Guide to Open Source Intelligence (OSINT)
The term open-source intelligence (OSINT) can conjure up images of spies in the imagination of people unfamiliar with the field. While intelligence gathering is indeed part of spy work, the good news is that you don't have to be a spy to effectively use OSINT or learn how to gather it.
OSINT can enable you to see further, and this can bring significant benefits to your business, such as protecting you from threats, providing insights into your competitors' strategies, and helping you understand partners and individuals before investing in them. Most importantly, OSINT is an important investigative tool for lawyers, detectives, law enforcement personnel, and anyone with a need to gather intelligence and investigate a subject. This article, the first in a series I'm writing on OSINT, will explain what OSINT is and how you can use OSINT to your professional advantage because we can all benefit from looking deeper and knowing more rather than just assuming.
Introduction
Over time, the internet has transformed the world into a very small place. The widespread access to the internet by billions of people worldwide for communication and the exchange of digital data has ushered in the "information age." In this information age, the term open-source intelligence (OSINT) refers to all publicly available information that you can see, and some parts that you can't see even though they are available to the public. The term OSINT has likely been used for hundreds of years to describe the act of gathering intelligence from resources available to the general public. OSINT was introduced during World War II as an intelligence-gathering tool by various national and state security agencies. However, today, with the rapid growth of internet communications and the availability of large volumes of digital data produced by the public worldwide, OSINT gathering has become a necessity for various types of organizations. Government departments, non-governmental organizations, civil society organizations, and businesses are relying on OSINT as an addition to personal and classified information. OSINT sources are distinct from other forms of intelligence because they must be legally accessible to the public without violating copyright or privacy laws. This distinction allows the ability to collect OSINT sources to be applied not only to security services.
Types of OSINT
OSINT encompasses all publicly accessible sources of information, which can be found online or offline, in the airwaves or on paper. You can gather OSINT from:
The Internet, including forums, blogs, social networking sites, video-sharing sites, wikis, Whois domain name registration data, metadata and digital file information, sources in the dark web, geolocation data, IP addresses, search engine queries, and anything that can be found online.
Traditional media, including television, radio, newspapers, books, magazines, specialized journals, academic publications, dissertations, conference papers, company profiles, annual reports, corporate news, employee profiles, and resumes.
Metadata in photos and videos and geospatial information from maps and commercial images.
OSINT can be collected from almost anywhere, including unlikely places that can provide valuable intelligence on the issues you are investigating.
Specialist OSINT Organizations - Several specialist organizations provide dedicated OSINT services, some of which are government-based, while others are private companies that offer services to their users, including government agencies and businesses, on a subscription basis. Here are some well-known OSINT collection organizations:
Government Organizations - The Open Source Center (https://fas.org/irp/dni/osc/index.html) is one such organization, controlled and operated by the US government. BBC Monitoring (https://monitoring.bbc.co.uk/) is another organization, a department within the British Broadcasting Corporation (BBC) that monitors media worldwide. They offer their services to interested parties such as commercial institutions and official bodies through a subscription scheme.
Private Sector - Jane's Information Group (https://www.janes.com/) is a British company founded in 1898 and is a leading provider of OSINT specializing in military, terrorism, national stability, serious and organized crime, proliferation and acquisition intelligence, aerospace, and transportation. The Economist Intelligence Unit (https://www.eiu.com/home.aspx) is a business intelligence, research, and analysis division of the British Economist Group. Oxford Analytica (http://www.oxan.com) is a relatively smaller OSINT company compared to the previous two; this company specializes in geopolitics and macroeconomics.
Who Can Use OSINT?
OSINT can be valuable to several groups, and in the following section, I will provide a brief list and discuss the motivations of each group for gathering open-source intelligence.
Government - Government-owned agencies, especially military departments, are considered the largest consumers of OSINT. Governments require OSINT for various purposes such as national security, counter-terrorism, tracing terrorists through cyber means, understanding domestic and foreign public perspectives on various subjects, supplying policymakers with necessary information to make internal and external policies, and using foreign media to gain insights into various events.
International Organizations - Organizations like the United Nations use OSINT to support peacekeeping operations worldwide. Humanitarian organizations, such as the International Red Cross, use OSINT to assist them in aid distribution efforts during crises or disasters. They use OSINT intelligence to protect their supply chains from terrorist groups by analyzing social media sites and internet message boards to predict future terrorist actions.
Law Enforcement - Police use OSINT to protect citizens from abuse, sexual violence, identity theft, and other crimes, typically by monitoring specific keywords and images posted by the public on social media channels that can help prevent crimes before they occur.
Businesses - Information is power, and businesses use OSINT to research new markets, monitor competitor activities, plan marketing activities, and predict anything that could impact their operations and threaten future growth. Businesses also use OSINT for non-financial purposes, such as avoiding data breaches by knowing that business-sensitive information and security vulnerabilities within networks have been exposed before malicious actors become aware of them, which is invaluable. Businesses also use OSINT to develop their threat intelligence strategies by analyzing OSINT sources both external and internal to the organization and then combining this information with other intelligence to achieve effective cybersecurity risk management policies and help protect their financial interests, reputation, and customer base.
Cybersecurity and Cybercrime Groups - OSINT is widely used by hackers and penetration testers to gather intelligence about specific online targets. OSINT is also considered a valuable tool for social engineering attacks. The first phase of any penetration testing methodology begins with reconnaissance (i.e., using OSINT).
Privacy-Conscious Individuals - These are members of the general public who may want to know how others can hack their devices and what information their internet service providers hold about them. They may also want to know their online exposure to close any security gaps and erase any unintentionally published personal data. OSINT is a powerful tool when used to see how your digital identity appears to the outside world, allowing you to protect your privacy. Individuals can also use OSINT to prevent identity theft.
Terrorist Groups - Terrorists use OSINT to plan attacks, gather information about targets before striking (e.g., using Google Maps to survey locations), prepare attackers by analyzing social media sites, obtain inadvertently leaked military information (e.g., bomb-making techniques), and spread their propaganda.
Types of OSINT Collection
OSINT collection is performed using one of three main types of methods: passive, semi-passive, and active. The choice of which collection type to use depends on the scenario and the type of intelligence you desire.
Passive Collection - This is the most commonly used method when gathering OSINT intelligence. As a standard, most OSINT collection methods should employ passive collection since the primary objective of OSINT gathering is to collect information about the target through resources available to the public.
Semi-Passive Collection - This method is more technical. This type of collection is done by sending internet traffic to the target server to obtain general information about the target. This traffic should resemble regular internet traffic to disguise your reconnaissance activities and avoid drawing attention. With this method, you don't conduct in-depth investigations of the target's online resources but rather perform light investigations without raising suspicion within the group you're investigating.
Active Collection - In this type, you directly interact with the system to gather intelligence about that system. However, the target may become aware of the reconnaissance process as the information gatherer uses sophisticated techniques to obtain technical data about the target's IT infrastructure, such as accessing open ports, scanning for vulnerabilities (unpatched Windows systems), scanning web server applications, and more. This traffic will look suspicious and likely leave traces on the target's intrusion detection systems (IDS) or intrusion prevention systems (IPS).
How Can You Benefit from Using OSINT?
OSINT collection has measurable benefits that depend greatly on your objectives and the type of intelligence you wish to gather. Here are some common benefits of OSINT:
Reduced Risk - Using publicly available information to gather intelligence carries less risk compared to deploying human assets in the field to collect information, especially in hostile countries.
Cost Savings - OSINT gathering is cheaper compared to other intelligence sources, such as using human resources or spy satellites, which can be costly.
Accessibility - OSINT is always available, regardless of who you are or where you are.
Legal Issues - OSINT can be shared to and from various parties without worrying about violating any copyright licenses because these resources are already published to the public.
Assisting Financial Investigations - OSINT assists specialized government agencies in detecting tax evaders. Monitoring social media accounts, vacations, and the lifestyle of targets is highly valuable for government inspectors pursuing cases of unreported income.
Preventing Online Counterfeiting - OSINT can be used to identify counterfeit products and direct law enforcement to shut down sites or issue warnings to website operators to cease dealing with counterfeiters.
Maintaining Political Stability - OSINT helps governments understand the sentiments of their citizens and act promptly to avoid clashes with the general public that may arise in the future.
Conclusion
In this article, I have attempted to explain the essence of OSINT, the different types of OSINT, the parties that utilize it, and how OSINT can be used in various contexts by different groups to gather intelligence. In my next articles in this series, I will delve a little deeper into the subject and showcase various techniques and OSINT tools that you can use to search for information online. My goal is that, by the end of this series, you, dear readers, will have sufficient competency to become proficient OSINT investigators and learn how to leverage various tools to gather intelligence for the benefit of your organization, enabling you to effectively achieve your goals.