Friday, December 20, 2024
HomeTechOpen Source Intelligence: What Is It?

Open Source Intelligence: What Is It?

Published on

SIEM as a Service

Have you ever heard about the Bellingcat investigative journalism website and their notable reports on the Syrian Civil War, the MH17 shoot-down incident, the killing of civilians by the Cameroonian Armed Forces, and other hot-button cases? Surely, you have, as their investigations have been hitting the headlines of both traditional and online media since 2014. So, if you have read at least one of them, you are no stranger to open-source intelligence because Bellingcat’s journalists primarily use this methodology to identify people and locations, find evidence, and check facts. 

In fact, the collection and analysis of publicly available data with the aim to meet intelligence needs, which is actually OSINT, were carried out long before the start of the digital era. And as you might have guessed, the methodology was initially associated with military intelligence, which used foreign broadcasts to derive valuable information from quite innocent news as far back as the early 1940s. While the USA had set the trend, many government intelligence agencies in other countries incorporated this tool during WWII and the Cold War. 

However, the concept was too good to leave it to the governmental intelligence community only. The more so that technological innovations, growing Internet penetration, and social media development resulted in a wealth of digital data generated by the public and made it much more accessible for all kinds of users. It is no wonder that open-source intelligence was taken on board by a wide variety of organizations ranging from law enforcement agencies to corporations and nonprofit institutions. The emergence of specialized services and online platforms like Shodan, SpiderFoot, or Social Links, which address various OSINT goals, has only spurred the interest towards the knowledge that can be obtained from open-source data.  

- Advertisement - SIEM as a Service

How Does It Work?

For a start, let’s figure out what sources can be accessed nowadays to gather specific information. Contrary to confidential or classified files, OSINT sources must be legally available to the public to avoid violating any copyright, privacy, or other laws. This is exactly the distinction that makes it possible to receive data without being a member of a governmental body and having much of another hassle. There can be both offline and online sources:

  • the Internet, including message boards, blogs, social networking sites, video hosting services, wiki pages, domain names, metadata, digital files, dark net resources, geolocation data, IP addresses, search engines, and any other content found online;
  • traditional media, such as television, radio, newspapers, books, or magazines;
  • designated journals, scientific publications, conference proceedings, academic papers, and other professional sources; 
  • company profiles and news, annual reports, employee profiles and CVs, client databases, etc.;
  • public government reports, various public statements, official data on taxes, budgets, unemployment, health, and other statistics;
  • geospatial information like maps or satellite imagery.

Although not completely exhaustive, this list proves that there is quite a bunch of data scattered across multiple sources and just waiting for someone to put all the pieces together. The knowledge obtained from this information brings various benefits to many organizations:   

  • Governments, especially military and intelligence establishments, leverage OSINT sources for multiple purposes, such as national security, anti-terrorism effort, mass surveillance, insights into domestic and foreign public attitudes, etc.
  • International organizations and aid agencies like the United Nations or the International Committee of the Red Cross embrace OSINT to support peace missions and relief efforts during crises or disasters, for example, by protecting their people and logistics from possible terrorist activities.
  • Law enforcement authorities can achieve better success in protecting citizens from many kinds of crime through monitoring social media for specific keywords and images or tracking criminals with the help of geotagging and IP addresses.
  • Corporations turn to OSINT when they need to research new markets, monitor competitors, plan promotional campaigns, and predict any events that may affect their business operations.
  • Companies also use open-source intelligence for non-financial purposes, including data breach prevention and cyber risk management based on revealing vulnerabilities of their networks.
  • Journalists draw information from the above sources within their investigations (yes, as Bellingcat does) to provide us with verified facts and tell vivid stories complemented with meaningful details. 
  • HR managers and corporate security teams conduct OSINT-based checks when hiring new employees or carrying out internal investigations.

Obviously, we can continue the list since almost any person might find themselves in a situation when they need to collect certain information, for example, on a person missed or a would-be business partner.

However, open-source intelligence is different from ordinary web-surfing done by amateurs, as it deals with specific information collected and structured in a special way to answer specific questions, which requires a much deeper approach complemented with some skills and tools. On the other hand, it does not involve any hacking or authorized access to data used in other intelligence fields, which is a great advantage.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actors Selling Nunu Stealer On Hacker Forums

A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker...

Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution

A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could...

Foxit PDF Editor Vulnerabilities Allows Remote Code Execution

Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit...

Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access

Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Securing Automated Forex Trading: Best Practices for Safe Algorithmic Transactions

Automated forex trading brings huge opportunities for profit in today's markets. While traders sleep,...

Shut Down Phishing Attacks -Detection & Prevention Checklist

In today's interconnected world, where digital communication and transactions dominate, phishing attacks have become...

Crafting A Successful Crypto Investment Thesis: Strategies For Long-Term Growth 

Diving into the world of crypto investments has been one of the most exhilarating...