Executive Summary 🔗︎
This blog article examines the psychological rather than the technical aspect of Maltego, in particular – cognitive biases. Understanding and mitigating these phenomena is incredibly important to ensure that the intelligence gathered and the subsequent conclusions derived, are objective and will yield the best possible results. We will look into three examples of biases that analysts encounter during their investigations and elaborate on how Maltego can help mitigate their impact.
As analysts, we need to maintain focus on the most crucial elements during our investigations.
Introduction 🔗︎
In Intelligence Community Directive 203 2015, (a set of Analytic Standards set out by the Intelligence Community (IC)), it is stated that “analysts must perform their functions with objectivity and with awareness of their own assumptions and reasoning. They must employ reasoning techniques and practical mechanisms that reveal and mitigate bias.” So important is this objectivity that it is listed first out of all five IC Analytic Standards.
Fundamentally, intelligence gathering, and analysis is a task based on communication – be it data retrieval, sharing, examination, or dissemination. However, communication is a particularly illogical process that requires the use of heuristics – mental shortcuts to help with problem-solving and probability judgments. This means that intelligence gathering and analysis are themselves victims of the biases that the analyst naturally brings with them into any investigation.
With Maltego’s method of data retrieval and iterative validation, an analyst can ensure that they are primarily allowing data results to lead their investigation, and not projecting what they want or expect the results to be. Analysts can objectively assign the deserved value and weight to data, and have those patterns and trends supported by robust data validation chains.
Below, we dive into three common investigative biases and how investigators can avoid them:
- Confirmation Bias
- Availability Bias
- Clustering Illusion
Richard J Heuer’s Psychology of Intelligence Analysis is a “must read” for those wishing to move into the field of intelligence.
Confirmation Bias 🔗︎
Humans tend to favor data that supports their initial presuppositions over data that negates them. As intelligence investigations deal with the “unknown,” this is a perfectly natural means by which our brains attempt to drive confirmation of what data we are receiving and to help us reach a conclusion. This bias is automatic and unintentional – it cannot be completely avoided or eliminated, but it may be managed by improving education, critical thinking skills, and investigative processes.
Maltego allows analysts to avoid bias when conducting intelligence gathering and analysis as the data takes the lead. Using a Person of Interest investigations as an example, it is the derived data that leads the analyst through each subsequent step. This is because through running Maltego Transforms, there is a reduced need for interpretation as results automatically populate additional and related data points.
Additionally, the available Transforms provide a set structure within which the analyst may confine their search scope – avoiding the interjection of the analyst’s own biases into the analytical system due to its closed nature. And lastly, through the establishment of Machines (macros to automate standard or repetitive investigative steps), investigations can start from the same state and run a standardized set of Transforms on each data set, ensuring consistency and objectivity throughout each investigation.
Availability Bias 🔗︎
Availability bias refers to our propensity to rely on examples that immediately come to mind when evaluating a specific decision, such as that aircraft travel is more dangerous than driving. However, this is not the case – Whilst aircraft crashes are far more publicized than car crashes, they occur significantly less often. Increased exposure, drama, or sensationalism strongly influence how we interpret data, its value, and frequency, even when provided with contrary statistical evidence. In the Intelligence Community, it may also refer to a tendency to underestimate the value of easily accessible information. That is, the belief that covert information is more important, vital, or “better” than that gathered from open sources, thereby limiting the pool of information which is accessed.
With Maltego, each OSINT integration that drives the Transforms is inherently of equal value. The structure of the investigative process means that there are no secret forums to discover, or hidden codes to break – there are no biases and weighting put forth by the analyst for the data source. The data is the data – the value which is derived by the analyst is determined by the iterative nature of the data Transforms and how, throughout the investigation, the data discovered is further enriched through running more and more Transforms.
Additionally, Maltego avoids pushing information on the analyst such as one sees during a Google search – meaning that the analyst is free to expand their investigation and seek out deficiencies in data as they detect them, rather than derive a false conclusion about frequency and import.
Clustering Illusion 🔗︎
The Clustering Illusion can lead analysts to detect non-existent patterns within data. The reason for this is that the human brain attempts to make sense of that which is being seen and thus will tend to underpredict the amount of variability likely to appear in a small sample of random or pseudorandom data. This can lead analysts to misinterpret data – something which a competent analyst wishes to avoid at all costs.
Luckily, Maltego’s ability to provide comprehensive graphical link analysis allows the analyst to not only visualize the available data but also to dynamically present this data using a multitude of views. The solution to the clustering illusion is to seek out more data – further enrichment of available data, and additional context for the overall investigation. By coupling this with Maltego’s capability for node-based weighted graphing, pattern determination, and order connections, data patterns become clear, concise, and accurate.
Conclusion 🔗︎
Maltego can help even the most experienced analyst ensure that fundamental principles of intelligence analysis are adhered to, and that objectivity is maintained throughout the investigative process. Maltego does this in a non-intrusive manner by actively supporting the analyst with contextualized information, validated data chains, and iterative analysis.
Don’t forget to follow us on Twitter and LinkedIn and sign up for our email newsletter, so you don’t miss out on updates and news!
Happy investigating!
About the Author 🔗︎
Aaron Dixon 🔗︎
Aaron Dixon is a former member of the New Zealand Military who has spent the last 6 years working as a consultant in the areas of IT Security and Compliance, Data Privacy, Digital Forensics and Cyber Threat Intelligence. He holds a bachelor’s degree with a double major in History and Defense Studies, as well as a Postgraduate Certificate in International Security. His primary areas of interest are terrorism and geopolitical conflict, as well as focusing on the foundational processes and principles of the Intelligence Cycle.