What is Open-Source Intelligence?
Open-Source Intelligence (OSINT) is defined as intelligence produced by collecting, evaluating and analyzing publicly available information with the purpose of answering a specific intelligence question.
Information versus Intelligence
It’s important to note that information does not equal intelligence. Without giving meaning to the data we collect, open-source findings are considered raw data. It is only once this information is looked at from a critical thinking mindset and analyzed that it becomes intelligence.
For instance, conducting OSINT is not simply saving someone’s Facebook friends list. It’s about finding meaningful information that is applicable to the intelligence question and being able to provide actionable intelligence in support of an investigation. Another way to look at it is to answer, “why does this data matter” and provide meaningful intelligence about the data collected.
Open-source information is content that can be found from various sources such as:
• Public Records
• News media
• Libraries
• Social media platforms
• Images, Videos
• Websites
• The Dark web
Who uses OSINT?
• Government
• Law Enforcement
• Military
• Investigative journalists
• Human rights investigators
• Private Investigators
• Law firms
• Information Security
• Cyber Threat Intelligence
• Pen Testers
• Social Engineers
We all use open-source and probably don’t even realize it, but we also use it for different reasons. You might use open-source information to do a credibility check and to find out more about the person selling you something on Facebook marketplace. You may research someone you met on a dating app or before hiring someone for a job.
A few years ago I found someone’s driver’s license on the street when I was on a lunch break. I picked it up, thinking I should drop it off at the local driver’s license branch. Then I thought to myself, I wonder what I will find if I just Google the person’s name (which I did). Turns out the second Google result was a LinkedIn page with the person’s name, photo, and workplace which was in the area. I decided to call the company and ask to speak with this person and let them know I had found their license on the street.
It seems like it was too easy to Google and find the result quickly but this is not uncommon nowadays. Most people, if not everyone, have some sort of digital footprint. This is a simple example to show you how quickly you can find information on a person by simply Googling their name.
Intelligence Cycle
Let’s talk about the Intelligence Cycle and what it means for those working in OSINT. There are some variations of the intelligence cycle but generally, it includes similar steps. Using the Intelligence Cycle can assist with understanding what each stage of the cycle means to the OSINT research that will follow.
Stages of the Intelligence Cycle
Preparation is when the needs and requirements of the request are assessed, such as determining the objectives of the tasking and identifying the best sources to use to find the information for which you are looking.
Collection is the primary and most important step in collecting data and information from as many relevant sources as possible.
Processing is when the collected data and information are organized or collated.
Analysis and Production is the interpretation of the collected information to make sense of what was collected, i.e. identifying patterns or a timeline of travel history. Produce a report to answer the intelligence question, draw conclusions, and recommend next steps.
Dissemination is the presentation and delivery of open-source findings, i.e. written reports, timelines, recommendations, etc. Answer the intel question for stakeholders.
Passive versus Active OSINT
Understand the difference between passive and active research, as each type of research can have different implications for your organization.
Passive means you do not engage with a target. Passive open-source collection is defined as gathering information about a target using publicly available information. Passive means there will be no communicating or engaging with individuals online, which includes commenting, messaging, friending, and/or following.
Active means you are engaging with a target in some fashion, i.e. adding the target as a friend on social profiles, liking, commenting on the target’s social media posts, messaging the target, etc. Active open-source research is considered engagement and can be looked upon as an undercover operation for some organizations. Please be aware of the differences and request clarification from your agency prior to engaging.
For active research, it’s a must to blend in with the group. If you are engaging with a target you may want to create a couple of accounts on different platforms to make it look like you are a real person.
Each organization may have different interpretations of what is considered passive versus active engagement. For example, joining private Facebook Groups may appear passive to some organizations, whereas others may consider this as engaging. Sometimes this difference can imply some sort of undercover operation capacity, therefore it’s extremely important to have SOPs that outline where the organization stands with this type of engagement.
Some researchers justify joining groups as passive, as they are only “passively” looking and not actually communicating with targets.
A good example to consider is where a Facebook Group consists of 500 members or more, where blending in may be easy, whereas a smaller group of 20 people may be riskier. Talk to your managers before proceeding one way or the other.
How OSINT can benefit your organization
- Support criminal investigations by providing background profiles on people and businesses
- Support human source assessments
- Support security/risk assessments
- Support decision making
- Assist with making associations between entities
- Provide situational awareness such as getting insight into current events
Learn more about OSINT by taking SEC497 Practical Open Source Intelligence (OSINT)
