Connecting the Dots | What Public Sector Analysts Need from OSINT Software
Open source intelligence (OSINT) is often described as a digital breadcrumb—a trail of clues left across the internet that help investigators understand adversaries.
The more web spaces an investigator can access, the more exhaustive the breadcrumb will be. This means delivering more comprehensive threat intelligence, driving more informed response to risk.
This principle also applies to intelligence analysts working in national security, who need to map threats—like disinformation and terrorist activity—across a broadening range of surface, deep, and dark web sources. Data breadth and accessibility ensures that no critical context is overlooked. And for intelligence teams, that means improved decision making when it comes to public safety and other national security interests.
But tracking relevant information across a range of online sources can be challenging when OSINT tools focus on, for example, social media or dark web data but not both. Analysts are left to manually cross-reference tools rather than letting the software make connections.
What does a more comprehensive capability look like in OSINT software, and why is it valuable for public sector intelligence teams?
OSINT SOFTWARE GAPS CAN PUT ASSETS AT RISK
National security threats are discoverable on a wide range of publicly available web spaces. For example, a terrorist organization may use social media websites to find and engage new recruits, covert messaging platforms to spread explicit propaganda, and dark web marketplaces to advertise goods and services to fund their operations.
A diversified online threat landscape means intelligence analysts must consider a variety of hard-to-find sources where relevant data is hiding. These personnel rely on specialized OSINT software to gather and process data more efficiently. But many commercial intelligence tools pose challenges for users in this space:
- Tools tend to be segmented by data source type. For example, intelligence teams often use one tool for social networks and another as a dark web search engine. This can slow analysts down or cause them to overlook connections that might be less obvious when analyzing sources separately.
- Threat intelligence and OSINT software tend to vary in data coverage. Some tools may not include obscure sources becoming necessary for national security missions, or lack comprehensive coverage from a particular source. This can result in missed data points and lower the quality of intelligence produced.
These gaps have a two-fold impact on national security missions: as analysts juggle tools, threat intelligence may not be produced quickly enough when speed-to-information is required. Missed context could also affect the outcome of national security decisions, potentially causing avoidable damage to people, data, and infrastructure or misinforming mission objectives.
MANY SOURCES, ONE INTERFACE
To overcome these gaps, OSINT planners and advisors in the public sector need to prioritize software that focuses on data variety. This means combining many surface, deep, and dark web sources in one OSINT tool rather than separating feeds between software. Analysts can then pivot between web spaces more easily and efficiently, gathering context that might be hidden when analyzing sources in separate tools.
Additionally, solutions should provide access to fringe sources that may not be offered through commercial software. For instance, obscure sites and apps often require proprietary web crawlers to make their data accessible through OSINT software. Vendors who combine this uniquely-sourced data with standard surface, deep, and dark web feeds provide intelligence teams with more exhaustive coverage.
DATA VARIETY AND PIVOTING: MAKING COVID-19 DISINFORMATION MORE ACCESSIBLE WITH ECHOSEC SYSTEMS
What do these capabilities look like for real-world security applications? Public, online sources are crucial for intelligence teams tracking threats and disinformation related to COVID-19. False treatment and vaccine information can not only harm public safety but incite social unrest and fuel extremist movements co-opting the pandemic.
Intelligence analysts need to understand emerging disinformation and track its movement online, whether it originates domestically or from foreign nation-states. This intelligence helps governments mitigate its spread and combat its impacts on public safety. Analysts can deliver more timely and exhaustive intelligence with easy access to the span of online spaces where disinformation is hosted.
This use case was put to the test when in-house analysts used the Echosec Systems Platform to gather coronavirus misinformation online. The Platform combines a variety of social, deep, and dark web data sources in one interface so users can easily pivot between sources. The Platform also gives users a wider breadth of data than most OSINT software, combining well-known sources with niche feeds made accessible through proprietary Echosec Systems crawlers.
In the course of the analysis, users located treatment misinformation across mainstream social media networks, fringe social networks, and unindexed deep web forums. They also identified dark web marketplaces offering fake COVID-19 vaccinations and treatments, and misinformation delivery methods like scampages designed to exploit suggestible targets.
The Platform’s features helped analysts:
- Minimize the number of tools (and thus time and resources) required for adequate data coverage by making all of these sources searchable in one interface.
- Pivot off of data points to gather more context across digital spaces. For example, pivoting off an author handle allowed analysts to see where else a user posts misinformation—or what other products/services a dark web vendor offers and on which platforms.
- Access alternative sources which might not have extensive coverage in other OSINT software.
Fake COVID-19 vaccine for sale on a dark web marketplace
At the end of the day, these features allow analysts to do their jobs faster and develop more comprehensive, reliable threat intelligence. Decisions in response to COVID-19 disinformation—or any other national security use case—are more informed, protecting citizens and national security infrastructure from avoidable harm. In the case of COVID-19 disinformation, this could reduce the spread of illness and mitigate the social and political impacts of disinformation campaigns on democracy.
Intelligence teams rely on a suite of tools to detect threats, validate mission objectives, and keep decision makers informed. But when it comes to OSINT software, sometimes it makes sense to consolidate data coverage in fewer tools where possible.
Chat with us to find out if your OSINT software is missing any relevant data sources.