Discussions in Deep, Dark, and Open. Monitoring The Social Discourse of Cyberattack, 10 Oct 2013
Discussions in Deep, Dark, and Open. Monitoring The Social Discourse of Cyberattack, 10 Oct 2013
Discussions in Deep, Dark, and Open. Monitoring The Social Discourse of Cyberattack, 10 Oct 2013
Oct 10, 2013 Jack Zaientz, Bob Bechtel, Matt Hollingsworth [email protected] [email protected]
COMINT intercepted communications, where sender/receiver is critical Adversarial influence operations & disinformation Requests for support (HA/DR supplies, intervention) Advertisement / movement of contraband (particularly cyber) Claims of responsibility for attacks Development of trans-national networks
political New Checking for the new SabPub malware in OS X http://t.co/wUK3A8rL hacktivists are #occupycanada #occupytoronto #occupyvancouver aware of new Soar Technology, Inc. malware version #occupymiami #occupydc
Researchers
Analysts need to Detect unknown items of interest & Assess source quality
Ecosystem where connections and profits are made when previously unknown parties find each other
The internet is used by to facilitate communication between anonymous or Soar Technology, Inc. 6/27/2013 previously unknown-to-each-other collaborators
Novelty Signaling
Combine novelty & cyberattack terms Novelty: new, novel, recent CyberAttack: access control, adware, arbitrary memory, bot, botnet, brute force, buffer overflow, buffer size validation, cache poisoning, ddos Recent experiment used over 300 term pairs to filter 1 year of twitter fire-hose to less than 5 cyber-relative tweets per day.
Community-specific language:
Communities use specific terminology that can be used for filtering, but its challenging to discover and results in combinatorics in filter definition
Communication Patterns:
Communities use stable communication patterns ; e.g. novelty signaling, shouting/#beaconing
Twitter Shout
Using multiple hashtags to make a tweet findable by target communities
Adversaries, collaborators, and at-risk populations want to be found. Soar Technology, Inc. 6/27/2013 But we need to be listening properly
Novelty Signaling behavior is common but analysts cant handle vast combinatorics with text-literal query interfaces
6 Soar Technology, Inc. 6/27/2013
Future S&T Develop next-generation analysis tools that ease burden on analysts and improve search results by leveraging social discourse structure
Are you a hashtag? If I tweeted this, would it reach you?
Important workshop on social media impacts on human security & military operations. Be there. #nato #onr #dhs #red cross #UNHCR #GDACC #social media #humansecurity #cybersecurity #resiliency #disasterrelief #civilconflict #crisisoperations #privacy
7 Soar Technology, Inc. 10/10/2013
10/10/2013