Methodologies in Threat Intelligence: Examples in Addressing Sports Betting
By TorchStone Senior Analyst, Ben West
In our May 28 article outlining the threats associated with sports betting, we emphasized the importance of using threat intelligence methods to monitor potentially dangerous activity. In this follow-up piece, we will discuss more specific approaches to threat intelligence and how they can be used to defend against threats related to sports betting. While these approaches are geared towards threats associated with sports betting, variations can be used towards virtually any other threat. Threat intelligence is key to identifying the threats and vulnerabilities to ensure that organizations can maximize the efficiency of their physical security assets.
Layered Approach
TorchStone’s approach to threat intelligence is generally three-layered. We start at a high level, understanding the general trends and forces behind a threat. By understanding how threat actors operate, who they tend to target, and why, we build a model that helps to anticipate threats before they happen, allowing security teams to be proactive.
Once we have a general threat model, we can use it to help identify specific targets, anticipate the timing of threats, and notify potential victims when their threat levels increase or decrease.
Finally, once threat intelligence has helped to determine where physical security assets should be deployed, intelligence teams can work with physical protection teams to identify, track, and intercept specific people or groups that pose a threat to the designated principals.
Applying Threat Intelligence Assessment Methods to Sports Betting
Let’s use sports betting as an example of applying a layered approach to threat intelligence.
Based on the May 28 assessment, we know that threats associated with sports betting are generally on the increase due to recent legal changes and the proliferation of online sports betting platforms. Most threats associated with sports betting are linked to grievances due to potentially life-changing financial losses. We also know that there is a precedent for sports gamblers to target a wide range of individuals involved in sports, ranging from coaches, staff, officials, players, and even their families. While all-star players may have their own personal security, we know that most amateur or college athletes, staff, officials, and family members have little in the way of dedicated security. Additionally, virtually anyone is vulnerable to threats online via social media channels. This creates an environment of increasing threats to a very broad range of individuals.
Fortunately, the online nature of the threats, whether it be the online sports betting platforms or the social media channels where the threats occur, are generally open and accessible to threat intelligence teams. Compared to the mob-run sports betting rings of the early 20th century, modern-day sports betting is fairly transparent. Monitoring trends in sports betting activity online can be a first step to identifying irregularities that could indicate increased threats. We know that many threats have emanated from proposition bets, or wagers placed on the performance of specific players during a specific match or series. By monitoring proposition bet activity, we can anticipate when threats might increase: for example, if a player has a particularly poor performance during a game that attracted higher than usual betting activity, we can anticipate that many people lost money on bets and some of them will develop a financially motivated grievance. To be clear, the vast majority of sports bettors will take the loss and move on, but history has shown us that some individuals will take out their frustrations on players, coaches, and even family members.
The more targeted the monitoring, the more specific the threat intelligence can be. Monitoring chatter about specific players, teams, and venues can help identify grievances that can evolve into threats and potential violence. Focusing intelligence collection on a specific team, venue or even individual will allow intelligence monitoring to focus on specific search criteria on multiple channels, including internet forums and social media channels The sports betting community is very active in discussing trends and sharing grievances. These discussions can provide indications of which individuals may be more problematic and warrant more focused monitoring.
The most proactive application of threat intelligence is to monitor threats posed by specific individuals. In addition to open-source intelligence monitoring, the physical security team can also update the intelligence team on suspicious individuals or on threats made to principals through private communication channels such as text or direct social media messages. Through a combination of open-source monitoring and coordinating with physical security teams, a dedicated threat intelligence service can identify persons of interest and conduct tailored threat assessments on them. Based on work with other clients, TorchStone is able to identify the physical location, social media accounts, public criminal records, and other relevant information about individuals who pose a threat to a principal.
Once a threat intelligence team has identified key persons of interest, we can monitor their activity and alert the physical security team of changes or potential threats they may pose to events or individuals. If the threat intelligence team discovers that a person of interest has placed a particularly large or irregular bet on a player or event of interest, that would trigger an alert. Or if the threat intelligence team discovers that a person of interest will be in proximity of principals, that would also trigger an alert.
A threat intelligence team can then share intelligence and physical descriptions of the threat with the physical security team so that they can focus their limited resources on the most likely threats.
Threat intelligence is a powerful tool for threat management professionals, whether they are protecting athletes from angry gamblers or CEO from violent protesters. Using a layered approach to threat intelligence is key to efficiently and effectively identify potentially threatening individuals before they cause harm.