Open Source Intelligence (OSINT), involves the collection and analysis of publicly available information. OSINT was first employed by the United States Foreign Broadcast Monitoring Service (FBMS) and quickly became an integral part of U.S. intelligence after the bombing of Pearl Harbor. [1] In 1947, the CIA took over the operation of the newly dubbed Foreign Broadcast Intelligence Service (FBIS). [2] At that time, OSINT was comprised of transcribing and translating foreign broadcasts as well as foreign printed materials such as newspapers, magazines and technical journals. During the Cold War, open source intelligence became the leading medium for gathering information by the CIA. In 2005, FBIS was renamed and brought under the umbrella of the Office of the Director of National Intelligence. [3] Today, OSINT is drawn from the internet, mass media, including social media platforms such as Facebook and Twitter, specialized journals and conference proceedings, photos and geospatial information. While accessing the information may seem like an easy task, the sheer quantity of information available and aggregated poses quite a challenge for the inexperienced analyst. When utilized by a trained and experienced team, OSINT can be invaluable to highlight the behavior of a subject or to match negative actions to an unknown target or group.
A Skilled OSINT Analyst Can Help Identify and Get Ahead of Assailants.
OSINT was applied during a private investigation in the wake of the siege on the U.S. Capitol last month. John Scott-Railton, a senior researcher at Citizen Lab at the University of Toronto, who specializes in malware, phishing and disinformation campaigns, employed OSINT to identify two individuals who entered the U.S. Capitol during the siege. In an interview with NPR, Scott-Railton described being able to link a photograph of a man holding flex cuffs, wearing a combat helmet and body armor with military patches and a Texas state flag, to retired Air Force Lt. Col. Larry Brock from Texas. Scott-Railton was successful in making attribution by compiling a variety of social media threads. He was also able to identify Eric Munchel from Tennessee by comparing video footage from the Washington Grand Hyatt Hotel with images from the U.S. Capitol. Munchel, unmasked, was filmed with a woman who had been previously photographed next to a masked individual (later revealed as Eric Munchel), who had entered the Senate Chamber at the U.S. Capitol. Scott-Railton reported his findings to the FBI, and both men were later arrested in their respective states.
A Skilled OSINT Analyst Can Aid in Preparing for and Preventing Future Attacks, Breaches, and Other Reputational Events.
As mentioned above, OSINT relies solely on publicly available information. According to The New Yorker, Larry Brock had been posting his plans to travel to Washington D.C. to participate in the rally outside of the U.S. Capitol. Having this sort of detail, together with other data points, ahead of the incident could have potentially caused a shift in security posture. Searching for and identifying critical signals while cutting through the noise is a skill developed by the OSINT operator. These internet detectives can also help decipher an unusual undeterred direction of interest against a company, staff and senior executives. For example, a senior executive of a Fortune 500 financial services firm became the target of a stalking campaign from an individual who was attempting to extort the executive for money through both virtual harassment and physical confrontation. OSINT analysts engaged to support the executive’s security team by both gaining an understanding of the suspect as well as assessing the executive’s digital footprint. OSINT analysts were successful in identifying online information that existed which provided the blueprint for the executive’s pattern of life, extended family members activities and broadcasting, thus pinpointing potential points of digital and physical vulnerability. They were also effective in gaining a true understanding of the suspect, including identity, and collaborating with law enforcement in sharing good evidence.
A well trained and deployed OSINT team can support the reputational resilience of your institution in multiple other arenas. OSINT analysts can support the detection of data leakage and financial loss events, support internal investigative resources, identify reputational matters either before or as they unfold, and get ahead of global events that may have an impact on your infrastructure. Employing OSINT can provide senior decision makers with the right level of situational awareness to better respond to impending crisis and safeguard your business from potential threats.
[1] afio.com history of OSINT
[2] Ibid
[3] Ibid