Ten years ago, open source information was scarce. Finding information about companies and people was primarily done with a phone book. It’s no secret that this has changed dramatically since the dawn of the smartphone. In recent years, open source intelligence (OSINT) is has taken on a whole new meaning. It is crucial for your security strategy to have an open source threat intelligence component. People of all ages and demographics have become very comfortable with openly sharing their personal data.
The challenges with OSINT used to stem from the scarcity and inaccessibility of open data. The biggest hurdle now is there’s so much of it to filter through, and we have social media to credit for that. In this article we’ll walk through the new way to create a complete OSINT strategy in 5 steps.
Step 1: Equip yourself - The OSINT Toolkit
A good OSINT strategy must be supported by a solid suite of tools for gathering intelligence. Security teams, journalists and investigators are very loyal to their favourite online research tools. Since so much research is done online, web-based tools are the workhorses for collecting and organizing data for OSINT.
A basic OSINT toolkit should include:
- Access to traditional news sources such as Bing News
- Google - Maps, Search, Images
- A social monitoring platform with Geofencing capabilities - More on Geofencing later.
Step 2: Be Systematic
No surprise here. Any journalist could tell you that having a systematic approach to OSINT is paramount to a well rounded and well researched story. The following is adapted from the journalistic method.
- Awareness - Situational and Contextual awareness is the foundation to avoiding misperceptions and building a non-biased story.
- Forming a hypothesis. State a working hypothesis, then try not just to prove but also to disprove your working hypothesis, and revise throughout the whole process.
- Mapping the discourse. Gather as much data from as many people involved as possible so you can visualize and understand the situation in its entirety.
- Evaluating the data. Never accept one person’s opinion at face value. Follow the steps that led to the conclusion, and you should make some judgment as to whether the methodology and presentation are sound.
- Transparency. Whenever possible, cite where your information came from and how you have reached your conclusions.
Step 3: Embrace Geo
Geolocation is one of the most valuable assets to today’s OSINT strategy. Photographs or videos shared publicly to social media often contain information about the locations where the photos originated. OSINT tools with geofencing capabilities allow users to draw a virtual perimeter around their location(s) of interest, and gain insights specific to that region. This location-based intelligence is essential to researchers and analysts, and is especially helpful with the verification process, which leads us to the next step in a complete OSINT strategy.
Step 4: Verify
The best way to verify what you see online is something of a crowd-sourced cross-check. If many people are reporting the same or similar activity from an event, you have good reason to believe that the events reported are true. This case study outlines the role of geolocation tools in breaking news and verification for citizen journalist website Bellingcat
Step 5: Obey Privacy
When equipping your OSINT toolkit, it’s important to choose tools which adhere to global privacy standards. Some companies store public data, which means that they retain information on social media users even if users have deleted or changed their information within the network. Echosec is one platform that pulls only live, publicly available data from social networks and does not store data. Echosec’s stance on privacy is outlined in some detail in this blog post.
To Wrap it up:
The growth of social media has changed the game for OSINT research. Data is everywhere now, and the approach has changed from digging and searching for enough breadcrumbs to build a story, to taking the enormous amount of breadcrumbs abundant in our digital world and filtering it all down to the morsels that really matter.
Echosec is an industry-leading location intelligence platform. Combining social media posts with geographic data, Echosec collects real-time, user-driven information and turns it into actionable intelligence.