Why you need Open Source Intelligence (OSINT)
Recent events such as the Parkland school shooting, violent protests in Charlottesville, the NSA contractor who leaked classified material and the seemingly daily credit card hacks should remind us that threats in the digital world are real and we need to be better prepared to quickly identify them and respond. The responsibility goes beyond law enforcement to the very stakeholders that stand to lose in terms of assets and/or lives. Governments and organizations spend billions annually on physical and cyber security systems but when it comes to understanding threats in the digital world they are woefully unprepared.
Beyond securing the network and physical assets there lie threats that are going undetected – threats in broad daylight sometimes from individual and state actors and often times their own employees, citizens or students. The concept of Open Source Intelligence (OSINT) which started in the military and defense sectors is now being applied to publicly available sources of information e.g., those found on common social media platforms, to address these problems.
In the case of the Ohio school shooting, the shooter had reportedly posted “Die to you all” on Facebook shortly before murdering three students
So, what if I have a school and I want to know if someone is a potential risk to students? Over the past 10 years in the United States, more often than not, the potential threats were broadcast via some form of public social media post before they actually occurred. Unfortunately, the post is discovered after the fact because schools, like most other industries, lack the tools and policies necessary to become proactive when it comes to online threats.
Let’s look at another example, whereby a line engineer at a major energy company was posting pictures of the company’s substations as he performed maintenance with his location services turned on. Anyone with an Instagram account could have easily mapped the company’s critical infrastructure locations armed with this information. Fortunately, in this case, it was unintentional but the consequences, nevertheless, could have been severe.
The recent Morgan Stanley breach of 1,200 records belonging to wealth management clients came to light after a posting on Pastebin
Finally, how does a credit card company know they were truly hacked? If a hacker does manage to extract their customers credit card information, they typically want to sell it and those sites exist in the unindexed portion of the Web called the deep web. Often using what’s called Pastebin sites, these nefarious actors post samples of the cards to prospecting buyers in the hopes of scoring a big payday.
There are almost endless use/cases where OSINT can play a critical role in helping organizations become more proactive e.g., product forgeries, data leaks, corporate governance, sporting and concert events, executive protection, background checks and the list goes on. Organizations need tools that can quickly scour billions of posts a day across a multitude of open source channels e.g., Twitter, Facebook, Instagram, YouTube, blogs, chat rooms, etc. Also, powerful algorithms and inference capabilities e.g., location based on the post’s content become critical features in order to deliver only the relevant content to the end-user quickly.
Security, Risk and Compliance leaders, in their respective government or organizations, need to start incorporating OSINT into the very fabric of their security processes and procedures. OSINT is quickly becoming as important as both physical and cyber security and tools exist today that can be quickly adopted in order to help these organizations become proactive and just possibly avoid the next major loss to life or property.