To the fear of paranoiacs: where did the development of an analytics system lead to the fight against industrial espionage lead us

One of our customers had a rather interesting request related to the work of counterintelligence at the enterprise. The goal is to ensure that more than expensive (including for the state) information is not carried out. The idea of ​​implementation is the collection of all possible open data about employees and the identification of “Cossacks” among them according to patterns of behavior. Actually, this was done manually by the security guards before, but now it was proposed to use good data mining.

And then it became creepy: we realized how much we can learn about each other, using only open data. From industrial espionage to personal relationships at work. It got so much of everything that we were nearly cut off the publication of this post. And they would have been cut if there weren’t many times more useful “civilian” applications.

So, imagine an enterprise. We conducted experiments with its safety bus, but you can imagine your office (and not much mistake).

Here is what we can get at the entrance from the security guards (and what will definitely be available when solving more specific tasks of the enterprise’s counterintelligence):

1. Data for each employee from the personnel department.
2. Mail server data - who, when and to whom wrote (we do not see the text of the letter and subject).
3. Data on calls to corporate numbers (we don’t know what these calls are about, only the time of the call, the duration and the number of the called party).
4. Data from all ACS devices, including RFID turnstiles, key holders and recognition systems for numbers and faces.
5. Data on weather, events in the office (training) and other external events.
6. Project tracker data (who, what, and when did).
7. Data provided by a robot crawling on a corporate social network capable of parsing profiles and other open data.
8. Data on vacations, business trips, etc.

Plus, we suggested how this data can be enriched with full access to the security bus of real sensitive facilities, and we began to draw conclusions.

To begin with, it turned out that we can create a communication base in real time. Whoever wrote and called whom is simple and accessible to everyone. According to SKUD, you can very quickly find out who went to smoke together - they simultaneously go beyond the perimeter and approximately simultaneously go in. The analysis of changes in the time of joint “smoke” suggests a serious conversation in the smoking room. And enriches the graph of informal ties. Then we found out another magic thing: the employees in the dining room pay with corporate passes, that is, the same ACS bus is in effect. This can enrich our knowledge of the informal relationship graph. Plus the housekeepers. Plus everything else.

What does the graph of connections give us? A lot of things. First, we took for training the real data of “corporate spies,” or rather, those people who had already gone to other companies, taking with them some valuable and not very data. It turned out that right in front of the point of evacuation (dismissal), such employees not only begin to massively download (without reading) all available documents (which is very easily blurted out by security guards), but also a little earlier abruptly collapse the graph of communication. That is, as soon as someone shows an activity to reduce the graph - this is a sign of close departure. We superimposed a picture on a sample of employees who left at their own request - and it turned out to be quite clearly matching. Well, we learned how to predict leaving shortly before leaving.

An engineer, for example, clearly does not have to communicate with an employee of the legal department. Communicate? Most likely, they have some kind of informal relationship. Maybe they are just close acquaintances, or maybe we have a case of the beginning of penetration, if the object is sensitive. With this hypothesis, we went to psychologists. They gloatedly rubbed their hands and decided to join the project.

From that moment on, the evening ceased to be languid.

The graph of connections makes it clear who is involved in what business.According to the corporate social network, for example, we found out that with the stated one position in the project, an employee can often answer questions on another topic. And to be an informal expert, although officially the personnel officer will not know this. For "counterintelligence" this means that when an employee does not correspond to his dossier, it is worth taking a closer look. For our personnel in a peaceful application, this means a swarm of opportunities:

1. You can see who really knows what and what.
2. The graph of connections allows you to identify the actual leader with a nominal manager (this is often a deputy or secretary - by the way, the secretary because he is responsible for the boss). This is called the “search for a center of influence” and is also important for identifying points of influence using social engineering.
3. You can see which projects are of interest to anyone. So, if a person is bored, you can offer him a project that he will definitely like. This is very important for retaining employees, because one of the reasons for dismissals is boring work.
4. You can optimize the team - for complex projects it is very easy to assemble “special forces” from those who have already worked together with each other, judging by the graph of connections. Moreover, it can be automated and put triggered people together constantly.
5. Eichars also asked: "show the top people who do not respond to letters."
6. Based on a number of tips from psychologists, we also revealed the dynamics of the pulsation of the graph of connections and were able to catch the moments of employee dissatisfaction, that is, the stage when he can quit, but he himself did not begin to think about it. Now it is revealed manually during conversations with the personnel officer once every six months at the level of “what do you like and what don’t?” - and either retraining, or a change of project, or growth is proposed. And here you can automatically. We saw how some employees put likes on each other once a year, and then dismiss those who have few likes, which means that along with the loafers, they also drank innovators.
7. By the fundamental growth of the graph, you can track a person’s willingness to become a leader. This is very important for large companies when collecting teams. In the presence of advanced data (which is already for “sensitive” objects), you can track periods of “motivation” and “despondency”. A normal employee, as psychologists have suggested, they alternate. Thus, if someone is “depressed” constantly, it is easy to seduce him with bribery - and this is another point of increased attention for “counterintelligence”.

At the same time, we parsed the data from the websites of the personnel departments of companies in the sphere - they are so cunning that sometimes they call directly from the corporate number from the website to the corporate number of the employee and offer to change the place of work.

Well, at the same time, according to ACS, we calculated the optimal schedule for corporate transport. At least something useful based on only a test sample.

These were still flowers

We have a partner who ideally fell into the “counterintelligence” project: guys know how to shoot a print profile (typical gaps between pressing the keyboard buttons and hit accuracy). If you remember, there was even such a story as the identification of a person by “handwriting” in the printed phrase as a second factor. By accuracy - like bionic methods. So, as an authorization method, this was not included in widespread practice (although Kurser sometimes checks the same in exams that you are you), but our partner has learned to determine the emotional state by changing the handwriting. And fatigue.

They have profiles for “upset,” “fever,” and “tired.” And this is extremely important for the dispatcher - if he is tired or sick, for example, a plane may fall. If your employee is blackmailed and frustrated before an important decision, it is also better to know.

Adding this data to the above, we can get forecasting problems with the work and implementation of projects.

About speech recognition in speech, I generally keep quiet. How much data can be added is just a fairy tale, but, again, only for sensitive objects.

We asked colleagues. Security guards are all interested in such chips, but no one gives them money for this. Now is the era of total open data, not total control. On the other hand, our mathematical apparatus turned out to be very easily applicable to other mining tasks. For example, it suddenly turned out to be easy to look at trends in the public procurement market. We look at what contests the employee participates in, and we calculate others where he could participate in order to understand what we could miss. Or if we work as a provider of a service in a building, then automatically tenders for the purchase of such a service will be cheaper for everyone at the facility, because we have already conducted the infrastructure there. We put on special control. Etc.

Eycharas say that it’s important for them not to fire the “Cossacks”, but to understand who is tormented and cannot convey to the head that they, for example, are fed him breakfast. It is very important to understand who is dissatisfied, because then they are beaten for what the employee wrote about this on Facebook, but did not tell the head. Or he said, but he did not understand.

Summary

Hi paranoid! We do a lot to make you worry for good reason. On the one hand, it’s somehow scary, but on the other hand, on our own experience and based on requests from our customers, we realized that all this is not used to spy on employees, their correspondence or something like that. Business is interesting in terms of retaining valuable personnel.

References

• Speech Recognition for Paranoid
• Facial recognition
• My mail is brahew@croc.ru