Open Source Intelligence (OSINT). Introduction to OSINT. This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered in the OSPA OPSEC Academy. http://www.opsecacademy.org. What is OSINT?.
Introduction to OSINT
This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered in the
OSPA OPSEC Academy
OSINT: Open Source Intelligence; publicly available information. i.e., information that any member of the public could lawfully obtain by request or observation, as well as other unclassified information that has limited public distribution or access.
OSINT represents a constant threat to any organization or mission, and can account for up to 80% of actionable intelligence, which is generally not protected and not classified.
In most cases, it’s legal to obtain information in this way. This means that despite the high potential for harm, this critical information may be obtained at little or no risk to the intruder.
OSINT has incredible value, both positive and negative to the originator or dedicated recipient of the information:
Journalists and researchers use OSINT to generate a story or obtain greater information on a subject. The US Library of Congress collects vast amounts of this type of data.
OSINT gives context to classified information. Generally, only select information meets the criteria for classification, with unclassified sources of information filling the gaps.
OSINT gives adversarial forces a starting point and additional resources necessary to leverage further attacks or exploitation.
OSINT reveals the intent of friendly or adversarial forces.
OSINT reveals current status, capabilities or other contemporary information.
Military, friendly and enemy
“Intelligence units mine the benefits of public sources”
-Government Computer News, March 17, 2006
“Man uses Facebook to help police catch criminal”
-ABC News, March 20, 2010
“Could Twitter robbers get to you?”
-NBC News, June 3, 2009
“Is your sensitive company info being leaked on LinkedIn?”
-Washington Times, April 18, 2006
“CIA mines ‘rich’ content from blogs”
-ComputerWorld, May 19, 2011
“Spy Agencies Turn to Newspapers, NPR and Wikipedia for Information”
- US News, September 12, 2008
In the modern context, it’s tempting to think of OSINT as “the Internet”. While the advent of the internet has brought new opportunities to analysts and adversaries alike, OSINT has been a problem for the intelligence community for years before the advent of the modern Internet. Examples of resources that are of value to an adversary and predate the internet are:
Public records, like building permits
Personal records, like credit reports
News and periodicals, like press releases, radio, television, etc
The Internet, and related technologies have, however, added to the already immense quantity of critical information that may be obtained by the public. For example:
Chatrooms, forums, file sharing
Company information in whois, online filings, etc
Generating information is the natural result of doing business. Much of the information that may be beneficial to an adversary is created for a legitimate purpose, such as business filings or press releases.
The important thing to consider is how this information can provide clues to identify targets, activities, real-time operations and more. When it’s necessary to create and share information, only the information that’s necessary to be shared should be included, and even that must be evaluated for its potential impact.
I’m online, therefore I am.