“Anyone can deceive us …. for a time”
Tom Clancy, Cardinal of the Kremlin
The spy novels of the cold war perhaps provide some of the most evocative and enduring imagery of espionage. A world of dark alleys and trench coats, meetings at train stations, sleeper agents, deception and secret cameras and bugs. The world of Le Carré, Fleming and Clancy has been endlessly repeated – and of course parodied – deep into our collective consciousness.
Espionage and counter-intelligence in their modern forms continue to shape the world in which we live, as hostile actors vie for information superiority; gaining economic or political advantage, or use the same covert networks to exert malign influence within a greater goal of soft power.
Well-resourced nation states can spend years positioning undercover human agents into a foreign country to collect intelligence, or develop complex technical cyber attacks to acquire gigabytes of valuable intellectual property on the latest advances in vaccine development, aerospace and material science, or policy making – without setting foot in a country at all.
Some are even known to routinely use these capabilities to acquire compromising or embarrassing material – so called ‘Kompromat’ on their adversaries – which they can leak on the web or to an unwitting press at the right time to exert their influence.
Not since the cold war have intelligence agencies been so necessary to protect the national advantage and monitor emerging threats from hostile intelligence gathering operations. Increasingly aggressive actors including traditional nation states, emerging powers, terrorist groups, organised crime and lone actors increasingly use these methods to scale up their understanding of the world, threatening economic wellbeing and global security and eroding our national advantage,
As the number of these groups has broadened and the array of technology at their disposal to carry out espionage and covert intelligence gathering has expanded, so too must the response from those who seek to defend against it.
This is not just a matter for shadowy government agencies. Spies from hostile entities have interest in all manner of civilian and private networks. Almost no public or private sector entity is exempt from the possibility of infiltration by hostile foreign agents. Critical infrastructure can be targeted as part of an attack to undermine resources. Supply chains are at risk – particularly during an emergency pandemic responses. High growth technology companies producing new advances in artificial intelligence or robotics are an attractive target. And so too is personal data of any staff member with access to privileged or sensitive data systems.
Even your and your parents’ social media accounts may not be safe – as intelligence agencies are increasingly tasked with online propaganda and misinformation campaigns to interfere with foreign elections, democractic processes and exacerbate political divisions.
The solution to this new wave of espionage is to equip government agencies, global companies and financial institutions with new tools that enable the identification of these threats, providing a holistic, joined-up view of the intelligence threat so that defensive measures can be implemented.
We have deployed Ripjar’s Labyrinth Investigations platform to intelligence analysts all around the world, to enhance the integration of counter intelligence, security and cyber data feeds so that investigators can see a more complete view of how systems or networks have been potentially compromised by hostile actors. This type of data fusion is essential to the future of counter-intelligence work where groups operate seamlessly between the real and virtual worlds.
Using technology pioneered in the banking sector, such as entity resolution – uniquely identifying individuals in large volumes of data – we can help spot the tell-tale signs of an undercover alias, suspicious entities who have entered the country under different names, or have opened multiple bank accounts by the same person.
Additionally, by curating threat intelligence and knowledge over time from multiple cyber attacks, analysts within large Managed Security Service Providers (MSSPs) and Security Operations Centres (SOCs) can use our data fusion platform to reveal the patterns and clues to identify and attribute hostile adversaries who have penetrated secure networks and ensure remedial steps can be taken.
Lastly, at the strategic level, we are working with intelligence, law enforcement and financial bodies to enforce international sanctions which are playing an increasing role in the range of countermeasures against hostile espionage activity and helping enforce international norms of behaviour. Throughout 2019 and 2020 sanctions placed against the Russian intelligence agency, the GRU, or ‘Sandworm’ and the North Korean Reconnaissance Bureau or ‘Lazarus Group’ have meant specific individuals are placed on rigorously enforced watchlists. Unable to use international travel, infrastructure or access to finance, these sanctions have a powerful deterrence effect for future behaviour. This enforcement is also bolstered by state of the art technology produced by Ripjar – with real time alerts to any sanctioned entity being issued by our artificial intelligence when an accurate match is found.
The secret to uncovering deception is both patience and meticulous attention to detail. With new capabilities and data fusion technology such as Ripjar, we are ensuring that analysts can scale to meet the challenges of operating in the digital age.
David Balson
Director of Intelligence, Ripjar