Informatics

Lecture 3
Trust and validity of information

What can we trust in the IT world?

The trustworthiness of computer
systems
secure, dependable (reliable and
available), correct, safe, private, and
survivable

The trustworthiness of e-Commerce

Electronic payments.

What is there to trust in the IT world?

The trustworthiness of people?
Cyber criminals, human error

The trustworthiness of the source

or evidence?
The quality of the information you are
accessing

We shall focus on these last two

The Corporate Data Perspective

Decision makers need data
Data: facts
Information: organised data
Knowledge: experiential

Internal: corporate data, sales

External: commercial, satellite,
internet data etc.
Once organised they need to be
interrogated SQL or Data Mining
and be presented.

Data Collection, Problems, Quality

Collection: the previous lecture
Problems: Incorrect, untimely,
inappropriate for analysis, required
data may not exist
Quality obviously affects the decision
process e.g. fidelity, timescale

Sources of Quality Problems

Data entry
Changes to source systems
Data migration or conversion
Mixed expectations by users
External data
System errors
Customer data entry

Data Quality factors revisited

can it be directly applied?
is it stored in predictable way?

does it represent reality?

is the info close enough to true?

what is the maximum accuracy?

What about these sources?

What would be your level of trust in:
Academic databases
Wikileaks
Wikipedia
Twitter
TripAdvisor.com reviews
BBC News
Sales pitch
Your own companys data
Opponents information in times of conflict
Well designed web site
Poorly designed web site .. Etc.

Crowdsourcing
The Wisdom of Crowds is
increasingly being used to obtain and
analyse data:
Get people to analyse huge data
sets
Get a crowd opinion on a problem
Monitor crowd behaviour e.g.
predict a flu outbreak from Google
searches

Evaluation of Evidence
Weighing evidence is basic to its
credibility
3 steps to evaluation
The source
The method of communication
The evidence itself

The basic principle is to keep it

simple Occams Razor

Source Evaluation
Need to answer 3 questions
Is the source competent?
Expertise required. Are you able to describe
the source?

Did the source have the access

needed?
The sources claim to access is credible?

Is there a vested interest or bias?

Is HUMINT being sold to the highest
bidder?

Communications Evaluation
How did the evidence arrive?
The accuracy decreases with length
of chain
Analyse the channel itself
Is the information being intentionally
provided?
Is it true or deception?
Is it for the opponent?
X can become a fact through validity
creep
..may.. Possibly .. Probably .. IS!

Credentials of Evidence
Credibility: how believable is it?
Reliability: consistent, replicable,
corroborated?
Inferential value: what weight does it
carry think about the motives of the
source and is the data relevant to the
problem?

Pitfalls in Evaluation
There are at least 7 pitfalls to avoid in
weighing evidence
1. Vividness weighting
Statistics least persuasive, then text, with
video most persuasive to decision-makers
2. Weighting based on the Source
Downplaying the value of open source
data

Pitfalls
3. Recent Evidence
Should the most recently acquired
evidence have the highest weight?

4. The Unknown
How to judge a question when evidence is
absent or little is known

5. Trusting Hearsay
Do you trust the words of a person? What
if the target knows they are being
monitored?

Pitfalls
6. Expert Opinion reliance
Can we rely on their opinion to be
objective?

7. Premature Closure
Tendency to affirm existing beliefs
instead of discrediting them

Calibration of data
It is possible to essentially test the data
being supplied by the use of
calibration:
Release a dataset and wait for it to
return check the contents
Insert a dataset with a known
outcome into the analysis chain and
monitor the effect
Set a honeytrap with a false dataset

Denial, Deception and Signalling

Is the analyst seeing what the opponents
want him/her to see?
Denial and deception (D&D) are core to
counterintelligence
In some cases they are a major weapon
against those with access to sophisticated
technology
Whereas signalling is the opposite in that
the opponent is sending a deliberate
message

Denial
Comms and radar can be denied to
SIGINT
Intermittent operation, using land lines,
encrypting or jamming the SIGINT with
interfering signals.

IMINT denial
Using camouflage or masking techniques, going
underground, operating during darkness or
cloudy weather. Also cleaning up chemical
emissions to deny spectral imagery collection.

Deception
Passive deception deploys decoys
Dummy ships, missiles, tanks etc

Active deception includes misinformation,

misleading activities, double agents
E.g. criminal groups have developed
deception strategies to evade international
restrictions on narcotics and arms
trafficking
i.e. hiding financial transactions using
intermediaries

It happens in business too but the trick

here is to deceive the opposition, NOT the
public

The Defence against D & D

Your best strategy is to deny access
to your intelligence capabilities
Protection of intelligence applies to
the product and the sources and
methods
Protection is higher for COMINT (e.g.
phone tapping), less so for IMINT
(e.g. drone) etc. OSINT has none
because it is not classified at all

Higher Level D & D

Deception has to be subtle (not
recognised by opponent) but not too
subtle (missed by opponent) sufficient
to provoke action
Many countries are using Multi-INT in
their deception strategies perception
management
If opposing intelligence makes an initial
wrong estimate then longer term
deception is easier the opponent then
faces undertaking an unlearning process
to take out these effects

Social Engineering
The psychological tricking of
legitimate computer system users to
gain information
Phishing attacks are now routine for
most users
Spear phishing attacks are getting
more sophisticated with the use of
social network data

Misinformation
Propaganda has long since been
used by governments or other
groups to influence a population
Classic cases during conflict and
war
In cyberspace we need to guard
against unauthorised access, web
defacement and even open source
postings

Countermeasures
Preventing the human hack is in its infancy
We need systems that can raise alerts with
information sources
Single sources
Spotting spoofs of servers using metrics
Some historical model of the source
The style of writing; linguistic cues

Multiple sources
Calibration against other sources
Stats of reliability and overall trustworthiness
E.g. amazon vendors