Andrey Masalovich - scientist, journalist, publicist, programmer
Competitive intelligence and military-technical cooperationAndrey Masalovich
Provision of forecasting, detection, prevention and suppression of external threats to information security is today one of the key problems in the process of international military-technical cooperation.
This report is devoted to solving this problem by methods of computer competitive intelligence.
Competitive Intelligence (from the English. Competetive Intelligence, abbreviated. CI) - collection and processing of data from various sources, for the development of managerial decisions in order to increase the competitiveness of a commercial organization, carried out within the framework of the law and in compliance with ethical standards (as opposed to industrial espionage); as well as the structural unit performing these functions.
Today, the arsenal of competitive intelligence includes a rich set of methods for obtaining information from open (as well as insufficiently protected) sources, and primarily from the Internet. Competitive intelligence methods in many cases make it possible to gain access to confidential and even classified documents using security vulnerabilities, information leaks, and the results of insider actions. At the same time, the analyst using these methods does not directly violate the laws and ethical norms of his country, and his activities on the Internet remain secretive and leave no evidence.
How does this become possible? Let's take a look at a simple example. A large state-owned company involved in the provision of components of the country's critical infrastructure has a set of documents labeled "Commercial secret". When checked by the Accounts Chamber, part of the information is included in the final certificate, which is interpreted as an "official secret", and since there are no signs of state secrets in the document, and the concept of "official secret" is not legally regulated, the document receives the stamp "For official use." After a while, the document ends up in the archive, access to which from the Internet is virtually unlimited and uncontrolled. A specialist who knows such schemes will easily gain access to the confidential information of a given company without violating any technical components of information protection and leaving no traces.
Here is another example that demonstrates in practice the methods of competitive intelligence on the Internet. The world's largest IT company publishes a document on the Internet, the link to which looks like:
https: //partner.companyname.com/download/global/40043498
The document itself is of no interest, but a competitive intelligence agent will see more than a dozen serious (more precisely, gross) violations of protection in its address. Here are just two of them:
- the encrypted https protocol was used to transfer an open document - it means that somewhere nearby (most likely, in the same folder) there are secret documents;
- the page address ends with consecutive digits.
This means, with a high degree of probability, you can get other documents from this folder simply by decreasing the document number (since there is document number 98, then there should be 97, and 96, etc.).
So, seeing document number 98, let's check the availability of document 97 at the address
https: //partner.companyname.com/download/global/40043497
Such a document does exist, but it is also not of particular interest.
Let's continue exploring the folder. Next in line is document 96. Let's try to open it:
https: //partner.companyname.com/download/global/40043496
And the server really allows you to open this document, although it is much less harmless than the two previous ones. This document is an in-house comparison of our products with competitors and is labeled “Highly Confidential”. So, in order to gain access to the trade secrets of the largest companies, a competitive intelligence agent often needs a few minutes.
In the arsenal of Internet intelligence there are about 700 such techniques. It takes just two days to learn the simplest and most powerful of them. Unfortunately, most companies neglect to train their security and information countermeasures - and leave their data virtually unprotected.
According to a study by InfoWatch in late 2006, only 2 percent of companies actually protect their confidential information. Alas, in practice the situation is even more deplorable. Over the past three years, while auditing confidential information leaks for various companies - from small firms to large holdings and even special services, the author of these lines has never had a chance to subscribe to the phrase "No leaks were found." Leaks - often painful and posing a threat to business and company development - are almost always found.
Even the information systems of military departments and special services of other countries are not an exception.
For example, the materials of the last conference of the US Pacific Command S & T Conference.
The overwhelming majority of the reports of the conference are classified (stamp "Classified"), even entire sections are secret, for example, the section "Advanced weapons systems". The only open document - the announcement of the conference - contains several paragraphs on ensuring secrecy (it is forbidden to carry cell phones, dictaphones, any electronic and electrical devices, key chains, key chains, massive fountain pens, glasses with thick temples, etc. to meetings).
The conference materials server is first class secure. Any attacker will be detected at the stage of preparing the attack. So, there are no conference materials in the public domain, and the closed sections of the information system are reliably protected.
Now let's look at the situation through the eyes of a competitive scribe. From the announcement it is clear that the key report of the conference is the report of the deputy. US Defense Secretary Charles Perkins. Knowing the peculiarities of the workflow of the US Department of Defense Secretariat, we can assume that a copy of the report is stored on their server with the "Secret" stamp, but the drafts of the report are in a much less secure repository of current documents labeled "For official use." Ten minutes of searching using techniques like the one above - and now we have in our hands the last draft of the report "Advanced Systems and Weapons Concepts", 27 pages in length and without a stamp. And its contents are identical to the final version of the report, which is stored in the bowels of the Pentagon's closed vaults.
How does this become possible? One of the reasons is the general misunderstanding of the specifics of the Internet as a global repository of information. If you ask an analyst or even an information security specialist to draw a general scheme of the Internet, then, regardless of the specific content, the scheme will most likely appear in black and white. Here is the white area of the open Internet, here is the black area of protected resources, access to which is limited and requires authentication.
In reality, the user practically does not see the open Internet - only a tiny part of it, the so-called "visible Internet", is available to him. resources that can be obtained by using links, search engines and information bases. The overwhelming majority of documents on the Internet today belong to the so-called. "Invisible Internet" (also used the terms "deep" or "hidden" Internet, "Invisible Web", "Hidden Web").
Likewise, really protected resources make up an insignificant part of the total number of information resources that their owners see as closed.
The space between these two poles is occupied by a "gray" area - documents that are invisible to ordinary users, but available to a competitive intelligence officer. We list just some interesting components of this area:
§ Pages invisible to search robots (due to coding errors, etc.)
§ Documents in new and special formats (docx, pps, etc.)
§ Pages requiring special search commands (multimedia)
§ Open sections (on the servers of the Pentagon more than 50 000 folders left open due to negligence)
§ open ftp-server (often employees are using them as "personal USB flash drive»)
§ Massive leak of documents stamped chipboard
§ documents short-term storage (including - regular leakage of confidential and secret documents)
§ Leaks of passwords for e-mail, ftp servers, secure storages, etc. (in December 2009, specialized search robots Avalanche collected more than 5,000 login-password pairs that became publicly available due
to security security errors) § Vulnerabilities in the organization of protected sections that allow bypassing protection without resorting to attacks and hacking The
list goes on .. .
with regard to the Rosoboronexport activities in the field of military-technical cooperation express analysis of the "invisible web" shows the presence in the availability of the following documents that threaten the process of implementation of the Russian Federation's state policy of military-technical cooperation with foreign states:
1. Report “Special services of Russia. Loyalty, corruption, anti-terror "(USA, University of Special Operations, August 2005, 36 pages)
2. Rosoboronexport report (USA, Institute for Strategic Studies, 2007, 108 pages)
3. Report" Venezuela: Hugo Chavez, Bolivarian socialism and methods of asymmetric war "(USA, Institute for Strategic Studies, 2005, 39 pages)
4. Report" Regional security in Asia and the prospects for strategic cooperation between India and the United States "(USA, Institute for Strategic Studies, 2005, 215 pages)
5. US-India Strategic Cooperation: Opportunities and Obstacles in the 21st Century (USA, Senior Command College, 2006, 137 pp.)
6. Numerous references from US military analysts on each stage of the implementation of Rosoboronexport's contracts with India, China, Venezuela.
7. Analytical reports of the Pentagon on the implementation of the Russian project of the fifth generation fighter - with technical characteristics, functional diagrams, photographs of models, etc.
An analysis of these documents testifies to the targeted opposition to the activities of Rosoboronexport by the military structures and special services of the United States, as well as to numerous leaks of important information, including classified information.
Recommendations
In order to ensure forecasting, detection, prevention and suppression of internal and external threats to information security in the process of military technical cooperation, it is recommended to interconnect the following key actions:
1. Conduct training of specialists in methods of countering the latest types of threats, including the use of methods and techniques of competitive intelligence.
2. Conduct an audit of the presence (leaks) of confidential information in open sources and develop recommendations for eliminating possible channels of leaks.
3. Introduce a comprehensive information space monitoring system that provides forecasting, detection, prevention and suppression of internal and external threats to information security.
4. Modify the information security policy in terms of actively countering the activities of competitors, raiders, fraudsters and insiders.
These steps must be carried out in cooperation with a professional team in the field of information security and competitive intelligence with sufficient competence and experience. one of the leading companies in this field. The DialogueNauka company carries out its activities on the basis of licenses of the Federal Service for Technical and Export Control (FSTEC), the Federal Security Service (FSB) and the Ministry of Defense of the Russian Federation.
The system of Internet monitoring and early detection of threats can be built on the basis of the search technology Avalanche ("Avalanche"). Avalanche family of specialized robots allows you to organize covert monitoring of Internet portals, sites, servers and other resources in order to collect information invisible to search engines and ordinary search robots. The power of "penetrating robots" is such that in most cases they manage to open folders on Internet servers and get to hidden and even confidential information. It should be emphasized that Avalanche robots operate only by legal methods and do not use password cracking tools, Trojans, etc.
Deploying and configuring an Internet monitoring system takes about six months, but after the first test settings, it begins to yield a catch that allows you to detect leaks of critical documents before they appear in the public domain.
The use of the Internet monitoring system in combination with other proposed measures to strengthen information security will ensure an effective solution to the tasks of implementing state policy in the field of military-technical cooperation of the Russian Federation with foreign states.
Masalovich Andrey Igorevich - Candidate of Physics and Mathematics Sciences, author of over 200 publications.
Retired lieutenant colonel of FAPSI.
Laureate of the RAI scholarship "Outstanding Scientists of Russia" for 1993
Masalovich Andrey Igorevich is a well-known Russian expert in the field of competitive intelligence, candidate of physical and mathematical sciences. He is an IT Developer, Cybersecurity Specialist, Founder of Avalanche. The man is actively involved in journalistic activities.
Biography
Masalovich Andrey Igorevich was born on March 15, 1961 in the city of Novosibirsk. A young man was brought up in a family of average income. He studied at the local secondary school number 28.
After completing his secondary education, he entered the Moscow Aviation Institute, the Faculty of Applied Mathematics. In 1989 he defended his Ph.D. thesis in physical and mathematical sciences. On this Andrey Masalovich did not finish his studies. The young specialist began to actively attend foreign courses.
In 1992 he completed a specialized program in London. Later, he attended similar training courses in America and Canada. The expert chose computer technologies as the main development. He was at the forefront of the creation of the first games and supercomputers.
Career
The first company founded by Andrey Masalovich was named Eagle Dynamics. She specialized in the development of computer games. Nick Gray and Igor Tishin became partners in the project. The Flanker series of games was created under the flags of the organization. In 1995, he started developing and promoting neural networks. At the same time he opened the Tora-Center company. In just the first year of operation, the company's annual turnover exceeded $ 1 billion.
Masalovich held the position of chief designer for the development of the MVS-100 supercomputer. Supervised the creation of architecture and open source software. Worked at the Kvant Research Institute. In 1998 in America he received a patent for a number of algorithms for process control systems. At the same time Andrey became an INTAS expert.
He served as a KGB colonel. Later he joined the Federal Agency for Government Communications and Information under the President of the Russian Federation. He retired as a lieutenant colonel.
Andrey gained wide popularity thanks to the development of the Internet intelligence technology Avalanche. In 2001, Masalovich founded the Consortium Inforus, which united about a hundred Russian IT companies.
A year later, he began working on projects in the field of information security and business intelligence. The specialist received many assignments from the government of the Russian Federation. The programmer regularly acted as an expert at various conferences and meetings.
In 2004, the expert signed contracts for the development of Linux OS software for the government of Taiwan. A year later, he took the position of head of the information technology department in the Business Russia department.
In parallel, Andrei Masalovich was actively involved in publicistic activities. He is the author of hundreds of articles and dozens of courses. The author's bibliography contains over 200 publications.
Andrey Masalovich now
Now the scientist continues to actively develop Internet intelligence and Avalanche technologies. The man is a respected IT specialist. He is regularly invited for public appearances and consultations.
In 2020, the former KGB colonel gave several detailed interviews on the topic of competitive intelligence. On the official website and Facebook page , the programmer shares current news and plans.
****
Intelligence by the network: how the Avalanche system helps intelligence agencies and business
After this story blew up the Internet in April 2012, Schmidt sued the blogger, the boy's parents and the Kommersant newspaper. “The company's lawyers and PR specialists turned the entire Internet against themselves - instead of Schmidt, everyone began to sneeze at the bank itself,” recalls Masalovich, who was recruited to solve a delicate problem. As a result, during the trial in connection with the road accident, a large number of negative reminders about Gazprombank went into the background. “The Internet just turned off. Avalanche reveals threats, where negativity comes from. The next step is information confrontation, ”Masalovich says. In August 2013, Schmidt left the bank. Gazprombank did not answer questions.
Two-thirds of the proceeds from Avalanche installations continue to come from government or security forces. “Actually, Avalanche is an example of a niche piece solution just for them,” notes Sidorin from Kribrum. At various times, Masalovich's largest customers were the Ministry of Defense, the FSB, the Ministry of Internal Affairs and Rosatom. Avalanche was also used during the Olympics in Sochi, when information was prepared for the leadership of the Ministry of Internal Affairs about threats from the Internet - compromising evidence, provocations. Now the number of orders from government agencies is growing for all developers.
****
Competitive Intelligence Case. Andrey Masalovich. Spare parts for helicopters in open sources.
The author of the text is Olga Popova (Olga is the author of the Forbes Russia article on Competitive Intelligence "The Spy Nobody Is Looking for ").
I am far from the problematic described in Olga's material, because my area of work is Competitive Intelligence for Business. However, the algorithm for finding information on open sources shows this material very well.
And he shows no less well that technical solutions are absolutely secondary in relation to analytical thinking. Everyone knows how to push buttons. Finding the right button is a certain art.
Further - directly the text of Olga Popova, based on the materials of Andrey Masalovich, which I give with his direct permission:
"Here is a story that was not included in the article, but I really like it.
One more task for you to understand what competitive intelligence is.
Really proud - a task three weeks ago. In Georgia, Russian-made helicopters with fresh spare parts, also Russian-made, were shot down. It is clear that Russia does not sell spare parts to Georgia. How did they get there?
Rosoboronexport is worried: help us. There are exactly one and a half hypotheses. There was a hypothesis for the Czech Republic, but they had already sold everything they had. There remains one source - Ukraine.
Look, they really do not even deny, they even Rada was going to: they sold two billion, it's time to share. But this is not an evidence base, although the hypothesis seems to be correct. But where does Ukraine get fresh spare parts from?
I start talking to specialists.
First, it turns out that combat maneuvers require resources, and parts need to be changed frequently.
Secondly, helicopters are fired at from large-caliber machine guns, most often damaging the rear part and the gearbox. The Mi-8 and Mi-24 gearboxes are being repaired in the only place - in the Urals. Since this is a dual-use part, there is a form for each. Accordingly, I find on the Internet a bunch of forms for spare parts that were repaired in the Urals and sent to Ukraine.
I found one source. Now we need to understand where they will emerge. To do this, you need to estimate a portrait of the person who sells the details.
No matter how outrageous they are, they will not trade through the local Rosoboronexport. Most likely, the firm will do it. Which? Small, fresh, headed by a leader - a former or current employee of the special services with an export license - under the guise of selling cans of tomatoes.
Now it remains to understand where they hang out. Most likely, in the backyard of some online store that has a closed section for arms dealers. What can they brag about there? They won't write: "I sell stolen spare parts for Russian helicopters." This is shortsighted.
I begin to think: there are things that they are not afraid to brag to each other. For example, this is an Israeli drone, since Israel produces them, but does not sell very much itself. After all, a drone is not bought in order to fly over a neighbor's garden. The drone is bought in order to violate the airspace of other countries. Accordingly, Israel is happy to sell them, but not by itself, but through intermediaries. The intermediaries are promoting them, they do not violate any laws. Accordingly, I start looking for where the people hang out: I need a person from Ukraine who would sell Israeli drones.
Going out to the client, he will say in a confidential atmosphere that he also has spare parts. You will laugh: an online store (let's call it tratata.com). There is a section where you can type "drone Israel". The seller is a small company from Ukraine from Odessa, five people on the staff, I am trying to get a head - 15 years ago I graduated from the Frunze Higher Command School, then spent 10 years in Germany. The firm immediately received an export license from Ukraine. Our client.
Then I climb into their server, the server is as full of holes as all the others, I find a form that they are selling abroad for 220 thousand dollars a VR-14 gearbox that has been repaired in the Urals.
The form looks something like this ( attention: this is just a version of the form, and not the specific form that was in the described task - as Andrey Masalovich explained by providing this screenshot):
The Ural form corresponding to this number contains the number of the helicopter, which, according to official data, is flying over Crimea. In fact, he is being taken to a warehouse in Odessa. How long did this task take me? I went nuts for a week. I didn't know how to approach. I worked for about a day and worked effectively for about half an hour. "
Коментарі
Дописати коментар
Олег Мічман в X: «Donations and support for media resources, bloggers, projects, and individuals. https://t.co/HPKsNRd4Uo https://t.co/R6NXVPK62M» / X
https://twitter.com/olukawy/status/1703876551505309973