CyberHumint refers to the set of skills used by

hackers A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...

, within

Cyberspace Cyberspace is a concept describing a widespread interconnected digital technology. "The expression dates back from the first decade of the diffusion of the internet. It refers to the online world as a world 'apart', as distinct from everyday rea ...

, in order to obtain private information while attacking the human factor, using various psychological deceptions.Human Intelligence (Humint) - All Humans, All Minds, All the Time
/ref> CyberHumint includes the use of traditional human espionage methodologies, such as agent recruitment, information gathering through deception, traditionally known as

Humint Human intelligence (abbreviated HUMINT and pronounced as ''hyoo-mint'') is Intelligence (information gathering), intelligence gathered by means of interpersonal contact, as opposed to the List of intelligence gathering disciplines, more technical ...

, combined with deception technologies known as Social engineering.

Background

Intelligence gathering This is a list of intelligence gathering disciplines. HUMINT Human intelligence (HUMINT) are gathered from a person in the location in question. Sources can include the following: * Advisors or foreign internal defense (FID) personnel wor ...

involves a range of specialized approaches - from

Signals intelligence Signals intelligence (SIGINT) is intelligence-gathering by interception of ''signals'', whether communications between people (communications intelligence—abbreviated to COMINT) or from electronic signals not directly used in communication ( ...

(SIGINT), Imagery Intelligence (IMINT),

Measurement and Signature Intelligence Measurement and signature intelligence (MASINT) is a technical branch of intelligence gathering, which serves to detect, track, identify or describe the distinctive characteristics (signatures) of fixed or dynamic target sources. This often incl ...

(MASINT), and

Geospatial Intelligence In the United States, geospatial intelligence (GEOINT) is intelligence about the human activity on earth derived from the exploitation and analysis of imagery, signals, or signatures with geospatial information. GEOINT describes, assesses, and vi ...

(GEOINT), to

Open-source intelligence Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (covert and publicly available sources) to produce actionable intelligence. OSINT is primarily used in national security, law enforcement, and busi ...

(OSINT). In many cases, information collected from human sources is still considered highly reliable by intelligence analysts, especially while transforming a collection of disparate data strands into an actionable prevention plan.

Mark Lowenthal Mark M. Lowenthal (born September 5, 1948) is an author and Adjunct Professor at the Krieger School of Arts and Sciences at Johns Hopkins University in Baltimore, MD He has written five books and over 90 articles or studies on intelligence and nat ...

, a leading intelligence thinker, argues that traditional HUMINT is still considered a crucial element in intelligence, that can significantly tilt the balance of power. CyberHumint methodology was first coined by Ed Alcantara AFX DBI in Feb 2010. Amit Steinhart argued that the cooperation between skilled HUMINT experts trained with specific HUMINT capabilities, and computer security specialists, who apply "social engineering" techniques, is one of the main advantages of CyberHumint. Steinhart offered a new model of information security strategy that imports concepts from HUMINT

espionage Espionage, spying, or intelligence gathering is the act of obtaining secret or confidential information (intelligence) from non-disclosed sources or divulging of the same without the permission of the holder of the information for a tangibl ...

, and combines it with social engineering strategies, such as the usage of

avatars Avatar (, ; ), is a concept within Hinduism that in Sanskrit literally means "descent". It signifies the material appearance or incarnation of a powerful deity, goddess or spirit on Earth. The relative verb to "alight, to make one's appearance ...

for agents operating in cyberspace, or information and disinformation spreading through cyberspace. HUMINT experts often argue that in comparison to the relatively young social engineering concept, HUMINT practices, which had been developed for many years by professionals working at national intelligence services, hold the higher ground in terms of experience, technologies, and practices. New form of cyber capability was created when the technical capabilities of computer experts were combined with the intelligence experience of HUMINT experts.

CyberHumint strategy orientation

CyberHumint is aimed to effectively defend organizations against

APT Apt. is an abbreviation for apartment. Apt may also refer to: Places * Apt Cathedral, a former cathedral, and national monument of France, in the town of Apt in Provence * Apt, Vaucluse, a commune of the Vaucluse département of France * A ...

(Advanced Persistent Threat) attacks. In the beginning of the 2010s, organizations such as the American

NSA The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...

and British

GCHQ Government Communications Headquarters, commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance (IA) to the government and armed forces of the Unit ...

have started to invest significant resources into acquiring technological and intelligence capabilities, to help identify cyber aggressors and assess their abilities and tactical skills. Recently, information security has shifted from building firewalls to build systems, in order to provide real-time intelligence. Most near-future scenarios suggest that organizations who fail to adapt to the systematic cyber approach will find themselves in a critical situation. In 2011, Andress and Winterfeld drew the attention to the fact that while cyber security experts can deliver extensive reports on Internet risks, most of the alerts are still general, unspecific and do not actually meet the expectations of the specific organization. In addition, cyber security companies locate hackers or cyber attackers only when the attack is already in progress or worse - after a given system has already been damaged or compromised. The majority of cyber security defenders currently use automatic network scans as a routine measure. A human analyst becomes involved only at the final stage of data-gathering, which means the bulk of the available data will not be analyzed in real time.

Hackers and CyberHumint

The majority of cyber security companies has no access to human operators within the

Dark Web The dark web is the World Wide Web content that exists on ''darknets'': overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communi ...

. Hence, they do not benefit from the key input of informants and agents provocateurs. These companies do not apply the methods of agent recruitment and agent management, which various national intelligence organizations have developed and used effectively for years. New information technologies allow hackers to acquire the upper hand in any confrontation with the targeted organization. A case in point is

ñ Advanced persistent threat, which in impact and devastation equals to a military strike against a civilian entity. Many peripheral defense systems are not capable of recognizing indications of incoming attacks in advance, and cannot intercept the attack during its course. The majority of security systems can only acknowledge the attack after the damage has already occurred. Most organizations prefer to focus their security efforts on inward-facing protection strategies, in an attempt to prevent attackers from entering the organization's network. Their defense protocols are not designed to protect from attempts to exploit the organization's employees, who have become the main target for willful intelligence gathering. Personal behavior, compromising private situations, work habits, passwords and other private and business information can be easily harvested and used to facilitate an attack against the organization.

The interface between Cyber Experts and CyberHumint

The concept of CyberHumint allows cyber expertsCyberspace Is Not a Warfighting Domain, by Martin C. Libicki
/ref> and human intelligence specialists to use real-life human sources, both in the gt and within many public or secret online social networks and operating systems. By investigating authentic human sources, intelligence experts and cyber experts can explore the various possible aims of potential attackers and their abilities, by monitoring their electronic activities. Outcomes usually leave much to be desired. Attackers are only identified after the attack has started. In just a handful of cases did companies manage to alert their clients against a pending attack. CyberHumint involves recruiting human agents and deploying them with strategic efficiency to provide the organization with a clear, focused picture of likely threats and hostile actors with the intention of harming the organization. CyberHumint uses classic HUMINT tactics that had been practiced for more than half a century by the national intelligence agencies. It combines them with hackers' social engineering concepts. Using CyberHumint requires qualified computer professionals who are well-versed in the behavior patterns, linguistic nuances and conventions accepted within the Darknet, as well as other online networks and subcultures. Conversant computer experts and intelligence specialists work in synchrony to uncover indications of intent, long before it develops into an attack plan, so organizations can decide how, where, and when to expose or incapacitate the potential attackers.

References

External links

Human Intelligence (Humint) - All Humans, All Minds, All the Time

The future is behind us? The human factor in cyber intelligence: Interplay between Cyber-HUMINT, Hackers and Social Engineering

Examining the Need for a Cyber Intelligence Discipline

Cyberspace Is Not a Warfighting Domain
* {{cite web , title=UK Intelligence Has Endorsed Cyber Security Courses For Wannabe Spies , date=2014-08-04 , website=

Gizmodo ''Gizmodo'' ( ) is a design, technology, science and science fiction website. It was originally launched as part of the Gawker Media network run by Nick Denton, and runs on the Kinja platform. ''Gizmodo'' also includes the subsite ''io9'', whic ...

, archive-url=https://web.archive.org/web/20160828165758/https://gizmodo.com/uk-intelligence-has-endorsed-cyber-security-courses-for-1615638319 , archive-date=2016-08-28 , url-status=live , url=https://gizmodo.com/uk-intelligence-has-endorsed-cyber-security-courses-for-1615638319
Cyber HUMINT Operational Planning

Is Everything Personal?: Political Leaders and Intelligence Organizations: A Typology
Human intelligence (information gathering)