Muslim Koser, Volon Cyber Security

Idea of this topic is to specifically highlight the learnings from years of experience I have with building teams who carry out HUMINT operations in the Darknet. There have been numerous presentations which talks about “findings in the Darknet/cyber underground” but with this presentation, plan is to discuss some real-world examples which we have encountered over period of last 10 years in the CTI domain. These examples will include gathering highly sophisticated and actionable information which provide insights that is not possible via many current /automated collection and search solutions in the market today.

Further, As in the current world of AI/ML where such technologies are claimed to be used by variety of organisations in cyber Intelligence solutions, I would take an approach where we discuss best ways to club “collection automation” with AI & ML and fuse with HUMINT where will explain the ways to work with information overload (data from hundreds of forums) and still identify right information and then fuse it to HUMINT to get context and make the collected information actionable.

Real life examples which will be used in this talk could be but not limited to would include:

• How APT groups usually known to target nation-state, shifted focus in to financial crime
• Actors/Groups, advance infiltration and TTPs to provide access information for Military/armed forces targets
• Target of national level setup by Darknet actors affecting large number of organisations in a country
• Targeted attacks towards financial institutions and how actionable insights of SWFIT based attacks were identified which was impossible to get without HUMINT