OSINT: Open Source INTelligence
Open Source Intelligence (OSINT) is a type of methodology consisting of the collection of information that is only accessible through publicly exposed data. In this article, the different branches within OSINT and the phases within an OSINT investigation are compiled. In addition, the importance of being able to discriminate between valid and invalid information is mentioned. For this purpose, the term 'validated OSINT' is used, which refers to information to which a high degree of certainty is attributed.
Open Source Intelligence (OSINT) is a type of methodology consisting in the collection of information that is only accessible through publicly exposed data. Some of its utilities are, for example, to search or follow a person until you get to know part of his life, to know the reputation of a certain company, to carry out market analysis, in the military field, and it is even a great help to speed up police and detective investigations. This article explains what this type of intelligence consists of, the different branches that make it up and the procedure to follow in these investigations.
There are several meanings to define this type of intelligence, as there is no standardised definition. One of the most widely accepted is that of the US Department of Defence, which defines OSINT as "intelligence produced from publicly available information that is collected, exploited and disseminated in a timely manner to an appropriate audience in order to address a specific intelligence requirement".
This type of information gathering methodology has always been present in our society. Not many years ago (until about the 1990s), the media were mainly the press, radio or television, so intelligence came from what was obtained through these media.
An example of the use of intelligence in earlier times is the Foreign Broadcast Intelligence Service from 1941 onwards, a service developed by Princeton University. Through it, enemy radios, which were the Axis powers, were monitored.
OSINT is actually considered to have originated in 1942, when the first intelligence agency, the US-based Research and Analysis Office of Strategic Services (OSS), was born. This agency collected information openly from newspapers in other embassies, through foreign radios and from bookstores or other official sources. This information was kept in the form of charts or maps (Jennifer Davis Heaps, The American Archivist, 1998).
In the last 20 years, with the advent of computer globalisation, the way in which we communicate and obtain information has changed dramatically, as the Internet is now the main medium. The Internet is the fastest and most convenient way to access the data we are interested in. However, it is not all advantages. At the moment, disinformation is more present than ever, society is living a moment in which the amount of information is overflowing, with a large part of it being fake news.
For this reason, it is important to learn to discriminate between false data and those that are not. This applies to OSINT, as it is not only about obtaining all the public information we find about our target in question. If we do this, we will end up with a lot of data that will make the investigation invalid as we will not be able to extract an accurate result.
This is where the term "Validated Open Source Intelligence" comes in. NATO defines this term as: "Information to which a very high degree of certainty can be attributed. It may be produced by an intelligence professional with access to classified intelligence sources, whether working for a nation or a coalition staff. It can also come from a secured open source whose validity cannot be questioned, for example, images of a plane arriving at an airport that are disseminated by the media".
This implies that we must cross-check all sources from which we obtain this data to ensure that it is truthful. In some cases, not everything can be checked, so in these cases we would speak of correlations and indications that may or may not be true.
There are different types and branches within Open Source Intelligence, which complement each other. They can be summarised as follows:
● HUMINT (HUMan Intelligence): Intelligence obtained from human sources. An example where HUMINT can be used is the infiltration of a person into a criminal organisation such as a terrorist group. This makes it possible to prevent a possible attack. Another example could be that of a witness for a police investigation.
In these cases, a person is used as a decoy in order to gather information about a person or group.
The difficulty in this type of intelligence lies in obtaining the people who are going to be our source of information. Depending on the case, they may or may not be informed of the purpose for which their participation is required. Moreover, in some cases it will be necessary to use persuasion or manipulation techniques on them.
● SIGINT (SIGnal Intelligence): Intelligence gathered from signals, e.g. from electronic devices communicating with each other.
● SOCMINT (SOCMial Media INTelligence): this is social network intelligence. As we have seen throughout the article, the Internet and social networks are a great source of information, so this branch is of great importance when carrying out a specific investigation. Social networks are useful to know in depth (depending on the person) their profile and a certain pattern of behaviour. This is useful for companies to target personalised advertisements according to likes and dislikes.
● GEOINT (GEOspatial INTelligence): the European Union Satellite Centre defines this discipline as: "The exploitation and analysis of geospatial imagery and information to describe, evaluate and visually represent physical features and geographically referenced activities on Earth". From this centre, they state that it is normally used in the military field, but that it is increasingly being implemented in private sectors such as telecommunications, transport, or public health.
● IMINT (IMagery INTelligence): according to the European Union Satellite Centre, Imagery Intelligence is intelligence obtained from the interpretation of images and photographs. These images can be: terrestrial, aerial and satellite images. Some of the data that can be obtained are: geolocation, author of the image, device with which it was taken, among others.
● Define the objective and requirements. In this first stage, all the minimum requirements necessary to achieve the final objective of the research are defined.
● Obtaining relevant sources of information. Sources of information that are useful for the case must be synthesised.
● Processing and analysis. Once the information is obtained through the selected sources, it is processed through prior analysis.
● Presentation of intelligence. Finally, based on the result of the analysis carried out in the previous phase, it is synthesised and formatted so that it is understandable and interpretable. It is usually presented in the form of a report.
It is common knowledge that we live in a fully digitalised world and that virtually the entire population shares personal data through the Internet and social networks.
With this powerful investigation methodology, Open Source Intelligence, if used by experts and developed through good practices, we can provide relevant clues in certain investigations, as well as we can know what public data there is about us or about a certain company, being able, according to these results, to implement measures that reduce our exposure and, therefore, our vulnerability to suffer any type of computer attack.
Ángela Armero Saura, criminologist and IT security auditor and collaborator in the cybersecurity area of Sec2Crime.