With my office circling for a blog this week, I decided to bite and to put a different kind of fin in fintech. So here it is, a blog that I can really get my teeth into. No fin can stop me now. Oh this is about to be so bad…
This week is Shark Week and while it hasn’t yet crossed the Atlantic with the same enthusiasm, having lived and indulged in this fishy fiesta in the US for several years I started my week watching Jaws after work on Monday. A classic in my opinion but for the majority in our office, a film that has never been seen and that got me thinking. Firstly, why on earth have this generation never watched Jaws and secondly, just how far we’ve come since the 1975 movie scared a generation out of the water.
Rewinding to 1975, news was far from instant, Hollywood fuelled our nightmares and dreams and sharks were neither well understood nor respected. Building on this foundation and embracing the power of television as a medium of communication, the Discovery Channel launched its first shark week in 1988 devoted to conservation efforts and correcting misconceptions about sharks. The week gathered momentum and in 2000, six million 3D glasses were distributed to viewers in the US and Canada for an episode on Shark Week featuring an extinct giant 3D shark. For the 20th anniversary in 2007, Sharkrunners, a video game that uses GPS data from tagged sharks in the Pacific Ocean, was released. Ten years later, we watched Michael Phelps, Olympic champion, race an AI generated great white shark and now in its 30th year, shark week is broadcast in more than 70 countries and is live across social media globally (#sharkweek). Conservationists have over these 30 years embraced technology to its fullest in order to educate and inform the world. They understand that information is key to the preservation of species and that to ignore research or to have an uninformed population could potentially jeopardise the future of our oceans. It therefore surprises me that while conservationists have embraced the ‘information is power’ philosophy, Neotas’ operating domain in the financial sector are still struggling with the same ethos.
In an environment with plenty of threats, prey and predators, the financial industry has over the past decade received the Jaws treatment, due to which the mass population have lost faith and are apprehensive to get back into the water. The great white lies and gill-ty executives have led to a culture of distrust. Over time, this can only be resolved by ensuring that those in solitary leadership roles are fit and proper, and that the processes to achieve these are as clear as the sea. It is no longer enough to look at the surface to spot the threats. Instead institutions must begin to dive deep and to identify the behaviours and actions that smell fishy before they are bitten on the butt. Without hammer(head)ing the point home or the bask(ing) in our own glory, Neotas due diligence solutions can assist institutions to safety and while there may always be bigger fish to fry, we’re chomping at the bit as we begin to make waves with respect to the attitudes and opinions of the schools around us regarding due diligence.
After 2 months of grafting, heart break, doing bits, questionable loyalty and copious amounts of sun burn, Love Island is now drawing to a close. As the remaining couples fight to reach the final, they remain oblivious to the month-long heat wave, England reaching the World Cup Semi-Finals and the extra juicy information the whole country knows about their lives before the villa.
Love Island has once again gained a huge audience by feeding our nosey cravings but watching people’s relationships up close and personal just isn’t quite enough for Love Island viewers. Oh no, not only do we want to see everything they do in the villa, but also the details of their lives before they entered. People up and down the country of all ages and professions have unknowingly been using their own OSINT skills to find out the juicy deets.
The Islanders are all avid users of Instagram; after the first episode was aired, the contestants’ Instagram handles were found and shared in articles online. Their followings grew instantly. By looking through their profiles, people have been able to find out information including their interests, lifestyle, travel destinations, gyms they visit, family members and previous partners. The images have also been used to determine which Islanders smoke, as this is now not shown in the programme. Their Facebook and Twitter accounts have also been searched to gain similar insights. One Islander was even outed for supporting a well-known far-right activist on their Facebook profile.
LinkedIn has been used to discover the Islanders’ day jobs prior to entering the villa and even find out what their parents do. One fan of the show found an Islander’s professional email address to see if they had returned to work after being dumped from the villa or if they would receive an automated out of office reply.
Other viewers have delved deeper into their online footprints and found numerous Islanders featuring in music videos with famous artists. Older photos reveal those who have gone through cosmetic surgery and birth certificates have been identified to settle disputes regarding age.
Without even realising it, Love Island fans have used their OSINT skills to join the dots and create a more detailed picture of who this year’s contestants really are.
#OpenSourceLoveIslandIntelligence #KnowYourIslanders #DrDoMoreChecks
During my work experience, I have learnt a lot about Neotas. You can find far more information than I thought you could on social media and on publicly accessible data. I’ve also learnt that they do investigations on people and companies to check if they are reputable and eligible for jobs or to see if there is any suspicious activity within the company. They do this by searching public data to find: Names, Dates of birth, Phone numbers, Interests, Friends and family, Education history, Employment history, Location history and other relevant information. The employees at Neotas, I believe, can find out more about you than your friends know about you after years. They can do all of this by using Open Source Intelligence.
Open Source Intelligence is the legal collection of specific data through publicly available sources (e.g. Facebook) to investigate subjects of interest. The reason they use this is to validate the potential employee’s background. If Neotas identify a risk of a breach or potential crime, then they would notify the employer for them to make the decision on if they will work there or not based on the information given.
A CV doesn’t tell you everything about the person, only the things they want you to see, whereas using OSINT you can see everything public. Neotas uses this to investigate companies as well as people to search their public data to find anything that is suspicious and could lead to exposing crime like money laundering and fraud.
If something negative gets flagged, the employer will question the potential employee questioned to see what it is about. This is done to make sure the potential candidate is the right employee to hire for the job. Overall, I believe now that Open Source Intelligence should be used as a process for most jobs to keep the security of the company safe and away from potential risks that could affect the company negatively.
By Tom Anthony
News broke last Friday of the arrest of a senior programmer from Israeli security firm, NSO Group, the company behind the infamous mobile spyware Pegasus. Allegedly faced with termination, he attempted to sell stolen source and development code valued at hundreds of millions of dollars on the Dark Web. He was caught after a potential buyer reported the sale of NSO code to authorities, allowing them to conduct an internal investigation to find the culprit.
They got lucky. In this case, stolen code not only represented a significant loss in IP but a threat to international security. A buyer with malicious intent would have acquired software with the capability to access and spy on millions of phones worldwide.
The Dark Web has long been seen as a mysterious corner of the internet, inhabited by a small group of shady hackers. The reality is very different. Just a quick Google search and download of the Tor browser can get anyone online onto the Dark Web in minutes. Millions of users access Tor every day to take advantage of the anonymity it provides. Combining anonymity with untraceable cryptocurrency makes it the perfect place for illegal activity, like the notorious drugs marketplace, The Silk Road.
Surface Web and Deep Web searches are slowly becoming a recognised part of the due diligence and repeated company screening process and the Dark Web should follow. Proprietary software and code is becoming ever increasingly more valuable and a more tempting target for theft and resell. Whilst the anonymity of the Dark Web protects sellers, the product can still be identified.
As the Dark Web continues to become the marketplace of choice, companies must adapt to ensure their IP stays safe. In the case of the NSO Group, they were saved by a benevolent Dark Web user. This will not always be the case and companies must take responsibility to recognise the importance of Dark Web investigation.