The use cases for online research have exploded in recent years and have become critical practices not just in government and law enforcement agencies, but also in commercial organizations of all sizes. We look at the impact online research has, what are the risks to those who perform sensitive research and what needs to change in the practice.
Episode Notes
MATT ASHBURN
The better the research, the better their protection, right? That’s really why we wanted to create this podcast because online research really is the intersection of a number of unique challenges that are out there.
[MUSIC]
MATT ASHBURN
Hey everyone. Welcome to NeedleStack, the podcast for professional online research. My name’s Matt Ashburn. I’m an online cybersecurity practitioner and recovering CISO and I’m here with Jeff. Jeff?
JEFF PHILLIPS
Hello everyone.
I’m Jeff Phillips. Thanks Matt. I’m a tech industry veteran and curious to a fault.
I’m super excited to do this podcast with you on a weekly basis, Matt, since it’s all about conducting online research. And today, I’m excited for us to kind of set the stage on what the podcast is going to be all about and what we’re going to cover. From what do we mean by online research and why does it matter? What’s the state of online research and where’s it going to head? And then most importantly for our listeners, I think, how can we do it better? So Matt, let’s start there. I mean, how can we get better at doing online research?
MATT ASHBURN
Well, there’s a lot of things we can do, right? One is to make sure that we’re aware of the tactics and techniques that are out there that we can take advantage of. That’s really important.
That’s part of what we hope to accomplish with this podcast, right? So that’s really the point of this podcast is how we can make research better. We created NeedleStack to help showcase those techniques and tools and all those real world stories and help share those to improve the ability for folks to perform online research, as well as increase the quality of the investigations and hopefully some efficiency, and keep yourself and organization protected while you’re doing all this research work. Nowadays, a lot of tools are available, right?
And in many cases, lots of tools today that we didn’t have before, better tools we’ve ever had, but the total amount of information is also much great than it ever has been. And it can seem like you’re looking for a needle in a stack of needles, hence the name NeedleStack.
That’s why it’s called that. Because research is really tough. Doing online research really well is even tougher. And that challenge grows bigger every day and we need to be much smarter about using the wealth of information that’s out there.
JEFF PHILLIPS
And that makes a lot of sense to me. I, in my day job, get to talk to a lot of different organizations, different practitioners that have to do online research. And it’s amazing to me how many different types of people have to do things that are safe, do them securely. That there’s issues here. I mean, when we’re talking about people researching across whether it’s the surface web, the deep web, the dark web, but they’re all trying to find information, different connections that are all around achieving a goal.
And that can be what you’d expect. So law enforcement doing criminal investigations, could be in the financial sector, dealing with fraud from financial fraud up to money laundering in the… I’ve talked to people in the security operations center. So cybersecurity specialists where they’re dealing with threat intelligence and different things that are impacting the company from that perspective. Things like trust and safety teams that are all about protecting online user communities. So they’ve got to do a lot of sensitive research. We see lots of stuff going on in the social media space these days.
Even just from, I’ll call it, plain corporate research, but that it’s got different elements. If you’re dealing with things like intellectual property or companies that are considering doing M&A activities or protecting executives. So they’re online researching, which, like I said, I like to do on Google myself, but it’s got a different level to it.
MATT ASHBURN
Yeah, and that’s true. And the other thing to note there is that the industries, I guess, that you listed there, the job titles that you listed there, very few of them have research or investigation in the job title, right?
So you mentioned security operations centers. Most of my career was spent standing up cybersecurity operations centers around the government. And that’s an important component doing research, making sure they have the right information at the right time so you can do the rest of your job successfully.
So even if research isn’t in your job title specifically, it’s still an important component of the job that you do.
JEFF PHILLIPS
Absolutely. That makes a lot of sense.
I even heard people talk about it from an OSIP perspective for any of our people that come into this from an intelligence community perspective. So open source intelligence for those that are really professional about doing online research. That’s not where my world is compared to those other types of users, but definitely different sets of skills here in terms of online research. So, what do you think? What matters when you’re talking about this? Why is online research so important for these different teams, these different groups, these different roles?
MATT ASHBURN
Yeah, it all goes back to protection, right? And the examples you gave, whether you’re a law enforcement officer doing a criminal investigation, or somebody working as a fraud analyst preventing some kind of financial fraud, or maybe a trust and safety analyst that’s trying to prevent misinformation or disinformation or abuse of a platform.
All of those involve protection of end users, citizens, very sensitive data businesses themselves, brands, or victims of crime in some way, right?
So preventing crime, preventing bad things from happening and trying to protect people, right?
And that’s incredibly important. There’s a very high impact there to the end users, to your employer, to the victims of crime, depending on the scenario.
And the better the research, the better their protection, right? And that’s really why we wanted to create this podcast because online research really is the intersection of a number of unique challenges that are out there.
And it’s increasingly important in the use cases that you just mentioned. Trust and safety is a big one that we’ve seen that’s relatively new and it’s growing rapidly, such as battling misinformation that may be out there including foreign adversaries, or maybe trying to interfere in elections, all the way to counter terrorism and just sort of fraud as well.
It requires a mix of skill levels, right? Because you have to hire very quickly.
So you may have people that have varying skill levels and some of these use cases are very new. And the commercial side of the house in use cases may be newer. People could be coming from different backgrounds and let’s say in the government sector or the law enforcement sector. And so you’re going to have different levels of trade craft sophistication as well.
JEFF PHILLIPS
That makes a lot of sense. You have those different skills. If I think about a few of the stories I’ve heard from some of the practitioners out there, it made me realize that there’s potential impacts too, be it retaliation against the organization or against a given analyst or researcher. We’ll tend to use the researcher analyst investigator interchangeably, but whether sometimes getting presented false information, some examples. I’ve literally spoken with someone working at a social media company that was doing some of that kind of trust and safety activity that was around counter terrorism.
Ended up off of that platform spending time in different forums, different sites, looking and trying to understand what was going on in their platform. Long story short, based on where they were going, they didn’t know they were being watched by a federal agency. And one day a knock on the door and the FBI shows up to try to understand, why are you hanging out in these different places, right? So that wasn’t swatting the sense of the police showing up guns a blazing, but it could go that way or not as bad that we’ve heard customers that are simply dealing with issues of getting presented false information or block from information on a geographic basis.
We had one where you go back to the sock, trying to find out this fishing campaign in a certain part of the world and everything looked fine to them. They couldn’t figure it out versus someone being able to appear in region and see, ah, it looks totally different if I look like I’m in that part of the world. Even seeing that around malicious ads, right? So companies dealing with fraud and brand misuse where we had an airline that I talked with where it was not really efficient campaign in the sense of going after credit cards, selling people tickets to Hawaii that really didn’t exist.
But again, it was happening in a certain region of the world. And every time they would go to the site from where they were and their IPS are getting blocked. So lots of things impacting their ability, people’s ability to do this type of research. And there’s a lot of potential impact. So, you’re a little deeper into this than I am, a little more technical, when you’re doing this kind of research, what all do you need to be thinking about? What should you be concerned of, be considering when you get online and you do this type of research?
MATT ASHBURN
Yeah, there’s a lot of things there. If I could break into buckets, I’d say first is understand the risks, right? Make sure that you’re aware of what information can be out there that you need to access. But the other side of that is the risk that that information or access that information can present such as leaking various data about yourself unknowingly, right?
So there’s lots of data that’s being collected in the background and all those things, and how that data is leaked and how it can be compiled and how it can be used against you or thwart your investigation is really important to understand. How it can be potentially disastrous your investigation in some cases, right? Whether it’s prematurely alerting a target to an investigation or receiving disinformation perhaps, or getting blocked completely.
And then secondary to that or second in line with that, I guess, would be improving a trade craft to counteract those risks, right? So knowing how to blend in properly.
And not to get too far ahead of ourselves, we’re going to get into that in the next episode, very heavily, how to blend the crowd and some strategies about that. And part of that includes using the right tools for the right job, right? So, what tools can support your trade craft as an online researcher? And also how best to leverage them to increase your efficiency, but also your effectiveness. And so we’re going to go through a lot of that stuff during the course of the podcast.
JEFF PHILLIPS
That’s going to be really interesting too, especially if we can address, like you had said early on, different levels of skills, right? I’m sure there’s people in a security operation center that really understand that and how to cloak themselves or protect what they might leak online compared to someone who maybe is an expert in doing actual some types of investigation as we were talking about in the trust and safety world. They’re very good at that part of the job, but they’re not an IT or a security type of specialist.
So when you take that mix of people that have to do sensitive research online with mix of skills and then bring in some of those ramifications, which you mentioned from impacting the company to impacting myself from a retaliation perspective, we’re just spooking someone away.
That makes for some interesting dialogue over our weekly podcast. So, I’m looking forward to it. If we can help people improve how they do their research, do it faster, do it better, do it more securely by showcasing tools, techniques, that’s where I’m going to have to learn from you, right? So I’m not the expert there. I do have a lot of stories and getting to talk with people, but I’m really interested in diving in. So the actual tools and techniques that’ll help from the beginner to the expert in conducting research properly, if you will.
MATT ASHBURN
Yeah, that’s going to be some really great conversations that we have coming up in the podcast.
And by the way, if you liked what you heard today, you can subscribe to our new show wherever you get your podcast.
So you can watch episodes on our YouTube channel. You can also view transcripts and our episode info on our website, which by the way, is Authentic8. That’s Authentic with the number eight.com/NeedleStack. So that’s all we have for you today. And we’ll be back next week with more on the risks of online research, including what’s in your digital fingerprint and how you can control it. See you then.
[MUSIC]
Mask, protect, and accelerate your digital investigations
See Silo Workspace in action
Request a Demo
Mask, protect, accelerate, and manage your digital investigations
Silo places you in-region and in control