Updated: Sep 6, 2018
Open Source Intelligence (OSINT), defined as the collection and analysis of information that is gathered from public sources has been around for hundreds of years. In fact, we started using the term in the United States the year after the attack on Pearl Harbor, in December 1941, when the Foreign Broadcast Monitoring Service (FBMS) was created. FBMS gained notoriety from recording speeches by Adolf Hitler, news broadcasts from Tokyo Rose and other short-wave radio broadcasts during and after World War II. Fast forward to the present and we now have OSINT specific intelligence divisions within just about all of the United States Intelligence agencies including Director of National Intelligence, US DoD, CIA, etc.
As with many technologies that originate with the government, commercial adoption soon follows and today we are seeing adoption rates of OSINT by corporations accelerate in lock step with the rise of social media over the past 10 years. Uses vary widely, but in general, organizations are gleaning valuable information and insights into threats to their brand, executives, customers, supply chains, employees and partners. Most of the sources being curated by OSINT platforms start with online posts across the surface, deep and dark web. By aggregating and analyzing these posts in a uniform way, actionable intelligence can be realized, threats can be neutralized in a proactive manner and risks can be mitigated.
The best OSINT platforms are incorporating machine learning to gain deeper insights into an ever increasing set of data
In order to avoid information overload, the best OSINT platforms are incorporating machine learning to gain deeper insights into an ever increasing set of data. By analyzing millions of posts across a set timeframe and aggregating this unstructured data with structured data sources, we can start to paint an accurate picture for the intelligence analyst in minutes as opposed to days using manual effort alone. Crisis teams can be equipped with a full understanding of an event and focus on their response with a thorough understanding of the situation, the actors and the potential impact to their organization. Both commercial and government organizations of all sizes stand to benefit tremendously from the capabilities that OSINT platforms offer.
Here are the top five benefits of incorporating an OSINT platform into your security processes and procedures:
1. It saves tremendous time– try searching across all the social media platforms for mentions of a particular person or brand. Seeking this information on only a few of the channels would take you some time to compose, aggregate and then do further filtering and refinement. An OSINT solution could achieve this in seconds and deliver more targeted results than can be achieved manually.
2. It’s comprehensive-- you can try using Google for your open source searches but getting targeted results, beyond the 5% of the Web that Google Indexes, is impossible. The best OSINT platforms search across not just social media platforms but blogs, boards, public chat rooms and more -- many of which exist only on the deep or dark web.
3. It’s Diligent– stop doing searches and setup live monitoring queries to alert you when something relevant is posted online – you can receive an alert in most cases within seconds from when the original post is visible on the web.
4. Drill down on threatening content– a handful of the best OSINT platforms provide you with investigative tools to allow you to uncover who is behind a threatening post. Do an open source people search to uncover their digital footprint and dive into their network and connections with built-in analytical tools.
5. It’s global– threats can come from anywhere. If you have a global organization, with multiple offices, you need to understand threats to employees, assets e.g., buildings and equipment as well as travel concerns to regions that may present a public safety issue. Modern OSINT solutions are incorporating global awareness features that help an organization mitigate these kinds of risks.