Defense Media Network

Ntrepid Case Study: Managed Attribution for Open Source Intelligence (OSINT) | (SPONSORED)

The Challenge

Arid Hunter pursues an open source intelligence (OSINT) mission. Their users conduct extensive online research to gain greater insight into their targets and build a narrative around specific topics or groups of interest. This requires them to identify, collect, and characterize large data sets from a variety of online sources.

Prior to working with Ntrepid, Arid Hunter personnel employed a number of improvised solutions to pursue their OSINT mission; including using standalone laptops that operated outside of their agency’s network. Often, teams would use a single laptop for multiple research efforts, which safeguarded their agency’s infrastructure but left the laptops susceptible to malware, which could be transferred to internal networks as the users moved files between systems. Moreover, the standalone devices did not disguise users’ online operations and were vulnerable to device fingerprinting—a technique that allows websites to use technical and behavioral characteristics to create a profile of the device. These technical and behavioral risks jeopardized the integrity of Arid Hunter’s mission.

These laptops also relied on commercial IP addresses via mobile hotspots or public internet connections, which did not provide sufficient technical or geographical diversity. As a result, most Arid Hunter users looked like they were accessing the internet from the same place—because they were. Without proper control over their egress points, Arid Hunter users risked revealing their actual location and online activities (if users from the same IP addresses are looking at the same content online). This, in turn, left them exposed to websites blocking their traffic or feeding them misinformation.

Some sophisticated Arid Hunter personnel created their own virtual machines on their standalone laptops, but the maintenance required to keep them updated, secure, and operational was untenable, and users often ignored updates and didn’t follow proper safety practices. Further, these homebrewed solutions were not scalable to the broader organization and could not adapt as the mission evolved.

Identifying and collecting information was only part of their mission, and users had no way to organize or visualize their data sets or collaborate with geographically dispersed teams. Team leads and administrators also lacked a solution for centralized auditing and oversight, and relied on ad hoc updates to maintain situational awareness of their users’ activity.

In pursuit of their OSINT mission, Arid Hunter’s managed attribution (MA) solution was ineffective and left their users vulnerable to a variety of online risks.

The Solution

Ntrepid worked with Arid Hunter to deploy Nfusion and Timestream, which work together to make online research easier, faster, and more collaborative. Nfusion provided Arid Hunter with an alternative to standalone laptops and equipped them with multiple ways to manage their attribution. This enabled their users to project a unique online identity and operate in a deniable, secure, and discreet manner. Timestream’s integration with Nfusion addressed Arid Hunter’s data organization and collaboration needs, and provided users with an efficient workflow that includes information collection, collaboration, visualization, and presentation features.

Nfusion supplied Arid Hunter with a coherent MA platform that incorporates automatic data collection and cataloguing tools, secure file transfer and malware scanning, automatic updating, and Timestream integration. It also protected Arid Hunter’s internal networks and infrastructure by isolating all user activity in our modular and extensible virtual environment. In addition, Nfusion virtual machines are destroyed at the end of each session, eliminating all malware, advanced persistent threats, and trackers that may have been accumulated.

Ntrepid satisfied Arid Hunter’s requirement to egress from dedicated locations around the world by deploying our global network of discreetly procured and managed IP addresses—known as Geosites. Geosites are also fully backstopped and cannot be attributed to Ntrepid or Arid Hunter. Using technically and geographically diverse IP addresses and system identifiers, Arid Hunter gained access to previously blocked websites and avoided being shown targeted misinformation.

This comprehensive MA solution also allowed Arid Hunter team leads and admins to maintain real-time situational awareness through persistent auditing, reporting, and oversight features. With Nfusion, Arid Hunter personnel were finally able to see every page visited and every browser action taken during operations.

Equipped with Nfusion and Timestream, Arid Hunter users were able to spend more time on target, focusing all of their efforts on executing their mission faster and more effectively.

Mitch Freddura, Training Program Director


About Ntrepid

Since Ntrepid’s inception in 2010, deployments have scaled to support more than fifty government clients, dozens of Fortune 500 firms, and as many as 60 enterprise clients worldwide. Ntrepid employs about 300 staff members located on two coasts, headquartered in Herndon, VA, with a field office in San Diego, CA. Ntrepid’s innovative solutions are based on ten active U.S. Patents.

Ntrepid is a mission-driven provider of cutting-edge managed attribution technology solutions for government to discreetly and safely conduct complex cyber operations in the most hostile online environments. Ntrepid’s corporate focus is cyber defense and commercial-off-the-shelf (COTS) software-as-a-service (SaaS) supporting National Security and Law Enforcement­—specifically managed attribution solutions supporting online investigations, cyber operations, and open source intelligence data collection while obscuring organizational identity and protecting the mission. We leverage our deep experience in the national security community to anticipate our customers’ needs and provide solutions before the requirements are expressed. Our heavy investment in R&D allows us to stay ahead of the rapidly changing internet landscape and provide ongoing training to our customers, arming them with the same advantage.