In this blog, a Fivecast Tradecraft Advisor explores how security teams can leverage publicly available information across the Surface, Deep and Dark Web to detect and mitigate online threats that may impact the safety of executives and public figures.
Executive protection, also known as VIP protection, refers to the security measures taken to protect high-profile individuals, such as corporate executives, politicians, celebrities, and other individuals who may be at elevated risk of harm owing to their status. The role of executive protection is to ensure the safety and well-being of the individual, as well as the protection of their property, reputation, and privacy.
Traditionally, the first thought that might come to mind when considering executive protection could include physical measures, such as close protection and secure transportation. While physical measures remain an important aspect of executive protection, security teams should also consider the digital environment; this is where Open-Source Intelligence (OSINT) can assist. OSINT refers to the collection, analysis, and dissemination of publicly available information, including online and offline sources such as social media, news articles, public records, and more. This information can be used to identify potential risks and vulnerabilities, as well as to gain a better understanding of potential threats, and the people being protected.
Use OSINT to track malicious communication online
OSINT is particularly useful in the context of executive protection. For one, it can help security personnel identify malicious forms of communication, such as harassment and threats of physical violence. Social media affords threat actors (often anonymous) a raft of opportunities to interact with and direct malicious communication at their intended target, especially those public figures with an overt social media presence, such as politicians, media figures, and sports personalities.
While much of this activity is intended to intimidate, amongst ‘the noise’, there could be credible threats of violence that security teams need to act upon – identifying the needle in a haystack, so to speak. This is a considerable challenge given the scale of social media and, in some cases, the sheer volume of malicious communication. For instance, a recent investigation by BBC News revealed that over 3000 offensive tweets were sent daily to UK Members of Parliament during a six-week period on Twitter.
Security teams will not only need to consider social media but also more niche or fringe corners of the internet, such as chat forums and messaging applications. These sources present additional complexities to access and monitor. However, a lack of content moderation and a perceived sense of privacy and security can encourage threat actors to speak more candidly about attack planning, providing a valuable source of intelligence for security teams.
Online exposure of Personally Identifiable Information (PII)
OSINT can assist security teams in identifying the digital footprints of those under protection, specifically the exposure of PII. PII can include residential addresses, email addresses, phone numbers, social security numbers, passwords, or other information used to identify or locate a person. PII is sensitive information that must be protected; however, in the hands of a threat actor, it can provide the means to escalate malicious intent, bridging the gap between the digital world and ‘real life.’
For executives and those in the public eye, receiving malicious communication online is one thing, but having a threat actor turn up on their doorstep is an entirely more dangerous proposition for them and their families. While many threat actors will choose not to act on this information, some may seek to intimidate by deliberately sharing or broadcasting PII to a wider audience, facilitating others to commit harassment or violence. This is known as ‘doxxing’.
For security teams working to mitigate the risk of doxxing and exposure of PII, prevention is better than cure. This should involve proactive threat assessments to identify PII and, where possible, assist with its removal. Some sources, such as people search engines, that draw upon consented PII may be obligated under privacy laws to remove it upon request of the owner. However, PII leaked through ‘breached data’ will often end up on the dark web, making removal nigh on impossible. Timely identification of breached data is therefore critical to mitigate the risk of exposure – security teams will need to advise their protected clients on remedial actions, changing leaked credentials, cancelling bank cards, etc.
Automated risk detection
Given the complexity of identifying threats and mitigating the exposure of PII that could elevate the risk to protected individuals, security teams increasingly require automated solutions that leverage AI and ML-enabled analytics to assist with this challenge. Fivecast ONYX provides user-configured risk detectors to help identify risky content in the collected open-source data and media, prioritizing it for analyst review. In the context of executive protection, this could include violent terms, quotes, or critical terms associated with the client, such as references to home addresses and other forms of PII.
Mitigate threats with OSINT
By harnessing OSINT, security teams can effectively identify online threats and mitigate risks to high-profile individuals. The proactive approach of conducting threat assessments and promptly addressing leaked information is crucial in safeguarding executives and public figures from the risks associated with doxxing and targeted harassment.
As the digital landscape evolves, security teams must stay vigilant and adapt their strategies accordingly. Integrating OSINT and automated risk detection technologies into investigations provides invaluable insights and enhances the effectiveness of executive protection efforts. By embracing these tools, security teams can better ensure high-profile individuals’ safety, privacy, and well-being.