All sources are not the same; why diversity is good for intelligence
As we all know, if you listen to just one side of the story, very often you don’t get the full picture. As any parent will know, you sometimes get truths, half-truths and sometimes even outright lies. A discerning guardian, however, will be able to piece all these disparate bits of information together, work out which ones don’t make sense and which ones do before taking action.
This is true of intelligence analysis also - relying on single sources, or placing too much emphasis on one source may lead to biased or inaccurate assessments. Take for example, some of the numerous headlines of “Jihadi” involvement that emerged following the TalkTalk data breach in October 2015 that apparently emerged after the event following a single Pastebin post of unknown provenance. The reality of the episode, now a matter of public record, is somewhat different and resulted in a 17-year-old boy admitting hacking offenses in November last year, claiming he was "just showing off" to friends.
While some single-source reporting is sufficient to meet a narrowly defined tactical need, in-depth intelligence analysis that seek to address more complex operational or strategic intelligence requirements required fused intelligence from multiple and diverse sources. At Digital Shadows, the foundation of our in-depth intelligence is the collection and analysis from multiple sources followed by a peer review cycle from a diverse team. This helps us identify and mitigate common analytical pitfalls such as confirmation bias, groupthink, cognitive dissonance and cultural misapprehensions.
Drawing from multiple sources allows intelligence analysts to maximize the strengths and minimize weaknesses of different intelligence disciplines, as well as challenge or corroborate findings. Just as children lie to their parents, threat actors regularly seek to subvert the truth as a core aspect of their operations. Hacktivists exaggerate their capability and impact, criminals scam fellow criminals and state actors lay false trails to confuse investigators – in plain terms: lying is the norm.
Digital Shadows analysts also use Structured Analytical Techniques such as the Strengths Weaknesses Opportunities and Target analysis, paired comparison or the Analyses of Competing Hypotheses (see Figure 1) in an attempt to remove bias and focus on the evidence at hand.
Figure 1: An example of an ACH produced by Digital Shadows, read more here https://www.digitalshadows.com/blog-and-research/leak-on-aisle-12-an-analysis-of-competing-hypotheses-for-the-tesco-bank-incident/
Part of the intelligence analyst’s job is to tease apart disparate sources, evaluate their reliability based on previous reporting and understand the quality of the information that they provide. At Digital Shadows, as part of our service, we provide customers with intelligence products that incorporate multi-source intelligence, from open-sources, the deep and dark web, social media and technical intelligence. We do this to ensure the rigour of our products and challenge information that we acquire from other sources.