As open-source intelligence (OSINT) research continues to ramp up, experienced practitioners are using critical insights to craft their own OSINT hot takes.
Open-source intelligence (OSINT) is becoming increasingly relevant and popular in recent years due to the explosion of digital information and the growth of social media platforms. The skills to search and research available information is a critical tool in today’s data-driven world. As the use of OSINT expands and evolves, so too do the debate and opinions on its scope, methodology and limitations. With its practitioners holding a variety of views, their perspectives provide valuable insights into the continuously evolving and changing OSINT.
On a recent episode of NeedleStack, a podcast for professional online research, two leading OSINT researchers and trainers gave their opinions on some of the disputed access of open-source collection and analysis. Abbi Dobbertin, Fivecast U.S. tradecraft lead, brings a wealth of experience in intelligence analysis and training for OSINT tradecraft and techniques. Adam Huenke, Authentic8 OSINT training lead, has a background in cybersecurity and digital forensics and is a well-respected OSINT trainer. They weigh in on what processes and viewpoints they’ve picked up throughout their years working in the field. Through their perspectives, researchers can gain insight on the continuously evolving OSINT landscape and maybe form some hot takes of their own. Let’s dive into the debate:
1. OSINT’s definition is expanding
OSINT, which is usually defined as the collection, analysis and dissemination of information from publicly available sources, has become conflated with digital intelligence and cyber threat intelligence in recent years, Dobbertin explains. The practice has started to encroach on other types of intelligence and data. Both Huenke and Dobbertin suggest that as the definition of OSINT continues to broaden, it is essential to slow down and re-evaluate what falls under the umbrella of OSINT and what does not.
Seasoned OSINT analyst, Abbi Dobbertin, discussed how open-source intelligence is not only about analyzing publicly available information but also commercially available data. With the increasing amount of information moving online, digital intelligence is rapidly growing and it has become difficult to differentiate between digital intelligence and OSINT. Commercially available data, which is not necessarily the same as publicly available, is now commonly being used by researchers to obtain information. OSINT analysts are also operating differently online, analyzing certain types of imagery (so performing imagery intelligence, aka IMINT) or communicating with individuals online and curating sources.
According to Dobbertin, these techniques would have fallen into other types of intelligence 10 years ago, such as human intelligence (HUMINT). HUMINT is often defined by the art of tricking people and convincing them to defy their ethics to spy for you. The expansion and overlap of these terms has created a need to reassess what does and does not fall under the umbrella of OSINT and tailor practitioner techniques to the specific intelligence type at hand.
2. “Let them speak” - a researcher’s perspective on moderation
Falling under the umbrella of OSINT, social media intelligence (SOCMINT) is the art of leveraging information that's been posted or published on social media, and it often plays a crucial role in OSINT. However, there has been pressure on social media platforms to take responsibility for the content posted on their sites and to remove criminal, extremist and hateful content But that nefarious content can sometimes give investigators key information to build a criminal case, track extremist training sites or monitor potential bad actors.
The efforts to ban these actors are well-founded and an important tool for community building, but those well-meaning efforts can sometimes hinder investigations. Many OSINT practitioners are asking to strike a balance between protecting individuals from criminal behavior and allowing OSINT analysts to gather critical insights into the activities of nefarious actors. One idea that Dobbertin discusses is allowing OSINT practitioners to see the content and collect information before it is removed.
3. There is no “one size fits all” OSINT methodology
As OSINT has expanded, so has the desire for a clear methodology for OSINT researchers and practitioners. But unfortunately, as Adam Huenke has written previously, tools and techniques need to be tailored to each investigation within the context of the search. According to Huenke, a rigid methodology can prevent analysts from being creative and adaptable. He suggests that researchers and practitioners should have a clear understanding of their objectives, the sources of information and the tools they will use to collect and analyze the data, rather than looking for a step-by-step procedure. By doing so, they can develop an effective and efficient OSINT process that meets their needs without becoming hamstrung in order to fit a mold. Rather than reading a checklist, OSINT is more about developing a mindset and set of skills that enable an analyst to collect, analyze and disseminate information from a variety of sources.
4. You might need a separate OSINT collector
The question remains: does it make more sense to have a dedicated OSINT researcher an all-source analyst who sprinkles OSINT on top of other -INTs? Moreso, should the collector and analyst be two positions or one in the same?
Experts say it may be useful to have both an OSINT analyst and an OSINT collector so that the analyst can do the critical thinking and have the background while the collector can focus on gathering information from the vast availability of open sources available. Huenke and Dobbertin agree that having dedicated OSINT collectors and dedicated OSINT analysts can be beneficial, as they can specialize and gain experience in their own areas of expertise. Huenke suggests that an all-source analyst with experience in critical thinking and analysis techniques can also collect OSINT, but it might be better to have both depending on your team’s needs. He also believes that subsets of OSINT practitioners, collectors and analysts should be separated to focus on their respective tasks and types of intelligence. Similarly, Dobbertin has a strong opinion advocating for the need for dedicated OSINT collectors in teams. She argues that when someone is given the time and ability to identify all the different ways to come up with an answer or interpret data, they can easily provide clear dividends for the team or mission set. Separating collection and analysis allows each role to master their tradecraft and truly develop their collection or analysis skills to become most valuable to their team
While having a dedicated collector can be beneficial, resource constraints may limit the team's ability to have one. It is essential to weigh these factors carefully when making decisions about the structure and roles of the team. Regardless of whether the team has a dedicated OSINT collector or an all-source analyst who collects OSINT as an additional duty, it is crucial for the team to understand what OSINT is, what it can do and its limitations, so they can properly utilize an OSINT. It may be necessary to provide basic awareness training to the team to ensure that they are asking the right questions and understand when it’s best to utilize OSINT techniques.
Opinions, like sources, vary
Like the use of OSINT varies, so do the perspectives from experienced practitioners like Dobbertin and Huenke. OSINT’s scope, methodology and limitations continue to be debated as it evolves and enhances. It is crucial to continue having these discussions and debates as OSINT expands in use to ensure that OSINT it is being used effectively and ethically.
Anonymous research OSINT research Social media