During the spring of 2020, as world health leaders grappled with the scourge of the COVID-19 pandemic, the race was on to develop vaccines that relied on years of cutting-edge research to save human lives. In December 2020, the U.S. Food and Drug Administration issued emergency use Authorization for the Pfizer/BioNtech and Moderna vaccines, followed by the Janssen vaccine in February 2021 in the US and the AstraZeneca/Oxford vaccine by the World Health Organization.

Around this time, Cynthia Hetherington, president of Hetherington Group, placed a phone call to Chuck Forsaith of Healthcare Distribution Alliance. During their conversation a vision arose: The formation of a world-class collaboration aimed at ensuring the safe and secure production, transportation, and distribution of the Pfizer, Moderna, AstraZeneca, and Johnson & Johnson vaccines in the United States and abroad. Operation Vax (OPVAX), as it was coined, evolved into a collaboration of 75+ industry leaders and public agencies that collaborated at the height of the COVID-19 pandemic. Comprised of C-Suite healthcare, pharmaceutical, transportation, cybersecurity, and high-ranking Department of Defense personnel, they convened remotely over the course of 11 months, and their services led to the successful roll out of the vaccine home and abroad.

Operation Vax relied on open source intelligence gatherers and boots-on-the-ground monitoring to prevent the disruption, destruction, or confiscation of the coveted vaccines. During bi-weekly meetings Operation Vax members shared vital intelligence that enabled security experts to monitor groups and people of interest, perform location-specific event searches, and track risk on open and deep web sources. Global cybersecurity vendors Echosec Systems, Ltd, iThreat, and DarkOwl donated their services and platforms to the collaborative effort.

Hg’s intelligence gatherers joined forces with other OSINT investigators. Over the course of OPVAX, analysts collected over 105,000 open and dark web sources reporting on potential threats to the rollout of the COVID-19 vaccine. From there, analysts triaged 45,000 of those reports for further analysis, resulting, on average, 1-2 potential threats reported to the OPVAX team.

Matthew Golabek, an investigative analyst at Hg since 2015, held a key role in OPVAX. He specializes in online risk assessments, during which he tracks activities and monitors subjects. This week, he shares his experiences as a member of the Operation Vax.

What was your role in OPVAX?

My role was to ensure the overall safety and security of the Covid-19 vaccine during its production, transportation, and distribution. It was determined that an item so coveted and sought after such as the Covid-19 vaccine would require both physical boots on the ground security and online cyber security. My expertise was used on the cyber security side of the operation. On a daily basis, I was tasked with monitoring groups and people of interest, performing location specific event searches, and overall monitoring of open and deep web sources for any additional findings of risk.

How did you approach your mission as an open source analyst?

My 60,000-foot approach to the Operation Vax mission was from a team perspective. With an operation so intensive as this one, I always made sure to keep myself in check by working closely with and relying on my colleagues who were also involved in Operation Vax. Otherwise, you would quickly find yourself being humbled. My day to day, ground-level approach to this mission was multi-faceted. First, I needed to stay current on all news and updates from federal government officials, as their findings were verified. Second, I would actively listen and engage in our bi-weekly Operation Vax meetings, as the vaccine manufacturers and distributors were in attendance and would provide vital intelligence. Lastly, I would take the information from both sources and use it against my monitoring to ensure the validity of any findings located. Ensuring validity of findings was important as there were many false narratives being pushed by the public.

How did open source intelligence (OSINT) play a role in meeting your responsibilities?

OSINT played a major role in meeting my responsibilities for Operation Vax. Having the proper OSINT skills allowed me to “go and get” certain findings rather than sit back and wait for a finding to become public knowledge. For instance, certain public groups turned to the use of Telegram for communicating their plans between each other. Often these Telegram groups were very difficult to locate. Sometimes, if you were not invited into the group, the information being talked about would never be made public. However, understanding the capabilities of performing a Google ‘site: search’, allowed me to search against the Telegram group username, and often contents within these chats would be available. Additionally, understanding the ability of performing location-specific event searches in Facebook played a major role in ensuring there were no anti-vaccination protests and/or events being hosted near any production or distribution sites. My OSINT skillset allowed me to be proactive rather than reactive regarding the safety and security of the Covid-19 vaccine.

What were some of your challenges?

I was personally faced with few challenges throughout the course of Operation Vax.

As cyber security experts, we were all challenged with difficulties in finding events and information that could potentially compromise the overall Operation Vax mission. Due to social unrest taking place throughout the country, social media platforms such as Facebook began to severely censor their content. However, rather than having this be a roadblock to our mission, we viewed it as a mere speed bump and turned elsewhere to dig up the vital intelligence needed.

The second minor issue faced during Operation Vax occurred when the United States began pushing vaccines to foreign countries, such as Israel. Chain of custody for such an important product is vital to its security. One brief situation occurred when Israel received Covid vials and proceeded to divert them across their borders. Chain of custody for these vials seemed to diminish once given to foreign countries.

What were your successes?

A major personal success during this operation was finding an article about North Korea’s hacking attempts to acquire U.S. covid vaccine technology and information. Discovering the location of this article, paired with the rapid presentation of the facts up the chain of command allowed all production, distribution, and transportation companies to take the necessary protection measures to combat these hacking attempts.

The most exceptional part of my Operation Vax journey was having the honor of contributing to such a successful mission of preventing major disruptions to this vaccine distribution effort. All companies, property, employees, and the vaccine itself remained safe and secure as possible.

Matthew Golabek is an investigative analyst at Hetherington Group, where he specializes in online risk assessments. Mr. Golabek has a keen eye for extracting content from social media accounts, tracking activities and monitoring subjects for clients from a wide range of industries, including pharmaceutical, technological, retail, and entertainment. He is a contributing writer to Hg’s Data2Know and Industry Undercover. On his lunch break, he can be found outside playing frisbee with his four-legged colleagues.