Let’s start with defining “Intelligence”. According to Oxford, Intelligence has two definitions: 

1. “The ability to acquire and apply knowledge and skills.” It is this term that is used in fields like “artificial intelligence” where a robot or program is designed to learn, try, and grow like a baby would. This kind of intelligence is also used when referring to learning styles.

2. “The collection of information of military or political value.” This has “information gathering,” “surveillance,” “observation,” and “reconnaissance” as synonyms, and it is this definition that we will be using for Cyber Intelligence.  

Humans were always social creatures. By sharing information and learning from each other, we survived. As civilizations grew, the use of Human Intelligence, aka HUMINT, continued to be the main source of information. Soldiers and guards were asked to collect information, and messengers were used to deliver information. Humans would use scrolls to make notes, plans, or write about events that had happened.

As technology started to advance, countries were able to use other means of intelligence, such as satellites (Geospatial Intelligence or GEOINT) to map out foreign territory, and radio waves (Signal Intelligence or SIGINT) to spy on enemies.

As computers became mainstream and the accessibility of the internet grew, Cyber Intelligence (CYBINT), easily became the biggest source of information. In fact, even though Cyber Intelligence is considered a subset of Open Source Intelligence (OSINT), the majority of Open Source Intelligence resources are from the internet. This has led some websites to claim that OSINT is ‘intelligence found on the internet’, but they fail to realize that OSINT refers to any open source material, which includes non-digital resources such as newspapers, journals, publications, radio, television, and records from your local court house. CYBINT, on the other hand, is strictly digital. Cyber Intelligence is used to access a large variety of open source material, and the discrete information attached (ie metadata, source code, IP addresses) is also used to dig deeper, make connections, and assist in locating.

Every minute, new pages, posts, pictures, videos, articles, and other means of information are being uploaded. Social media is unique to the internet and can be very useful when gathering information on someone. Public databases are being digitized to make it more accessible, and businesses are moving to online platforms to avoid being left behind. Almost everything we do in real life, such as schooling, banking, and shopping, can now be done online. There is also the deep web which has non-indexed sites and is said to be 400 times bigger than the surface web. The internet is it’s own world, full of possibilities! 

Thus, Cyber Intelligence is the means of sifting through the billions of pages and posts on the internet, manually and/or via tools, to find the information required.

WHAT IS NOT CYBER INTELLIGENCE?

On my mission to understand what Cyber Intelligence is, “Cyber Threat Intelligence” would pop up quite a bit in its place, but they should not be confused with one another. Cyber Intelligence is a mean of gathering information on a subject, such as a person or a business, through the internet. Cyber Threat Intelligence, on the other hand, is focused on “cyber threats.” As Toddington Institute states, “Threat Analysis involves the review of information on an adversary’s propensity for violence or criminality, or the possible occurrence of criminal activity in a certain time or place.” Thus, Cyber Threat Intelligence is used to keep organizations informed of the risks of advanced persistent threats, zero-day threats and exploits, and how to protect against them.

Cyber Intelligence should also not be used interchangeably with Cyber Investigations and Forensics. Cyber Intelligence can be used anytime to gather information or as a means to confirm or disprove a theory, while Cyber Investigations and Forensics come into play after a cyber crime has taken place. Cyber Investigators need a strong working knowledge in computer science, networking, hacking, cryptography, and forensics as they need to understand code, recover and analyze data, gain access to accounts, trace the crime to its origins, and gather evidence for court. 

To gain further insight on what Cyber Intelligence is, I would recommend watching the new Netflix Documentary about Luka Magnotta, “Don’t F**k with Cats: Catching an Internet Killer.” In the show, a group of self proclaimed ‘internet geeks’ create a group called “Luka Intel” to catch the person who intentionally killed cats and uploaded the footage. 

Through analysis of Magnotta’s uploads, the group were able to pinpoint him. They noticed a yellow vacuum in the background of a video and was able to tie him to North America. The streetlights in a picture directed them to Montreal, and a Petro-Canada in the background of a picture, led them to his previous address. Adding on, by getting into the head of Magnotta, they were able to come up with search strings that led them to his previous blogs and content. By asking themselves how did he get the animals for the videos, they checked Craigslist and were able to find his ads. Through speculation of the references made in the videos, they were able to predict what he may do in the future.

Cyber Intelligence was used to understand Magnotta, find his content, and locate him. The group didn’t have computer science or networking knowledge, they didn’t have access to his accounts or devices, nor did they have to hack or do anything illegal, but even if they did, Cyber Intelligence would have been the best option since Magnotta was physically moving around and uploading from different computers and accounts.