Open Source Intelligence (OSINT) Introduction to OSINT This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered.

Open Source Intelligence (OSINT)

Introduction to OSINT

This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered in the OSPA OPSEC Academy

http://www.opsecacademy.org

What is OSINT?

OSINT: Open Source Intelligence; publicly available information. i.e., information that any member of the public could lawfully obtain by request or observation, as well as other unclassified information that has limited public distribution or access.

OSINT represents a constant threat to any organization or mission, and can account for up to 80% of actionable intelligence, which is generally not protected and not classified.

In most cases, it’s legal to obtain information in this way. This means that despite the high potential for harm, this critical information may be obtained at little or no risk to the intruder.

Definitions:

Open Source Data (OSD): the raw print, broadcast or information in any other form from a primary source. This can include photographs, tape recordings, satellite imagery, personal letters, online postings, etc.

Open Source Information (OSIF): Generic information generally intended for wide dissemination that combines multiple pieces of data using some level of validation. Examples include books, newspapers and news reports.

Validated Open Source Intelligence (OSINT-V): Information to which a high degree of certainty can be attributed. This includes two categories: Information which comes from an established reliable source and/or

can be validated by comparing to other data Information which can be established as valid in its native format. i.e.,

news reports showing a state leader’s speech. This, of course, must consider the possibility of manipulation or forgery.

OSINT Sources

Intelligence can be gathered from a broad range of publically available sources.

• Media• Television, radio, newspaper, magazines

• Internet• Search engines

• Google, Bing, Yahoo• User-generated content

• Blogs, forums, social-networking, wikis• RSS feeds• Peer to Peer (P2P)

• Geographic• Maps and environmental and navigational data

• Observation• Camera, video recorder, reporting

• Academia• Experts, research, conferences

OSINT Sources

Intelligence can be gathered from a broad range of publically available sources.

• Government at all levels• FOIA• Building permits• Patent offices

• Paid Services and Public Records• Credit reports• People searches• Real Estate records• Military records• Association directories

• Business Records• SEC filings• Legal activities• Press releases

What is the value of OSINT?

OSINT has incredible value, both positive and negative to the originator or dedicated recipient of the information:

1. Journalists and researchers use OSINT to generate a story or obtain greater information on a subject. The US Library of Congress collects vast amounts of this type of data.

2. OSINT gives context to classified information. Generally, only select information meets the criteria for classification, with unclassified sources of information filling the gaps.

3. OSINT gives adversarial forces a starting point and additional resources necessary to leverage further attacks or exploitation.

4. OSINT reveals the intent of friendly or adversarial forces.5. OSINT reveals current status, capabilities or other contemporary information.

Who collects and uses OSINT?

Military, friendly and enemy

Law Enforcement

Criminals

Business

Government

Spies

Who collects and uses OSINT?

“Intelligence units mine the benefits of public sources”-Government Computer News, March 17, 2006

“Man uses Facebook to help police catch criminal”-ABC News, March 20, 2010

“Could Twitter robbers get to you?”-NBC News, June 3, 2009

Who collects and uses OSINT?

“Is your sensitive company info being leaked on LinkedIn?”-Washington Times, April 18, 2006

“CIA mines ‘rich’ content from blogs”-ComputerWorld, May 19, 2011

“Spy Agencies Turn to Newspapers, NPR and Wikipedia for Information”- US News, September 12, 2008

In the modern context, it’s tempting to think of OSINT as “the Internet”. While the advent of the internet has brought new opportunities to analysts and adversaries alike, OSINT has been a problem for the intelligence community for years before the advent of the modern Internet. Examples of resources that are of value to an adversary and predate the internet are:

OSINT The Internet

Job announcements

Public records, like building permits

Personal records, like credit reports

News and periodicals, like press releases, radio, television, etc

The Internet, and related technologies have, however, added to the already immense quantity of critical information that may be obtained by the public. For example:

iChanges

Webpages, blogs

Chatrooms, forums, file sharing

Company information in whois, online filings, etc

Online news

Generating information is the natural result of doing business. Much of the information that may be beneficial to an adversary is created for a legitimate purpose, such as business filings or press releases.

The important thing to consider is how this information can provide clues to identify targets, activities, real-time operations and more. When it’s necessary to create and share information, only the information that’s necessary to be shared should be included, and even that must be evaluated for its potential impact.

Why create such information?

I’m online, therefore I am.

-Descartes

Consider how easy it is to find information about yourself. If you were an adversary, perhaps a business competitor, burglar, foreignmilitary, or something else entirely, what could you learn from your physical and online presence?

Personal:• Search white pages http://www.whitepages.com• Search social networks: http://www.wink.com• Search for your email address in Google• Type in your address into Google Maps, and zoom in to street view• Search in your refuse bins- what are you throwing away?• What are you saying in chat rooms or forums?

Business:• Check your press releases and job listings. Have you listed your network

security equipment in job descriptions?• Search refuse bins for sensitive memos, employee directories, etc• What is revealed on your company webpage?

See for yourself