The Rise of the Open Source Intelligencer
Despite a gradual increase in the recognition of the importance of Open Source Intelligence (OSINT), it is still viewed by many in security and intelligence circles as a supplementary discipline: a form of information gathering and analysis whose reach is limited to provide context or supporting background detail, only ever complementing the output of other, covert collection methods.
This implied inferiority, however, has been markedly eroded in the past half a decade, during which time the immense growth of publicly available information has both coalesced with and induced a genuine shift in how people generate and make use of information.
OSINT has by now established itself on its own merits to be an indispensable, if not predominant, tool in understanding all but the most secretive aspects of the modern threat landscape.
The rapid transformation giving rise to OSINT’s significance has two main facets: those of volume and quality.
Staggering figures underline the exponential expansion of the public information domain; at present:
- there are more Internet-enabled devices than there are people on Earth;
- the size of the Web extends to more than 8 billion pages;
- an estimated 571 websites are brought online every minute;
- 100,000 messages are published on Twitter in the same time period;
- the active number of Facebook users has reportedly exceeded the one billion mark.
Although not all this information is openly or readily accessible, in light of these figures one can hardly dismiss the relevance of OSINT in today’s information environment.
The most momentous consequence of the information boom, however, lies not in the sheer volume of data, but in its nature; more precisely, in the way society adopts and puts to use the different technologies that enable the mass-publication of data on an individual level.
What we are currently witnessing in terms of the dynamics surrounding the ever-increasing popularity of Web 2.0 platforms (social media and networking sites, blogs, micro-blogs, forums, peer-to-peer file-sharing networks etc.) is more than the simple creation of new mediums for communication; rather, it is the emergence of new types of social interaction, new ways of sharing knowledge, influencing opinions, leveraging power, creating competition and waging conflict.
Fresh buzzwords such as crowd-sourcing, crowd-funding and crowd-targeting aptly encapsulate the key attributes of the digital society, whose organising units are decentralised, its actions widely distributed, and its methodology engineered towards amassing open participation and maximising publicity.
An inevitable by-product of these changes is the recent appearance of novel and potent threats. A cursory selection of new threat-phenomena observed in the past few years would include: large scale protests, civil disobedience and political revolution organised on social media platforms (e.g. Occupy movement, London riots in 2011, the Arab Spring); defamatory online campaigns targeting major international companies and events (Counter Olympic groups); various cyber-disruptions organised by hacktivist collectives (Distributed Denial of Service attacks, website defacements); sensitive corporate data being leaked and published on public forums; mapping of social networks by criminals to facilitate identity-theft, financial fraud and other types of social engineering; and terrorists conducting open-source reconnaissance on their targets (the Mumbai attackers’ use of Google Earth imagery).
These threats have shown that the traditional calculus of action potential and radius – what actors can achieve, in what timeframe and where – has been overwritten and made out-dated by the ubiquitous access to open-source information and technologies.
Openness, however, is a universal enabler: it can also empower efforts to detect, monitor, warn against, contain and mitigate these forms of threats. This potential can even extend to such secrecy-dominated fields as counter-terrorist investigations: as reported recently, one of the primary leads assisting US authorities in capturing a perpetrator involved in the 11 September 2012 assault on the American consulate in Benghazi was collected from social media sources.
If OSINT is done right and done well, it can save resources, secure operations, support litigation and help to prevent cyber-crimes and disruptions.
That is a critical ‘IF’ though. Producing actionable OSINT information is an extremely difficult challenge of a dual character: on the one hand, it involves finding a solution to crunch through and process an arbitrarily large amount of data; on the other hand, it hinges on the human-driven process of distilling this data into meaningful intelligence. Although both aspects are equally important, there is a distinct imbalance of interest in the tech/intelligence worlds these days: whilst the problem of ‘Big Data’ occupies much of our attention, little effort is spent on defining OSINT as a distinct profession and tradecraft. Our experience of working with a wide range of clients in both the government and private sectors indicates that truly effective OSINT can only be based on a synergetic relationship between technology and the human analyst. Optimising this connection necessitates the cultivation of a new breed of intelligence talent.
What are the key attributes of a successful OSINT practitioner?
Contrary to the common misconception that OSINT equals performing Google searches, ‘which anyone can do’, there is a very specific set of skills and attitudes required in order to produce real value in this field. An OSINT professional is a dedicated individual whose main expertise is in the identification, gathering and exploitation of publicly available information.
In a certain sense, his job is indicative of a rather new position on the generalist-specialist spectrum: whilst the OSINT analyst needs to have a broad understanding of international relations, political affairs, economics and social dynamics, his specialisation focuses less on traditional intelligence-related subjects or geographical areas, and more on the intimate and up-to-date knowledge of research techniques, methods, sources and technologies that can be utilised to process and extract meaning out of open data.
The OSINT Toolkit
OSINT-specific knowledge extends beyond simply being aware of ‘where to look’ and ‘how to look’, with its different areas encompassing: advanced online research skills, including the ability to construct rich and conceptual searches, locate and interrogate target-centric sources and databases; experience in source-validation, corroboration and meta-data exploitation; efficiency in capturing and organising data; solid understanding of internet-infrastructure and application of secure collection methods; data visualisation and trend analysis competencies.
Another vital element in the OSINT analyst’s toolkit is network analysis: the ability to map out, interpret and assess the different forms of networks (e.g. social, professional), allowing for the identification of key influencers and critical communication nodes. OSINT is becoming an increasingly complex intelligence discipline, even recreating what could be interpreted as the open-source versions of traditionally clandestine intelligence methods, such as traffic analysis (internet domain statistics) or geo-spatial/imagery intelligence (Google Earth).
The human factor
Agility and innovation are key personality traits in the OSINT profession. The age of the template-type, cookie-cutter intelligence product is over: in the past two years such a clear pattern of ever-diversifying and ever-more specific intelligence needs put forward by our clients, renders any attempt to create static outputs to be unsatisfactory and untenable, even in the short-term. OSINT analysts need to actively anticipate and embrace change on all fronts: they need to keep a constant eye on emerging technologies, information-sharing trends and exploitable sources in order to stay ahead of the curve and keep creating relevant products.
Combining all the aforementioned elements in one individual is neither possible nor necessary. The most effective OSINT intelligencer is not an individual: it is a collaborative team – a group of analysts, who take on and use evolving technologies on-the-fly; who share research, best practices and new methodologies as part of their daily routine. Openness is a self-reinforcing paradigm in our global information environment – in order to counter the threats stemming from it, one has to fully immerse oneself in it, adopting its organising principles as well.
OSINT as a profession
The biggest lesson from the various projects we have worked on with our clients is that OSINT is a discipline carrying a tangible relevance across virtually all risk dimensions, be it private-public, security-reputational and physical-online. At the centre of converting public information into actionable insight, the outlines of a new intelligence profession are becoming increasingly visible: that of the technology-empowered OSINT analyst.
Although the boundaries and various functions associated with this profession are still in motion, there is a highly defined array of specialist knowledge and professional values lending it a distinct character. It is time we recognised these attributes and work towards consciously nurturing them.
Article from Olton