Entering the world of OSINT

Last Friday marked the end of my second week as the newest member of the analyst team at Neotas. We use open-source intelligence (OSINT) to give businesses peace of mind about prospective investments and hires by going far beyond standard due diligence checks.

As a Physics graduate, fresh out of university, the jump into open-source intelligence was not immediately an obvious one. Before joining Neotas I, like most people, had little awareness of the concept of using OSINT in the business world. People do not realise the vast quantity of information that the internet holds about every person who interacts with it. However, with just a small step into the world of OSINT, it becomes very quickly apparent that the internet can be harnessed into a powerful and useful tool that can build up a detailed profile of a person or company.

Online information is broken down into two parts, active and passive. Active information is what we choose to put online about ourselves. Personal blogs, programming forums, gaming forums and social media such as Twitter and Facebook are all examples that fall into this category. Passive information is any data we did not put there ourselves, this ranges from birth certificates to mentions in newspaper articles.

Having all this information out there is all well and good, but the key becomes turning this into intelligence. This is where Neotas stands above all others.

The last two weeks have been a whirlwind tour of open-source intelligence methodology and techniques refined by a Neotas team made up of some of the top minds in cyber security, fraud prevention and intelligence gathering. ‘Googling’ may give you an outline, but Neotas analysts go far beyond into the deep & dark web to give you more detail, putting together all the pieces of the puzzle to build a complete cyber profile of your potential investment or hire.

In this age of increasing regulations and compliance, it is easy to see the waves that Neotas is making. In just my second week, I was given the chance to help represent Neotas at the recent Innovate Finance Global Summit. It was clear to me that Neotas stand out from the crowd of emerging FinTech and RegTech businesses by keeping the analyst at the centre of the process. With our advanced use of OSINT supported by our analyst driven platform nobody can do what we do as well as we do. The business world is changing, and I am truly excited to be a part of a company that is leading the charge.

By Alex Penn

Instant-gram: The good, the bad and the ugly of instant updates

With social media comes the ability to share anything, from thoughts and opinions to holiday photos, in real time to – potentially – anyone with internet access. And while venting on Twitter or posting a photo to Instagram enjoying cocktails on a beach may seem innocent, the possible impacts of these are not always considered.

The Good:

Social media has countless advantages, but one thing Twitter users have learnt over the years is that complaining via Tweet to an official company Twitter account will often result in a fast and appeasing response whilst removing the need for awkward face-to-face confrontation or time wasted being kept on hold. Not only that, but the public nature of the complaint means that companies want to ensure that any problems are resolved quickly and to a high standard in order to maintain their reputation. Just a few months ago, Tesco had to make a public apology and offer dozens of refunds after unhappy customers took to Twitter to complain about their “rancid” and “inedible” Christmas turkeys.

Despite producing a positive outcome for customers, public complaints and bad reviews can have negative impacts on the ways in which a company is viewed by other potential customers, employees or investors.

The Bad:

In a previous blog, Free private information give-away, the disadvantages of sharing personal information in the public environment of social media platforms was discussed; including posting photos whilst you are on holiday and therefore advertising your house as empty. We no longer share printed photos of our travels with friends and family after returning home, in fact, we will often let the world know we’re off on holiday before even leaving the airport. Tagging and checking-in to locations online lets anyone, who has the access, know exactly where you are (or perhaps more importantly, where you are not) at that exact time. Whether it’s at Heathrow airport, the Eiffel Tower or the pub down the road. This information can be used maliciously by criminals wanting to burgle houses or to track an individual’s whereabouts.

The Ugly:

Social media has given us the ability to share our opinions, good and bad, in direct response to real-time events. TV shows will often invite viewers to make comments and respond to the unraveling events on social media in real-time by providing hashtags on screen. However, not everyone likes what they see, hear and read, and many aren’t afraid to voice these opinions online. Just last week, Flo and Joan of the musical Nationwide adverts, were two of the most recent victims of online death threats with viewers hoping they would be involved in a car accident and asking who else would be “chipping in” to get them “brutally murdered”. Although to some it may seem like harmless venting or said with no real intention, comments like these can have a serious effect on those they are direct towards. Public figures and celebrities often discuss the emotional toll of online trolls and receiving hate and the impact it can have on their mental health. However, posting hate towards others online also casts shade on the perceived character of the original poster.

At Neotas, we aim to go beyond traditional background checks and employee screenings to uncover further the true character, behaviour and motivators of a subject.  Discovering hateful and threatening comments online directed to a particular person or group of people would raise concerns to us regarding the character and online reputation of the subject.

By Anna Fletcher

Are you Fit and Proper?

If you’ve read our previous blog about the real cost of a bad hire then you will know that when you fail to screen your employees properly you are putting your business at risk. But what about the Senior Management in your company?

In March 2016 the FCA replaced the Approved Persons Regime (APR) with the Senior Managers Certification Regime (SMCR). The SMCR is a new regime that aims to reduce harm to companies by making SMs more accountable for their competence and conduct.

Every Senior Manager needs to have a statement of responsibilities that states what they are responsible and accountable for. The senior manager must also be fit and proper for the role, but what exactly does fit and proper mean? Well, according to the FCA, in order to ensure an individual’s “fit and proper-ness”, you must consider…

  • honesty (including openness with self-disclosures, integrity and reputation)
  • competence and capability
  • financial soundness

The above assessments, although important, fail to tell you the full story of a person’s motivation, character and personality.

In today’s inter-connected world, most things about you are online, this goes for corporations and their directors. That said, companies nowadays continue just to vet their upper management in the traditional checklist manner, which continues not to work.

In 2011, The Guardian stated “In 2007, nearly half of all fraudsters worked in senior management. While this has fallen to 35%, board level perpetrators increased from 11% to 18% between 2007 and 2011.”

HSBC had to apologise for allowing fraudulent funds to be knowingly processed through their bank by Mexican drug cartels. HSBC’s chief executive of retail banking and wealth management said that he was horrified by what he found. However, it was later discovered that HSBC’s head office in London was aware of the illicit funds travelling through the bank but failed to do anything to resolve the problem.

Also falling victim to bad senior management was Deutsche Bank who was fined £163 million in 2017 for failing to maintain adequate Anti-Money Laundering (AML) controls. Mark Steward, Director of Enforcement and Market Oversight at the FCA, said, “Financial crime is a risk to the UK financial system. Deutsche Bank was obliged to establish and maintain an effective AML control framework. By failing to do so, Deutsche Bank put itself at risk of being used to facilitate financial crime and exposed the UK to the risk of financial crime.”

Whether the role is for an entry level position or as a company director, we at Neotas believe in going beyond the standard checks by delving deeper to ensure that the person is fit and competent for the job. We create a full in-depth report detailing the individual’s education and employment history, as well as looking at all online and media content (both adverse and positive) to give you the full picture.

The Bystander Broadcast

The recent Florida High School tragedy has caught public attention in many ways. In my view, one of the most profound elements of the event was the way it was initially reported to the public.

School children filmed the incident on Snapchat thinking it was a hoax or safety drill. They weren’t to know that the situation was more serious than they first thought. The children filmed the entire incident, even tweeting about what was going on whilst the shooting took place.

Whilst this incident isn’t the first time that events have been live-streamed in real time, it’s yet another example of how we now have an instant ability to share information on social media during a tragic incident. News broadcasting teams even deemed some of the videos recorded on the students’ Snapchat ‘too graphic’ to show to the public. But why has this become such a prevalent trend, especially during dangerous situations? And when did the question of fight or flight expand to include post, stream or tweet as options?

Over the course of a series of blogs, I will attempt to shed some light on this issue and how at Neotas, we are finding more and more of these incidents and events in our open source investigations. I am interested to discover whether the ‘bystander effect’ has an impact on the person sharing the information, the impact on the public and how this new source of broadcasting influences public services.

The popularity of social media platforms such as Facebook, Twitter and Snapchat have transformed the way in which crime and victimisation are presented in the media. Such popularity has led social media to become our preferred source of news, with news broadcasting often showing footage of a crime that has been filmed by a victim or even people sharing videos on their personal profiles before the news is even aware of an event. Unfortunately, there are both positive and negative effects of everyone becoming an ‘independent journalist’. In short, is social media creating a diffusion of responsibility by allowing us to react instantaneously and share what we want?