Threat Intelligence Resources

This month, we thought it would be good to share some of our favorite threat intelligence resources that a security professional can use to stay sharp. We are often asked by our clients and colleagues what literature or ongoing education we consume in order to follow trends relating to cyber and physical threat intelligence. Our typical answer is that it’s a relatively sophisticated and multifaceted topic, and it should be broken down into several categories, as we have done below.

It’s good to keep in mind that not all security professionals see “eye-to-eye” when it comes to threat intelligence solutions, nor are they even playing from the same sheet of music when it comes to their fundamental methodologies or objectives. This aspect of threat intelligence clearly requires some maturation and alignment among industry practitioners. We certainly hope we can help with this challenge. (More to come on that topic in future articles, so stay tuned!)

One significant issue we often note is that when it comes to threat intelligence resources and case studies, no “one stop shop” has all the answers. Nor could it, since we all have diverse backgrounds, and in essence different (yet, at times complimentary) points of view.  Since we operate in various environments and threats are highly contextual – what may be considered a significant threat for one principal or asset, may actually be insignificant for another.

Threat Intelligence Resources – Key Objectives

First, there is the investigative aspect of threat intelligence. This includes following and testing new investigative research methods, as well as evaluating our own protection strategies in light of how an adversary could leverage those same methods in a malicious manner. We can avoid complacency and remain vigilant by reading the work of others and by sharing lessons learned with our colleagues.

Second, there is a growing body of literature and case studies regarding violent behavior and the activities, and various expressions of pre-incident indicators that precede them. Our team has found that by reverse engineering prior acts of violence and examining the sequence of events that led to the act being committed, they are able to highlight what could have been done differently to discover, disrupt, or wholeheartedly stop a plan of violence before it begins. Exercises such as these have benefited us greatly, and we encourage you to do the same, as it relates to your specific program. (This is not to be confused with placing blame or Monday morning quarterbacking, rather it’s about actually learning from the past.)

Third, there are plenty of established threat intelligence sources regarding intelligence collection & analysis, intelligence writing, and expedited sharing of such data. Our point of view is that information is worthless if it isn’t shared with relevant parties at the appropriate time. So, not only do we as security professionals need to communicate in a timely manner, but we need to do so in a common language, so that the right risk mitigation actions can be taken by our counterparts.

Threat Intelligence Resources – Getting Started

Below, you will find a concise threat intelligence list of resources broken down into the following categories: investigations, studies about violent behavior, and intelligence.  We acknowledge that this is not exhaustive, and we welcome your feedback and collaboration in improving it.  Please leave us your comments at the bottom of the page and we can make updates accordingly, as well, please share with your colleagues, it would be great to continue to update this list for all to benefit.

Part I: Threat Intelligence Websites & Personalities We Follow Regarding Investigative Trends

Twitter

Twitter excels as a platform for threat intelligence feeds of the latest information about various topics. So, it’s no surprise that we follow a range of influencers in the investigative space for the latest and greatest. To make this content easier for you to consume, you can view our public Twitter list with the following personalities already input for you to follow: Ontic OSINT Twitter List.

• Michael Bazzell – @IntelTechniques
• Justin Nordine – @jnordine
• Justin Seitz – @jms_dot_py
• Hunchly – @hunchly
• Bellingcat – @bellingcat
• Dutch OSINT Guy – @dutch_osintguy
• Kirbstr – @kirbstr
• Sector035 – @Sector035
• Access OSINT – @AccessOSINT
• Trace Labs – @TraceLabs
• Electronic Frontier – @EFF
• i Intelligence – @i_intelligence
• Web Breacher – @WebBreacher
• Jake Creps – @jakecreps

Medium

Yes, Medium is a great place to find long-form OSINT related content and threat data, these are just a few of our favorite Medium accounts to follow:

• Hunchly
• Secjuice
• Dutch OSINT Guy
• Sector035
• Jake Creps

Open Source Intelligence Resources & Blogs

While Twitter and Medium are sufficient to keep up on the latest news impacting our investigative methods, there are a handful of quality websites that we visit regularly to stay in-tune with the evolution of threat intelligence tools and techniques:

• Intel Techniques (Blog)
• Intel Techniques (Podcast)
• Mascherari Press
• Web Breacher
• Electronic Frontier Foundation
• i Intelligence

Open Source Intelligence Readings

• Open Source Intelligence Techniques, 6th Edition (2018) by Michael Bazzell
• Hiding From The Internet, 4th Edition (2018) by Michael Bazzell
• Open Source Intelligence Tools And Resources Handbook (June 2018) by i-Intelligence
• Hiding from the Internet: Personal Data Removal Workbook (July 2018) by Michael Bazzell
• Bureau of Justice Assistance Real-Time and Open Source Analysis Resource Guide (July 2017) by US Department of Justice
• Understanding Digital Footprints and Protecting Personal Information: A Guide for Law Enforcement (September 2016) by US Department of Justice

Part II: Threat Intelligence Reports & Studies Relating To Violent Behavior & Pre-Incident Indicators

• Las Vegas Metropolitan Police Department October 2017 Mass Shooting Final Report (August 2018) by Las Vegas Metropolitan Police Department
• Pre-Attack Behaviors of Active Shooters (June 2018) by US Department of Justice
• Active Shooter Incidents in the United States in 2016 and 2017 (April 2018) by US Department of Justice
• Mass Attacks In Public Spaces: 2017 (March 2018) by US Secret Service
• The Congressional Shooter: A Behavioral Review Of James Hodgkinson (October 2, 2017) by US Secret Service
• Attacks on Federal Government 2001 – 2013 (December 2015) by US Secret Service
• Using A Systems Approach For Threat Assessment Investigations: A Case Study On Jared Lee Loughner (December 2015) by US Secret Service
• Exploring The Effect Of Stressors In Threat Assessment Investigations (December 2015) by US Secret Service
• Investigating Ideologically Inspired Violent Extremists: Local Partners Are An Asset (December 2015) by US Secret Service
• Protective Intelligence & Threat Assessment Investigations: A Guide for State and Local Law Enforcement Officials (1998) by Fein, R. A., & Vossekuil, B.

Educational Institution Specific

• Enhancing School Safety Using A Threat Assessment Model: An Operational Guide For Preventing Targeted School Violence (July 2018) by US Secret Service
• Campus Threat Assessment Case Studies: A Training Tool for Investigation, Evaluation, and Intervention (2012) Community Oriented Policing Services, US Department of Justice
• Campus Threat Assessment and Management Teams: What Risk Managers Need to Know Now (2011) by Jeffrey J. Nolan, Marisa R. Randazzo, and Gene Deisinger, University Risk Management and Insurance Association
• Campus Attacks: Targeted Violence Affecting Institutions of Higher Education (2010) by US Secret Service
• Mass Shootings at Virginia Tech, April 16th, 2007: Report of the Review Panel Presented to Governor Kaine, Commonwealth of Virginia (2009 Addendum) by Virginia Tech Review Panel
• Implementing Behavioral Threat Assessment on Campus: A Virginia Tech Demonstration Project (2009) by Marisa R. Randazzo, Ph.D. and Ellen Plummer, Ph.D. Virginia Polytechnic Institute and State University
• Prior Knowledge Of Potential School-based Violence: Information Students Learn May Prevent A Targeted Attack (May 2008) by US Secret Service

Part III: General Intelligence Readings & Writing Style

• The Tongue and Quill: Communications and Information (2016) By US Air Force
• Communicating with Intelligence (2014) by James S. Major
• Writing with Style (2011) by John R. Trimble
• An Introduction to Intelligence Research and Analysis (2008) by Jerome Clauser
• The Elements of Style (2000) by William Strunk Jr. and E. B. White
• Psychology of Intelligence Analysis (1999) by Richards Heuer

Final Thoughts

In the course of our careers, we have observed that it isn’t enough to just read the literature – it is critical that we collaborate with our teams to find creative ways to apply the most important ideas we take away from these readings, to improve the quality of our work product and our processes.  In addition, it is also not enough to simply forward a set of PDFs to our analysts and expect them to absorb the information in a meaningful way.

It’s up to security leaders at all levels to create a culture of continuous learning among our teams, rather than a culture of top-down “read this, read that.” We are confident that you will find excellent information among these up-to-date and thoroughly researched pieces from our collection above. Please share your thoughts in the comments section below and let us know what some of your favorite threat intelligence resources are.

Author Credit: This article was written by the Protective Intelligence contributor, Travis Lishok.