It's short for Open Source Intelligence, but what else?
OSINT used to be an acronym that was only used within intelligence agencies. It refers to a methodology for collecting and analyzing data accessible in open sources to create actionable intelligence. The main qualifier of open source information is that it does not involve clandestine collection techniques to obtain it. The resulting actionable intelligence enables people to make informed decisions about almost any subject.
OSINT used to involve researching directories, commercial databases, involve newspapers, books, radio, TV, journals, satellite data, phone directories and much more. But with the popular use of the internet, OSINT got a big boost: gathering and combining information from open sources was no longer the domain of just the intelligence agencies: Corporations, government organizations and NGOs could now use the discipline as a way to augment their information position. From due diligence inquiries to fraud investigations, OSINT is now used to gather and correlate information to shine a light on areas that would otherwise remain dark.
The main sources of OSINT nowadays are found on the internet: websites, blogs, discussion groups, social media and more technical sources like WHOIS databases and IP directories outpace all other sources because of their timeliness and ease of access. That doesn’t mean that OSINT is only found on the internet: offline sources are still used, and many OSINT investigators have access to data brokers who specialize in specific types of information. This can be information collected about data breaches, worldwide company directories, phone directories, the list of potential sources is almost endless.
One of the biggest challenges in OSINT is the enormous amount of information with which an investigation will typically end up. Some investigators specialize in automated data collection, others focus on finding hidden information, analyzing the data, and finding links between individual pieces of information. OSINT experts often use specialized software to visualize this information so you can literally see the bigger picture.
OSINT does not equal "Googling for information": it is a profession with a large number of specialties.
These specialties are just the tip of the iceberg, however. Nowadays, there are OSINT specialists in almost every field. Want to investigate flight patterns of certain planes? There are experts who can help you. Need to know not only the exact type but also the origin of weapons in online pictures? We’ve got you covered.
In short: OSINT enables you to confidently make informed decisions by supplying you in time with the information you need.
For a more thorough explanation about OSINT, check out this article on Wikipedia.
What does OSINT look like in real life?
A client was approached by a British party that offered a very lucrative investment opportunity. The company offered a website and an app which would track the investments. After investing a few thousand euros, the app showed extremely positive results. The client was encouraged to invest 400.000 euro, in what seemed to be the opportunity of a lifetime. To be certain, he asked an OSINT specialist to check out the investment company.
The investigation quickly uncovered some alarming facts: the company used British phone numbers, but email analysis showed they were operating from Eastern Europe. The company had also changed their domain names at least 12 times in the last 6 years, and the investigator uncovered dozens of complaints of people who had invested, but never got their money, even though the app showed great results.
When pressed, the company was unable to prove that the app was anything more than an empty shell. The client decided not to invest any more, and tried to cash out his “profits”. The money was never returned.
An OSINT team was approached by a CEO with a simple question: “there are websites selling fake versions of our product at extremely low prices. Who is behind this, and how do I stop them?”.
The team first investigated one website that offered the fake product, and mapped out the characteristics. The researchers then set out to identify all websites that were selling the fake products.
Once websites were identified, the harvested web pages were further curated to eventually help develop insights and clues. In addition, all domain names were checked in the WHOIS register for ownership clues. Sites were linked using WHOIS information, IP data and markers in the site makeup. All this information was then visualized and documented.
The investigation offered the client insight in the number of fake products that were sold, the companies involved, and in the end the people who were behind it. Legal action was taken, and the client was pleased to see that the number of fake products were drastically lowered.