Facebook’s meteoric rise as the social media platform of choice in the late 2000’s and early 2010’s paved the way for the integration of social media into modern life. Suddenly the online world wasn’t just for you and your friends but your parents and grandparents too. For many, Facebook was the perfect vessel to share your life with the world and connect with others. Despite the slow exodus of younger generations from the platform, it is still going strong with over 2 billion active users recorded in 2018. 

Whilst many view Facebook as the place to catch up with old friends or read an overly long rant from that weird aunt, its role in society has become so much more. In the wake of the Cambridge Analytica scandal, Facebook was revealed to be not just a social media platform, but a tool to influence public opinion. Targeted advertising and “fake news” posts allegedly swaying voters in both the UK’s EU Referendum and the US Presidential race. 

Political parties have recognised the importance of Facebook. A combined $70 million was spent on Facebook advertising by the Trump and Clinton election campaigns. Facebook themselves sent dedicated staff to advise.  

On the other side of the geopolitical sphere, the importance of social media as an influential tool has also been recognised by terrorist groups including ISIS and Al-Qaeda. Every day, extremist propaganda is uploaded to Facebook with the aim to spread fear and discourse or to recruit for the cause. The pressure is piling on Facebook to handle this problem. The European Commission is threatening heavy fines for radical content that is not removed within an hour on the platform. Despite their best efforts, the propaganda keeps on coming. 

Facebook is leveraged as a global platform, without borders. In politics, propaganda, marketing, business and advertising, just to name a few. So why not due diligence?  

Previous blogs have elaborated on the pivotal role that social media can play in the understanding of a potential employee. Revealing the motivations and behaviours that tick box exercises cannot. The information that Facebook presents us with provides the perfect opportunity for enhanced due diligence. The rest of the world has caught on to the uses of social media, it’s time that due diligence did too.

– Alex Penn, Open Source Intelligence Analyst

In the news this week:

‘NASA Intern loses job after accidental profanity-laced tweet to space council fellow’ 

In the never-ending series of social-media faux pas affecting an individual’s employment opportunities, the news which broke this week from NASA is perhaps the most bizarre yet. After receiving an offer of an internship at the space agency, a woman took to Twitter to excitedly (and expletively) tell the world of her good news. When a stranger asked her to mind her language, she replied with further expletives, and her friends joined in with the abuse. The stranger then informed the woman that he was a member of the space council, which oversees NASA, and she subsequently had her internship offer revoked. 

Some may argue that this is an overreaction on NASA’s part – even the member of the space council has expressed his regret at the decision – but it highlights the ever-increasing role internet activity can have on real life events. While the initial expletive tweet may not necessarily be indicative of the person’s personality and behaviour in general, her aggressive reaction to being challenged by the council member inevitably raised some alarm bells within the company.  

Enhanced Due Diligence (EDD) is not just about finding one misguided Tweet and highlighting it to end a career. It provides a deeper understanding of an individual, and offers an holistic insight into their behaviours, motivators and professional background. As such, it is trends in behaviour over time, be they an aggressive nature, intolerance of others or professional malpractices, which are highlighted. These factors are ultimately of greater concern to an employer than a spur-of-the-moment excited tweet.  

The internet provides the greatest wealth of information ever available from which to build pictures of individuals and help determine (or otherwise) their credibility as a representative of any firm. More and more firms such as NASA are beginning to realise the potential this provides to protect their reputation. While NASA stumbled upon it by chance, firms are increasingly adding EDD into their long-term due diligence processes, and it is already proving successful in many cases. 

The Open Source Intelligence (OSINT) market has grown significantly in recent years and is anticipated to grow over the forecast period 2018-2023, according to a recent study by Crystal Market Research. OSINT’s interoperability across various markets allows clients from all over the world to apply it flexibly. It has been predominantly used in human intelligence and the network analysis market for some time, and now people are beginning to witness its full potential. The use of publicly accessible data can increase investigative capabilities across relevant areas and to help overcome real-world issues, such as preventing crime, defence from cyber-attacks and even helping to uncover instances of human trafficking and modern slavery. Its recent rise has not gone unnoticed by the intelligence community.

Attendees of the annual DEFCON security conference, attended by Neotas, competed in the first OSINT non-profit Capture the Flag (CTF), challenging people to trace real missing people through publicly available information. The final goal was to provide additional information for authorities to help track down the missing individuals. This is a great example of OSINT for the greater good!

Most noticeably, people within online communities are beginning to use OSINT without knowing it. A user on Reddit shared a photo of a car part that had fallen off a vehicle after a fatal hit-and-run in Washington earlier this month. By sharing it on the social news site, other users were quickly able to identify the black piece of metal as a section of a “Chevy Silverado headlamp bezel”. In turn, police eventually made an arrest with the help of the Reddit community.

OSINT being leveraged in more ‘real-world’ scenarios, even unwittingly, is a prime indicator and example of its growth and potential growth globally. Use cases, once few and far between, are now hitting our screens more regularly and highlighting the benefits of OSINT.

Neotas’ proprietary platform leverages OSINT and experienced analysts to uncover digital trails, mitigate risks, enhance due diligence and evidence compliance processes. We are always seeking new ways to connect the dots and we thrive off uncovering hard-to-find information.

Follow us at @NeotasLtd for plenty more updates & blog posts like this.

We were lucky enough to have our Neotas Summer party at Sandown races last night and with this came the realisation of the difficulties in backing the right horse. But how can horse racing be linked to the world of investment and due diligence?

When the horses are walked round the paddock, there isn’t much to set them apart. Arguably less thinking time is spent during the selection process at a fun race day – and of course considerably less than in the boardroom – but there are still checks that can be made using information openly available.

Here are just a few points to consider before the horses are under starter’s orders:

• What is the form? How many times has the horse previously won. Are there any prior red flags raised? The form is perhaps the strongest indicator of what to expect.
• What is the network? Believe it or not, horses have networks too. Trainers, owners, jockeys, even their next of kin. All help to build up a picture of the good or bad.
• What is the going? Will the racecourse itself affect the horse? Is there a particular pattern seen with horses in particular conditions?

There are of course various other factors but putting these and the odds aside, the horse in question is theoretically profiled. Even its network can be scanned quickly by studying the form.

So how does this relate to investment?

Naturally, when investing money to receive potential returns, it is important to know where your money is going. Parallels can be drawn (although a slightly tenuous link) to the world of corporate investment.

Before a private equity deal for instance, extensive due diligence checks are made to screen the company, its background and its stakeholders.

“Approximately 50% of all deals fall through during the due diligence stage.” – Forbes

This serves as a reminder of the risks associated with the due diligence stage, despite the time and resources spent to identify any red flags.

Neotas uses open source intelligence to uncover digital trails, identify and mitigate risks and enhance due diligence processes.  Some may even say we shorten the odds.

Find out how we have recently helped protect the business interests of investors and private equity firms – request a free sample report here.

With my office circling for a blog this week, I decided to bite and to put a different kind of fin in fintech. So here it is, a blog that I can really get my teeth into. No fin can stop me now. Oh this is about to be so bad…

This week is Shark Week and while it hasn’t yet crossed the Atlantic with the same enthusiasm, having lived and indulged in this fishy fiesta in the US for several years I started my week watching Jaws after work on Monday. A classic in my opinion but for the majority in our office, a film that has never been seen and that got me thinking. Firstly, why on earth have this generation never watched Jaws and secondly, just how far we’ve come since the 1975 movie scared a generation out of the water.

Rewinding to 1975, news was far from instant, Hollywood fuelled our nightmares and dreams and sharks were neither well understood nor respected. Building on this foundation and embracing the power of television as a medium of communication, the Discovery Channel launched its first shark week in 1988 devoted to conservation efforts and correcting misconceptions about sharks. The week gathered momentum and in 2000, six million 3D glasses were distributed to viewers in the US and Canada for an episode on Shark Week featuring an extinct giant 3D shark. For the 20th anniversary in 2007, Sharkrunners, a video game that uses GPS data from tagged sharks in the Pacific Ocean, was released. Ten years later, we watched Michael Phelps, Olympic champion, race an AI generated great white shark and now in its 30th year, shark week is broadcast in more than 70 countries and is live across social media globally (#sharkweek). Conservationists have over these 30 years embraced technology to its fullest in order to educate and inform the world. They understand that information is key to the preservation of species and that to ignore research or to have an uninformed population could potentially jeopardise the future of our oceans. It therefore surprises me that while conservationists have embraced the ‘information is power’ philosophy, Neotas’ operating domain in the financial sector are still struggling with the same ethos.

In an environment with plenty of threats, prey and predators, the financial industry has over the past decade received the Jaws treatment, due to which the mass population have lost faith and are apprehensive to get back into the water. The great white lies and gill-ty executives have led to a culture of distrust. Over time, this can only be resolved by ensuring that those in solitary leadership roles are fit and proper, and that the processes to achieve these are as clear as the sea. It is no longer enough to look at the surface to spot the threats. Instead institutions must begin to dive deep and to identify the behaviours and actions that smell fishy before they are bitten on the butt. Without hammer(head)ing the point home or the bask(ing) in our own glory, Neotas due diligence solutions can assist institutions to safety and while there may always be bigger fish to fry, we’re chomping at the bit as we begin to make waves with respect to the attitudes and opinions of the schools around us regarding due diligence.

-Jennifer Roderick

After 2 months of grafting, heart break, doing bits, questionable loyalty and copious amounts of sun burn, Love Island is now drawing to a close. As the remaining couples fight to reach the final, they remain oblivious to the month-long heat wave, England reaching the World Cup Semi-Finals and the extra juicy information the whole country knows about their lives before the villa.

Love Island has once again gained a huge audience by feeding our nosey cravings but watching people’s relationships up close and personal just isn’t quite enough for Love Island viewers. Oh no, not only do we want to see everything they do in the villa, but also the details of their lives before they entered. People up and down the country of all ages and professions have unknowingly been using their own OSINT skills to find out the juicy deets.

The Islanders are all avid users of Instagram; after the first episode was aired, the contestants’ Instagram handles were found and shared in articles online. Their followings grew instantly. By looking through their profiles, people have been able to find out information including their interests, lifestyle, travel destinations, gyms they visit, family members and previous partners. The images have also been used to determine which Islanders smoke, as this is now not shown in the programme. Their Facebook and Twitter accounts have also been searched to gain similar insights. One Islander was even outed for supporting a well-known far-right activist on their Facebook profile.

LinkedIn has been used to discover the Islanders’ day jobs prior to entering the villa and even find out what their parents do. One fan of the show found an Islander’s professional email address to see if they had returned to work after being dumped from the villa or if they would receive an automated out of office reply.

Other viewers have delved deeper into their online footprints and found numerous Islanders featuring in music videos with famous artists. Older photos reveal those who have gone through cosmetic surgery and birth certificates have been identified to settle disputes regarding age.

Without even realising it, Love Island fans have used their OSINT skills to join the dots and create a more detailed picture of who this year’s contestants really are.

#OpenSourceLoveIslandIntelligence #KnowYourIslanders #DrDoMoreChecks

-Anna Fletcher

News broke last Friday of the arrest of a senior programmer from Israeli security firm, NSO Group, the company behind the infamous mobile spyware Pegasus. Allegedly faced with termination, he attempted to sell stolen source and development code valued at hundreds of millions of dollars on the Dark Web. He was caught after a potential buyer reported the sale of NSO code to authorities, allowing them to conduct an internal investigation to find the culprit.

They got lucky. In this case, stolen code not only represented a significant loss in IP but a threat to international security. A buyer with malicious intent would have acquired software with the capability to access and spy on millions of phones worldwide.

The Dark Web has long been seen as a mysterious corner of the internet, inhabited by a small group of shady hackers. The reality is very different. Just a quick Google search and download of the Tor browser can get anyone online onto the Dark Web in minutes. Millions of users access Tor every day to take advantage of the anonymity it provides. Combining anonymity with untraceable cryptocurrency makes it the perfect place for illegal activity, like the notorious drugs marketplace, The Silk Road.

Surface Web and Deep Web searches are slowly becoming a recognised part of the due diligence and repeated company screening process and the Dark Web should follow. Proprietary software and code is becoming ever increasingly more valuable and a more tempting target for theft and resell. Whilst the anonymity of the Dark Web protects sellers, the product can still be identified.

As the Dark Web continues to become the marketplace of choice, companies must adapt to ensure their IP stays safe. In the case of the NSO Group, they were saved by a benevolent Dark Web user. This will not always be the case and companies must take responsibility to recognise the importance of Dark Web investigation.

-Alex Penn

It has been 3 years since the introduction of the Modern Slavery Act in the United Kingdom, and so far it has produced mixed results. Whilst the percentage of businesses unmasking slavery in their supply chains has risen, the act is still struggling to apply serious pressure to the global companies most at risk from modern slavery. With no direct sanctions for failure to produce a statement, and no enforced directives about what the statement should entail, many firms still appear to be placing the abolition of slavery at the back of their ‘to do’ list. 

In October 2017, corporate responsibility watchdog CORE highlighted that, whilst most big-name brands had published a statement in line with the act, most statements were ‘short on detail and lacked transparency’. In 2018 a similar report found that more than 40% of government suppliers failed to meet the minimum level of compliance. Companies were paying lip-service to the act without any proof of substance or behavioural change. 

One issue multi-national corporations have is the broad scope of their supply chains. With hundreds or thousands of primary suppliers, each with multiple suppliers of their own, it is a daunting task to follow each avenue back to the raw material source. Instead, many firms are choosing to publicly state their opposition to slavery, while sending questionnaires to suppliers asking them to promise they don’t use slaves. Rather than putting pressure on those companies employing slave labour, this approach merely reinforces the shirking of responsibility that the act sought to remove. 

If firms based in the UK want to prove they are taking this issue seriously, it is time to start taking actions that have an impact. 3 years is a long enough adjustment period; now they need to seek strategies and due diligence approaches that have a far-reaching effect on the state of the world. 

-Sam Haslam

An England team picked by Neotas would win the football World Cup. It’s a bold claim, I know, but considering recent tournament attempts, you might as well hear us out.

England have suffered from a team that never seems to gel. We have had plenty of brilliant players. The “golden generation” included some of the best midfielders that the country has turned out from Gerrard to Lampard to Scholes yet we consistently underachieved. They never seemed to click and play well together.

It has always seemed like the team has been thrown together by a tick-box process of: this player plays for a well-established team; this player has scored a lot of goals for his club; etc. There has never been any effort to go further and understand the true character, behaviours, motivations, personality and backgrounds of the players, all things that have a sizeable impact on the team’s performance.

This is what Neotas does for due diligence. Our analysts go beyond the standard background checks to reveal a deeper understanding of hires and investments to aid companies with compliance, KYC and SMR regulations and help build a workforce they have confidence in.

The Neotas process would produce an England team that has gone through a vetting like never before. Our understanding of the players allowing us to build a team in perfect balance that complements each player’s abilities and personality. A team that could win the cup! In reality, whilst our due diligence process is like no other, our footballing brains might not be up to par. It’s probably best we stick with compliance and KYC.

We wish England and every other team competing in Russia the best of luck but if another “Iceland incident” happens then maybe it won’t be long before the FA comes knocking on the Neotas door…

-Alex Penn

Like much of the world, the Neotas team is eagerly awaiting the kick off to the 2018 FIFA World Cup. Millions of fans from countries all around the world will be pouring into Russia to watch thirty-two teams battle it out for the most prized trophy in football.

Instagram, Facebook and Snapchat feeds will soon be filled with photos from fans showing off the view from their seats or how flash (or not) their hotel room is. Social media is a great tool to tell the world about the experiences we’re having. However, what are the consequences of all of this?

Posting that photo of you cheering on England from the stands to your public Instagram may seem innocuous but now anyone looking at your feed knows exactly where you are. And the fact that you’re not at home. They scroll further back through your feed and see that photo you posted of your new car in the driveway. Now they know where you are and what your house looks like. It is so easy to make ourselves vulnerable online without even realising.

It’s not just fans at risk. With public social media playing such an important part in branding, players fall into this trap all too often. Just a few days ago, Barcelona defender Gerard Pique had his house robbed whilst visiting his wife Shakira on tour in Germany. In January, West Brom player James McClean came home to a break-in after playing an evening fixture. Last year, John Terry and his wife were posting public photos of their holiday at the exact same time as their house was burgled.

Social media is an amazing thing, but we needlessly put ourselves at risk. Just a moment’s thought about who our audience actually is and what we’re showing them can make all the difference.

-Alex Penn

In an increasing trend in British football, players are being reprimanded by the press and FA alike for historical activity on social media. In the most recent cases, the dubious online activity of a player has come to light only when they have made the news headlines for another reason – be it Shane Duffy dating Katie Price or Andre Gray’s first premier league goal – but has had a direct effect on their football career. 

Despite the player often representing a different club at the time of the faux-pas, it is the player’s current club who are punished as the player is banned by the FA and faces humiliation in the press. This may seem unfair, but an employer who does not properly vet their staff’s online footprint is leaving itself exposed to these kinds of scenarios.  

The issues are not always external either, as Joey Barton and Ryan Christie have shown; both players tweeted offensive comments about specific clubs, bringing embarrassment and anger from the clubs’ own supporters when they later signed the players. An online footprint check could have highlighted and removed these tweets before the signings were made public and saved the clubs from an unnecessary PR headache.  

The new generation of footballers are the first to have been active on social media from youth, so it will be no surprise if the trend of exposés continues to grow. Football clubs should realise that reaction to cases such as these is not enough, and proactive vetting of online footprints can prevent unnecessary publicity and FA sanctions.  

-Sam Haslam

Since before Neotas was Neotas, social responsibility has been central to our team. As such, we’ve developed relationships with several charities and volunteer groups. Of note, is our relationship with STOP THE TRAFFIK; a coalition which aims to bring an end to human trafficking worldwide.

Three years ago, I started working for them as a volunteer analyst. Over time, this has grown into a corporate partnership founded on information sharing, analysis and the collaborative development of bespoke tools, techniques and deliverables (more on this to come in the coming weeks… Watch this space!).

STOP THE TRAFFIK shines a light in dark places in order to uncover modern slavery and human trafficking and to disrupt it at its source. STOP THE TRAFFIK’s Centre for Intelligence-Led Prevention, in collaboration with technology partners, collect and analyse data on global human trafficking patterns. The intelligence gathered is used to build resilience and transform communities as well as to directly intervene in vulnerable communities. These actions seek to fuel the systemic disruption of human trafficking networks.

One of the aims of this initiative is to inform business and consumer communities about how and where modern slavery is present in global supply chains. In recent years, it has become increasingly clear that business plays an integral role in the fight against these crimes.

Businesses can be associated with human trafficking, forced labour and exploitation, both directly and indirectly. Large companies are often implicated unknowingly, as a result of their long, multi-tiered, and transnational supply chains. Indeed, when a large company needs to address issues of modern slavery within its supply chains, it can often be entirely overwhelming as to where to begin. Nevertheless, as legislation becomes more stringent, the risk for businesses that ignore these issues increases.

Over the coming weeks, the Neotas team will expand on the issues relating to modern slavery in supply chains focusing the difficulty companies face in conducting due diligence on complex, multi-faceted and transnational networks, as well as shedding some light on the legislation that guides us. In addition, we will also discuss case studies in which Neotas have uncovered modern slavery in a supply chain using open sources.

Human trafficking and modern slavery are thought to be amongst one of the most widespread crimes in the world, affecting millions of men, women and children each day. Moreover, the problems are only increasing. It is time to change this dynamic and in the words of Baroness Stroud at the recent launch of modernslaverymap.org, “To do what you’ve always done, you’ll get what you’ve always got”.

-Jennifer Roderick

From the 22nd to 24th May, the Financial Conduct Authority (FCA) for the United Kingdom held their 5th TechSprint at Canary Wharf. The theme of the TechSprint was Anti-Money Laundering (AML) and Financial Crime and following an emotive launch, the event kicked off with gusto and excitement.

The event sought to increase understanding surrounding the challenges of financial crime and to deepen international and cross industry dialogue around the role of modern technology in tackling these issues. Amongst the 220 participants, including developers, subject matter experts, senior executives, and international regulators from around the world, were two Neotas familiar faces, myself and Kunal Aggarwal. We were not alone in our quest however as we were fortunate enough to join an amazing team with specialists from Octopus Labs, Lysis, and Idemia.

With the latest UN estimates suggesting that criminal activities, including drug trafficking, smuggling, human trafficking, and corruption, generate proceeds exceeding $1.6 trillion annually and that less than 1% of these illicit financial flows are ever detected, seized and frozen, it is time for the financial industry to respond. The problem is that it cannot and should not seek to do it alone. Indeed, the phrase “it takes a network to defeat a network” was mentioned in the open speeches and continued to ring true across the 3 days as new ideas were formulated, prototypes developed, and pitches practiced. Ideas and solutions covered blockchain, bitcoin, network analysis, digital identity, company due diligence and open source intelligence and while some solutions sought to solve age old problems with new technology others attempted to create solutions that would seek to get ahead of the criminals before they have a chance to exploit a weakness or failing.

In total, 16 ideas were pitched, potentially ground-breaking initiatives were developed, and countless business connections were made.

Given our background and expertise, we were able to enrich the information picture using open source information in conjunction with traditional data sources. Working with both our own team and others, including a number of the members of the RegTech team from the FCA, we were able to show how open sources both supports and enhances data and how it can create networks and insights previously uncovered.

Although it was a long and hectic few days, we absolutely loved the experience and cannot wait to continue our efforts with our team members and others, and to develop those conversations and relationships that were initiated over the 3 days. We strongly believe that this event triggered the start of great things to come and provided the perfect platform from which to launch a fight against some of the biggest challenges facing our society both now and in the future. On to the next challenge!

‘Trust is the currency of the future’, said Stuart Lacey, founder of Trunomi, at the ‘Let’s talk about RegTech’ event at Rise last night. The panel discussion centered on RegTech’s place in the world, how regulators function and meeting the challenges posed by regulation. Whilst trust in institutions was at the core of the discussion, there was an interesting point made: Is RegTech disruptive?

RegTech is inherently reactive: Regulators produce legislation. Institutions clamor to meet the challenges posed by it, and RegTech companies provide slick solutions.

The cycle repeats.

In this cycle, where’s the room for true innovation? Where’s the opportunity to disrupt? To take a proactive stance and help improve trust in financial institutions to a greater degree than regulation stipulates?

StartUps aim to disrupt – to fundamentally change the way something is done in society: to radically change how we use services and products. But how can RegTech disrupt? It’s tied to institutions, and institutions are tied to regulation. RegTech is bound up in a vicious cycle which gives the minimum required to satisfy regulators, in the most efficient way possible.

For trust to be restored in institutions, more must be done.

The panel last night concluded that we’re moving in a positive direction: regulators are increasingly focusing on outcomes and principles. This will give RegTechs the freedom to innovate according to regulatory ideas, and not institutional minimums.

Hopefully, this will incentivise institutions to adopt the best practices to satisfy regulators. To adopt RegTech solutions that do more than the minimum, that disrupt the status quo and inspire trust.

-Dan Burke-Ward & Reece Wickens

The National Crime Agency released their National Strategic Assessment of Serious and Organised Crime recently, and they found that Fraud continues to be the most common form of crime in the UK, with over 3.4 million incidents recorded in the last financial year. The 2017 Annual Fraud Indicator (AFI) estimated that fraud cost the UK economy over £190 billion per year, with the private sector losing an estimated £140 billion, the public sector £40.4 billion and the last £6.8 billion being lost by individuals.

Why is this still the case when we have an abundance of technology available? The innovative, new, young tech leaders as well as the enthusiasm that the new generation have in combating crime should be reducing these loses significantly, so why aren’t they?

Could it be that old institutions want to stay using “best practice models” or the “checklists” of old policies and procedures? Could it be that old institutions want to ensure they are doing just enough due diligence to make the regulator happy? So much information is online. To continue to only follow the bare minimum in due diligence checks is dangerous and costly.

Having worked in financial crime for many years, I thought that our searches were robust, vigorous, and comprehensive, but I was wrong. Just checking an internal data base to make sure the bank account matches is not enough.

Take a customer who has been flagged for potential AML related concerns. Normally, you’d do a bank check; check your internal high-risk monitoring database (or whatever database you have) and maybe Google their name. If the individual has had prior convictions, there may even be some media online about them. This just affirms what you already know. Google only searches 4% of the internet – there’s so much more out there!

By leveraging the power of the open source intelligence, you can build a much bigger picture about a person or a company and build a much bigger picture.

But what if you looked at their online activity in a much more structured manner: their social media accounts, their home address, their general lifestyle? Using open sources mean that the world’s information is at your fingertips, allowing you to delve deeper and see the whole picture. It allows you to learn new information.

The industry needs to do more to combat financial crime than just checking a database, it must realise that open source intelligence needs to be embraced and not feared.

-Suzanne Lynch

World Password Day

In an ironic twist of fate, Thursday’s “World Password Day” was marked with the news that the passwords for all Twitter users globally had the potential to be exposed after a glitch in the company’s encryption process.

Breaches of online accounts and the leaking of personal details are becoming an ever more present concern. In the case of Twitter, an internal bug was to blame however many breaches are often the work of individuals with the intent to cause harm or create havoc. In documented cases in the past 6 years, not considering all those that are not yet announced, over 5 billion personal accounts have been victim to data breaches across platforms such as LinkedIn, Ashley Madison, MySpace, and Dropbox amongst others. But what does a breach mean to me and should I care? The answer is a simple yes.

A breached account means that the email address, username and password all have the potential to be exposed. Additionally, it can also give someone access to personal information, private photos and message chains, and entirely opens up the possibility of identity theft. How are your friends and colleagues to know that the person sending them links to phishing sites or posting content from your account is not you? This can lead to serious reputation concerns that affect both personal and professional life.

Taking the necessary steps to reduce vulnerability online start with password management including regularly changing passwords, using random strings of characters and using different passwords for each account. Nevertheless, password management is a chore. Everyone suffers from the frustration of typing passwords over and over again as we struggle to remember whether this one has an exclamation mark or not. Due to this, we often take the easy way out with simple to remember, repeated passwords across multiple accounts. However, if we stop to really consider how much information a single password is protecting, our attitude towards them would not be so lax.

Our analysts at Neotas regularly stumble upon breached accounts and passwords whether in screenings, SMR Fit and Proper checks or investment due diligence. Regardless of our research purpose, we work with all of our clients to provide recommendations and advice in order to ensure the safety of the individuals and to protect both the individual and organisation against any reputational damage or further data breach.

Schrödinger’s Personality Traits

In 1935, Erwin Schrödinger stated that a cat, placed in a sealed box with a jar of poison, is thought to be both alive and dead. Only once the box is opened does the scientist know whether they have a healthy living cat or a lifeless corpse. 

Imagine each recruit to a firm carries with them a sealed box. Inside the box is not a cat, but a personality, including honesty, motivations and integrity. Only once the employee is hired and the firm has paid the significant search, legal and hiring costs is the box opened and the true state of the personality confirmed. Until the costs have been covered, it is a pure gamble as to what is inside the all-important box; even numerous interviews and criminal record checks cannot change this.  

This has long been the case in recruitment and due diligence. Now, however, open source investigative methods can scrutinise the contents of the previously unreadable box and prevent firms risking the honesty and integrity of their business with each new hire. 

Through one of our recent investigations we uncovered a potential recruit operating online under an alias to post racist, homophobic and sexist content across numerous platforms. However, because the individual had no criminal past or financial trouble, traditional due-diligence approved them as an acceptable employee. Having someone with such explicit views working in a modern work environment would have created untold damage both internally and to the company’s reputation externally. 

If you interviewed this person and talked amicably about their past and their ideas for the future you almost certainly would have branded them an upstanding ambassador for the company. The reality is, posting hateful commentary is the antithesis of integrity. Doing so under a false name is the antithesis of honesty. 

Conducting open source investigations removes uncertainty in the hiring process; it protects a firm’s reputation and leaves no chance of unintentionally failing to comply with regulations. If Erwin Schrodinger was able to drill a hole in his proverbial cat’s box, he could have discovered the animal’s true state long before he went to the expense of removing the lid to find a dead feline. 

Schrödinger’s Personality Traits: Navigating the Complexity of Human Behavior

In the realm of psychology, understanding the intricacies of human behavior and personality is akin to peering into a quantum mechanical system. The notion of Schrödinger’s Personality Traits, a whimsical extension of Schrödinger’s cat paradox, offers a thought-provoking lens through which we can contemplate the enigma of human nature.

Unpacking Schrödinger’s Personality Traits

Erwin Schrödinger’s cat experiment delves into the paradoxical nature of quantum mechanics. In a sealed box, a cat is simultaneously alive and dead until observed. Similarly, Schrödinger’s Personality Traits postulate that an individual’s personality can exist in multiple states, revealing different facets based on context, environment, and observer.

The Contextual Nature of Behavior

Human behavior is profoundly influenced by context. A person might exhibit assertiveness in a professional setting, yet demonstrate warmth and empathy in their personal relationships. This contextual variability challenges the notion of fixed, immutable personality traits.

Consider a colleague who is reserved during team meetings but exuberant on social occasions. Are they introverted or extroverted? Schrödinger’s Personality Traits suggest that both traits coexist within the individual, revealing themselves based on the setting.

The Observer Effect in Personality

Much like in quantum mechanics, the observer plays a pivotal role in perceiving personality traits. The traits we attribute to individuals may be contingent on our perspective, experiences, and expectations. This phenomenon is evident in first impressions, where initial observations may not capture the entirety of a person’s character.

Imagine encountering someone who appears aloof at a social gathering. A different observer might perceive them as introspective rather than distant. Schrödinger’s Personality Traits invite us to recognize that our interpretations are influenced by our own lenses and biases.

The Multifaceted Nature of Personality

Traditional personality theories, such as the Big Five personality traits (Openness, Conscientiousness, Extroversion, Agreeableness, Neuroticism), provide valuable frameworks for understanding human behavior. However, they may fall short in encapsulating the complexity and dynamism of personality.

Schrödinger’s Personality Traits propose that individuals possess a spectrum of traits, some of which may contradict or complement each other. For instance, a person can be simultaneously analytical and creative, introverted and outgoing, depending on the context and observer.

Embracing Paradoxes in Personality

Society tends to favor clear-cut classifications. However, Schrödinger’s Personality Traits compel us to embrace paradoxes and contradictions within ourselves and others. Recognizing that individuals can embody seemingly opposing traits fosters empathy and a deeper understanding of human complexity.

Consider a friend who is both fiercely independent and deeply reliant on their support system. Rather than viewing this duality as a contradiction, Schrödinger’s Personality Traits encourage us to appreciate the nuanced interplay of these characteristics.

Implications for Personal Growth and Development

Acknowledging the fluidity of personality traits offers liberating possibilities for personal growth. Individuals can transcend the confines of predefined categories, allowing for self-discovery and evolution.

Embracing Change and Adaptability

Schrödinger’s Personality Traits underscore the adaptability inherent in human nature. As we navigate different life stages, roles, and environments, our dominant traits may shift. Embracing this malleability empowers individuals to embrace change and pursue diverse paths of development.

Cultivating Empathy and Understanding

By recognizing the coexistence of various personality traits within ourselves and others, we cultivate empathy. We become attuned to the complexities of human experience, appreciating that each person carries a rich tapestry of characteristics.

Navigating Relationships and Interactions

Understanding Schrödinger’s Personality Traits can revolutionize how we approach relationships. Rather than imposing fixed expectations on others, we allow space for them to reveal different aspects of themselves over time.

Fostering Authentic Connections

In friendships, partnerships, and professional relationships, acknowledging the multi-dimensional nature of personality encourages authentic connections. We grant others the freedom to express themselves in diverse ways, fostering trust and mutual respect.

Conclusion: Embracing the Paradoxes Within

Schrödinger’s Personality Traits invite us to embrace the inherent paradoxes of human nature. By acknowledging the coexistence of seemingly opposing traits, we embark on a journey of self-discovery, empathy, and authentic connection with others. In this paradigm, we celebrate the complexity that defines us all, allowing our personalities to unfold in beautifully unpredictable ways.

For the most part, due-diligence consists of checks against databases (Criminal records, Credit checks, Sanctions lists etc.). This form of structured information is only half the picture. Our innovative method of conducting enhanced due-diligence regularly leads to additional insights that change how business is conducted.

In a recent case, an investment house was looking to invest in an established company. The deal seemed like a certainty, and Neotas were brought in to do a quick check just a few days before contracts were exchanged. A thorough examination of open sources highlighted that the company had recently undergone a change in trading name. This was the sole difference between the two companies: cosmetic. All staff members remained with the company, and the company’s offerings were identical.

The first alarm bell was raised when we recovered deleted customer reviews against the company’s previous trading name. All the deleted reviews we discovered were deeply negative in nature. Further examination uncovered ex-employee reviews of the company. Multiple reviews stated that key management regularly manipulated contracts and would often celebrate this activity by consuming Class A drugs.

Staff members were encouraged to participate with these activities. One review went as far as to describe the company culture as “living on a diet of cocaine, coffee, and lies”.

Management had embarked on a strategy to hide this information from the due-diligence process. The additional information found led to the immediate termination of the deal. Traditional due-diligence is an important component of completing a deal, but in today’s world it’s insufficient. There’s so much more information out there that can be leveraged, and an open-source investigation is the best way to identify business-critical information that traditional methods might miss.

– Reece Wickens & Dan Burke-Ward

Open-source intelligence (OSINT) for Business Risk Assessment

Last Friday marked the end of my second week as the newest member of the analyst team at Neotas. We use open-source intelligence (OSINT) to give businesses peace of mind about prospective investments and hires by going far beyond standard due diligence checks.

As a Physics graduate, fresh out of university, the jump into open-source intelligence was not immediately an obvious one. Before joining Neotas I, like most people, had little awareness of the concept of using OSINT in the business world. People do not realise the vast quantity of information that the internet holds about every person who interacts with it. However, with just a small step into the world of OSINT, it becomes very quickly apparent that the internet can be harnessed into a powerful and useful tool that can build up a detailed profile of a person or company.

Online information is broken down into two parts, active and passive. Active information is what we choose to put online about ourselves. Personal blogs, programming forums, gaming forums and social media such as Twitter and Facebook are all examples that fall into this category. Passive information is any data we did not put there ourselves, this ranges from birth certificates to mentions in newspaper articles.

Having all this information out there is all well and good, but the key becomes turning this into intelligence. This is where Neotas stands above all others.

The last two weeks have been a whirlwind tour of open-source intelligence methodology and techniques refined by a Neotas team made up of some of the top minds in cyber security, fraud prevention and intelligence gathering. ‘Googling’ may give you an outline, but Neotas analysts go far beyond into the deep & dark web to give you more detail, putting together all the pieces of the puzzle to build a complete cyber profile of your potential investment or hire.

In this age of increasing regulations and compliance, it is easy to see the waves that Neotas is making. In just my second week, I was given the chance to help represent Neotas at the recent Innovate Finance Global Summit. It was clear to me that Neotas stand out from the crowd of emerging FinTech and RegTech businesses by keeping the analyst at the centre of the process. With our advanced use of OSINT supported by our analyst driven platform nobody can do what we do as well as we do. The business world is changing, and I am truly excited to be a part of a company that is leading the charge.

Starting with Open-source Intelligence (OSINT) for business risk assessment can provide valuable insights into potential risks and opportunities. Here’s a step-by-step guide to help you get started with Open-source intelligence (OSINT) for Business Risk Assessment :

1. Understand Business Objectives: Clearly define the goals of your business risk assessment. Are you looking to assess market trends, competitor activities, supply chain vulnerabilities, or other specific risks? Understanding your objectives will guide your OSINT efforts.
2. Identify Data Sources: Determine the types of information you need to gather and where you can find them. OSINT sources include social media, news articles, blogs, forums, government websites, industry reports, company websites, and more.
3. Select Tools: There are various tools that can help streamline your OSINT efforts. Consider using web scraping tools (like BeautifulSoup or Scrapy), social media monitoring tools (such as Hootsuite or Mention), and search engines (Google, Bing) for targeted searches.
4. Build Search Queries: Craft specific search queries to narrow down relevant information. Use keywords related to your business, industry, competitors, and risk factors. Experiment with different combinations of keywords and operators to refine your search results.
5. Monitor News and Social Media: Regularly monitor news outlets, social media platforms, and industry-specific forums to stay updated on relevant events and discussions. Tools like Google Alerts can help you receive email notifications for specific keywords.
6. Analyze Competitor Activities: Study your competitors’ online presence, press releases, social media accounts, and any public information available. This can provide insights into their strategies, product launches, partnerships, and potential vulnerabilities.
7. Evaluate Market Trends: Analyze industry reports, market research, and expert analyses to understand current and projected market trends. This information can help you identify potential risks and opportunities.
8. Assess Regulatory Landscape: Explore government websites and regulatory databases to gather information about compliance requirements, industry regulations, and potential legal risks that could affect your business.
9. Map Supply Chain: If supply chain risks are a concern, gather information about your suppliers, their financial stability, geographical locations, and any past issues they might have faced.
10. Social Media Analysis: Analyze social media sentiments and discussions related to your business, brand, and industry. Tools like sentiment analysis can help gauge public perception and potential reputation risks.
11. Evaluate Cybersecurity Threats: Research potential cybersecurity threats and vulnerabilities that your business might face. Look for any data breaches, hacking incidents, or security advisories related to your industry.
12. Collaborate with Experts: Consider collaborating with OSINT experts or consultants who have experience in business risk assessment. They can provide guidance on effective strategies and tools to use.
13. Stay Ethical and Legal: While collecting OSINT, ensure that you respect privacy and adhere to ethical guidelines. Be aware of any legal restrictions related to data collection and use.
14. Analyze and Interpret Data: Gathered data can be overwhelming. Organize and analyze the information to identify trends, patterns, and potential risks. Cross-reference multiple sources to verify information.
15. Create Actionable Insights: Transform your analysis into actionable insights. Prepare reports or presentations that highlight identified risks, opportunities, and suggested strategies for mitigating risks.
16. Stay Updated: OSINT is an ongoing process. Regularly update your research and analysis to stay ahead of changing risks and market dynamics.

Neotas’ Innovative Approach: The Fusion of Art and Science:

Neotas’ leadership in OSINT techniques is a harmonious blend of innovation, ethics, and client-centricity:

• Advanced Technologies: Neotas employs cutting-edge technologies such as artificial intelligence (AI) and machine learning to amplify the effectiveness of OSINT techniques. These technologies streamline data processing, enabling rapid pattern recognition and trend analysis.
• Ethical Considerations: Amidst growing data privacy concerns, Neotas stands as a paragon of ethical OSINT practices. The company places a premium on responsible data collection, adhering to legal and ethical boundaries to ensure respect for privacy.
• Tailored Solutions: Neotas’ OSINT techniques are not one-size-fits-all. By collaborating closely with clients, Neotas designs bespoke solutions that align with specific industry needs and objectives. This ensures that OSINT insights are not only relevant but also actionable.

OSINT techniques have revolutionized the way organizations glean insights from the digital realm. Neotas’ innovative approach and commitment to excellence have elevated OSINT from a mere data collection process to a holistic art and science. As the digital landscape evolves, Neotas remains at the forefront of OSINT techniques, continuously refining and redefining the boundaries of what is possible.

By Alex Penn

With social media comes the ability to share anything, from thoughts and opinions to holiday photos, in real time to – potentially – anyone with internet access. And while venting on Twitter or posting a photo to Instagram enjoying cocktails on a beach may seem innocent, the possible impacts of these are not always considered.

The Good:

Social media has countless advantages, but one thing Twitter users have learnt over the years is that complaining via Tweet to an official company Twitter account will often result in a fast and appeasing response whilst removing the need for awkward face-to-face confrontation or time wasted being kept on hold. Not only that, but the public nature of the complaint means that companies want to ensure that any problems are resolved quickly and to a high standard in order to maintain their reputation. Just a few months ago, Tesco had to make a public apology and offer dozens of refunds after unhappy customers took to Twitter to complain about their “rancid” and “inedible” Christmas turkeys.

Despite producing a positive outcome for customers, public complaints and bad reviews can have negative impacts on the ways in which a company is viewed by other potential customers, employees or investors.

The Bad:

In a previous blog, Free private information give-away, the disadvantages of sharing personal information in the public environment of social media platforms was discussed; including posting photos whilst you are on holiday and therefore advertising your house as empty. We no longer share printed photos of our travels with friends and family after returning home, in fact, we will often let the world know we’re off on holiday before even leaving the airport. Tagging and checking-in to locations online lets anyone, who has the access, know exactly where you are (or perhaps more importantly, where you are not) at that exact time. Whether it’s at Heathrow airport, the Eiffel Tower or the pub down the road. This information can be used maliciously by criminals wanting to burgle houses or to track an individual’s whereabouts.

The Ugly:

Social media has given us the ability to share our opinions, good and bad, in direct response to real-time events. TV shows will often invite viewers to make comments and respond to the unraveling events on social media in real-time by providing hashtags on screen. However, not everyone likes what they see, hear and read, and many aren’t afraid to voice these opinions online. Just last week, Flo and Joan of the musical Nationwide adverts, were two of the most recent victims of online death threats with viewers hoping they would be involved in a car accident and asking who else would be “chipping in” to get them “brutally murdered”. Although to some it may seem like harmless venting or said with no real intention, comments like these can have a serious effect on those they are direct towards. Public figures and celebrities often discuss the emotional toll of online trolls and receiving hate and the impact it can have on their mental health. However, posting hate towards others online also casts shade on the perceived character of the original poster.

At Neotas, we aim to go beyond traditional background checks and employee screenings to uncover further the true character, behaviour and motivators of a subject.  Discovering hateful and threatening comments online directed to a particular person or group of people would raise concerns to us regarding the character and online reputation of the subject.

By Anna Fletcher

If you’ve read our previous blog about the real cost of a bad hire then you will know that when you fail to screen your employees properly you are putting your business at risk. But what about the Senior Management in your company?

In March 2016 the FCA replaced the Approved Persons Regime (APR) with the Senior Managers Certification Regime (SMCR). The SMCR is a new regime that aims to reduce harm to companies by making SMs more accountable for their competence and conduct.

Every Senior Manager needs to have a statement of responsibilities that states what they are responsible and accountable for. The senior manager must also be fit and proper for the role, but what exactly does fit and proper mean? Well, according to the FCA, in order to ensure an individual’s “fit and proper-ness”, you must consider…

• honesty (including openness with self-disclosures, integrity and reputation)
• competence and capability
• financial soundness

The above assessments, although important, fail to tell you the full story of a person’s motivation, character and personality.

In today’s inter-connected world, most things about you are online, this goes for corporations and their directors. That said, companies nowadays continue just to vet their upper management in the traditional checklist manner, which continues not to work.

In 2011, The Guardian stated “In 2007, nearly half of all fraudsters worked in senior management. While this has fallen to 35%, board level perpetrators increased from 11% to 18% between 2007 and 2011.”

HSBC had to apologise for allowing fraudulent funds to be knowingly processed through their bank by Mexican drug cartels. HSBC’s chief executive of retail banking and wealth management said that he was horrified by what he found. However, it was later discovered that HSBC’s head office in London was aware of the illicit funds travelling through the bank but failed to do anything to resolve the problem.

Also falling victim to bad senior management was Deutsche Bank who was fined £163 million in 2017 for failing to maintain adequate Anti-Money Laundering (AML) controls. Mark Steward, Director of Enforcement and Market Oversight at the FCA, said, “Financial crime is a risk to the UK financial system. Deutsche Bank was obliged to establish and maintain an effective AML control framework. By failing to do so, Deutsche Bank put itself at risk of being used to facilitate financial crime and exposed the UK to the risk of financial crime.”

Whether the role is for an entry level position or as a company director, we at Neotas believe in going beyond the standard checks by delving deeper to ensure that the person is fit and competent for the job. We create a full in-depth report detailing the individual’s education and employment history, as well as looking at all online and media content (both adverse and positive) to give you the full picture.

The recent Florida High School tragedy has caught public attention in many ways. In my view, one of the most profound elements of the event was the way it was initially reported to the public.

School children filmed the incident on Snapchat thinking it was a hoax or safety drill. They weren’t to know that the situation was more serious than they first thought. The children filmed the entire incident, even tweeting about what was going on whilst the shooting took place.

Whilst this incident isn’t the first time that events have been live-streamed in real time, it’s yet another example of how we now have an instant ability to share information on social media during a tragic incident. News broadcasting teams even deemed some of the videos recorded on the students’ Snapchat ‘too graphic’ to show to the public. But why has this become such a prevalent trend, especially during dangerous situations? And when did the question of fight or flight expand to include post, stream or tweet as options?

Over the course of a series of blogs, I will attempt to shed some light on this issue and how at Neotas, we are finding more and more of these incidents and events in our open source investigations. I am interested to discover whether the ‘bystander effect’ has an impact on the person sharing the information, the impact on the public and how this new source of broadcasting influences public services.

The popularity of social media platforms such as Facebook, Twitter and Snapchat have transformed the way in which crime and victimisation are presented in the media. Such popularity has led social media to become our preferred source of news, with news broadcasting often showing footage of a crime that has been filmed by a victim or even people sharing videos on their personal profiles before the news is even aware of an event. Unfortunately, there are both positive and negative effects of everyone becoming an ‘independent journalist’. In short, is social media creating a diffusion of responsibility by allowing us to react instantaneously and share what we want?

Most of us are aware that if our social media privacy settings are not quite adequate, then our lives are open for all to see; whether it’s that drunken photo of you at university, the staff night out two years ago or maybe the questionable video of you dancing at your friend’s wedding. It doesn’t matter what we put online, we are always conscious of what image we want to portray to our friends and how exciting and fantastic our life is.

But what happens when sharing things online stops being fun and starts being dangerous? You may think that sharing your daily run on fitness tracking applications like Strava or RunKeeper is just harmless boasting, but it can easily leave you and others vulnerable.

This is exactly what happened recently when American soldiers in Afghanistan were using the apps to track their running without adaquate privacy settings. These US soldiers were unknowingly giving away vital information to everyone about where the base was, the layout of the roads within the base and what their daily running schedule was like.

Even if you’re not in the military, giving out the time and duration of your daily run leaves you vulnerable to the possibility of being a victim of a crime; with just a small amount of OSINT, anyone can easily determine where you live and when you’re out, leaving your house susceptible to burglary.

What about those holiday photos taken while you and the family were away? You wouldn’t leave your house without locking the door, so why shout out that your house is empty for everyone to see? Many famous footballers have fallen victim to burglary after posting holiday snaps on Instagram.

Or what about the photo of your kids in their school uniform? Not only could you have given away your location by not turning off your geographical location settings, but you have also given away where your kids go to school. And for someone in a powerful position, this could make you vulnerable to bribery.

Conversely, social media has been used to actually solve crimes. Recently, a Canadian woman was sentenced to seven years in jail for killing her best friend; thanks to her poor security settings the police linked the murder weapon to a selfie that she had posted on her Facebook page.

The insatiable need for society to share everything online has become almost epidemic, and we are all guilty of it. We live our lives online in the hope that we get 15 minutes of fame or we get all those “likes” on our Instagram page, but at what cost?

At Neotas, we look at the potential vulnerabilities your everyday online activity can cause you; alerting you to places in which you can fall victim, helping you stay safe both on and offline.

We have been asking a number of HR professionals this question recently, and there’s a host of different answers. Broadly it falls into the following;

• Direct costs of sunk hiring fees (approx. 20% salary),
• Sunk cost of salary of a poor or disruptive performer (ask yourself, how long does it take to work out they aren’t who you thought they were and then decide to do something about it, 6 months?)
• Then put together a package to manage them out the business (3 months payoff?)

In this example that’s 95% of their first year salary and we haven’t taken into account all the indirect costs, such as

• How much company time was taken up interviewing them in the first place?
• How much HR and management time was taken up working out what to do?
• How disruptive was this person to the rest of the organisation, or worse, externally to your clients?
• Did you need external legal advice to confirm your actions?

All in all, we’re now talking well over 100% of an annual salary. Our cost per screening to avoid all these issues is less than 1%.

For this you get the opportunity to make better decisions as we provide:

• A full digital profile
• Confidence that you are hiring the right people
• Improve the quality of your workforce over time
• Reduced wasted management and HR time on resolving problems

Even a small business can save hundreds of thousands of pounds a year.

Background screening is often seen as a tick box exercise. But can your firm really afford not to screen people properly?

As we rapidly enter the festive weekend, Santa and his elves are working to finalise exactly who belongs on those naughty and nice lists. Safe in the knowledge that everyone in our office is on the nice list (**awkward glance**) this got us thinking, imagine if Santa used Neotas to help him get through the workload. Would he really think those Snaps and Instagram selfies were the act of a ‘nice’ girl? Does the banter on Twitter potentially cross a line and push you on to the naughty list? How about that Tinder profile which might not necessarily accurately reflect the real you? To be honest, we don’t judge anyone by these standards and we aren’t convinced that Santa would really judge anyone for any of these things either, however some of the individuals that we have looked at this year are definitely receiving coal.

From employee screenings with individuals involved in football violence against police officers to international business men involved in modern slavery and illegal arms and drugs smuggling, the Neotas team have seen our fair share of naughtiness. We’ve seen the fraudsters who almost signed the important business deal to those who’ve been hired without relevant qualifications. We’ve uncovered addictions, crime, hate, bullying, and stalking and this is just a small sample of our findings for the year. All of these and so many more are definitely on our naughty list as well as Santa’s. But not everything is doom and gloom, we’ve also seen a lot of nice listers!

The volunteers and fundraisers who are making a difference in the lives of those around them. The entrepreneurs with a thirst for success who got that big investment. The thought leaders who potentially struggle in an interview but thrive online. The fitness fanatics who are consistently bettering themselves and achieving new levels of personal triumph. The modest award winners who fail to mention their skills and accolades on their CV. The Neotas nice list is definitely longer than the naughty list.

Regardless of what your footprint says about you and whether you find yourself on the naughty or nice list this Christmas, Neotas would like to wish our clients, partners, friends and everyone else a very merry Christmas and a happy New Year. Here’s to 2018…Now if only your online footprint could reset as easily as the calendar!

In early 2017, New Jersey implemented an algorithm: it generates a score and gives counsel to judges. The algorithm advises them as to whether they should grant bail to detainees. This process entirely replaces bail hearings. It’s possible for the judge to never see the subject they sentence, and to never to see the effect of their judgement.  

While this sounds dystopian I can recognise the benefit. An impartial, free from bias sentence – the theory is perfect. The practice is distorted. Algorithms operate based upon past data. But what happens when past data is warped? What happens in a judicial system that has been marred by racism for countless years? What happens when past data reflects the racist history of a nation? 

The answer is simple – that tendency continues. Black people are therefore less likely to be released on bail than white people. I, and I hope you, can see that this isn’t just or fair. How can we teach machines when humans haven’t got it right yet? 

Judges are analysts at their core. They learn facts, process, and output. The similarity between them and machines ends there – Judges understand ethics; machines don’t. Judges can process extraneous factors; machines can’t. Judges are swayed by ideological movements; machines aren’t.  

Automation is a tide flowing through each sector – a tsunami threatening to crumble industries, to damage the bedrock that is the foundation of our society. And automation might well do so for many walks of life, but other paths, like that of the humble analyst, can stand proud and untouched. Morality, ethics, and processing in the wake of true understanding is what distinguishes us from machines. Analysts can provide this; machines cannot. Is there place for humans in this world of increasingly automated processes?  

I believe yes. If in the distant future all work is automated save sectors of compassion, morality and ethics, then surely the AI, NPR and automotive drive has in fact freed us to be more human: to analyse with greater clarity. This is why I think Neotas will retain value in the face of automation – we retain the human component.

Daniel Burke-Ward 

In recent months, Artificial Intelligence (AI) has seen a vast increase into its efficiency and advancements. The benefits of developing AI are clear, with growing software developments that are designed to save time and money into businesses. Consequently, this leaves the question: are these innovations likely to replace human analysts?

The rise of “machine learning” has always had the role of efficient assistance rather than replacement. However, a new intelligence company called Primer, have now developed a product that is part intended to augment the job of an intelligence analyst. Primer takes both the reading of that information, as well as the writing of the report, and automates the processes using AI. The CEO of the company, Sean Gourley, argued that “analysts get tired and can miss data if given vast quantities”.

Despite this comment being a strong argument, as an Analyst at Neotas I can safely believe that the human perspective of data analytics is critical to influencing the interpretation of data. Understanding what it means to be human and gaining first hand experiences in everyday life can be the difference to finding the meaning behind information rather than facts and figures.

In conclusion, the growth of machine learning cannot be ignored and if anything, just be encouraged to assist intelligence gathering. Nonetheless, I argue it will be a long time before AI processers can configure human interaction and meaning. In the meantime, whilst this debate continues, AI can point towards the right information to help aid research and develop a human analyst’s skills. Whilst the consumer still wants meaningful answers, our humanity will continue to be the strongest asset.

By Reece Wickens

Recently a young woman in America was fired from her job in a Texas Bank because her engagement photos were deemed inappropriate for a “family-oriented” company. The photos were uploaded to social media by the photographer and were tasteful and professional; the man was topless with a pair of jeans on and the woman wore a swimming costume that was pulled down but her breasts weren’t shown.

The ex-employee said, “I gave over a year to a company that I worked really hard for and then to have them turn on me for doing something so positive, something that I was so proud of — to help myself as a woman — it was hurtful.”

The bank’s decision to fire pregnant Stephanie (who is over 20 weeks pregnant) not only raised huge concerns for her wellbeing (she lost her maternity leave and insurance which in America is a major necessity) but it also raised questions about how employers look at social media.

Although social media is a great place to see the full picture of a person, details obtained from a personal site should be discussed with your employee, if you believe that, even though their content may not show them doing anything illegal but you feel is inappropriate or affects the company, talk to your employee about privacy rules and have a professional conversation about what they share online.

Here at Neotas, we investigate an individual’s social media footprint and online presence in search of illegal activity, discriminatory behaviour and evidence of undisclosed information. We do not hack, steal or invade the individual’s privacy nor do we judge or manipulate their online personal life. Our findings are based on workplace safety issues and vulnerability concerns for both the individual and the hiring company. Specifically, our staff screening provides clients with a report that delves deeper and provides insights and facts that current database checks fail to unearth – not just the single photo that one person might not like!

Earlier this week, Andrew Parker, Director-General of MI5, made a rare public appearance to outline the severity of the terrorist threat currently being faced in the United Kingdom. Within his speech, Mr Parker said that technology firms, specifically social media platforms and operators, were inadvertently helping terrorists by not doing enough to take down extremist content or for allowing terrorists a “safe space” to both communicate and operate. He went on to state that he believes “that there is a responsibility on the companies that offer those services to help governments be able to stop the worst excesses of human criminal behaviour.” A viewpoint that echoes that of the Prime Minister, who last month urged Tech firms to “go further and faster” to stop terrorist material reaching online platforms.

While no-one can argue with the intention of these statements, their implementation however is considerably more difficult. Over the past 12 months, we have seen social media platforms battle to understand how their platforms are being exploited and what can be done to mitigate, remediate, and protect against the issues. We’ve seen Facebook amongst others admit that machine learning and artificial intelligence alone cannot identify and resolve all issues and in the 48 hours Twitter have launched their latest crackdown on hate and abuse. But the question remains, is this enough?

Here at Neotas, we believe that it is not only the social media tech firms but the entire tech community who can assist to start eliminating these “safe spaces”. Through our screenings and investigations, we are consistently delving deeper into social media profiles in addition to those portions of the web hidden away from Google. Over the past six months, our team of expert analysts have reported numerous cases to Crimestoppers and through the Government Prevent strategy. We have policies in place for exactly these eventualities, as we believe that our commitment is not only to our clients but to the greater community as a whole. It is for this reason that we additionally work with a number of charities and partners to use open source information to combat some of the greatest challenges facing our society today.

No matter how much artificial intelligence develops, no single platform can prevent and stop these issues alone. Moreover, the inclusion of an analyst is essential to both review and influence the direction an investigation. At Neotas, we are proud of the work of our analysts and to be collaborating and contributing to a safer internet environment.

In August, Neotas reached the 6 month mark and to celebrate this milestone we thought we would share with you our journey so far – the good, the bad and the ugly (and that’s just the bosses)!

Neotas went live in February 2017. With one full-time paid member of staff and one client, we were off. We started with a new website, research techniques constantly developing, our platform constantly improving and never-ending meetings.

Our growth from that point forward has been amazing. Six months later, we now have an amazing team of seven full-time members of staff, a growing number of key strategic thought leaders, a pool of addition analytical support and an active client list of over fifteen clients. We’ve additionally built significant partnerships with a number of charities. For our primary charity, Stop The Traffik, we provide analytical support and are working with them to develop a platform which is able to identify modern slavery hotspots globally and to provide supply chain due diligence required for compliance with the Modern Slavery Act.

Our message continues to spread. Last month we completed our first exhibition stand at the inaugral Innovate Finance Growth Forum and Jenni, our Head of Research, has already spoken at a number of key events across London. We’ve focused our efforts and then through demand, refocused our efforts to meet requirements. We’ve disagreed, we’ve battled and surprisingly on the odd occasion we’ve actually agreed with each other.

We are so incredibly fortunate to have such an amazing and growing Neotas family who all as individuals care and believe in the venture as much as the initial founders did. The work we are producing is also key. Over our first six months, we have raised Amber and Red flags on 32% of all reports we have completed. Considering the vast majority of these had already undergone traditional background screenings and due diligence, this figure is huge! Even more significant is what some of those alerts have been. While our reports have actively informed decision making for investors, laywers and HR departments alike, in our most serious cases, we have been required to refer 2 cases to crimestoppers, 1 through PREVENT for concerns relating to terrorism, and 4 cases have been referred by the clients to the UK’s serious fraud office. Just when we think we’ve seen it all, we have our eyes opened once again! More importantly, all of our clients are happy! In fact we are still running at a 100% acceptance rate for clients who trial our reports in some capacity who then become clients. The road for Neotas has just begun and our team cannot wait to continue to share our experiences and this journey with you.

If you’d like to get in touch to know more or to discuss applications which are relevant to your business, please visit our website.

Until recently, crimes tended to be committed away from the eyes of society and reported post-event through traditional channels. Over the past several years however, increased usage of social media platforms has seen a rise in ‘performance’ crimes in which individuals document their criminal behaviour for a public audience.  Embracing this connected society, individuals are often observed to be operating online, often under aliases, in an environment in which they feel like they can live another life, say what they really think without dealing with the consequences, and post that controversial picture or video to get a reaction, all the while feeling anonymous and disconnected from ‘real-world crimes’ they are committing.

From murders on Facebook Live to radicalisation on Twitter and from top financial executives sharing confidential information over WhatsApp to 18 year old girls being arrested for trespassing and documenting their crime spree on SnapChat, the scale and scope of criminal activity being both enabled and documented on social media is increasing exponentially. Nevertheless while platforms are battling, along with law enforcement, to eradicate such content, the sheer volume is increasing more rapidly than resources permit.

At Neotas, we have been involved in a number of cases in which criminal activity has been identified and subsequently reported. Recently we received a request for an employee screening, a potential new recruit had been through traditional background checks and concluded two interview stages with no issues raised. Prior to the job offer letter being sent, Neotas were requested to complete a staff screening using only information provided on the subjects CV. The findings were eye-opening! The individual actively documented their entire life openly for the whole world to see, comment on and encourage. Of specific note, the following content was identified:

• The subject was identified through social media as being actively involved in football related violence. In one specific incident, the subject posted videos, images and commentary which positively identified themselves as being the individual responsible for an attack on police officers. The subject openly encouraged violence towards opposing teams, fans and police officers alike on a number of occasions.
• Significant discussions and media including videos and photographs relating to substance abuse, specifically Ketamine and Cocaine, was identified through social media platforms by the individual and key associates.
• The subject actively initiates, engages in and promotes sexist, homophobic and racist content including personally attacking individuals through their online accounts and profiles.
• The subject posted numerous confidential screenshots of his phone and work computer on social media. In a number of posts, client account details, email addresses and personal information were clearly visible and openly available.

As a result of the screening completed by Neotas, the subject was subsequently removed from the recruitment process, and in consultation with the client was reported to Crime Stoppers. The reason why this individual was able to pass traditional screening and not our screening processes is that they simply didn’t appear in any databases since they had never been caught and charged by the authorities.

While not everyone we screen raises the same number of alerts and flags as the individual above, the case is most certainly not unique. In fact over the past 3 months, more than 42% of all of the pre-employment staff, KYC and AML screenings processed by Neotas have had issues raised with them with, concerns and risk areas ranging from the criminal activities above, undisclosed Directorships, and source of funds etc. Based on this, our message to employers could not be clearer – Traditional checks are simply not enough anymore. Especially when individuals are actively posting their lives for all to see.

For individuals and prospective employees out there who cannot resist the temptation to post their entire lives online, this blog is not intended to suggest that you should monitor everything you put online, or that everything you say and do should be serious and not remotely humorous (we are certainly not here as the fun police!) What we are highlighting however is that more and more companies and individuals are looking at social media to make judgement calls on you to see if are suited for the job, course or even date. Therefore maybe it’s time to consider either keeping your profiles private or stop and think, “is that photo of me snorting cocaine on Twitter really such a good idea?”

If you have followed the headlines published by newspapers and bloggers over the past month you would be led to believe that Snapchat’s new Snap Map feature is “going to ruin your life” and “is frightening as a privacy threat”, but what does the new feature mean for Snapchat users and should you be concerned?

In the latest Snapchat update, released in June 2017, users are now able to share their current location and activities with their friends. Providing you and a friend follow one another, you are now able to share your locations with each other on the Snap Map in addition to being able to see what is going on around you. Your location on the Snap Map is only updated when you are actively using Snapchat — so you don’t have to worry about your location being updated in the background. Additionally your location on the Map will expire after several hours. Also with the Snap Map, you can view Snaps of sporting events, celebrations, breaking news, and more from all across the world.

In light of this new update however, Snap Chat has received considerable criticism regarding privacy and safety concerns. The majority of the concerns relate to an increased risk for users, specifically younger generation users, to be exposed to stalking, bullying and strangers by individuals who are able to follow their exact locations. These concerns have been supported by police forces and schools around the UK who are scrambling to offer advice to parents and to ban the app on school premises. The update has also prompted the Child Exploitation and Online Protection Centre (CEOP) to update its ‘Thinkuknow’ parents’ and carers’ guide to Snapchat.

Despite these concerns, there are a number of simple ways that users can protect themselves. As part of the Snap Maps, the default setting, known as Ghost mode, allows the user to block their location so that they are not visible on the map. The only exception to this is if the user submits Snaps to the ‘Our Story’ feature as this will appear on the map regardless of the user’s privacy or location settings. The second and most significant piece of advice, is for users to only accept Friend Requests from individuals they know. Maps are only shared between friends and this can be further restricted by specifically selecting the individual friends who are able to see your location. Awareness of these simple features can in fact negate the vast majority of concerns since they essentially render the location feature deactivated.

The use of real-time location sharing presented in Snap Map is not the first of its kind and nor will it be the last. Companies such as Google, Apple, Facebook and WhatsApp already have their own features which allow the user to connect with friends and to share their location. There are even Apps, such as Glympse, whose sole purpose is provide a fast and free real-time location service to connect people. And while all of these apps and platforms offer privacy settings, delving beyond the hype and discussion, there exists a far deeper and more profound discussion relating to the volume of personal content which individuals are actively posting online and the ease at which this is becoming the norm.

Our analysts and experts at Neotas, are constantly amazed by the volume of personal content which exists in open sources whether actively posted by the individual or passively by others, through leaks or data breaches, reviews etc. Awareness of this and identification of an individual’s complete online footprint is key in order to prevent exposed vulnerabilities and risk, especially regarding high net worth individuals and executives.  As such, at Neotas, we provide Human Vulnerability Assessments and Online Reputation Reports in addition to our Staff Screening and Due Diligence services. Our role is not to create hype as we have seen recently within the media but instead to embrace the digital information generation and to create a more holistic view of an individual for all risk based decisions whether personal, professional or commercial.

I started with Neotas about three months ago having spent the previous five years in financial crime. What I have learned in this short time period has blown my mind and if I had known then what I know now, fraud investigations would be dealt with in a completely different manner. Without a doubt, open source intelligence (OSINT) is the future of due diligence and KYC (Know Your Customer).

Working in Financial Crime, I regularly had to investigate cases of fraud or money laundering and prove, without doubt, that a customer had been a victim of fraud. The problem is that fraud investigators are more often than not required to work on gut feelings and instinct more than on actual proof. Don’t get me wrong, working in fraud requires a lot of instinct and trusting that gut feeling, however having evidence to prove the fraud would also be more than helpful. While fraud investigators do have tools to aid their investigations like bank checks and credit files checks, you’re often left questioning what does that really tell you about the person? That they have good credit and their bank account matches their identity? What if you had a husband and wife working together to scam the system? She may be telling you that she and her husband are separated and he has stolen her details. As an investigator you are not able to talk to the husband as he isn’t your customer, therefore you have to take the wife’s word as fact. However by using OSINT you can learn more about the individual including looking at their social media profiles to see if there is any evidence of a divorce or separation. Moreover, is there any evidence to tell you they are working together? If a child has impersonated their parent and both mother and daughter have the same name and live at the same address, there are only two companies in the world whose internal checks would be able to tell them apart. Most companies would accept an application in the mother’s details and send the money to the daughter’s bank account however by using OSINT you can look deeper into the daughters online behaviour, have they recently come into money? Are they talking about it?

Whether we realise it or not, almost everything about you is online. From date of birth on birth records, to your address, email addresses, phone numbers, interests, and key individuals, the list is often endless. The reason for this is simple. Most people do not read the endless pages of terms and conditions or adopt privacy settings, moreover most people feel that they can be themselves online and that is where they will often give away their plots and plans. By using OSINT you can find out a multitude of sins. A professional money launderer may look like the perfect customer from the outside: the credit file looks good; the bank matches; and they use the product regularly and always pay back on time. Someone like this may show up on a CDD or EDD list but after a few simple checks no issues would be found. If compliance departments and fraud departments had knowledge of OSINT they could look deeper into the individual, the house they are living in, can they afford that on their salary? The company they are a trustee or director of, does it make sense that the customer is involved with a company like that? OSINT paints a picture of what is going on and tells you what a standard background and credit check cannot.

Simply put, most financial crime departments do not have enough knowledge of OSINT and therefore follow “a checklist system” that was written in a policy because the regulator told you to. The problem is that as long as you are following the minimum requirements put forward by the regulator, financial companies will believe that the check list system is sufficient. It is not and this is allowing fraudsters to continue to get away their crimes while they are laughing at you publically on Facebook. Don’t get me wrong, I’m not saying that fraud investigators are not doing enough, what I am saying is investigations need to go further, OSINT is the future and before long the FCA will make this a requirement.

Neotas is a due diligence company that has developed an analyst driven Open Source Intelligence platform. The platform is used in many areas from financial regulations such as KYC/AML, Anti-Bribery, Modern Slavery Act, plus staff background screening, due diligence for VC and PE investments and lastly human vulnerability assessments as part of a cyber security strategy.

In 2009, while in the process of applying to University in the United States, a rumour began to circulate that universities were likely to review the Facebook pages of applicants for any disqualifying content. At the time, Facebook was still an up and coming social media platform rather than the pervasive giant it is today but nevertheless I had an account and I started to worry. Having grown up in Europe, where the legal drinking age was lower than twenty-one, some of my content immediately fell into the ‘disqualifying’ category. In a panic, I rushed to remove any photograph, post or connection between myself and alcohol. Moreover, ever since that first rumour, I have regularly monitored content relating to myself through search engines and have regulated privacy settings on social media to manage my online footprint for jobs, university, and my own personal safety.

Fast forward a few years to when I joined Neotas in 2017. I felt confident that I had been actively sanitising my online footprint for years and everything was good. In an instance, however, I was amazed, not only by just how much information could be found about me with the right training and tools, but also how relevant every part of one’s online footprint could be. With every exercise or fitness application comes the ability to live track your activity and location. With every geolocated holiday snap, you are telling the world that your home is most likely left empty. From fraud to kidnapping, from robbery to stalking, the applications are only limited by one’s imagination.

As I have progressed as a Junior Analyst at Neotas, I have uncovered everything from hateful posts plastered across Twitter and Facebook and evidence of drug use, but also people using aliases to avoid bullying. To think that I was worried about a few photographs from a graduation party seems so insignificant with the material I have uncovered. I have seen how finding even the smallest element of risk or concern about a person, from either professional or a personal point of view, can tell you more about a person than any background check or interview. More importantly, the truth of the matter is that this is only going to increase as more and more information about us is digitised. Google’s recent announcement for its Google Lens app, for example, will allow the user to turn their camera into a search box, where anything it is pointed at is searched using artificial intelligence. A future where facial recognition on a phone camera brings up their social media profiles or any other online content with a picture of them is no longer science fiction but something that is possible and is on our horizon. While this may seem a frightening future, the reality is that most of this information is already available, if one simply knows where and how to look for it.

What may or may not have been a rumour back in 2009 is a definite reality in 2017, and not just for university applications, but for any prospective relationship, both personal and professional. With insider threats posing the single most dangerous issue in today’s professional world, the standard background or credit checks are simply missing the critical information. With people putting so much of their lives up online, at Neotas we are able to go beyond the standard investigation to obtain a profile of the subject rather than completing a tick in the checklist.

Moreover, content is contextualised to formulate a complete profile of the individual so the rather innocent photographs of me with an alcoholic drink all those years ago would not be an issue today with Neotas’ analyst driven platform.

I just thought I’d share some thoughts, 3 months after Neotas was born. For those of you that don’t know us, we are a next-generation due diligence company. We have brought together a collection of ex-military and law enforcement intelligence specialists along with technology and finance experts to create an analyst driven platform that uses OSINT to conduct due diligence.

The whole exercise has really opened my eyes to how open-source intelligence can help across a wide number of areas, from employee and client onboarding, ‘fit and proper’ tests under SMR, KYC/AML reviews, supply chain audits to human vulnerability assessments as part of your cybersecurity strategy.

Every day the information we uncover never fails to amaze me. Knowing your people is more important than ever, it’s important to understand these risks so you can make better decisions.

51% of the people we vetted, that had already gone through standard background checking had additional flags raised against them. These included undisclosed directorships, second jobs, gambling addictions, drug habits, religious extremism, IP theft. We even found a video of a candidate assaulting a police officer that he stupidly posted online, and no, I’m not making that one up! And these were people looking at jobs in financial institutions……

51% seems a ridiculous statistic and right now as we just get going, it only covers 100’s rather than 1000’s of people but we still feel it’s a broad enough selection to get a sense of the scale of the problem.

As we go on, I’ll think about the stories I can share, I already feel I have enough material to write a book! Right now current screening and vetting processes are no longer fit for purpose. You need to think about how you can use the information that now exists about people and companies to make more informed decisions. directly.

In the meantime. if you would like to know more, please feel free to contact the team directly on our contact page.