The Importance of Geopolitics in OSINT
Geopolitics and their effect on cyber space is quickly becoming a key area to consider when conducting investigations, particularly when looking into corporations or organisations. The ebb and flow of tensions between nations and the corresponding actions that occur as a result, bring about the potential for increased cyber activity as well as physical threats to people and property.
Activity based intelligence is nothing new and has been used by companies & governments around the world for decades. However, with the rapid development of the internet and the troves of data that is uploaded to it every second, it is easier than ever for anyone to make informed assessments - all while sitting in the comfort of their home on the other side of the globe.
Consider for a moment, all that has been happening politically with the major players on the world stage, China - Hong Kong, Russia - Ukraine, America - Mexico, Britain - Brexit, the list goes on… All these events unfolding on the ground have concurrent events occurring online in real time such as cyber attacks and disinformation campaigns to name a few. They have a very real affect on how organisations conduct business in these countries, from mergers and acquisitions not being completed, to company employees being banned from travelling there. These and many more factors need to be considered when conducting investigations. Below I have listed a few helpful resources that will assist is producing intelligence reports or risk assessments based on geopolitical issues.
A lot of the resources listed can be found in the fantastic Start.me page by Travis Birch located here: https://start.me/p/rxeRqr/aml-toolbox?embed=1. It is a brilliant starting point for any investigation dealing with company and country risk.
The go-to website when looking to identify current global conflicts is Crisis Group. They are essentially an independent organisation that works to prevent wars and create policies that help build a safer world. The information present on the website is segregated by geographic region and country which makes it easily searchable, they also have a nifty visual map.
If you have the budget, purchasing a membership at Geopolitical Monitor is great for getting timely and relevant news on geopolitical issues. If you are like me and can barely afford to pay your bills on time, then just search the region, country or topic your investigating, copy the title into Google or your preferred search engine and off you go. The only negative for this method is that you cannot order the results by date so you will need to scroll through all results to find the most recent.
Another conflict focused resource is the Live Universal Awareness Map; again, with this resource you are able to look at specific regions and countries with live maps and news feeds. This is great for displaying on a second (or third) monitor. I have found this particular resource very useful with the recent events occurring in Hong Kong.
Unfortunately terrorism is now a part of daily life for many people around the world, in fact there was at a minimum 9607 terrorist incidents in 2018 alone. This number may come as a shock to many people and I am not surprised as a significant number of these attacks would not have received international media coverage. Nevertheless there are a fair few websites available online that track and record terrorist activity which is crucial to analyse for any risk based assessments.
Firstly we have the Global Terrorism Database, which is an open-source database including information on domestic and international terrorist attacks around the world from 1970 through 2018.
Secondly we have the ESRI Terrorist Attacks Map, which is an up to date terrorist attack map that uses crowd sourced data from Wikipedia to present a chronology of terrorist attacks around the globe. The data starts in 2016 and continues through until the present date.
Something that a lot of analysts or investigators overlook when performing risk assessments is the potential impacts of disease outbreaks. For example, you have a high-net-worth individual that has employed you to perform a risk assessment on a location they will be visiting, informing them of any viral or bacterial disease outbreaks in the region will allow them to seek appropriate medical advice and/or receive vaccination.
Another example is if there was an outbreak in a country/region where your employer is conducting business, think about how the outbreak could affect business. Is it a disease that impacts multiples species of animals including humans? What if your company has something to do with agriculture. How is it transmitted? Could shipping and transportation be suspended? How will neighbouring countries react? Are any borders closed? Are there appropriate policies in place to deal with an outbreak in the workplace? These are all very useful things to ask and will look like you have gone the extra mile when submitting your report.
Resources I use to gain an understanding on current disease outbreaks are the World Health Organisations ‘Disease Outbreak News’ (DON) page which lists the latest outbreak news as well provides an archive and links to regional pages.
I also use the not so pretty Outbreaks Map from the publishers of Global Incident Map. They also have a bunch of other maps that display incidents ranging from earthquakes to forest fires.
In conclusion, the importance of considering geopolitical issues when conducting an assessment or investigation cannot be overstated. The actionable intelligence that can be gained using the above mentioned OSINT resources has the potential to save money for your clients and more importantly, lives. Activity based intelligence is no longer an exclusive source of information for governments and intelligence agencies, now anyone can put it to good use.
I will be posting more helpful articles about OSINT, cyber security, threat intelligence and investigating on a weekly basis, so make sure you follow me on here and on my twitter @CassiusXIII
