Threat Intelligence and its Types

Cyber Threat Intelligence is a growing buzz word in Cyber Security Industry and as a growing market for cyber threat intelligence gives an opportunity for research. Threat intelligence data will be valuable for an organization to identify, detect, protect, and respond to threat accordingly. Threat intelligence is a knowledge that allows you to prevent your organization to mitigate you from cyber attack. Threat intelligence gives you a context that helps you to get informed decisions about cybersecurity. We can break down threat Intelligence into a few categories based on these criteria.

Strategic intelligence

Intelligence is meant for a nontechnical audience. Strategic intelligence mainly gives a broader view of an organization to board members. It helps to get the high-level decision to executives or any other decision making of an organization. Strategic intelligence is slight into an area where risk is associated with a certain line of action, a broader pattern of threat actor is tending. Some source for strategic threat intelligence includes policy document from government or private organization. News from local or national media or research paper form subject matter expert.

Tactics Intelligence

Tactics, Technique, and procedure(TTP) are helping to defense organization and to understand the threat that is currently active, this help to mitigate the upcoming attack. It is mostly useful for people who are directly involved in the organization defense unit. Reports from security vendors are often the easiest way to get the latest update on tactical threat intelligence.

Operational Intelligence

Intelligence involved in operational intelligence is mostly technical information – intelligence involved like attack vector, vulnerability, and command and control error this kind of information referred to as technical threat intelligence. Operational intelligence is a knowledge gain from examining by knowing attack tactical intelligence. It is a data analytic focused on the implementation of a quick business decision based on certain data in real-time. To use this method there should be automated data gathering using artificial intelligence and machine learning as we as data warehousing technique to faster and efficient scrubbing of data.

Different Types of Threat Intelligence.

The use of Intelligence is not new, However, cyber threat intelligence can be collected from multiple different sources.

Signals intelligence(SIGINT)

Collecting intelligence using the intercepting of signals. Communication between people (COMINT) or the electronic signal not directly used in communication i.e electronic intelligence(ELINT) or foreign instrumentation (FISINT) is intelligence from the interception of foreign electromagnetic emissions.

Geospatial Intelligence (GEOINT)

Collecting data from GPS and maps called geospatial intelligence. The information provided by GEOINT is highly contextual. The capabilities of these three areas still exist as the foundation of GEOINT is Imagery, Imagery Intelligence, and geospatial information.

Human Intelligence (HUMINT)

This is the most common technique to gather intelligence by communicating directly or indirectly with people. This can also be done by spying on people, typically by the government obtain military or political information and observation.

Tech Intelligence(TECHINT)

Collecting information using advanced technology and processing, analyzing, and exploiting of data or information.TECHINT enables us to update our protection measure, it involved engaging in advanced technology to deal with the human the source was highly sophisticated techniques are used.

Market Intelligence(MARKINT)

Collecting intelligence to understand market conditions and competitors. MARKINT is a collection of data from external sources for a specific purpose for accurate decision making to determine strategy.

Open-Source Intelligence(OSINT)

Collecting information from publicly available sources. The collected data can be social media, news, public reports, or articles as long as its public and legal. OSINT is primarily used in Law enforcement agencies and national security. The OSINT technique is using for years, as they grow of communication capability and a high volume of data correlation and transformation made it more valuable especially in the infosec community.

Financial Intelligence (FININT)

Collection information about the financial affairs and capabilities of an attacker. One of the main purposes to gather FININT is to identify financial transactions that are involved in tax evasion or money laundering.FININT is classified into two types such as collection and analysis. The collection is normally done by a government agency known as a Financial Intelligence Unit(FIU). The analysis may consist of scrutinizing a large volume of transaction data using data mining or data matching techniques.

Cyber Intelligence(CYBINT)

Collecting data from different intelligence and correlation from MARKINT, TECHINT, FININT, GEOINT, OSINT, and HUMINT. Cyber threat intelligence will give you details about the threat, including Originated, who code it, how it’s delivery, and damage impact. In addition to that information include specific of malware, tool and tactics use detail about the specific type of attack and potential risk.

 

Research paper on “Android-based Augmented Reality to Enhance Education System”

The board of International Journal of Computer Applications (IJCA)  published my research paper in IJCA July 2016 Edition.
Manuscript Title : Android-based Augmented Reality to Enhance Education System
Digital Library URI :http://www.ijcaonline.org/archives/volume146/number6/25402-2016910790
ISBN : 973-93-80893-82-6

 

Developed Virtual Reality Game using Unity.

One more Realistic game with improved Graphic and VR headset Supported Break The castle 2.

 

Websites Using Audio Fingerprinting

Top Websites Using Audio Fingerprinting to Secretly Track Web Users

Despite browsing incognito, blocking advertisements, or hiding your tracks, some websites monitor and track your every move online using a new web-tracking technique called Audio Fingerprinting.

This new fingerprinting technique can be utilized by technology and marketing companies to deliver targeted advertisements as well as by law enforcement to unmask VPN or Anonymous users, without even decrypting the traffic.

Researchers at Princeton University have conducted a massive privacy survey and discovered that Google, through its multiple domains, is tracking users on nearly 80 percent of all Top 1 Million Domains using the variety of tracking and identification techniques.

 Out of them, the newest tracking technology unearthed by the researchers is the one based on fingerprinting a machine’s audio stack through the AudioContext API.

The AudioContext API is not collecting audio played or recorded on a machine, but rather harvesting the audio signals of the each machine that is then using it to reveal unique browser and device combinations.

The method has nothing to do with the device’s microphone, as it relies on the way a signal is processed.

A third-party tracker uses the AudioContext API to send low-frequency sounds to a user’s computer and then measures how the computer processes the data, creating a unique fingerprint based on the hardware and software capabilities of the user’s computer.

Augmented Reality Android Application

Blender Wood Chipping Text Animation

Game I developed in Unreal Development Kit

New iOS Bug Crashing iPhones Simply by Receiving a Text Message.

A new bug has been discovered in the Messages app, allowing a string of characters sent to a person via iMessage or SMS to crash an iPhone and cause the Messages app to crash after being opened. The bug, which requires a specific string of symbols and Arabic characters to be sent, was first noticed on reddit earlier this afternoon and has been spreading around the Internet since then.

Sending the string of characters to an iPhone results in an immediate respring, causing an iPhone to crash and quickly reboot. From there, if the Messages app was opened at a list view, the Messages app crashes automatically when you try to open it. If it was opened to the conversation where you received the message, the app will open, but attempting to go to another conversation causes Messages to crash.

If you receive one of these messages, there are a few possible fixes that have worked for us and for other people who have encountered the bug. If the Messages app was opened to the conversation with the person who sent the offending message, the Messages app can be reopened to this conversation. Sending a reply message fixes the problem.

If Messages was opened to the conversation list view, the app will crash when you attempt to open it. You can fix this by having someone send you a message or by sending a message to yourself. There are several options for sending a message to yourself, including sending yourself a message via Siri or through the Share sheet in any app.

To send yourself a message in Siri, tell Siri to “Send a message to myself.” Siri will open up a dialogue where you can give her a quick message like “Fix” that’ll be sent to your iPhone to clear away the malicious message.

Alternatively, you can open an app like Notes, craft a quick note, and use the Share option (the little document with an arrow) to message it to yourself. Sending yourself something though the share sheet of an app opens a new messages window where you can enter your own contact information.

Xiaomi Phones Secretly Sending Users Sensitive Data to Chinese Servers

Chinese telecoms equipment suppliers have previously been criticized by some countries due to suspected backdoors in its products, and if United States has banned its several major government departments, including NASA, Justice and Commerce Departments, from purchasing Chinese products and computer technology, then they are not wrong at all.

Find that his phone was sending personal info – text messages and photos – to an unknown IP address that is located in China.

In the latest claim against Chinese smartphone manufacturers is the allegation that the popular Chinese smartphone brand, Xiaomi has been suspected of “secretly” stealing users’ information— including SMS messages and photos —from the device without the user’s permissions and sending it back to a server in Beijing, despite of turning off the data backup functions, according to Apple Insider.

Security Researchers from F-Secure Antivirus firm has shown that the Xiaomi phones (RedMi 1S handset) send quite a lot of personal and sensitive data to “api.account.xiaomi.com”  server located in China, including following information:

• IMEI Number of your phone
• IMSI Number (through MI Cloud)
• Your contacts and their details
• Text Messages

China-based smartphone company Xiaomi recently marked a successful entry into the Indian market this month. Earlier this year, the company also announced its Redmi Note, which, just like Xiaomi’s other handsets, was an affordable with almost all features that an excellent smartphone provides. However, the handset might be doing more than what it has been advertised.

Kenny Li of Hong Kong forum, IMA Mobile, recently noticed something odd with its Redmi Note smartphone. He discovered that the device continued to make connections with IP addresses in Beijing, China. The device kept trying to make the connection, even after switching off the company’s iCloud-like MiCloud service.

Although it was pointed out that the transmissions occur only over Wi-Fi, though the device does stay in contact with the servers via small “handshakes” while using cellular data. Li then tried erasing the version of Android and installed a new version of Android, But the problem still persisted.

Device does stay in contact with the servers via small “handshakes” while using cellular data

Previously China has accused companies like Google, Facebook, Microsoft, and Apple for spying on countries. So, what China is doing? The same.

Xiaomi, which is also known as Apple of China, has yet to respond to the allegations that the Redmi Note secretly sends user data to a China-based server.

If the allegations on the Xiaomi handset come true, it wouldn’t be the first time a Chinese smartphone was found spying on its users. It had happened before as well, China has been known for its Digital Spying and privacy invasion. Recently, a German security firm claimed that a popular Chinese Android Smartphone, the Star N9500, came pre-installed with a Trojan that could allow manufacturer to spy onto their users’ comprising their personal data and conversations without any restrictions and users knowledge.

Later in mid-June, the breach on the Star N9500 could allow an attacker to record phone calls automatically, read emails and text messages, and remotely control the phone’s microphone and camera, in order to turn users’ smartphone into a bugging device that allows hackers to hear anything you are saying near by the phone. It could also be used for theft, including granting access to the user’s online banking service.

IP Address Details

Since then, people have tracked down that IP address, and as it turns out, it belongs to the Chinese government. More specifically, the IP address belongs to CNNIC, which is the administrative agency that is responsible for Internet affairs in China.