CyberHumint refers to the set of skills used by hackers, within

cyberspace Cyberspace is an interconnected digital environment. It is a type of virtual world popularized with the rise of the Internet. The term entered popular culture from science fiction and the arts but is now used by technology strategists, security ...

, in order to obtain private information while attacking the human factor, using various psychological deceptions. CyberHumint includes the use of traditional human espionage methodologies, such as agent recruitment, information gathering through deception, traditionally known as

Humint Human intelligence (HUMINT, pronounced ) is intelligence-gathering by means of human sources and interpersonal communication. It is distinct from more technical intelligence-gathering disciplines, such as signals intelligence (SIGINT), imager ...

, combined with deception technologies known as social engineering.

Background

Intelligence gathering involves a range of specialized approaches - from

Signals intelligence Signals intelligence (SIGINT) is the act and field of intelligence-gathering by interception of ''signals'', whether communications between people (communications intelligence—abbreviated to COMINT) or from electronic signals not directly u ...

(SIGINT), Imagery Intelligence (IMINT), Measurement and Signature Intelligence (MASINT), and Geospatial Intelligence (GEOINT), to

Open-source intelligence Open source intelligence (OSINT) is the collection and analysis of data gathered from open sources (overt sources and publicly available information) to produce actionable intelligence. OSINT is primarily used in national security, law enforceme ...

(OSINT). In many cases, information collected from human sources is still considered highly reliable by intelligence analysts, especially while transforming a collection of disparate data strands into an actionable prevention plan. Mark Lowenthal, a leading intelligence thinker, argues that traditional HUMINT is still considered a crucial element in intelligence, that can significantly tilt the balance of power. CyberHumint methodology was first coined by Ed Alcantara AFX DBI in Feb 2010. Amit Steinhart argued that the cooperation between skilled HUMINT experts trained with specific HUMINT capabilities, and computer security specialists, who apply "social engineering" techniques, is one of the main advantages of CyberHumint. Steinhart offered a new model of information security strategy that imports concepts from HUMINT

espionage Espionage, spying, or intelligence gathering, as a subfield of the intelligence field, is the act of obtaining secret or confidential information ( intelligence). A person who commits espionage on a mission-specific contract is called an ...

, and combines it with social engineering strategies, such as the usage of avatars for agents operating in cyberspace, or information and disinformation spreading through cyberspace. HUMINT experts often argue that in comparison to the relatively young social engineering concept, HUMINT practices, which had been developed for many years by professionals working at national intelligence services, hold the higher ground in terms of experience, technologies, and practices. New form of cyber capability was created when the technical capabilities of computer experts were combined with the intelligence experience of HUMINT experts.

Strategy orientation

CyberHumint is aimed to effectively defend organizations against APT (Advanced Persistent Threat) attacks. In the beginning of the 2010s, organizations such as the American NSA and British

GCHQ Government Communications Headquarters (GCHQ) is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance (IA) to the government and armed forces of the United Kingdom. Primar ...

have started to invest significant resources into acquiring technological and intelligence capabilities, to help identify cyber aggressors and assess their abilities and tactical skills. Recently, information security has shifted from building firewalls to build systems, in order to provide real-time intelligence. Most near-future scenarios suggest that organizations who fail to adapt to the systematic cyber approach will find themselves in a critical situation. In 2011, Andress and Winterfeld drew the attention to the fact that while cyber security experts can deliver extensive reports on Internet risks, most of the alerts are still general, unspecific and do not actually meet the expectations of the specific organization. In addition, cyber security companies locate hackers or cyber attackers only when the attack is already in progress or worse - after a given system has already been damaged or compromised. The majority of cyber security defenders currently use automatic network scans as a routine measure. A human analyst becomes involved only at the final stage of data-gathering, which means the bulk of the available data will not be analyzed in real time.

Hackers and CyberHumint

The majority of cyber security companies has no access to human operators within the

Dark Web The dark web is the World Wide Web content that exists on darknets ( overlay networks) that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communica ...

. Hence, they do not benefit from the key input of informants and agents provocateurs. These companies do not apply the methods of agent recruitment and agent management, which various national intelligence organizations have developed and used effectively for years. New information technologies allow hackers to acquire the upper hand in any confrontation with the targeted organization. A case in point is APT ñ Advanced persistent threat, which in impact and devastation equals to a military strike against a civilian entity. Many peripheral defense systems are not capable of recognizing indications of incoming attacks in advance, and cannot intercept the attack during its course. The majority of security systems can only acknowledge the attack after the damage has already occurred. Most organizations prefer to focus their security efforts on inward-facing protection strategies, in an attempt to prevent attackers from entering the organization's network. Their defense protocols are not designed to protect from attempts to exploit the organization's employees, who have become the main target for willful intelligence gathering. Personal behavior, compromising private situations, work habits, passwords and other private and business information can be easily harvested and used to facilitate an attack against the organization.

The interface between Cyber Experts and CyberHumint

The concept of CyberHumint allows cyber expertsCyberspace Is Not a Warfighting Domain, by Martin C. Libicki
/ref> and human intelligence specialists to use real-life human sources, both in the gt and within many public or secret online social networks and operating systems. By investigating authentic human sources, intelligence experts and cyber experts can explore the various possible aims of potential attackers and their abilities, by monitoring their electronic activities. Outcomes usually leave much to be desired. Attackers are only identified after the attack has started. In just a handful of cases did companies manage to alert their clients against a pending attack. CyberHumint involves recruiting human agents and deploying them with strategic efficiency to provide the organization with a clear, focused picture of likely threats and hostile actors with the intention of harming the organization. CyberHumint uses classic HUMINT tactics that had been practiced for more than half a century by the national intelligence agencies. It combines them with hackers' social engineering concepts. Using CyberHumint requires qualified computer professionals who are well-versed in the behavior patterns, linguistic nuances and conventions accepted within the Darknet, as well as other online networks and subcultures. Conversant computer experts and intelligence specialists work in synchrony to uncover indications of intent, long before it develops into an attack plan, so organizations can decide how, where, and when to expose or incapacitate the potential attackers.

References

External links

Human Intelligence (Humint) - All Humans, All Minds, All the Time

The future is behind us? The human factor in cyber intelligence: Interplay between Cyber-HUMINT, Hackers and Social Engineering

Examining the Need for a Cyber Intelligence Discipline

Cyberspace Is Not a Warfighting Domain
* {{cite web , title=UK Intelligence Has Endorsed Cyber Security Courses For Wannabe Spies , date=2014-08-04 , website=

Gizmodo ''Gizmodo'' () is a design, technology, science, and science fiction website. It was originally launched as part of the Gawker Media network run by Nick Denton. ''Gizmodo'' also includes the sub-blogs ''io9'' and ''Earther'', which focus on pop ...

, archive-url=https://web.archive.org/web/20160828165758/https://gizmodo.com/uk-intelligence-has-endorsed-cyber-security-courses-for-1615638319 , archive-date=2016-08-28 , url-status=live , url=https://gizmodo.com/uk-intelligence-has-endorsed-cyber-security-courses-for-1615638319
Cyber HUMINT Operational Planning

Is Everything Personal?: Political Leaders and Intelligence Organizations: A Typology
Human intelligence (information gathering)