View More guides on Cyber Threat Intelligence
What is Signals Intelligence (SIGINT)?
- Cyber Threat Intelligence
Posted on: July 24, 2019
SIGINT (Signals Intelligence) is the intelligence gained by the collection and analysis of the electronic signals generated by specific devices. These devices could be the communications systems, radars, and weapons systems used by any particular target. It is mostly used to gain intelligence from foreign targets, with the aim of obtaining information about foreign adversary’s capabilities, actions, and intentions.
Why is Signals Intelligence important?
The current security solutions and tools are simply based on “known intelligence” provided or collected by security experts. This refers to the common attributes like security patches, anti-malware signatures, access control lists, etc. But if an adversary is using a new or unknown form of signal communication-based attack (such as Signal Jamming and Replay attack), the current solution and tools (like firewalls, anti-malware solutions) will become useless or irrelevant as they are not developed to understand radio signals. In such cases, Signals Intelligence can help counter such cybercrime threats.
What is the use of Signals Intelligence (SIGINT)?
Signals Intelligence can be used by any government in the world, to gather information about international terrorists and foreign powers, organizations, or persons. It can produce or gather intelligence in response to the formal demands levied by those who have an official need for information, including all departments of the executive branch of any national government (like defense/spy/police agencies).
Signals Intelligence can be used to develop and track new modes of communication and can be applied to a technical source or destination. For example, a hacker may send any form of signal to disable a firewall (like a recorded voice command) which could have an effect of executing the command “stop mpssvc” (a command used to disable Windows Firewalls) on the targeted server. A typical security device may not be able to detect this attempt unless it is equipped with some mechanism for decoding and analyzing the signals.
How can Signals Intelligence help in cybersecurity?
Having a pro-active tracking and analysis of all the traffic (including signals) flowing between machines can help identify any anomalies. For automation, tools based on SIEM rules (rules based on if-else conditions, rather than just known heuristics) can be used. Some examples of devices already being used for capturing signals (probably by threat actors as well) include USB sticks fitted with radio transmitters and “Lampstand” devices that can interfere with wireless connections at distances (from miles). Understanding their working mechanisms and having a cybersecurity strategy to capture and analyze the signals from such devices can help strengthen defensive as well as offensive capabilities against threats related to signals.