From HUMINT to Virtual HUMINT

The new frontier of Intelligence

By Antonio Teti

Professor of IT Governance and Big Data, University “G. D’Annunzio” di Chieti-Pescara

From Humint to Virtual Humint

Virtual intelligence, or virtual humint, as in the case of human intelligence (HUMINT), focuses its attention on the identification, recruitment, and management of human sources, but through techniques and methodologies that can be used in the virtual world. HUMINT, understood in its traditional form, can never be completely replaced by online digital technologies, as the need to have human sources able to access direct information is the best way for intelligence activities. Human Intelligence, however, presents some critical issues due to the research/presence of human sources in particular geographical contexts and high risk, an aspect that has always had high levels of danger. Another aspect, certainly not irrelevant, is the growing difficulty of being able to dispose of sources, equipped with a specific background and experience, in the areas and in socio-cultural contexts in which the necessary requirements related to intelligence activities are manifested[1].

A significant contribution to reducing these complexities that affect the collection of information can be represented by the use of virtual instruments usable in Cyberspace, a digital ecosystem able to ingest, without limits of any kind, information of any kind. However, considering that the collection of information within the network could be the key to the elimination of human intelligence, would be a very serious mistake. The proof of this lies in the activities of cyber espionage conducted, for example, against ISIS, which did not produce the astonishing results on the hopes of many intelligence agencies.

Historically, the development of VIRTUAL HUMINT (VHUMINT or CYBERNETIC HUMINT, as it is often defined in intelligence circles) began around the middle of the last decade, initially through the analysis of online forums, through the use of proper names or pseudonyms. Subsequently, we proceeded to create false identities (fake identities) in an attempt to disguise the real authors of the activities of intelligence, and consequently to the creation of groups dedicated to the study and analysis of the profiles to verify their veracity. Although these techniques are projected towards the assimilation of information within the network, they have not produced particularly striking results, also in consideration of the vastness of the instruments available in the virtual world and according to the different psychological approaches that push the individual to the use of the web and social media. The substantial difference between the traditional and the digitally conducted HUMINT resides, as it is easy to perceive, in the activities of the operative agents.

HUMINT is mainly made of direct contacts, aimed at creating a climate of trust, interactions with people who belong to circuits of interest, meetings to develop personal affinities, long-term relationships, tracking, surveillance, direct control of environments, etc. All this allows developing what in the intelligence environments is defined as “handling from a long-term perspective”, namely the development of a movement of the relationship on a long-term perspective, constantly monitoring the reliability of the relationship and the growth of the level of confidentiality. VHUMINT is based on relationships that are not necessarily permanent, that have a lower degree of commitment and loyalty, which do not allow levels of depth in the management of relationships because they are not based on a direct human bond. Furthermore, they are significantly affected by the many anomalies attributable to the peculiarity of anonymity on the network. HUMINT involves people within a physical contact, intimate and direct, with an emotional language that fosters connection and closeness, beyond the shared interests. The physical contact, eating and drinking together, sharing emotions and situations, are exercises that allow you to create a special connection, which contributes to the increase in motivation in the development of the relationship. In cybernetic VHUMINT sharing is based, on the contrary, on a strong convergence of interests.

If the level of commitment in HUMINT is higher since the direct relationship imposes immediate responses and actions that can also seriously endanger the management of the relationship, in VHUMINT the level of danger is greatly reduced due to the absence of time barriers and geographical. The digital world makes it possible to conduct a virtual contact that has only a few minimal similarities with a physical relationship. The advantage of a virtual relationship lies in the structuring of an interaction that involves minimal risks, thanks to the confidentiality and anonymity guaranteed by the Internet network. In the world of VHUMINT it is possible to recruit new agents and sources in different ways, and the choice is practically unlimited. Intelligence agencies can quickly locate them, based on techniques that can be applied to an endless pool of users. It is also possible to conduct a “step-by-step” recruitment and management activity (based on a series of particular steps), with relatively low risks and almost zero costs. Links with individuals and groups can be activated easily and without the dangers of physical contact. But the most innovative aspect of VHUMINT lies in the possibility to reach, without limits of space and time, a target audiences difficult to approach in any other way.

The virtual world offers useful tools, for example, for the conduct of investigative activities aimed at verifying the reliability of the agents to be recruited, in addition to the production of checklist questions for the conduct of interrogations. A hypothesis is the verification of the reliability of an individual who is subjected to an interrogation, which can be enriched with the analysis of the information he shared on the social media used (Facebook, Twitter, and Instagram), or other news that can be downloaded from the web. The problem of anonymous sources, therefore unknown, seems to become insignificant when information is destined to research and to the understanding of a phenomenon. On the other hand, it is undeniable that information, of any nature or provenance, is fundamental for the fight against a threat. Nevertheless, Cyberspace allows hiding, if not to vanish, in the sea magnum of information, disguising its identity through a myriad of nicknames, false profiles or severe entities, guaranteeing, in a determined manner, the communications and identities of the agents.

At one time they were entrusted with the task of managing paper messages, baggage, radio material, and codes to share with the sources, aspects that exposed them to incalculable risks and difficult to manage. Today it is enough to share a USB stick, some electronic mail account or profile on a social network to transmit large amounts of multimedia information protected by encryption algorithms that make the content inaccessible. But if the virtual world has reduced the “face-to-face” relationship, substantially reducing the risks deriving from direct contact, at the same time it has stimulated in a colossal way that part of active intelligence that can be transformed, however, into a short or long-term danger. The uncontrollable increase in false identities, rampant disinformation, the indiscriminate monitoring of network traffic, the unstoppable spread of malware, the continuous violation of user privacy, the development of network connection technologies better known as the Internet of Things (Internet of things), are just some of the pitfalls generated by the human mind for the achievement of purposes of various kinds. With VHUMINT it is possible to penetrate Cyberspace in search of information on people, situations, geographic and political contexts, inserting itself into forums, chats, e-mails, social networks, and the web.

Cybernetic agents can profitably conduct a wide range of online activities, for example, to recruit new agents or informants, to disseminate information aimed at conditioning public opinion, to create false rumors about a person to discredit / publicly accredit it (cybernetic shaming). By virtue of the peculiarities typical of the virtual world, the presence of cybernetic double agents, i.e. cybernetic agents that make double the game, is constantly increasing. In the Internet, the avatar image is very widespread because it can allow you to have an unlimited number of identities that can be spent in different environments and for other purposes. Over the past decade, US intelligence agencies have warned users about using avatars to conduct terrorist attacks (as in the case of Osama Bin Laden’s avatar), and for the recruitment of terrorists[2].

It is known the infiltration activity of the American and British intelligence in Second Life and Warcraft to verify the presence of terrorists who used the virtual environments mentioned to recruit new sympathizers to Jihad. Indicative is the study of 2008[3] (3D Cyberspace Spillover: Where Virtual Worlds Get Real), commissioned by the Director of the Office of the Director of National Intelligence (ODNI), which provides unique indications on the use of intelligence activities in games online. It should be noted that the disclosure of the classified study, which took place in 2014 at the request of the Federation of American Scientist under the Freedom of Information Act, takes place about a month after the disclosure of confidential documents conducted by the former employee of the National Security Agency (NSA) Edward Snowden, who claimed that US and British spies suspected that many online games were being used as “… a goal-rich communication network” that could provide terrorists with “… an easy way to hide” and to plan attacks[4], although in the final part the study confirmed that “… there is little evidence that Islamic militant groups and jihadists have begun to exploit extensively the opportunities offered by virtual worlds“. Contrary to the final consideration of ODNI, especially the Israelis, they have invested heavily in the development of avatars, also using them in the Deep Web, as witnessed by one of the spearheads of Israeli computer security: SenseCy[5], a leading company in the field of cybersecurity modal level that bases the information research activities through the massive use of avatars on the web, on social networks, and in forums. Through the use of false users, Netanya company analysts can extract an impressive amount of information on the planning of hacker attacks and proselytism for terrorist purposes. In addition to SenseCy, some US companies, such as Crowd Strike and iSight Partners, which collaborate on a regular basis with the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA), rely on the use of spy tactics based on avatars to conduct proactive activities aimed at countering cyber-attacks. In December 2013[6], SenseCy analysts, through the use of virtual humint techniques, have intercepted the first cyber-attacks in code #OpIsrael, planned by AnonGhost, a group of Tunisian hacktivists. In closed forums, AnonGhost has provided its supporters with a list of targets and tools to conduct attacks, including a self-developed malware called AnonGhost DdoSer. The technicians of the Israeli company, thanks to the previously used cyber intelligence activities, were able to collect and analyze the data relating to the malware before its release, thus activating the cyber defense measures aimed at rejecting the malware. What is shared by companies that use virtual humint techniques lies in the growing awareness that the capabilities of firewalls and systems protection software are less and less resolute. On the contrary, as analysts admit, through the use of social media intelligence and web intelligence activities, it is possible to design very effective preventive actions to counter cyber attacks.

About the Author

Antonio Teti is Head of the Information Systems and Technological Innovation Department of the “G. D’Annunzio “of Chieti-Pescara and professor of IT Governance, Cyber Intelligence and Big Data at the Master’s Degree in Economics and Management of the Department of Business Economics. Expert in Cyber Intelligence, ICT Management, and ICT Security, he has accumulated thirty years of experience in studies, research and consulting in public, private and government institutions. He has been a professor of Computer Science, Cyber Security, and Cyber Intelligence at several Italian universities including La Sapienza University, the Catholica University of the Sacro Cuore in Rome, the University of Teramo, the University of Foggia, The Link University, the LUISS University and the University of Calabria. He is a lecturer in Cyber Security and Cyber Intelligence at the School of Specialization for the Police Forces of Rome. He is a Technical Consultant in the IT sector of various Italian prosecutors. Author of numerous scientific publications he collaborates with several newspapers, magazines, and periodicals of the sector, and participates in national and international conferences and radio and television programs on national broadcasters as opinion leaders. Awarded several prizes and honors in science and institutions, he is the author of numerous computer books adopted by Italian and foreign universities and over 180 publications.

[1] Russell D Howard, “Intelligence in Denied Areas: New Concepts for a Changing Security Environment” (Joint Special Operations University, 2007), http://www.dtic.mil/dtic/tr/fulltext/u2/a495385.pdf

[2] Sara Malm, A Threat for the Digital Age – An Avatar Osama Bin Laden: U.S. Intelligence Warned Terrorists Could Create Virtual Jihadist To Preach and Issue Fatwas for Hundreds of Years, MailOnline, January 9, 2014, http://www.dailymail.co.uk/news/article-2536440/A-threat-digital-ageavatar-Osama-bin-Laden-U-S-intelligence-warned-terrorists-create-virtualjihadist-preach-issue-fatwas-hundreds-years.html;David Kravets, US Intel: Bin Laden Avatar Could Recruit Terrorists for Hundreds of Years, Wired, January 9, 2014, http://www.wired.co.uk/news/archive/2014-01/09/osamabin-laden-avatar

[3]https://fas.org/irp/eprint/virtual.pdf

[4] https://www.wired.com/2014/01/osama-bin-laden-avatar/&prev=search

[5] https://www.sensecy.com/

[6] https://www.ft.com/content/7f4e5d56-df64-11e3-a4cf-00144feabdc0