The Australian bushfires and the Coronavirus outbreak are currently the talk of every media organisation in the world. Both events have led to demonstrations, challenges, heartache and massive financial losses. A number of people are questioning whether part of the impact has been as a result of eco-terrorists.

The FBI defines eco-terrorism as the use or threatened use of violence of a criminal nature against innocent victims or property by an environmentally oriented, subnational group for environmental-political reasons, or aimed at an audience beyond the target, often of a symbolic nature.

The new wave of extremists will be greens according to foreignpolicy.com. It discusses how any visit to environmentalist websites or blogs will yield an endless run of protests, demos, marches, and planned civil disobedience.

According to a representative the journalist spoke to from Friends of the Earth, an environmentalist group with chapters across the world, local anti-fracking groups have grown faster than anything he has ever witnessed in the green movement.

Irrespective of whether the current events have been influenced by eco-terrorism, government and corporations alike need to be aware of the potential threats and incorporate them into their risk management plans accordingly.

For over a decade, Insight Intelligence has been providing industry intelligence gathering to supporting corporations in understanding who and what are potential threats and how best to combat them. Governments and corporations need to know how to analyse the mass of information in the media and to prevent damaging events and disinformation that will damage reputations, production and the economy.

Climate change has become a cause célèbre across the globe. The rise of demonstrations and communications about the issue are major risks facing industry and governments. The Intercept reported earlier last year how eco-terrorism had become the FBIs number one domestic terror campaign.

The activities of eco-terrorists are typically two-fold. Firstly, from a direct perspective, for example organising demonstrations aimed at crippling commerce. Secondly, high-jacking communications surrounding an event, such as bushfires, and providing disinformation to cause damage.

The Australian bushfire disasters have seen a clear disinformation campaign according to Queensland University of Technology senior lecturer Timothy Graham. Even the well-respected publication, The Australian, ran an article that falsely claimed 183 arsonists had been arrested in the “current bushfire season” deflecting the arguments about climate change being a central cause.

As an ideology, climate-change is well accepted and so the actions of groups like Extinction Rebellion have strong support from the general public. For an organisation or individual to cause harm under the guise of climate change is comparatively easy. There are obvious activities like campaigning against coal mining as well as more subtle ones such as choosing a time and location for a demonstration that is specifically designed to harm an organisation.

Whilst not strictly in the ‘eco’ space, if the Coronavirus had been a deliberate act, and I’m not saying it was, it has resulted in a truly massive strike against the Chinese economy and the ability of its people to travel internationally. On 3 February 2020, the BBC reported China shares had suffered their biggest fall in four years, with the Shanghai index closing nearly 8% lower as investors weighed the impact of the outbreak.

As climate change activism continues to grow, so does the potential incidence of eco-terrorism. Behind many of the actions of climate change groups there is terrorism lurking. Corporations and governments need to be aware of potential threats and monitor the activities of organisations and individuals to help them develop the appropriate response.

Human Intelligence Applications and Methods

Successful companies win the hearts and minds of customers, shareholders and public opinion. When success starts to fade, it is often down to a lack of competitive business intelligence or intelligence being used more effectively by competitors.

There is a plethora of business information systems, with dashboards aplenty, offering to provide you with useful business analytics. These are all well and good, but with some human intelligence, and a little military know-how, you can gain an even greater competitive edge.
Gaining and keeping that competitive edge over competitors is a constant process, a bit like an endless war. It is hard to win the war if you do not identify and respond to threats by utilising competitive business intelligence methods and tools, in particular human intelligence.

Human Intelligence is an information collection discipline that, contrary to common belief, does not involve clandestine operations. “Intelligence is information that has been collected from open and sensitive sources that result in the production of value-added information available for use by decision-makers”

Information has a value, it can be tangible or intangible. Information can be stored or simply be an idea and every information has a source. The root source of that information is typically a person, not a piece of hardware or software.

Furthermore, we should define the ‘document’ related to the information in terms of its known source, author and validity.

Today’s internet driven world is an open market of information, accessible to anyone at any given moment. You can usually find as much as you’d like to know about someone and they as much about you at the touch of a button.

It is hard to hide information and the electronic collection of open source intelligence (OSINT) is usually combined with some data analysis software. We witness every day how, despite all this information, the global market can be unpredictable and volatile. Most corporations struggle to respond to critical situations and those that prevail have the right information about the product, company, country, economic situation and they know how to use it.

My military intelligence training showed me that gaining a winning competitive edge is not so much about super-fast computers and superior products, but about understanding the power of information and recognising the true value of key pieces.

Most large businesses deploy and utilise a vast amount of hardware and software to analyse open source information. The real question is whether that hardware and software can truly decide about Source reliability and Information Validity. Of course, they struggle and that is the point where the human intelligence discipline comes into its own.

When we talk about competitive business intelligence there are three types strategic, tactical and operational. Needless to say, the terms derive from military intelligence jargon, however some corporations will use more business terminology like forensic intelligence, field intelligence or investigative intelligence.

The three types of intelligence used by corporations, agencies, marketers and polling companies alike can be described as:

Strategic Intelligence – “seeing beyond horizon”, this type of intelligence provides insights which assist in creating responses, policies, procedures, marketing and sales. The prime usage of strategic intelligence is in creating successful long-term corporation objectives.
Operational Intelligence – is an intelligence product which support corporations in preventing fraud, IP theft and criminal activities as well as managing resources in order to achieve operational key objectives.

Tactical Intelligence – this type of intelligence supports immediate corporations’ requirements such as investigations or understanding a competitor’s move in the market which require an immediate response.

By adopting human intelligence as a part of competitive business intelligence in a corporation the process begins and ends with a decision maker. With the help of some military know-how, the human intelligence officer helps guide the decision-making process and highlight the truly key pieces of intelligence.

The result, the organisation is able to build and maintain a competitive advantage and have the winning edge over its competitors.

Mario Bekes
Director, Insight Intelligence

Human Intelligence Applications and Methods

By Mario Bekes, Director Insight Intelligence

Industrial espionage has been in the news again recently with various reports about Huwaei’s activities1. At a time when businesses are investing multiple millions of dollars in data protection systems, are they overlooking some of the most basic forms of intelligence gathering devices – humans?

One way or another, people are often responsible for a loss, often inadvertently. Military intelligence has long used activities, often termed ‘social engineering’, to capture sources of information. These activities have since been adapted by both government intelligence organisations and corporate intelligence.

Social engineering is the art of manipulating people to obtain confidential information such as gathering data about a product, the financial position of the company, future projects and its development. This can be done in person or electronically and activities range from social media engagement, networking with employees, chatting at the gym, posing as a buyer or investor, contacting relatives or friends, looking at discarded documents or recovering data from old IT equipment.

In today’s corporate world you might recognise many of these behaviours as standard networking activities. Indeed, one of the rules for intelligence operatives it is to utilise networking events as much possible in order to create their own sources of information.

This is not to say that all networking type activities are bad, but people need to be aware of the risks. This can be particularly hard to manage when it comes to ex-employees talking about sensitive information.

The weakest link in the security chain is usually the human who accepts a person or scenario at face value and unwittingly becomes the source of information from which no IT security measures will be able to protect your blue prints, ideas and products.

At Insight Intelligence, we’ve found companies rarely spend 1% of their IT security budget on policies, procedures, awareness and education to improve people security. Some of the simplest elements of what we term a ‘human firewall’ to implement are:

• Educate people about phishing and other dangerous emails
• Only allow certain people access to sensitive information
• Train employees to be aware of questions at meetings/networking events that may be suspicious
• Reinforce company polices about safeguarding company information (and having a policy in the first place)

A human firewall should be one of your first defences. Just ask Mastercard and Disney. They were lucky that Visa is a good enough corporate citizen not purchase the sensitive information offered by a catering employee about a major deal being discussed by its main competitor, Mastercard2.

No matter how many thousands of dollars are spent on your IT security, these risk management steps, aimed at people, will significantly boost the effectiveness of your human firewall. Thus, helping better protect your assets, the future of your business and the livelihoods of your employees.

1. https://www.wired.com/story/huaweis-many-troubles-bans-alleged-spies-backdoors/
2. https://www.nytimes.com/2001/03/22/business/food-worker-is-accused-of-corporate-espionage.html

All Intelligence is information, not all information is intelligence (Lowenthal, 2000)

Trash can be a valuable source of intelligence but how can it be of value and what are the dangers people and businesses need to watch out for? In this article, we look at how to structure the management of intelligence and what you need to know about Trash intelligence.

In today’s business and government environment, using intelligence is vital to make plans for the future and to predict, understand and spot/isolate threats. Intelligence consists of information, both tangible or intangible. These can be anything from blue prints, product information and client details to pricing and even ideas.

A vast amount of money is understandably poured into the IT sector in order safeguard intellectual property and other information. Often there is also an extensive effort directed to social media monitoring to learn who is who, who says what and to whom.

Despite the fact most information resides on clouds, servers and other forms of digital storage, we still print, make notes, and send messages, be it electronically or via paper.

What most companies and other sectors disregard is the Human Intelligence factor which also play a very crucial role in the society we live. One reason for this our focus on digital threats and ignorance about garbage. Garbage can be a very valuable source to people seeking intelligence.

So, what defines this garbage or trash? By trash we mean:

• rubbish or waste, especially domestic refuse
• seemingly worthless or meaningless material or ideas
• unwanted data in a computer’s memory

Purpose of the Intelligence Cycle

The Intelligence Cycle is designed to assist intelligence agencies and analysts to gain useful information that can help identify threats. More sophisticated criminals also use forms of the intelligence cycle, typically for extortion-based crime.

The Intelligence Management Cycle consists of 5 elements:

• Planning (deciding the key objective)
• Collecting (how, when, who, where and why)
• Analysing
• Dissemination
• Recommendations

The Intelligence Cycle differs from Counterintelligence due to its proactive approach, Counterintelligence is reactive in nature. The first step in the Intelligence Management Cycle is Planning. Planning is about deciding the key objective and then the Intelligence Management Cycle moves onto the next step of information collection.

There are a myriad of ways raw intelligence data is collected and then, through the intelligence cycle, it is analysed and converted into useful intelligence and presented to decision makers.

Trash Intelligence

This comes into play during the collection point of the Intelligence Management Cycle.

Typically, intelligence analysts (government, corporate or even criminal) will try to find the most inexpensive and reliable source of information.

Human Intelligence activity consists of different methods, surveillance, countersurveillance, intelligence operatives, informants, technical means, etc, and has one key objective that is to collect intelligence (information) based on the intelligence objective.

A method often overlooked, and one of the most inexpensive forms of intelligence gathering, is trash intelligence, or as we call it “TrashInt”. This is intelligence collection through searching someone else’s garbage or waste.

Most people will see garbage as having no value, hence it being considered trash.

There is a surprising range of things that end up in the trash, including tax file details, invoices, receipts, work documents, blue prints and digital storage devices. Trash intelligence includes digital items too. More than likely, we have all replaced our computer, phone or tablet. All digital devices contain data and this frequently remains on hard drives and devices. Research we carried out a few years ago found 15 out of 52 second-hand hard drives purchased on the open market contained highly sensitive personal data including bank account details, medical information and home addresses.

Trash Intelligence doesn’t only assist intelligence and law enforcement agencies in the profiling of suspects, but it can give criminals a considerable about of very personal or sensitive business data.

Legality of Trash Intelligence

In case you were wondering whether it is legal to search someone’s trash, if the bins are on a private/business premises then it is illegal without a search warrant. This is also true of secure, locked bins. However, once garbage is on a street or in a public premise, it is not illegal.

Conclusion

The most common approach in the protection of information, intellectual property and blue prints etc is through digital security. Clearly this is important, but we must not forget what the weakest link is often humans and what they leave unprotected.

Do not forget the human aspect. Understanding the way intelligence is gathered and used can assist in finding information or keeping it hidden. Not paying attention to your trash can make you extremely vulnerable to criminal activity that could easily find some of your most personal
information and use it against you.