Open-source intelligence

Open source intelligence (OSINT) is the collection and analysis of data gathered from open sources (overt sources and publicly available information) to produce actionable intelligence. OSINT is primarily used in national security, law enforcement, and business intelligence functions and is of value to analysts who use non-sensitive intelligence in answering classified, unclassified, or proprietary intelligence requirements across the previous intelligence disciplines.^[1]

Categories

OSINT sources can be divided up into six different categories of information flow:^[2]

• Media: print newspapers, magazines, radio, and television from across and between countries.
• Internet: online publications, blogs, discussion groups, citizen media (i.e. – cell phone videos, and user created content), YouTube, and other social media websites (i.e. – Facebook, Twitter, Instagram, etc.). This source also outpaces a variety of other sources due to its timeliness and ease of access.
• Public government data: public government reports, budgets, hearings, telephone directories, press conferences, websites, and speeches. Although this source comes from an official source they are publicly accessible and may be used openly and freely.
• Professional and academic publications: information acquired from journals, conferences, symposia, academic papers, dissertations, and theses.
• Commercial data: commercial imagery, financial and industrial assessments, and databases.
• Grey literature: technical reports, preprints, patents, working papers, business documents, unpublished works, and newsletters.

OSINT is distinguished from research in that it applies the process of intelligence to create tailored knowledge supportive of a specific decision by a specific individual or group.^[3]

OSINT collection methodologies

Collecting open-source intelligence is achieved in a variety of different ways,^[4] such as:

• Social Media Intelligence, which is acquired from viewing or observing a subjects online social profile activity.
• Search engine data mining or scraping.
• Public records checking.
• Information matching and verification from data broker services.

Definition

OSINT, broadly defined, involves gathering and analyzing publicly accessible information to produce actionable insights.^[5]

The U.S. Department of Homeland Security defines OSINT as intelligence derived from publicly available information, collected and disseminated promptly to address specific intelligence needs.^[6]

NATO describes OSINT as intelligence obtained from publicly available information and other unclassified data with limited public distribution or access.^[7]

The European Union defines OSINT as the collecting and analyzing information from open sources to generate actionable intelligence, supporting areas like national security, law enforcement, and business intelligence.^[8]

The United Nations has also recognized OSINT’s potential, noting its value in monitoring member states’ compliance with international regulations across various sectors, including public health and human rights.^[9]

In the private sector, companies like IBM define OSINT as the process of gathering and analyzing publicly available information to assess threats, inform decisions, or answer specific questions. Similarly, cybersecurity firms such as CrowdStrike describe OSINT as the act of collecting and analyzing publicly available data for intelligence purposes.^[10]

History

Seal of the 9/11 Commission

OSINT practices have been documented as early as the mid-19th century in the United States and early 20th century in the United Kingdom.^[11]

OSINT in the United States traces its origins to the 1941 creation of the Foreign Broadcast Monitoring Service (FBMS), an agency responsible for the monitoring of foreign broadcasts. An example of their work was the correlation of changes in the price of oranges in Paris with successful bombings of railway bridges during World War II.^[12]

The Aspin-Brown Commission stated in 1996 that US access to open sources was "severely deficient" and that this should be a "top priority" for both funding and DCI attention.^[13]

In July 2004, following the September 11 attacks, the 9/11 Commission recommended the creation of an open-source intelligence agency.^[14] In March 2005, the Iraq Intelligence Commission recommended^[15] the creation of an open-source directorate at the CIA.

Following these recommendations, in November 2005 the Director of National Intelligence announced the creation of the DNI Open Source Center. The Center was established to collect information available from "the Internet, databases, press, radio, television, video, geospatial data, photos and commercial imagery."^[16] In addition to collecting openly available information, it would train analysts to make better use of this information. The center absorbed the CIA's previously existing Foreign Broadcast Information Service (FBIS), originally established in 1941, with FBIS head Douglas Naquin named as director of the center.^[17] Then, following the events of 9/11 the Intelligence Reform and Terrorism Prevention Act merged FBIS and other research elements into the Office of the Director of National Intelligence creating the Open Source Enterprise.

Furthermore, the private sector has invested in tools which aid in OSINT collection and analysis. Specifically, In-Q-Tel, a Central Intelligence Agency supported venture capital firm in Arlington, VA assisted companies develop web-monitoring and predictive analysis tools.

In December 2005, the Director of National Intelligence appointed Eliot A. Jardines as the Assistant Deputy Director of National Intelligence for Open Source to serve as the Intelligence Community's senior intelligence officer for open source and to provide strategy, guidance and oversight for the National Open Source Enterprise.^[18] Mr. Jardines has established the National Open Source Enterprise^[19] and authored intelligence community directive 301. In 2008, Mr. Jardines returned to the private sector and was succeeded by Dan Butler who is ADDNI/OS^[20] and previously Mr. Jardines' Senior Advisor for Policy.^[21]

Tools

Open source intelligence may be ingested to battle management systems such as CPCE by Systematic, which uses an open source feed from Janes Information Services.

The web browser is a powerful OSINT tool that provides access to numerous websites and both open source and proprietary software tools that are either purpose-built for open source information collection or which can be exploited for the purposes of either gathering of open source information or to facilitate analysis and validation to provide intelligence. A cottage industry of both for-profit and not-for-profit investigative and educational groups such as Bellingcat, IntelTechniques, SANS and others offer indices, books, podcasts and video training materials on OSINT tools and techniques. Books such as Michael Bazzell's Open Source Intelligence Techniques serve as indices to resources across multiple domains but according the author, due to the rapidly changing information landscape, some tools and techniques change or become obsolete frequently, hence it is imperative for OSINT researchers to study, train and survey the landscape of source material regularly.^[22] A guide by Ryan Fedasiuk, an analyst at the Center for Security and Emerging Technology, lists six tools open-source analysts can use to stay safe and utilize operational security (OPSEC) when conducting online investigations. These include VPNs, cached webpages, digital archive services, URL and file scanners, browser sandbox applications, and antivirus software.^[23]

Numerous lists of aggregated OSINT content are available on the web. The OSINT Framework contains over 30 primary categories of tools and is maintained as an open source project on GitHub.^[24]

Risks for practitioners

A main hindrance to practical OSINT is the volume of information it has to deal with information explosion. The amount of data being distributed increases at a rate that it becomes difficult to evaluate sources in intelligence analysis. To a small degree the work has sometimes been done by amateur crowd-sourcing.^[25]

Private individuals illegally collecting data for a foreign military or intelligence agency is considered espionage in most countries. Espionage that is not treason (e.g. betraying one's country of citizenship) has been a tool of statecraft since ancient times.^[26]

Professional associations and certifications

The OSINT Foundation is a professional association for OSINT practitioners in the United States Intelligence Community.^[27] It is open to U.S. Citizens and seeks to raise the prominence of the open-source intelligence discipline.^[28]

OSMOSIS (an association for OSINT professionals) provides courses and conferences that lead to the designation of being Open-Source Certified (OSC). OSMOSIS is an offshoot of the Hetherington Group, a private investigation and corporate & market intelligence group. According to the OSC, its goal is to "help standardize our profession and demonstrate that our members are Legal, Ethical, and Competent practitioners of investigating and analyzing Publicly Available Information." Further they state that, "To obtain the OSC designation, practitioners must meet certain requirements to demonstrate dedication to their craft and pass a 100-question exam."^[29]

The company IntelTechniques offers online and live training that can lead to the Open Source Intelligence Professional Certification (OSIP) and/or help individual practitioners develop and formalize their skills, sans certification. Their certification program "provides participants with an opportunity to work through a real-world scenario and demonstrate that they can produce an intelligence product that meets a high professional standard."^[30] In addition to their training program, IntelTechniques.com offers a community that serves supports those seeking the OSIP certificiation, but is also open to practitioners who enroll in the training program itself without the intention of seeking certificiation. This community facilitates an exchange of information about best practices, the training itself and tradecraft & methodology in a moderated environment.

Other organizations including Bellingcat, offer training as well other options for OSINT practitioners to associate and exchange information on OSINT best practices and issues.

See also

• Ashley Feinberg – American journalist
• Bellingcat – Investigative journalism group
• Co-occurrence networks – visualization of potential relationships within textPages displaying wikidata descriptions as a fallback
• Dan Butler (civil servant) – American intelligence officer
• DARPA TIDES program – US military program
• Doxing – Publication of the private details of individuals, often on the Internet
• Eliot A. Jardines – American civil servantPages displaying wikidata descriptions as a fallback
• Eliot Higgins – British citizen journalist
• Fusion center – U.S. government information groups
• ICWatch – Database of LinkedIn profiles hosted by WikiLeaks
• Intellipedia – US Intelligence Community encyclopedia
• Investigative Data Warehouse – FBI surveillance database
• MiTAP – Computer system that tries to automatically gather, translate, organize, and present information
• National Intelligence Open Source Committee – Security agencies of the Australian GovernmentPages displaying short descriptions of redirect targets
• NATO Open Source Intelligence Handbook – reference workPages displaying wikidata descriptions as a fallback, NATO Open Source Intelligence Reader
• Open data – Openly accessible data
• Open Source Center – US Government organisationPages displaying short descriptions of redirect targets
• Oryx (blog) – OSINT defence analysis websitePages displaying short descriptions of redirect targets
• Private intelligence agency
• Social cloud computing – Field of computer science
• Special Libraries Association – Professional association
• Strategic intelligence – Intelligence that is required for forming national-level policy and military plans
• Open-source intelligence in the 2022 Russian invasion of Ukraine – Use of publicly available information for military strategyPages displaying short descriptions of redirect targets