top of page

Active Online Threat Monitoring

The world has changed a lot since the Cold War, but much of what is done in the intelligence domain remains rooted in time-honoured logic, delivered in a 21st century way. This is absolutely the case with online HUMINT and intelligence gathering. Indeed, the development of online profiles as an intelligence collection tool is a crucial OSINT collection technique.

Accessing closed sources - once the sole preserve of access agents - has proved an invaluable OSINT tool in recent times and is one of the many areas where OSINT starts to prove its real value in mirroring traditional intelligence gathering methods. In essence, online profiles are HUMINT and agent-running for the 21st century and, vitally, can be used to complement the automated collection process that Kiris Group offers, to deliver full spectrum online monitoring.

Having outlined, in previous posts, the way in which we use passive online monitoring (keywords, geofences and search strings) to deliver an enduring “finger on the pulse” function, accessing closed sources is a way to take things a step further; delivering keen insights that only human interaction can generate. Ultimately, this allows us to employ a hybrid strategy between leveraging both automated collection and a responsive engagement strategy, giving access to more data, faster and ultimately generating better intelligence.

We aim to avoid trace and attribution, curating our online presence to fit specific parameters, carefully tailored to gain access to critical information whilst managing our digital footprint.

But how does this work in practice? The digital age has given rise to endless sources where conversations take place and information is exchanged – potentially to plan, plot and execute acts that require rapid, real world security intervention. For example, during the 2020 US election, the creation of the Facebook group “Stop the Steal” resulted in over 100,000 users planning protests and asking questions such as “How do we go about overthrowing the Gub’ment [sic]?” Although the overarching “Stop the Steal” forum was not a difficult group to penetrate, it was estimated that as a result of the group, there were over 60 campaigns and sub-groups created which then migrated to the messaging app MeWe for fear of law enforcement infiltration. The ability to gain access to these more tactical group chats flagged the planning of protests and information on what then turned into the Capitol Hill riot, providing extremely valuable intelligence.

In addition to the intelligence-gathering used as a reactive measure to understand crises, accessing closed sources offers opportunity to pro-actively respond. Again, in the case of the 2020 US Election, group members decided to move communications to a less mainstream platform as a result of suspicion of government monitoring. This inherent sense of suspicion provided an opportunity for those running monitoring activity to seize the initiative and suggest the creation of smaller forums before other group members did.

So, why is this useful for online monitoring? Principally, it allows for efficiency in the processing and dissemination of data - there is no longer reliance on a physical agent to provide information access, which ultimately reduces delay in the transmission of information and increases the speed of our decision making, as well as increasing the credibility of information gathered by generating direct access. Secondly, this allow us to be responsive - we can easily adapt our strategy and pursue new avenues or investigation needs, and can result in the ability to conduct pre-emptive crisis management based on a predictive analysis from a large amount of reliable, quantifiable and multi-source data, giving the maximum amount of time to secure, engage and react to the threat.

Being pre-positioned to pull information from closed, more difficult to access sources is extremely valuable. It allows for the collection of data that can be analysed and processed to provide impactful insights and intelligence relating to potential threats, maximising the amount of time our clients have to respond to potential crises and future threats.


bottom of page