OVERVIEW OF

OPEN-SOURCE INTELLIGENCE
 Learning Outcomes
By the end of this session, you will be able to:
• Outline the current definitions for intelligence and
open-source intelligence
• Explain the challenges and opportunities of open-
source intelligence collection
• State the difference between intelligence and evidence
 Scope

• Definitions
• Challenges and Opportunities
• Intelligence vs Evidence
Intelligence
 What is Intelligence?
• As a process, can be the actual performance of
collection, processing and dissemination
• As a product, it can be the result of collection and
analysis
• Generally, it is information designed for action
• Required to be useful and relevant
• Can be tactical, operational or strategic
• WHAT do I want to know and HOW can I found out?
 What is Intelligence?
The Intelligence Cycle includes:
• Planning / Preparation
• Collection
• Processing / Exploitation
• Analysis / Production
• Dissemination
 Collection
Where do we collect information:
• Intelligence reports
• Personal knowledge of suspects in the local area
• Surveillance of suspects
• The general public
• Conversations with other police
• Interviews with victims, witnesses and suspects
• Seizure and exploitation (including digital)
 Collection cont
Other sources of information:
• Standard law enforcement sources
– Other law enforcement databases
– Telecommunications data
– Electronic surveillance
– Human Sources
– Open Sources
– Online intelligence collection including social media
• Increases use of financial databases – Financial
Intelligence Units
• Increased use of private sector data – banking records,
casino
Open-Source Intelligence
 OSINT
• Open-Source Intelligence (“OSINT”)
• Publicly available information that is collected,
exploited and disseminated in a timely manner (US
Department of Defence)
• What is publicly available information?
– Publicly available information anyone can lawfully
obtain by request, purchaser or observation
– Acquisition and access is guided by civil liberty and
privacy legislation and guidelines
– Does not imply completely unfettered access
– Does not imply that information is free
• INTERNET • Product Literature
• Books • Youtube / Webcams
• Newspapers • Blogs, wikis, bulletin
• Radio boards, chat rooms
• Television • Internet news groups
• Theses / Dissertations • Commercial Databases
• Conference Proceedings • Commercial Imagery
• Private Sector Reports • Maps
 Who uses OSINT?
• Government
• Law Enforcement
• Military
• Journalists
• Private Investigators
• Law Firms
• Information Security
• Cyber Threat Intelligence
 Common OSINT Techniques
• Manual Data Collection
– Search Engines
– Social Media
– Public Records
– News Sources
• Web Scraping
• Data Analysis
 Common OSINT Techniques
• Manual Data Collection (we will teach this)
– Search Engines
– Social Media
– Public Records
– News Sources
• Web Scraping
• Data Mining and Data Analysis
 Passive vs Active OSINT
• Understand the difference
• Passive means you do not engage with a Suspect
– No communications or engaging with individuals
online
– This includes liking, commenting, messaging,
friending and/or following
• Active means you engage with a Suspect
– Includes liking, commenting, messaging, friending
and/or following
– Can be considered an undercover or covert
operation by some organisations
OSINT Challenges
 Quantifying the WWW
• The Internet is a network of networks, uses the Internet protocol suite
(TCP/IP) to connect devices together. It has no centralised control for
implementation or policy
• World Wide Web (WWW) is a collection of docs which are identified by
URLs, have hypertext links and are accessed by the Internet
• According to Google, the Surface Web contains over 60 trillion pages
– Early estimates indicated the size of the Deep Web as being some
500 times larger than the Surface Web
– The ‘Deep Web’ is the hidden part of the Web, containing a huge
volume of content that is largely inaccessible to conventional search
engines
– Approximately 95% of the Deep Web is publicly accessible
information and not subject to fees or subscriptions
 Deep Web
• The Deep Web includes:
– Databases
– Dynamic Content
– Non-textual Files
– Unlinked Content
– Contextual Web
 Web 2.0
• Is dynamic, user generated [web 1.0 were static web
pages]
• The growth of social media, increased usability for
non-expert users
• Web 2.0 describes web applications that facilitate
interactive information sharing and collaboration such
as Social Networks, Wikis, Blogs and Social
Bookmarks
• Significant to Web 2.0 is Collaboration Among Users
and User Generated Content
Search Engine Coverage
 Key Considerations
• Coverage varies dramatically
• Indexing Patterns vary
• Only a Decreasing Fraction of the Web is Indexed
 Privacy and Security

“… It’s impossible to move, to live, to operate at any level

without leaving traces, bits, seemingly meaningless
fragments of personal information…”
William Gibson ‘Johnny Mnemonic’
 Online Security
• A website may permanently record your IP address
and use multiple HTTP cookies, Web Beacons,
Javascript and Flash LSOs to track your movements
not just on that site but possibly elsewhere as well
• Combined with readily available information about
your computer system and Traffic Pattern Analysis,
you and your organisation could be easily identified
• When using the Internet as an Investigative research
tool, ensure you have a security plan in place
 OSINT Common Problems
• Key common problems:
– Information Volume: A vague string of keywords
can yield a hit count in the hundred of thousands or
even millions’
– Reliability: The Internet abounds with speculation,
misinformation, propaganda and intentional
disinformation
– Authenticity: Identities can be spoofed and
information can be easily attributed to false sources
OSINT Opportunities
 “… The Internet has breathed new life into the anarchist
philosophy, permitting communication and coordination
without the need for a central source of command and
facilitating coordinated actions with minimal resources and
bureaucracy…”
Canadian Security Intelligence Service
 OSINT Opportunities
• Benefits:
– Support investigations by providing profiles on
people / businesses
– Assist making associations between entities
– Support security / threat assessments
– Support decision making
– Provide situational awareness
 OSINT Opportunities
• The Value of OSINT:
– Context: The background knowledge necessary to
assess a situation rapidly, especially in a subject
area of limited exposure
– Cover: To protect sources and collection methods
while still communicating insights and key findings
to partner organisations, the press and the public
“OSINT (Open Source Intelligence) can provide up to 90%
of the information needed to meet most U.S. intelligence
needs.”
Deputy Director of National Intelligence Thomas Fingar
Intelligence v Evidence
 Intelligence v Evidence
Information

Intelligence

Evidence
 Intelligence v Evidence
• Information is not = to intelligence
• Intelligence is not = evidence
BUT
• Information can become intelligence when properly
analysed and
• Intelligence can become evidence when properly
presented
 OSINT Collection
• The core role of the OSINT Collector is online
information gathering
• Collection is a continuous process
• Conduct exploitation of information collected
• When Intelligence driven, OSINT Collectors develop a
collection plan – a systematic approach to gaining
information
• The plan identifies information gaps and informs
investigative decisions
– Targeted and efficient collection and analysis
– Required to produce relevant and useful product
Summary
 Main Points

• Definitions for Intelligence and OSINT

• Challenges and Opportunities
• Intelligence vs Evidence
QUESTIONS?
 Revision
1) Which below categories would be considered an open
source of information?
a) Internet
b) Books
c) Radio
d) All of the above
FINAL QUESTIONS?