Kathleen Weinberger, Analyst
Kathleen Weinberger is an intelligence analyst at Flashpoint, where she primarily covers the Russian cybercriminal underground. Previously, Kathleen worked as a Research Assistant with the Institute for the Study of War and as an intern for the Center for Strategic and International Studies in Washington, D.C. In these roles, she applied her Russian language skills to research projects on Russian surface-to-air missile systems, military deployments, and submarine capability development. She earned her bachelor’s degree in International Relations and Russian Studies from the University of St. Andrews, and she holds a master’s degree in Eurasian studies from the University of Oxford.
Q: What are you currently working on?
A: I’m part of Flashpoint’s Europe team—we’re a group of analysts who specialize primarily in Russian, German, French, Ukrainian, and Turkish. For Deep & Dark Web forum-based work, we rely on each other’s specialized knowledge of different tools, practices, and procedures to develop a collective understanding of the broader threat landscape. In some cases, knowledge of multiple languages is also needed to gather information about a particular threat. Many of these threats are financially motivated, so I’ve been researching different tools used for breaking into bank accounts or committing fraud. I also cover malware threats. Lately, there has been a lot of malware targeting mobile phones advertised on the Russian underground, so I have covered that topic quite a bit as well.
Q: What are some of your most interesting observations as of recently?
A: I do a lot of research on the cybercriminal ecosystem and how different threat actors relate to one another. The communities are very small and the importance of reputation is very high. Even if someone develops a very useful tool or skill, they may have difficulty monetizing their service unless they’re able to work well within the community and gain the trust of others. Likewise, the success of malware products advertised on the Deep & Dark Web often relies on a threat actor’s ability to provide adequate customer support and find reliable partners.
Adversaries often exchange tips and techniques on Deep & Dark Web forums, so there’s a wealth of information about which attack vectors are working and which have been rendered obsolete by effective defense tactics. Forum chatter can also indicate the types of targets and attack vectors that are popular at a given time. This sort information can be extremely valuable to our customers’ efforts to develop well-informed security strategies.
Q: What is your research process like?
A: I usually start with the Flashpoint platform itself—it’s great for being able to drill down into specific topics while also looking more broadly at the bigger picture when learning about a particular threat. Having the ability to look back at activity over a long period of time is helpful, because threat actors tend to improve their technique and stealthiness over time. From there, I try to build upon known trends by gathering new information. Once you have a tiny foothold on an issue, you can run with it to find some valuable and often surprising information. It’s really a matter of finding that first piece of the puzzle. In the process of researching a particular topic, I often come across unrelated but useful discoveries that give rise to additional projects.
Q: How did you hear about Flashpoint?
A: Before joining Flashpoint, I worked and interned for two different think tanks based in Washington, D.C. My research focused on Russian military capabilities, drawing upon open-source information found on Russian media, public forums, and social networking platforms. With time, I became increasingly interested in Russian information operations and cyber threat capabilities and how these are linked to the Russian-language underground. I began asking people within my professional network about companies gathering intelligence on Russian threat actors, and that’s how I heard about Flashpoint. At the time the company was looking to hire someone who spoke Russian and had a background in intelligence, so it was a great fit.
Q: What do you enjoy most about your job?
A: The work itself is always interesting and always something new. My learning curve for mastering new concepts has been steep but incredibly rewarding because everyone on my team is so willing to share their expertise and is eager to learn from others. We have a very free-flowing, generous exchange of information.
I also really enjoy exploring how different risks impact different sectors and types of organizations. These aspects of my work feed a very foundational interest I have in taking deep dives into my research. I love knowing that my work can have a major impact on institutional efforts to develop countermeasures that keep customers safe, because I’ve realized the potential for fraud and other types of cybercrime to impact the lives of ordinary people.
Q: What’s the biggest difference between your current role and previous positions?
A: In previous roles, my research was intended to inform policy recommendations, whereas my work at Flashpoint aims to provide useful and actionable intelligence about the various risks that organizations face. It’s also much more important to understand the technical aspects of cyber threats at Flashpoint. That being said, political context is a crucial aspect of Business Risk Intelligence, so my current role builds upon my previous work in many ways.
Q: What sparked your interest in the Russian-language underground?
A: I started studying Russian in college because I was interested in learning a globally significant language. I had studied Japanese and Spanish as a teenager but had never studied a Slavic language. I also considered studying Arabic but chose Russian because it’s less commonly studied and I thought it would give me a competitive advantage.
Q: What would people be surprised to learn about you?
A: The first report I ever worked on using open-source Russian language material was looking at Russian submarine capabilities—I’ll always have a soft spot for that topic. We were looking at Russia’s Northern and Baltic fleets, and specifically at special-purpose submarines.
Q: What are your interests outside of work?
A: I am a big fan of nature and will take any chance to get outside and bike, hike, run, or just explore. I also spent six years living and studying in the United Kingdom, so I am always excited to travel and experience different parts of the world.