Blog

You are currently viewing The Basics of OSINT

The Basics of OSINT

  • Post author:
  • Post category:Article

What is OSINT?

The European Union defines open-source intelligence (OSINT) as “the practice of collecting and analysing information gathered from open sources to produce actionable intelligence” [1]. This definition is very close to the one by the US Open Source Enterprise which defines OSINT as “produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement” (Intelligence Community Directive 301, 2006) [2]. But what is open-source information (OSINF)? OSINF is the basis of OSINT and refers to publicly available information that anyone can lawfully obtain by request, purchase, or observation [2]. Examples for open sources include [1]:

  • Public media (e.g., print, TV, radio, magazines, books),
  • Internet (e.g., online publications, discussion groups, social media websites),
  • Public government data (e.g., public government reports, budgets, press conferences),
  • Professional and academic publications (e.g., journals, conferences, academic papers, theses),
  • Commercial data (e.g., business and financial assessments, databases),
    and
  • Grey literature (e.g., technical reports, patents, newsletters).

There are three points here that are commonly mistaken: 1) open-source information (OSINF) is not restricted to Internet only but it can be found both online and offline (e.g., traditional mass media, public events); 2) OSINF covers not only textual information but any type of media that is publicly available (e.g., audio, image, video, geospatial data); and 3) open-source does not necessarily mean “freely accessible” – while open-source refers to the absence of classification or privacy barriers it does not refer to the absence of costs or registration, i.e. a public source publishing information accessible by paid abos is still producing OSINF since the information is produced for the general public.

OSINT is more than just reading information you can find on Internet. Raw data has to be systematically analysed according to specific information needs (for more details, see previous post From Raw Data to Actionable Insights). It is this added value that makes the difference, the central puzzle piece that helps you to grasp the overall picture.

OSINT is commonly associated with law enforcement and intelligence agencies due to the fact that the term intelligence is predominantly used in the context of national or international security as well as the military domain. However, today, the use of OSINT goes way beyond the pure security/military context and ranges from law enforcement agencies (LEAs) and policy makers, civil society and non-governmental organisations (NGOs) to the business and private sectors e.g., (investigative journalists, advertisement and marketing strategies).

The advantages of OSINT are manifold but there are two that stand out: situational awareness and actionable insights/intelligence. The fast-growing use (and availability) of the Internet (see Figure below) leads to an immense increase of publicly available information from almost any part of the world. The accessibility of information supports informed decision-making even if stakeholders are not on-site. Yet the selection of relevant and reliable sources of information remains the biggest challenge in this context (see Section Challenges of OSINT below). The fact that people produce and share information at any given time and place can be both difficult to process in the everyday life and of crucial importance during and immediately after incidents providing near real-time information for the purpose of crisis management.

Individuals using the Internet in 2021 in % of population (Source: WorldBank)

The INTs

In addition to OSINT, there are several more INTs in the context of intelligence and the various types thereof. One prominent example is SOCMINT which stands for Social Media Intelligence. SOCMINT is a sub-discipline of OSINT and refers to intelligence gathering from publicly available information from social media only. Although there is no standard taxonomy for the various intelligence gathering types, there is a broad consensus about five main categories. Additionally to OSINT, those are:

  • HUMINT (Human Intelligence): This is one of the oldest forms of information acquisition, mining, and analysis, derived from human resources through human interaction and communication (e.g., interviews);
  • SIGINT (Signal Intelligence) describes insights gained from the exploitation of various types of electronic signals and communication systems (e.g., on ships or aircraft). The two most popular subtypes are COMINT (Communication Intelligence) covering communication transmissions (excluding open radio and TV broadcasts) and ELINT (Electronic Intelligence) derived from the interception of non-communication electromagnetic signals (e.g., radar transmissions);
  • GEOINT (Geospatial Intelligence) exploits and analyses imagery and geospatial information to describe, assess, and visually depict features and activities on the Earth (e.g., to track geographic changes or land usage). Intelligence gathering methods include imagery, signals, measurements and signatures, and human resources. For example, IMINT (Imagery Intelligence) refers to the collection and analysis of information derived from photographs, videos and other types of images such as radar sensors, infrared, and satellite images;
  • MASINT (Measurement and Signature Intelligence) aims to detect, track, identify, or describe distinctive features (signatures) of a fixed or dynamic target. This often includes RADINT (Radar Intelligence), IRINT (Infrared Intelligence), TELINT (Telemetry Intelligence), ACOUINT (Acoustic Intelligence), and NUCINT (Nuclear Intelligence).

OSINT Challenges

The plethora of information sources and available information. The immense number of publicly available information sources poses a crucial challenge to the identification and selection of sources that are relevant to the particular target/goal of the OSINT analysis. In general, almost any hypothesis can be confirmed or proved wrong depending on the selected sources. To mitigate the risk of potential bias to the final results and to increase the objectivity of the analysis, the selection of relevant information sources is probably the most challenging step. The potential bias also refers to any applied filter to reduce the information overload. No automated filter is perfect, i.e., potentially correct data results can get rejected (false negative) and wrong results can get accepted (false positive). Depending on the use case, changing the weighting/balance between false positives and false negatives is of crucial importance.

Multi-linguality, multi-media, and multi-source. OSINT solutions are strongly challenged by the variety of languages, media types and platforms to support in order to access publicly available information. The ability to handle different languages is crucial, for example, to understand the locals’ opinion towards a certain topic or to combat transnational crimes. The processing, mining, and analysis of different media types (e.g., text, audio, image, video, satellite data) requires for different technologies and expertise that have to be cross-linked to connect the dots between the different pieces of information. Different platforms and sources of information are commonly accessed in a different manner which is – at the very least – support and maintenance intense.

Changing data. The saying “the Internet never forgets” is a myth. Social media accounts get deleted or suspended. Internet pages can be removed or edited so that the content can be substantially different. In the process of analysis, this should be considered so that information of potential interest is archived in a way that it can serve as evidence if required.

Reliability of information. The steady increase of mis- and disinformation in both social and traditional media is out of question. In general, an OSINT analysis should always be transparent in terms of the selection of information sources . In the contemporary media landscape, there are a broad range of tools for the detection of fake news or mis- and disinformation. Further details on technology will be presented in the upcoming posts from the OSINT series.

Ethical and privacy concerns. Despite the fact that any OSINT analysis has to respect the data protection in compliance with the regulations, one should not forget that the identification (or even profiling) of individuals may still be possible. Even if particular data is fully anonymised, it might be still possible to combine it with other data or information sources to re-identify an individual or a group.

Tools availability. Since OSINT becomes an increasingly popular buzzword, the number of OSINT tools steadily multiplies. While existing tools and technologies can be of help and speed up the analysis process significantly, one should not rely blindly on automated analysis. None of the tools are infallible and the resulting analysis may have harmful consequences if it is wrong.

The OSINT Series

Coming next:

  • OSINT Tools and Technologies
  • OSINT in the Security Context
  • OSINT for Civil Society and Policymakers
Maia Rohm, PhD

Maia Rohm, PhD

Maia Rohm is a senior AI research engineer at HENSOLDT Analytics GmbH. Maia has more than 20 years of experience in standardization, content-based multimodal information retrieval, and data processing, analysis, and understanding. Her current focus of work is connecting the dots and generating insights from data.

Sources/Recommended Readings:

  1. data.europe.eu, The official portal for European data, Open-source Intelligence (02 May 2022)
  2. US Open Source Enterprise, Intelligence Community Directive 301 (11 July 2006)
  3. Diego Laje, The Rise of OSINT: Few Rules, Many Opportunities (Signal, 1 Sep 2023)

Banner image by NASA on Unsplash.

Tags: