Category: Blog

OSRINT – Open Source Risk Intelligence

Do you know, what kind of private information are available in public sources about you and your family members, which could be of a risk and used by criminals?

FAMILY OFFICE ELITE spoke with Sven Leidel, an expert for HNWI/UHNWI Risk Mitigation & Protection Strategies located in Hamburg, Germany.

FOE:
Mr. Leidel, please tell us about your professional security background and introduce yourself to our readers!

LEIDEL:
I was born in 1968 in Hamburg, Germany and I am a German citizen. As a former member of the German military police, I have been dealing with the topic of protection and security since 1988. Today I am involved, as an honorary member, in various national and international security and professional associations in advisory and executive functions. I am a professional lecturer and trainer, facilitator and specialist author, security consultant and expert in the field of protection strategies for exposed individuals. I have gained extensive expertise from more than 25 years of industry and professional experience and I have operated in numerous foreign assignments and projects in Europe, North America, Latin America as well as parts of Asia. My longtime customers include many major national and international corporations and insurance companies as well as small and medium-sized enterprises, exposed private individuals, family offices and family foundations as well as entrepreneurial families and high net worth individuals. Last but not least, I am an author and editor of two books in respect of Travel Risk Management; see www.travel-security-handbook.com (English) and www.handbuch-reisesicherheit.de (German).

FOE:
What is OSRINT?

Leidel:
OSRINT stands for Open Source Risk Intelligence. It is probably the most innovative way of identifying risks and critical content in respect of a specific target (person or company) in public sources. In order to be efficient in the most possible way, the internet search is done and supported by a 24/7 operating crawler technology. This advanced monitoring technology helps to identify and track personal data online in open sources, that might also be useful for criminals. In addition, experienced risk analysts work as ‘human filters’ to identify threats and sensitive details in public sources on a 24/7 basis. Another part of OSRINT is the removal of critical data from the internet and other online sources, or if a removal is not possible, the displace of such content. Especially in today’s world where media and online outlets can ruin a reputation in a matter of minutes, it is important to always be one step ahead and have the latest monitoring technology in place.

FOE:
Please tell us about a typical client case!

Leidel:
A family office is reaching out to us, asking for a confidential face-to-face meeting with one of their exclusive FO clients. The client asks us to find out, what kind of private and critical details are available in public sources about himself and his family members. All we get from him is his first and his family name; nothing else. Now it is our job to try to find out as much as possible about the target; pretty much the same way criminals would start in order to identify possible victims.

In one specific case, the HNWI did mention that he has already maintained a “low profile” for many years and he was sure that we should not be able find any pictures from him, no names and no pictures of his family members and maybe just a handful of companies that he is involved in. He did not even tell us how many children he has, nor any details in respect of his residence home and vacation real estates he might own. We agreed on 5 days of actual intense open source search from our end. Pretty quickly after starting the research, we found many critical details and put all the findings in a 45 pages’ written report. We ended up finding 27 pictures from himself, names and pictures of all his children and his wife, private addresses (residential and vacation), as well as 43 companies he and his relatives are currently involved in or he and his relatives were involved in in the past. You can imagine that the surprise was huge, when we presented the findings in a personal meeting. During the meeting we did receive the up order to conduct security audits at the residential and vacation houses in order to optimize the physical and electronical security measures and to assist in deleting critical details and information from public sources (internet). Since then, we are also monitoring the internet 24/7 with the latest crawler technology in order to make sure, that we identify critical details and content in the internet around the clock and automatically. This gives us the opportunity to react quickly and in a timely manner as soon as we (the crawler) have identified new critical content. Just recently we found out that his children did establish almost a handful new companies without consulting with their parents in the first place. Within the company registration process, the children made a mistake and used one of the family’s private address, which is absolutely not acceptable, because this is a weak point within the whole personal risk mitigation concept and strategy.

FOE:
Can you really delete all data from the internet?

Leidel:
Of course not! Some data and content can be deleted from the internet or from specific homepages and probably the majority cannot.

For example, a solution could be … in connection with a reputation management strategy, those data and content that is in the internet and cannot be deleted, you can try to displace this content on the internet by a so called “positive story telling technique”. This means that you create positive and non-critical content for a specific target (person or company) and strategically place it in the internet on existing homepages / platforms or you create your own new blogs and webpages. On those platforms where you have total control over the content, you can pretty much publish all kind of true or false/fake details that you want or that you need for your protection strategy. That way you create “helpful content” in order to be positively rated by Google, Bing & Co. Having this said, this means that your own non-critical content will show up within the search results on the first couple of pages at the search engines. Unwanted content and details will be pushed back on the pages 5, 6 or even further back. It is our experience that most criminals just take a look at the findings on the pages 1 – 4.

In addition, you can track the traffic on your own blogs and webpages; we call this “The Honey Pot Concept”. Which gives you a good first idea, who is looking for your client, what kind of keywords are used for the search, what is the main interest, where is the person located, a.s.o..

FOE:
What is a Honey Pot Concept?

Leidel:
Honey Pots are mainly used by IT security professionals in order to find out if hackers are interested in a certain IT landscape, where are they coming from, what kind of search and keywords are used, what kind of technology is used by the third party a.s.o..

Our Honey Pots are kind of modern traps. Like I already mentioned, we create blogs and homepages with a “specific real-fake content”, so people that are searching for a specific target (person or company) will get the search results within the search engine they use. As soon as they click on the search result, we are able to track their homepage visit and also their clicks and activities on the Honey Pot blog and homepage. We are able to see the country and city they are coming from, which online network they are using, how long they stay on the homepage, which additional content they have looked at and much more useful details. This is a risk indicator for us, that somebody is interested on specific information about a target. The information of interest could be the private address of the target, private activities / hobbies of the target and other critical details. In addition, you can spread false and fake details about a target, in order to blur the online traces and to make it more difficult for criminals to find real details and information in open sources. This is a very useful and effective protection concept.

FOE:
Why is it so important to know what kind of Details are available in the Internet?

Leidel:
It is our experience that criminals also look first in the internet and try to find out as much as possible useful details about possible targets and victims. The more useful details they find and the easier it is to get access to those details, the more likely it is, that criminals will pick a so called “soft target” for their criminal activities (kidnapping, burglary, blackmailing, threatening …).

The goal of a comprehensive personal risk management is to become a “hard target”, in order to be unattractive and not of interest for criminals.

You can compare this with the following:

You do not have to install a tons of physical and technical security at your house, like they use at “Fort Knox”. Your house just needs to be more secured than the neighbor’s house. Criminals are looking for quick and easy wins, with hardly no risks of failure.

FOE: Thank you very much for the interview.

The kidnapping, ransom and extortion threat faced by businesses operating abroad today has become not only common but also costly. Sometimes known as KRE or K&R, in many parts of the world criminals have become organized and even specialize in certain activities related to the crime.

The insurance industry has specific policies written to cover the kidnap and ransom threat. KRE insurance coverage became more well-known to the general public with the rise of piracy off the coast of Somalia and elsewhere about a decade or more ago. Private shippers began losing money through kidnap and ransom demands for cargo and passenger return.

In Latin America, KRE has been a problem for many decades. Government security statistics have included kidnapping and extortion since the 1970s. Worse, organized gangs who specialize in kidnap and ransom crimes have sprung up and become extremely capable. These gangs have compartmentalized themselves. One criminal segment specializes in the kidnapping. Another group gets paid by the kidnap specialists to hold the hostage. A third group has expertise in negotiating with the enterprise or family of the hostage.

Insurance policies vary, but a K&R policy usually has two main parts. The first part of the policy provides for funds to activate a team of K&R security experts to assist the company in coordinating the appropriate response among all parties (police, government, company and family).

The second part of the policy involves the actual ransom payment. The underwriters often suggest contracting for a policy that has large limits. It is not unusual for policies to cover multi-million or tens of millions of dollars per kidnapping.
Once you become aware that the missing and that extortion is the reason for the kidnapping, most companies will immediately seek the assistance of KRE security personnel. These K&R experts must be pre-vetted and on the insurers approved list of vendors before a company can engage them under the terms of the policy.

A typical KRE case lasts, on average over two years. Many go on for up to five or more years. The victim is usually released unharmed but the perpetrators often remain at large. Many companies and families prefer to pay the ransom knowing that the odds are in their favor that their loved one will be returned unharmed.

The length of time these cases take is due to several factors. Negotiations often take an extended period of time. The professional kidnapping and extortion gangs go to great lengths to ensure that the victim is sequestered in a safe location before conducting any actual negotiations. The criminal negotiators want to ensure their own safety and hence the back and forth can be frustratingly slow.

Once the negotiators have concluded a bargain, the actual exchange of money for hostages can also take a long period of time to arrange. Often the kidnappers demand that a third party act as an intermediary. Choosing and approving this person takes time too.

KRE is part of the risk associated with doing business in foreign countries. Companies must ensure that they not only have included K&R in their emergency plans but that they also have sufficient insurance to cover the often very costly expenses associated with successfully concluding a kidnap and ransom incident.

Monday, November 19, 2016: A person did drive a truck into a Christmas market in Berlin, killing 12 and injuring at least 50 people.

The attack is the latest in a series of incidents in Germany in the past months and years.

Recent incidents in Germany in the past couple of months include:

24 July 2016, an explosion in Ansbach killed the attacker and injured 12 others.

22 July 2016, a lone gunman attacked the Olympia shopping center in Munich killing ten people, including himself, and injuring a number of others.

18 July 2016, a man armed with an axe and knife injured five people on a train travelling between the towns of Treuchtlingen and Wurzburg.

The German police continues to monitor a number of individuals suspected of involvement in terrorist-related activity and have disrupted a number of terror plots by arresting several terror suspects i.e. in the Northern towns of Ahrensburg, Grosshansdorf, Reinbek … among others in Germany.

Germany has increased its security in the light of recent and past terror attacks.

When media is reporting about possible terrorist attacks in Europe, Germany is (always) among the countries mentioned as a possible target for the terrorists. This certainly should not be a reason to avoid travelling to Germany, but there are a few simple tips that can help you avoid getting caught up in a risky situation.

Keep up to date with the news, and travel warnings when you plan a trip to Germany. The German government does an excellent job of keeping travelers, visitors and people informed about possible increased threats from terrorists or other third parties.

If possible and appropriate, hire a professional and local transportation service, where the driver is security trained and speaks English or your mother tongue. In addition, it might be advisable to hire also a local and experienced executive protection service in Germany, which can assist in identifying risky areas in German cities, in order to avoid an increased risk or threat in visiting sketchy areas such as red light districts or areas with increased criminal activities a.s.o..

Make yourself familiar with the principle of HIDE – RUN – (FIGHT) – TELL … which is very useful during an active shooter attack and can increase the chance of survival.

Pay attention to your direct and indirect environment. Many times, a threat can be identified in advance, before getting too close to somebody.

From a security perspective it is also advised to stay away from public events such as concerts, Christmas markets, new years’ eve celebration and so on … but isn´t that what a trip to Germany, especially during Christmas time and at the end of a year, is all about?!

The German authorities maintain increased security measures as a precaution around the country, including at public buildings and transportation hubs. The German law enforcement and intelligence services are one of the best world-wide, no doubt.

Nevertheless, there is no and there cannot be a guaranteed “100% Security”: It is not the question if we will see another terror attack in Germany … it is more the question when will we see the next attack?

A very difficult question has been asked many times before:

Should we change the way we live?

Nobody can answer this question for another person.

Just one last thing … we all might have to adapt to certain best practice security principles and security behaviors in our day-to-day activities and life, in order to mitigate certain risks and threats … whether if we like it or not.

For many years’ wealthy families have only used “risk management” for their investment portfolio’s success and their insurance risk. One of the biggest risk for a wealthy family is loss of money, however “money” is so vague that it can be used in nearly any argument and topic. A wealthy person realistically should be worried about the following risks:

Cash Flow – A loss of cash flow due to decreased income because of a failing business, health care expenses or even familial expenses can cause a dent in the coffers of any family. For wealthy families this is often worse as the expenses are higher, so a big dip in income for a wealthy family could mean serious issues.

Property – Real Estate prices can fluctuate, property can be damaged and tenants could refuse to pay rent or you could be wealthy enough to be a target for robbery. These are all reasons as to why real estate is a risk for the wealthy person. Just like, cars, jewellery and even something such as trademarks, all forms of property can be stolen and damaged.

Personal Security & Personal Liability – As a wealthy person odds are a few people in a few circles will most likely know your name. This provides a great risk to your personal security. Minimizing your liability from your board of directors actions is also a major factor you will have to consider as you could be held liable for your businesses actions if you are not careful with a lawyer.

It is imperative that wealthy families identify the risks, assess their level of exposure to those risks and evaluate the cost and effectiveness of various prevention methods and mitigation efforts, as well as insurances that are in place.
Not all risks can be transferred through insurance for example, and because of costs involved it makes some sense to take actions to reduce exposure to those risks and identify if there is any part of the risk that can be transferred via legal loopholes for example.

Once risks have been identified, assessed and mitigated all other risks should be reviewed through insurance. By design insurance is used for low likelihood, high cost events. In order to prevent the most amount of risk through insurance it’s vital that you produce an ironclad policy and an expert to assess if the true risks are properly covered.
Financial assets are getting harder to protect, the management of risks require a detailed and thorough approach which will most certainly call for several advisors, insurance agents and attorneys.

It is important that wealthy families do not underestimate the risks that they might face from criminals … such as small-time criminals and organized crime. Risks, where insurance coverage cannot really help, could include but are not limited to blackmailing, bribery, kidnapping, theft, fraud and burglary. It is important to have preventive security measures and risk mitigation procedures in place, in order to be able to respond to upcoming threats quickly and in the most effective way.