A Brief Intro to OSINT, Plus, Everything You Need to Know about Open Source intelligence
Nowadays, professionals involved with data gathering are venturing into taking Open Source Intelligence Training. This effort is to aide their data collection methods and skills to maximize the abundance of information readily available. Open Source Intelligence, or OSINT for short, are data from publicly open sourced gathered for the purpose of intelligence. Such intelligence data can be used for various purposed but often for state-run initiatives or business-driven ones. For data to be relevant in this endeavor, it must be gathered from public, open, overt sources (all three of which are basic characteristics for OSINT collection).
Many OSINT training materials will ease beginners into the basic (and eventually advanced) methods of gathering, analyzing, and presenting open source intelligence. At its most essential purpose, intelligence is gathered to support decision-making for organizations, whether it is national or commercial entities. Like any scientific research method, an OSINT course of action starts with a specific purpose, question, or requirement. OSINT is surprisingly a useful piece of the puzzle for the military (who bank on intelligence info to plan its future actions), to the government (for public safety and investigations), to the business sectors (to check competitors or do market analysis), or to other groups who will find good use for a systemized report of abundant, readily-available data.
Open Source Intelligence Course: A History
Before undergoing any OSINT training, it will be helpful to start the OSINT course with a brief introduction on where it began. Even before the Internet, information has gone around and spread in many other forms. From print media to public records, people from generations before may have had their chance and methods of gathering these bits of public data and used them for specific purposes. Whether they called OSINT by another name is uncertain.
In the United States, for example, OSINT found its use with the Foreign Broadcast Monitoring Service, which true to its name, is tasked to monitor broadcasts airing abroad. For a more renowned spot in history, the 9/11 Commission created an open source intelligence agency which could have provided open source intelligence training to its members. Naturally, the CIA also had its share of the open source intelligence course following being recommended with creating a directorate from the Iraq Intelligence Commission. In all these instances, one can see that the USA has maximized OSINT first and foremost for its tactical and strategic needs.
When You Need a UTM System?
The UTM is a very valuable component of cybersecurity risk management overall. Let’s look at why purchasing the latest cybersecurity tool may not be an ideal replacement for having the mature cybersecurity program which looks beyond instead of having the latest tools to:
- Detect what needs protecting.
- It develops a very long-term strategy which takes into the account organization needs for many years.
- Establish what threat there is to the business.
The same system applies here, the unified risk management system, there is no matter how strong, but is not the replacement of a sound cybersecurity strategy. Although, this is a useful part of that strategy. The UTM tools should loom in the same way as other cybersecurity tools.
In order for data to be useful for specific intelligence requirements, info collected from public sources must be presented and analyzed accordingly. OSINT can be categorized in various sources such as:
Now that the online community is moving at a fast pace, information is becoming easily available for the rest of the world. The boom of search engines, news outlets going online, and various blogging and video sharing platforms, made information more abundant for data gatherers to pick up. Another great benefit of the internet is that information can be shared real time and at large.
2. Social Media
Social media intelligence training could also fall under the internet category. However, the clout and attention it has been getting form the majority of internet users can not be denied, hence, its own category within OSINT. People spend hours just scrolling through their Facebook, Instagram, and Twitter feeds. When they use these platforms, they do not only look, they also post their own content or comment on other posts. These bits of information they leave behind become fodder for those who lurk for public information. Nowadays, data found online can even incriminate a person involved or suspected in a crime, if evidence coincides with whatever footprint they left using their social networking accounts.
Both print, digital, and mass media (radio or television) are also great, credible sources of OSINT. Thanks to advanced technology, intel can be gathered from one country and transmitted to another, making the passing of intelligence more efficient.
4. Government Files
For liberal or democratic countries, information on records, liquidations, hearings, press conferences, and other government files can be requested for public view.
5. Academic Publications
Professionally published pieces such as journals and academic literature are also highly valuable in OSINT.
These are only five of the many other traditional (or modern) ways of accessing OSINT to date. One would think that these are also the very sources of information used to formulate and finish researches. However, intelligence gathered from these is distinct from traditional research in the way data is handled and processed (through intelligence) and to specifically substantiate a decision, not just a research question.
Who OSINT is for
Aside from military or national big shots, OSINT can also be beneficial to the following people:
• Law Enforcement Agencies
Open source cyber security training should also be administered to those who uphold the law. Police or public safety officers will find it helpful to have the Internet on their side when ensuring the community has law-abiding citizens.
There are professionals who go under the radar to further investigate cases. Through overt data collection, they can piece together an individuals buying or travel behavior and use it for or against a case.
• Competitor Analysts
Those in the private business sectors can sometimes go neck and neck with intelligence. Whether it is a market survey, employee poaching, operations checking, OSINT can shed light to the next business undertaking.
• Banks and Insurance Firms
People in this industry often take guarantees and business to mind. They could use OSINT to check the economic or financial landscape. Or gather info and track people with dues.
Generally, OSINT is guaranteed to be useful to anyone who wish to inform their next move with publicly-available data.
What is the Dark Web?
Those who have tried their hand with OSINT may also be surprised to learn that there is another way to crack more public (yet challenging-to-access) data, one which is called surfing thee dark web. In practice, dark web training courses introduces dark web as the part the internet use not found within search indexes. The info and activities in these “dark web” sites are often laced with criminal liability. Looking for credit card numbers to (illegally) buy? Or searching to market contrabands and illicit drugs or weapons? The dark web is teeming with these acts. The encrypted network by which these sites belong cannot be accessed using traditional search engines or browsers.
These dark web sites can be visited by anyone, but users need to use the same encryption tool used by the site to access it. It distorts information and IP addresses, making it tricky to know who and where these websites are being run. Resourceful OSINT experts can undergo dark web investigations training to fully grasp the workings of these domains.
Risks from OSINT
When searching the dark web for valuable info, users need to be careful not to release or uncover their true identities. This could result to invasion of privacy or hacking from dark web masters or users. Likewise, OSINT data gatherers should also take necessary care, especially from being too overwhelmed with a landmine of information available.
These kind of overload may add a burden of added data analysis time and presentation, especially if a person (or a superior) has to evaluate the validity of the sources. Also, even if OSINT is gathered form public overt sources, knowledge of one actively seeking for them may put a target on them by rival companies or countries (if the purpose is espionage or intelligence sharing).
OSINT: A Starter
The very first step to have a successful OSINT search is to establish the intelligence requirement. Intelligence, be definition, are data gathered to leverage one’s military, political, or even economic standing. OSINT is a means to influence or guide a decision, so it needs to be as informative as possible. OSINT is valued greatly by experts who pin non-sensitive information against newly collected data (OSINT) for use in cracking a multitude of cases (whether it is classified or public).
Start off by an initial intelligence query. For a military standpoint, intelligence can aide with either surveillance, formulating a reconnaissance plan, infiltration, espionage, among others. Choose which one needs further intel on and plan accordingly.
Meanwhile, for a more on-ground (personal) level, investigators may use OSINT to identify dealings or whereabouts of targets. Asking questions like “which casinos and resorts does Businessman 1 frequent” are starting points for some. OSINT experts can trim their probes with the traditional “WH” questions (what, where, when etc) to narrow searches down.
Then streamline OSINT tools and searches (whether you will start with the internet or public records, etc) to collect as much as you need. Organize into a neat analysis and see if it is substantial enough to back up the preferred course of action. If possible, exhaust all the sources to make the most out of the effort. Repeat data gathering if more info is needed