be possible to preempt and counter future operations. By scouring all the subtlest connections to a known fraud, OSINT tools can weed out the real identities and nip the next scam in the bud.
Fact of the Month
A Privacy Affairs report has just concluded that the cost of complete identity fraud is a mere $1,115 for the would-be hacker. Obtaining an individual’s account details not only provides access to potentially reams of sensitive personal information, it also allows a scammer to forge fake IDs and legal documents such as passports and drivers’ licenses. And scammers unable to cough up the full amount still have plenty of options, with a variety of similar ‘products’ available to suit all budgets:
An exploding growth rate has left the online gaming sphere vulnerable to cyber-criminals, including financial fraud, extremism and money-laundering. Discover how OSINT tools can be employed to uncover and trace connections between accounts and user groups, making detection possible in real time.
A sophisticated new scamming technique for corporate IT network hacking has been uncovered by the FBI. The scheme involves using video Deepfakes, stolen IDs and synthesized audio to apply for remote jobs. The central aim here is to gain access to a company’s IT network before siphoning off money and sensitive information. Although most employees are wise to fraudulent email requests, the use of AI is making it increasingly difficult to tell the difference between authentic videos of real people and deepfakes.
The quota for US military innovations is set to almost double next year, from $42.9 mln to $81 mln. This huge increase comes in tandem with a 10% allocation to AI- and ML-based OSINT technology of $8 mln. This demonstrates that the utility of AI-driven OSINT approaches are not lost on major powers.
The US Cyber Command has appealed to private tech companies for intelligence to be shared in the interests of improving national cybersecurity. Executive Director Dave Frederick has stated that those on the front line need to provide info regarding their own experiences of cybercrime, so new forms of malware and other hacking tactics can be identified as soon as possible.
What are Deepfakes? How are they created? And how can you protect yourself against them? Manipulating video images has grown into one of the most sophisticated methods of modern digital scamming out there, and has fast become a significant problem. Discover how they’re made and what you can do to combat them. Thankfully, modern OSINT software like the SL Professional can quickly determine whether media is authentic or not.
And that rounds up the July digest! Keep an eye on our blog for all the latest news and insights for all things OSINT.