What is tradecraft?
The term Tradecraft refers to processes, tools and skills used for intelligence gathering. And while there are many methods for collecting, sharing and storing information and evidence, modern-day investigators are increasingly relying on online sources. They use the internet to conduct research on individuals and groups, uncover facts about people’s and organizations’ finances, background and current activities, and follow up on clues about suspected fraud, computer crime, and other threats. This article refers mostly to tradecraft that’s applicable to online investigators.
Why it is important for online investigators to protect their tradecraft
Financial fraud, cybersecurity intelligence and law enforcement are some of the dominant drivers for online investigations. However, the practice of specialized online research has been expanding into dedicated teams that tackle fraud and brand misuse, corporate security and the emerging practice of trust and safety.
Understandably, the IT management and cybersecurity policies that oversee these teams block access to untrusted sites, leaving much of the deep and dark web off-limits, or with extra hurdles for entry. Yet those are hotbeds for criminal activity, and can be critical areas of research. Accessing unsafe online territory, though, often creates friction between analysts and IT, in addition to both cyber and real-world risk.
But even when necessary sites can be accessed, an often bigger and more complicated problem is concealing an analyst’s identity and intent. Everything you do online — the sites you visit, the browser you use, the way you browse, the device you’re on, where you’re searching from — says something unique about you. With enough details, adversaries can understand who you are, the organization you represent and the mission at hand. They can then act to thwart or threaten your work.
To ensure successful, secure investigations, controlling the details of your digital fingerprint has become a vital capability. In this paper, we’ll look at how managed attribution delivers that control and minimizes risk in online investigations.
Common risks to online investigators’ tradecraft
- Intelligence and evidence gathering: For federal, local and private investigators, building case files on specific targets, preserving chain of custody and evidence integrity is crucial. Tradecraft can fail without an airtight infrastructure and total anonymity.
- Trust and safety: Protecting web communities from harmful impacts may require online socializing with bad actors, making it essential to have an ironclad false digital identity to minimize risk.
- Fraud and brand misuse: Analysts need to rapidly identify and mitigate fraudulent activity targeted at a brand and its customers. All too often, fraudsters get tipped off and even retaliate.
- Financial crime and compliance: While payment card fraud, money laundering and related activities are escalating, many investigators are unequipped to follow leads to all corners of the web.
- Security intelligence: Whether investigating cyberthreats, malware, phishing, war- gaming or even physical threats, analysts face sophisticated adversaries who are likely skilled at uncovering online identities, and may respond with malicious attacks.
How managed attribution helps minimize risk and perfect tradecraft
Managed attribution gives you all the benefits of misattribution, but in a uniquely tailored and safer way. What should you look for in a managed attribution service?
The right purpose-built solution gives you the power to improve the results and impact of your investigations with capabilities that enforce tradecraft best practices, including:
- Isolate online research: Ensure your personal and everyday business browsing is separate from your investigative work. It’s key to avoid specific actions and behavior patterns that can be used to identify you, and erode any intentional misattribution you’ve put in place. A managed attribution service (such as Silo for Research) enables you to use the same computer every day, but isolate your investigations in a securely anonymized, cloud-based environment.
- Manipulate your online appearance: Like a physical undercover agent, your online identity needs to blend in as appropriate to your investigation. Your solution should enable you to change your location, time zone and language settings to align with the region of your targets. You’ll also want to avoid standing out by using that region’s most common search engines and social media networks, and conducting searches using terms in the local language.
- Use disposable browser sessions: To minimize attribution risk, start fresh each time you browse. At the end of each session, have a system that clears all cookies and tracking data, erasing any evidence of your device or your online activity.
- Automate for efficiency and productivity: Your managed attribution solution should make it safe and easy to work efficiently, such as scheduling jobs, automatically downloading sites for later research, capturing content in isolation, as well as built-in tools for translation and audit trails you may need.
Safe and anonymous access to all areas of the web
Increasing the success rate of investigations relies on secure, anonymous access to credible information. Minimizing risk is key — and that requires a solution purpose-built to protect analysts, organizations and the integrity of data collected as evidence.
A managed attribution service like Silo for Research conceals identities during online research, providing the anonymity and access investigators need. From financial fraud specialists to corporate security or trust and safety teams, to law enforcement, analysts can more safely, easily and efficiently conduct anonymous research to maximize productivity and improve their tradecraft.
To learn more about tradecraft for online investigations, see: