Name: How to Protect Your People and Assets From Targeted Threats
Uploaded: 2025-08-12T15:30:47.153Z
Duration: 49 min 28 s
Description: How to Protect Your People and Assets From Targeted Threats

Transcript for "How to Protect Your People and Assets From Targeted Threats": Good morning, everyone. I'm Matt Mooney, the director of the Global Issues team within Recorded Futures Insight Group. Thanks for joining us this morning for what will be a very interesting and thoughtful, discussion on the evolving threat landscape. We're going to pause for a second to give additional people time to join, so bear with us for another minute or so. Okay. I think with that, let's go ahead and kick this off. Again, for folks who may have just joined, I'm Matt Mooney. I'm the director of the global issues team within Recorded Futures' Insta Group. Insta Group is the research analysis arm of Recorded Futures, and the global issues team focuses specifically on tracking and analyzing strategic geopolitics and influence operations with a focus on primarily on the big four, China, Russia, Iran, and North Korea, as well as threats to physical security. And it's this latter point that we're gonna be focused on specifically today. I'm joined today by two Recorded Future analysts, Mary and Paul, as well as Brian Solecki, our director of security and safety, to discuss how private and public sector organizations can protect their people and their assets against targeted threats. So as part of this conversation, we'll outline how the violent extremist threat landscape is evolving, identify sources of online risk exposure, and share mitigations to reduce physical security concerns. So the STRIP briefing builds off two recent reports published by the Global Issues team. The first is an executive security guide for mitigating online risk, which is available for customers only, as well as a comprehensive analysis of The US violent extremist threat landscape, which has been published on our public website. The latter is available in the docs tab on your screen. So a couple of housekeeping items before we start. An on demand recording will be made available to registrants following the webinar. The formatting today is facilitated question and answer. Now you may add questions to the chat feature, and we'll address those that we can. With that, let's go ahead and dive in. So I'm gonna start with, Paul. Can you sort of outline for us how the violent extremist threat landscape in The United States has shifted over the past year? Yes. So the trend that is most pertinent to this webinar is that the domestic violent extremist or DBE groups, that we assess to be the greatest risk of conducting violent attacks against organizations in The United States, specifically neo Nazi and white supremacist violent extremists, anti government and anti authority violent extremists, and anarchist violent extremists are increasingly considering targeted physical attacks against individuals rather than conducting mass casualty attacks. In fact, during the past twelve months, we assess The US threat landscape has shifted to such a degree that we now consider targeted attacks against personnel in facilities to be the preeminent violent extremist threat to most public and private sector organizations, operating, within The United States. At NSIC Group, we've observed a persistent trend of violent extremists in multiple types, taking note of assassination plots against high profile public pick, figures. Most notably, the 2024 assassination attempts against then presidential candidate Donald Trump, the December 2024 assassination of UnitedHealthcare CEO Brian Thompson, the May 2025 murders of Israeli embassy employers, employees in Washington DC, and the June 2025 assassination plots against lawmakers in Minnesota. Violent extremists have celebrated, promoted, or encouraged these and other attacks with the dual intent of threatening high profile public figures and boosting their recruitment efforts by playing the public sympathies for some of the attacks perpetrators, or their ideologies. And most recently, in sync group observed violent extremists celebrating the results of the shooting at 345 Park Avenue in Midtown Manhattan that killed the Blackstone executive, even though publicly available evidence does not indicate that the this executive was deliberately targeted in the attack. So this trend underscores both our overall assessment of the DVE threat landscape in The US, as well as the topic of this webinar. High profile picture, figures in The US, including c suite executives and senior government officials, are at heightened risk from violent extremist physical threat activities. DVEs, alongside other threat actors, are leveraging sources of digital exposure and identifying soft spots and operational security to target personnel. The last thing, although, that, for many organizations, the ship to target attacks complicates what was already a heightened physical threat landscape from extremism. More broadly, geopolitical flashpoints, polarizing domestic political issues, and other factors magnifying risks from both DVEs and homegrown violent extremists or HVEs, in The US. And these are violent extremists that are connected to foreign terrorist organizations. During 2024, international events and trends, such as the continuation of conflicts in The Middle East involving Israel, the far of the Bashar al Assad regime in Syria, and the degradation of the security environment in the Sahel and Horn Of Africa, all very likely benefited the position of certain foreign terrorist organizations, particularly the Islamic State and Al Qaeda, and drove their recruitment efforts in The United States. Contentious domestic political issues, particularly the twenty twenty four US election, and immigration enforcement efforts in early twenty twenty five, almost certainly mobilized several types of DVEs into conducting violence and other physical threats in The United States. Great. Thank you, Paul. It was a really comprehensive start. Really appreciate that. Can you talk a bit about what sort of factors appear to motivate violent extremist targeting of executives and other high profile figures, and are there sectors that enhanced risk as a result? Yeah. Well, it varies on a case by case basis. I think the three major factors that we're seeing across the board are the impact of the highly publicized assassinations and assassin assassination attempts that I mentioned before, the polarized domestic political landscape in The United States, and broader geopolitical trends. So first, violent extremists are almost certainly taking note of assassination attempts impact on their targeted entities operations, and the fact that several of the perpetrators weren't identified or apprehended prior to conducting the attack. But most importantly, they're taking star stock of what they perceive to be a broader degree of public support for some of these attacks alleged perpetrators, most notably, Luigi Mangione, the alleged perpetrator of the assassination attempt against or the assassination of UnitedHealthcare CEO, in December, as well as Elias Rodriguez, the individual alleged to be responsible for murdering Israeli embassy employees in Washington DC, earlier this year. The level of public support that these individuals have received after their alleged attacks almost certainly convinced some violent extremists that selecting assassinations or targeted attacks as a method of choice will allow them to curry favor with the public and further spread their ideology, and recruit. Secondly, the highly polarized domestic political landscape in The US, means that a wider swath of public figures are coming into the cross tiers of extremist groups, especially, with regard to the private sector. The involvement of businesses or government agencies that previously would not have been targets for violent extremists, are now, because of their involvement in contentious political or social issues, is make is a precursor in many instances for their involvement in their targeting, in physical threats. During early, 2024 and early twenty twenty five, this factor has especially heightened risk for judges, and law enforcement officials as well as executives in the health care and pharmaceutical industries. Finally, a wider scope of public and private sector entities are perceived by violent extremists to be involved in contentious international and geopolitical issues, especially regarding Israel and its conflicts in The Middle East. This factor has especially heightened the risk for indices, structures, industry sectors that are perceived to have some relationship with Israel or the Israeli government, and in particular defense contractors, insurance agencies, and financial organizations. Great. Thank you, Paul. So alongside the shift from mass casualty attacks to targeted operations, have you also seen changes in the tactics, techniques, and procedures or TTPs, used by violent extremists? Our assessment is that in the short term, most of the TTPs used by violent extremists in The United States are very unlikely to change. We're almost certain to see a range of physical threat vectors, online targeted threats, stalking, harassment, physical approaches, sabotage, surveillance, disruptive protests and demonstrations, doxing, swatting, as well as violent attacks, using firearms, bladed weapons, vehicles, and, rudimentary and pro improvised explosive devices, as well as arson. However, we have witnessed, violent extremists of all types increasing their efforts to experiment with new technologies to support these attack planning operations. Especially, we've seen increased use of new technologies such as, drones and other unmanned vehicles, generative AI, three d printed firearms, cryptocurrency, and end to end, encrypted communication applications. We've also seen some efforts by violent extremists, especially those focused on online threats, doxing, swatting, and other metrics that need to use online capabilities to target their victims, to improve their in house, open source intelligence capabilities by leveraging online information on their targets, which have supported overall the shift to targeted attacks against personnel. Thank you, Paul. That's a great segue. I wanna, pivot to Mary to talk a bit more about sort of sources of online risk. Mary, can you tell me about your research into the sources of digital exposure for executives and other high profile figures? Sure. Thank you. The research team here at Recorded Future has substantial experience in providing online security assessments to executives in the private and public sectors. It is our job to think like threat actors and find the weaknesses in the security posture of an executive, allowing us to provide actionable recommendations for improving their security. Based on our years of experience, we recently put together an online security guide for executives and security teams that details sources of online risk and discusses relevant mitigations. The bottom line up front here is that the availability of personally identifiable information on the Internet leaves private and public sector executives, especially those located in The United States, increasingly vulnerable to physical and cyber threat activity. During our online security assessments, we have found that significant sources of online risk include social media, people search websites, property records, political donations, user accounts, data breaches, email addresses, phone number lookup tools, corporate records, online reviews, obituaries, online mapping services, voter records, schools, and login credential confirmation. I want to emphasize, not only can threat actors take advantage of individual sources of online exposure, but they can also combine multiple sources of exposure using one source to pivot to another to improve overall targeting. For example, threat actors can conduct initial reconnaissance against an executive through People Search websites. And using information gathered from these websites, then pivot to social media, data breaches, property records, and other sources for, more targeted activities. Great. Thank you, Barrett. So I think we all can appreciate the the sensitivities in posting sort of real time information on, you know, sort of prominent social media platforms. But among the sort of data sources you examined, are there particular types you think are underappreciated or not readily acknowledged as a problem? Two notable sources of online exposure that are often overlooked are political donations and user accounts. Regarding political donations, individual contribution data available from the US Federal Election Commission generally includes the individual's name, employer, occupation, city, state, and ZIP code, and sometimes their home address too. The SEC allows anyone to filter individual contributor data by these identifiers, thereby allowing threat actors to target specific executives. Moreover, political donations made through fundraising platforms like ActBlue and WinRed will expose the donor's street address regardless of the size of donation. Regarding user accounts, these can also expose a large amount of information about an executive and their family. For example, one popular, music music streaming service is a common source of exposure for executives. You can identify accounts on the streaming service belonging to executives and their family members by testing variations of their first and last names in URLs. Moreover, public followers and following lists available on streaming service accounts can also be used to determine the friends, family, and associates of executives. And public playlists available on streaming service accounts can provide insight into the interests and personal lives of executives. The profile picture that executives and their family members use on streaming services can also be a source of exposure. For example, if an executive's child uses a profile picture that shows the executive's house in the background, threat actors could use this information to confirm the executive's primary residence. Great. Thanks, Mary. Appreciate the elaboration on that. So I'm gonna open this up to everybody, on the panel. So what types of physical threats can access to executive PII or personally identifiable information enable? Is it limited to just violent attacks, or are there other ways that executives could be targeted by these threat actors? Go ahead and start with you, Brian. Thanks, Matt. Good morning, everybody. Real quick background on me. I'm Brian Solecki, the, director of security here at Global or at Recorded Future. Prior to coming over Recorded Future, I served on active duty for about seven years and then spent twenty years as a special agent with DOD. A lot of that time was on protective service operations for senior ranking officials in the Department of Defense. So yeah. Definitely, the PII, you know, exposure is a big deal for executives. Quite honestly, it allows the threat actors to, you know, to develop information on home and work locations, patterns of life, modes of travel, you you know, and that's all information that affords them the opportunity to develop and and implement plans that, you know, could result in a physical threat to our executives. So some of the things that we've seen are false police reports, SWAT in incidents where, you know, they've called in a false report and they sent, you know, SWAT teams to an executive's house. Like Mary and Paul said, it's not just limited to the executives. It is also focused on their family members as well who could be put at risk. And quite honestly, they can, you know, establish those patterns of life and it gives them the opportunity to target, you know, in a meeting or an appearance where the executive may be and, you know, that could be as simple as a disruption where they throw a pie in the face to where, you know, they commit an act of violence like we saw with the UnitedHealthcare. I would like to add that access to the personal information of executives can facilitate both physical and cyber threats. As Brian already kind of discussed, physical threats include harassment, stalking, burglary, and violent attacks. The cyber threats include social engineering, spear phishing, identity theft, and account takeover. One thing I really want to highlight is that in the current threat landscape, some threats sit at the nexus of physical and cyber, namely doxing and SWAT. Yeah. And the threats that sit at that physical cyber nexus, I think day in and day out in, my work monitoring file and extremist threats, particularly the high profile public picture, figures for recorded future. It's those, threats, especially doxing and swatting that we've seen a pretty precipitous spike in over the past couple years, or so. So, last year, Recorded Future published a report actually on, several violent extremist doxing campaigns, against private sector senior leadership, that showed that they were very likely leveraging several of the sources that Mary previously mentioned, especially people search websites, sources that post information from data breaches, and as well as other online sources to gather information that they used and later published in docs files that went online. Doxing and swatting have a particular nexus to one another, because, the information that is published in docs files can be used to support swatting efforts. For instance, especially physical addresses and phone numbers can then be used, and leveraged by violent extremists to support a false, call to law enforcement, that can be used in a a swatting operation. So in this particular instance, which we've noticed a pretty substantial rise in, you can see the dynamics between how the cyber threat and the physical threat are, interlinked with one another. Great. Thank you, Paul. So, Brad, I'm gonna, sort of pivot to you. So, you know, we've talked about how extremists are shifting shifting towards targeted attacks. There's a wealth of information available online that they could potentially leverage to facilitate those plots. You recently led an expert's corner corner session for reported future customers that focused on the concept of an intelligence driven executive protection program. Can you explain a little bit about what that consists of and how it can be employed? Sure. Thanks, Matt. So, you know, quite honestly, threat intelligence is the foundation of, you know, your entire comprehensive security strategy, and that applies for any organization. The collection and analysis of threat intelligence, you know, that affords an organization the opportunity to allocate the appropriate resources towards, you know, the physical security procedures and the cybersecurity measures needed to mitigate identified threats. Like I said, size and scale, you know, I worked at the Department of Defense, which is one of the largest organizations in the world. What is applicable there is also applicable to the smallest companies that, you know, are out there and have a threat towards them. So really, quite honestly, bottom line, threat intelligence is what allows for the identification of threats and then the opportunity to allocate those appropriate resources to mitigate those risks. So, we're we nobody has unlimited resources, so it really helps to drive, you know, your physical and cybersecurity programs. Great. Thank you, Brian. So can you give us, some examples of what priority intelligence requirements and associated goals that would likely be considered sort of essential building blocks for an executive protection program? Sure. So, you know, priority intelligence requirements in executive production, they're, you know, they're those critical pieces of information and intelligence that you need to, one, anticipate, two, prevent, and three, manage threats against your executives. They should be tailored towards your specific needs and vulnerabilities, you know, of the individual being protected. And most importantly, they they need a continuous review because the threat landscape is always gonna change. So bottom line again, you know, the priority intelligence requirements, they allow you to be proactive, vice being reactive. So you can kinda get ahead of these threats that, you know, may occur for your executives. You know, some of the the PIRs, monitoring of online activity and social media for suspicious activity or threats to your executives, helps you to determine the viability or or the level of threat posed by individuals or groups that could target your executives. It importantly, it allows you to assess the protocols and plans that you already have in place to make sure they're sufficient to to the threat landscape out there. And, you know, it allows you when your executives are traveling or going to meetings or whatnot, you know, it gives you the ability to analyze methods and travel, routes, lodging, locations, public events, special events so that you can identify those potential, you know, vulnerabilities and and develop a program that will mitigate those risks. Great. Thank you very much, Brian. So for everybody's consideration, let's say I'm a corporate executive or a corporate security team, responsible for protecting executive. Can I just lock down my online presence? Does that suffice, or do I need to worry about other members of my family, for example? I'll start with you, Brian. Yeah. So I think in today's day and age, it's, you know, almost impossible or not even feasible to lock down one's online presence. And especially with, you know, peep younger family members that have grown up online, you know, there's a lot of challenges in doing that. You know, so with that being said, from a physical security perspective, you know, you can mitigate those risks associated with information that's online. You know, we try to not make schedules or family information public. One thing, you know, you kinda try and this is not always the easiest, thing to do, but limit potentially controversial poster statements that may elicit or, you know, generate an intense response. And then, you know, identifying when that PII or sensitive information is out there and, you know, taking the appropriate measures to, you know, get that removed and litigated. Yes. I'm sure, well, as Brian and, as I'm sure Mary will also, attest to, it's pretty much a standard practice, I think, especially when it comes to doxing or swatting to also threaten family members of an executive that's targeted, in those posts. So a recent example of this, that took place relatively high profile was, there was a, swatting and doxing campaign against a Supreme Court justice, and her sister, completely unrelated to, the field, to the work of the Supreme Court justice, also received a substantial number of, death threats, swatting attempts, and in a particular, TTP had, a number of pizzas delivered to her house, which in, on some violent extremist circles is a way of showing that they understand that they know where a particular individual lives, and it's a coded threat, in that regard as well. So, sadly, it's, insufficient from an overall physical security standpoint to to solely protect the executive and not their family members. As Paul and Brian already said, unfortunately, it is impossible to eliminate risk, but implementing online security best practices can help reduce and manage risk. Some of the online security best practices that we recommend are reduce social media use and avoid publicly revealing personal information on social media, use the strongest possible privacy settings on personal social media profiles and user accounts, Refrain from reusing usernames and passwords across accounts. Register accounts with burner phones and burner addresses to prevent your personal information from being included in data breaches and other productivity. And then finally, use virtual private networks, ad blockers, script blockers, privacy extensions, Internet browsers with built in privacy features, and other online privacy tools to stop your data being sold around. Additionally, it is important to educate family members about online security risks. And executives' family members, particularly children who heavily use social media or older relatives who are not fully aware of online privacy risks are often softer targets than the executive and can inadvertently provide valuable information to an executive about an executive to threat actors. Great. Thanks, Tom. So it's a balancing act. I mean, I think it's kind of impossible to completely eliminate our digital footprint, in this day and age, unless you completely disconnect from everything. Even then, it's probably still, impossible. So thanks very much for your sort of, considered perspectives on that. So we had a question that came up early in the chat, and I think it's something I just kind of opened up to all of you. It aligns with something we had, you know, previously can kinda considered and and thought it would be worthwhile to address. And that is, you know, are there key indicators that reflect a rising threat level toward a specific individual or organization? We'll go ahead and start with you, Brian. Thanks, Matt. So, yeah, I think if we look at the recent example of, Steve Sorewitz, it's it shows how dramatically events can change and the threat level can rise in a very in a very quick manner. So, mister Sorewitz was the founder of Payless City and the Wayfarer Foundation. In late in 2024, he was one of the individuals that was named in the sexual harassment lawsuit filed by Blake Lively. He was the, cofounder of Wayfair Studios. So following the announcement of that lawsuit, he was the he was the subject of an intense social media, you know, campaign coverage, you know, and a lot of received quite a few threats. That actually materialized into an actual physical threat because in April 2025, he awoke to a fire that had been, you know, intentionally set in the driveway of his home. And then later that day, his wife received a text indicating that his daughter, who was a student at Northwestern University at the time, would be kidnapped unless they received an $80,000 payment. And in the, you know, the text itself, it said that if you guys are prepared to spend a 100,000,000 to ruin the lives of this Lively and her family, we're sure you can spare a few for your daughter. So, really, I mean, that was a dramatic change of events, and it just shows how, you know, an increased intense or a bio viral public reaction to an event or a post can definitely, you know, increase that threat landscape. You know, in this instance, it actually manifested into physical threats as well too. So it can happen that quickly. Yeah. To broaden out that perspective, I mean, the life cycle of a online negative sentiment campaign against an entity leading to physical threats, is much more broad than the the example that Brian gave. I've seen over the past couple years, entities that have been involved or perceived to be involved in domestic political or geopolitical issues, leading to physical, threats and online targeted negative sentiment, that then leads to physical attacks, against the entity in question. And it could be everything from, you know, campaigns against insurance agencies that are perceived to be insuring Israeli military and defense contractor clients, threats to government disaster relief agencies from individuals accusing them of land seizures, campaigns against Hollywood, entities and media organizations, for casting decisions in films. Violent extremists tend to select targets and merge threats to entities with their own ideological worldview. So, a couple years ago in 2023, we saw a very intense online negative sentiment campaign targeting a beverage manufacturer for their use of a transgender, activist as a spokesperson in one of their commercials. And as an example, neo Nazi violent extremists, zeroed in on one female marketing executive within this company, who they believed was Jewish, and claimed that she was responsible for the, advertising campaign. So a number of them began to dox her, issuing death threats against her and members of her family, and then, conducted swatting attempts at their homes, which eventually the the pressure of this, caused her resignation from the company, as a result of the amount of negative sentiment they should feel as well. So this is not only a question of physical threats as well, but also of employee well-being, I think to some degree. And it shows what kind of psychological toll this can take, when these large scale negative, sentiment campaigns take place. Great. Thanks thanks for that, Paul, and Brian as well. So I'm gonna open it up again to to everyone. We've been focused on The US, and how does the threat picture change when viewed in Europe, specifically? Yeah. Overwhelmingly, I think the specific violent extremist groups that pose a threat to European organizations are different, but fall into similar ideological buckets, of the categories we've suggested. If you were to look, for instance, at the annual, terrorism situation report that's released by Europol, they also focused on, the presence of jihadist groups, neo Nazi and white supremacist violent extremists, anti government extremists, violent anarchists, and, groups advocating for, ethan ethnic and national, secession, as well. So, overall, that's relatively similar to The United States. We also see similar motivating factors in European violent extremists. A number of national intelligence agencies, within the European context have commented on the motivating factor of Israel's war in Gaza, is a major war for a variety major motivator for a variety of violent extremists, as well as respected political events in the country. To some degree, The United States also exports trends as well, which is why you see dynamics in Europe that is somewhat similar. This is particularly the case with, white supremacists and anti government, anti authority violent extremists where many of the European groups are taking cues and, reactions from The US landscape in order to shape their operations. Finally, I'd say that there's some notable differences in the, overarching physical threat environment, especially, I the main one is regarding access to firearms, which, you know, because of European countries' much more, stringent regulations on firearm ownership, you don't see the same degree of attacks involving firearms as you would in The United States, as well as sources of information exposure for executives. But this is not for lack of trying on behalf of European violent extremists. So, for instance, there's been a lot more experimentation with three d printed firearms and other weaponry, over there is a way to make up for the fact that accessing or purchasing, firearms on the open market is, less possible than it is in The United States. Great. Thanks, Paul. Brian, I'll turn to you. Thanks, Matt. And, you know, from what we see going up expanding off of what Paul said, it's definitely not limited to just The United States. I think in the past just in the past two years, we saw, you know, several incidents targeting, executives around the world. We had one, the l Ellison Steel owner. He was kidnapped and then held for ransom in The Philippines. And, ultimately, he was killed even after his family members had paid that ransom. The one big one that was in the news, you know, in the last few years was Rheinmetall, the CEO. He was the subject of a Russian plot to assassinate defense industry executives in Germany. We recently had an event in Uganda where the founder of Mitroplus Labs and AfroToken was kidnapped and killed or kidnapped and tortured in Uganda. And then it even comes down to, you know, the Ryanair CEO who was hit with a pie in the face, you know, during a press conference in Belgium. So wide variety of threats in there worldwide. From an on an exposure perspective, The United States does have a unique threat environment due to relatively weak privacy laws and regulations, but executives from other countries are definitely not immune to online risk. Regardless of jurisdiction, social media can be a major source of exposure. For example, in 2019, a man in Japan, reportedly used pictures posted to social media to stalk and then sexually assault a pop star. The suspect reportedly used Google Street View to identify a train station reflected in the singer's eyes in a selfie she posted online. Then he waited at the station until he saw his victim and followed her home. And then he studied videos the woman shot at her apartment, looking at details such as the placement of curtains and the direction of natural light coming through the windows to try to determine exactly which floor she lived on. Likewise, data breaches are a notable source of risk regardless of jurisdiction. These data breaches can reveal personal information such as phone numbers, email addresses, street addresses, usernames, passwords, social media profiles, IP addresses, date of birth, marital status, ethnicity, employer, and financial information. So this is, a risk that needs to be taken seriously regardless of where in the world you are. Great. Thank you, Mary. So last question, I guess, I'll open it up to every button, and that is, you know, how can the Record a Future platform assist with monitoring targeted threats? And I'll start with you, Brian. Thanks, Matt. So I think the best way that I can kind of discuss that was a real world example that we had fairly recently. So in February 2025, our CEO and our chief of staff were traveling to the Munich Security Conference. You know, before we left, we make sure all of our information in our alert system for our executives was updated. And then we looked at all of the various establishments that we were going to be at while we were in Munich, You know, whether it be at the actual Munich Security Conference itself, the restaurants, the lodging establishments, we set up alerts for that. And then, you know, we based our protective security operation plan, you know, off of the threats that we currently had available. As everybody knows, once you get on the ground and you start operating, well, then things are gonna change rapidly. And I think on that first day, you know, that morning, we received an alert that a car had driven into a a pro or a gathering of, individuals right outside of the Munich Security Conferences, about a mile outside of that. So, we were able to, you know, adjust our plan. We knew where we were at was a safe location. You know, we couldn't be impacted at that point, but it allowed us to kind of be proactive and determine, like, hey. Some of the off-site venues that we have later on on the day, we're gonna need to adjust our routes. Are those going to be targeted? Are we gonna be able to operate as this part of a, you know, a larger plot? So, really, we kept getting those continuous alerts from the platform, and that allowed us to kinda stay ahead of what was transpiring. And, ultimately, you know, the threat, you know, was, mitigated by the German authorities and allowed us to keep on schedule. But, it was a great tool to have there to allow us to say, hey. You know, we if we had to make adjustments so we could, you know, most efficiently and effectively protect, you know, our executives while they were in attendance at the cyber or the Munich Security Conference. From an online risk perspective, corporate security teams can use the Recorded Future platform to monitor dark web and underground forum sources as well as track online negative sentiment. They can also use the Recorded Future identity module to detect, compromised credentials. As I just mentioned, monitoring for data breaches is particularly important as they can expose a wide range of sensitive information. Moreover, our customers can use our analyst on demand services for which they can acquire executive security assessments. Well, I don't have a tremendous amount to add. I'll talk briefly also about our sourcing, which improves the fidelity of, advanced query builder and alerts, monitoring for these breaches. We collect, and carry, constantly, new sources as well as new channels of, a wide variety of violent extremist, messaging, sources, on a variety of different platforms, continuously add them to the recorded future platform, so that they can be used to, trace queries, and identify instances of, these sorts of exposure and, targeting, as well as threats, to an organization. Great. Thanks all. Before we pivot to, audience questions, I just wanted to share a few slides that I think will help visualize, specifically what Brian was talking about in terms of our, sort of support for the Munich Security Conference. So bear with me for just a second. Okay. I hope everybody can see the screen. We start with sort of the title slide defending against targeted threats. And so moving into the next one, what we have here is a sort of examination of how physical security monitoring can be used, in using the Recorded Future platform. And so, essentially, starting in the left hand corner, we have what is our advanced query builder, and this is a tool that that is the sort of primary interface with the platform. It's where you build your queries, using a series of, sort of terms or entities. It's really very, very flexible. In this case, we have a sort of involving a series of German cities. We have an event type focused on protests, the status and the violence levels of those protests. You can, adjust those as well. In this case, you know, ongoing, concluded, or planned. And then lastly, calling attention to sort of the event time. In this case, we're looking for events that occurred in the last seven days and then that are occurring in the future, in, like, plus thirty days. And the Recorded Future platform, cannot necessarily read the future, but what it can do is identify post, for example, about events that are going to occur in the future and so be able to flag those as something that will follow within that given time frame. Moving to the right, you'll see what is basically like a synthesis, using Recorded Future AI, insights into the results of that query. And so I'm what I'm not showing are all of the results that would pop up in a platform as a result of that query. There could be dozens, could be hundreds. It's really, very, very malleable. You can adjust it based on the time frame, etcetera. And in this case, it sort of recaps the the major results, over this given time frame and those locations, talking about a significant neo Nazi rally, large scale operations against opponents of the Eritrean government, etcetera, etcetera. Pivoting down to the sort of going clockwise, the next query you'll see here focuses on a hotel, that was used by Munich Security Conference participants, and it involves a geofence query. And so in this case, what we're looking for are primarily social media posts or, references to this given area and the facilities or locations that reside within it. Again, we use an event type focused on protests, or military related references, crime, violence, disasters, disruptions. And we have an event time of February 2025. And then you'll see in the left hand corner, the results of that. And we go ahead and move into the next slide, which focuses on sort of more broadly country risk indicators. And so in this case, what we have is a sort of a macro level view of a given country, in this case, Germany. Country risk is a feature in the Recorded Future platform that enables executive or enables individuals to be able to monitor monitor sort of threat levels across five different risk categories. In this case, there's a specific focus on the security and crime, in Germany, and it we sort of highlighted the specific, insect research that was published, in May 2024 focused on sort of Germany's reporting on politically motivated crimes. So their country risk, feature is something that incorporates third party intelligence as well as custom, intelligence that's produced on an ad hoc basis by, the global issues team within Insec Group. And then lastly, just to show how Recorded Future AI could be used for travel security purposes, In this case, we give it a prompt, tell me about physical threats to my executive watch list if they travel to Europe. And then you'll see that it's sort of filtering data through a specific time frame, March 31 through April 30, 2025. And the results here are sort of encapsulated, briefly. They have, I think five different threats that are sort of notified, specific to the threat actor network seven sixty four, and warnings that have been issued by US, UK, and EU about this transnational threat actor, network. Second, increased violence and terrorism risks. And this reflects sort of ongoing geopolitical tensions, and it stresses that to the incident group reporting specifically. Then we have protests and public unrest, that have been sort of, ongoing within Berlin, Paris, London, and other, European cities. And then the last couple, you had sort of doxing and swatting connected with the seven sixty four network, and then recent violent incidents in involving a bomb explosion specifically outside Hellenic train offices in Athens, Greece. Okay. At this point, I'd like to go ahead and shift into, answering questions that have come up over the course of the presentation. I really appreciate everyone's feedback, and I will start, with, I think, one of the first questions we had, which was, are there particular platforms or forms where sort of, data leakage is most likely, and how often have individuals posted threatening content online prior to their attacks? Is that something that I could turn to, Paul and Mary to address? Yes. Absolutely. So the instances where we generally see, information that possibly could, indicate a threat is largely speaking in big buckets, social media, especially mainstream social media, as well as, messaging platforms that are preferred by, violent extremists, within particular Telegram, I would point out, as well as forums, and other sorts of sources that are, used by violent extremists to convey that sort of messaging or application. I think about, 4chan and its poll board is one particular one with regard to some violent extremists as well. In terms of how often is it that you'll see a threat prior to it be taking place, it's not often. However, I will point out that the sort of threats and targeted attacks often follow broader negative sentiment campaigns against the organization in question. So while it may not be a precursor of somebody going online and say, hey. I'm going to target x executive or y executive. The instances that we've seen of those sorts of incidents, typically follow, at least to some degree, instances where we go on these platforms or go on these communication sources and see a large number of, ideologically motivated binary streamers posting, we don't like x company that this executive works for for, some reason or another, essentially, with the degree of intensity often correlated to, the possibility for follow on physical threats, against the organization. Great. Thank you, Paul. Brian, Mary, anything to add? I'll just add that there are also websites and communities on the Internet that are dedicated to doxing where people will upload their doc files. And so that can be a large source of exposure that other for actors can take advantage of. And that even with these boxing platforms and other, common outlets that, Paul already mentioned, it's important to monitor as many sources as possible because maybe for actors are not going to follow the standard template and they will put that information somewhere weird. And so using a Simple Quarter Future platform is a great way to monitor those sources at scale for exposure. Great. Thanks both. This is an additional question that came up about sort of motivations of threat actors. And, Paul, you talked a little bit about it in the in the sort of opening remarks, but, specific question was about sort of, evidence of religious elements to threat actor motivations. Is is that not really a major sort of motivator? I think that, the the initial overview that this presentation was giving a 10,000 foot view of motivators across the board. Bioextremists can be motivated by any number of factors, religious, political, social, even individual to some degree. I think that the degree to which religion influenced violent extremists is largely contingent on what sorts of violent extremists they are in terms of their, perceived perception of, of religion and the degree to which religion enforces their, goal of conducting violence. With some categories of violent extremists, I would say, homegrown violent extremists, especially Jihadist Salafis, come to mind. Religion plays a major factor, and it's impossible to discern the motivations of those, types of attackers without referring to their interpretation of religion. However, that may not be true across the board where you see other violent extremists who are motivated more by, political concerns, whether they be, like, international political or domestic political, or, social concerns or other sorts of grievances that they have as a, a condition for for conducting violence against those, targeted against the their victims. Thank you, Paul. Brian, I've got one for you. So we talked a bit about this, but the specific question was, you know, if we had to record a future platform, can we create a detection for seeing sort of larger scale sentiment campaigns against executives? Yeah. So we we utilize that platform. We have our executive watch list. So, you know, all of our chief executives are on there, their addresses, their names. So we do, you know, analyze that every day just to see, hey. Is there going to be is it a specific incident, or do we start seeing, like, hey. A number of individuals within recorded future are being targeted and it's, you know, off on the along the same lines. So the platform gives us that ability to kind of assess those those situations and determine the best course of action. Great. Thanks very much for that, Brian. So I think we've had a number of, sort of overlapping comments and questions, which we've kind of addressed over the course of the last ten, fifteen minutes or so. So I think with that, we'll go ahead and wrap this up. If there are, additional questions that the audience may have or comments or feedback, we'd be happy to hear from you. You can reach us at info@recordedfuture.com, or you could post your comments here and we'll try to address them at a later date. We really, do appreciate, everyone's feedback and attention. This is a a really critical, subject for both public public and private sector organizations, so I hope everybody took something useful from it today. And we'll go ahead and close with that. Thank you all.