Brian Fuller, OSINT professor and expert, shares his hands-on tips for conducting mission-focused, secure and anonymous OSINT research.  

As the digital landscape continues to evolve, proper OSINT training, education and resources are needed now more than ever. From global corporations to government agencies, many organizations have deemed OSINT vital and necessary to their organizations’ success, and they rely on researchers to conduct safe, effective and productive OSINT investigations.  

That’s why we asked OSINT professor and expert Brian Fuller to join us on an episode of Needlestack to share some of his OSINT research tips and techniques from his extensive real-world experience. Brian Fuller is Director of Operations for the Ridge College of Intelligence Studies and Applied Sciences at Mercyhurst University and has OSINT experience practicing in both the government and private sector. 

Let’s take an inside look on recommendations for conducting the safest and most effective OSINT from an expert.

Plan, plan, plan 

Open-source information is everywhere online. Without a good plan of attack, researchers will find themselves quickly overwhelmed or burrowing down rabbit holes with little impact on the overall investigation. That’s why planning is an important first step.  A plan will also help guide you through decision making in the case of an unexpected event. 

An OSINT research plan should include the following:

1. Research collection plan

Start with what information you are looking for, how you are going to conduct the research and where your research will take place. Answering these questions before you start your research will help keep your project on track and limit room for error. 

This section of the plan should include:

  • The goal(s) for the investigation
  • Websites to visit (including country of origin, language, time zone, etc.)
  • Specific information to look for

Proper policy is also an important precursor to any OSINT work on behalf of an organization. Click here to learn more about creating an access policy specific to the dark web

2. Risk assessment and mitigation plan

Even with the strongest, most secure research tool stack, every investigation has risks. Identifying potential risks will help the researcher proactively mitigate those risks, prepare possible responses and quickly identify events if they unfold. 

3. Managed attribution plan

Attribution refers to all the traceable elements and properties that can help identify you, your organization and your mission. Dozens of identifying details are relayed to websites you visit (including browsing history and behavior and details about your connection, hardware, software, etc.), creating a unique digital fingerprint. Without proper managed attribution, this fingerprint can give away your intention when visiting a target website and potentially spoil your investigation.

In OSINT research, you need to manage your attribution to avoid arousing suspicion on visited websites and blend in with regular traffic. Although this can be accomplished easily with purpose-built tools, a managed attribution plan is necessary to ensure you and your intent are not compromised. 

Fuller discusses a rule he uses with his students that should be part of a managed attribution plan:

Learn more about what’s in your digital fingerprint and how managed attribution helps to control how it appears to others

To put a managed attribution plan into action, Fuller uses Authentic8’s Silo for Research. The solution allows users to adjust details of their digital fingerprint to blend in with average site visitors, including point of presence, language, time zone, keyboard settings, device type, OS and more. It also segregates personal browsing from research sessions to avoid persistent tracking and patterned behavior.

One BIG OSINT Mistake

Accessing sites at odd-hours for an average site visitor can arouse suspicion with webmasters. For example, if you’re visiting a site based in Russia with predominantly Russian userbase, and you are researching from the US, you could be entering the site at an odd time when there isn’t much traffic, making you stand out. 

When researching on any website, you should always ensure that the time you are entering the site is not abnormal and in keeping with average site visitors. Fuller suggests using an analytics tool like Similarweb to find peak traffic times as well as the average session time for the website you are visiting. Researchers should try and visit sites during these peak times and attempt to stay within a reasonable range of the average session time.

Need to access a site at odd-hours like, say, when you’re sleeping? The Collector module of Silo for Research lets you set tradecraft parameters, select the appropriate point of presence and schedule or randomize collection start times to avoid identifiable patterns. Watch this short demo to learn more

Find Brian Fuller’s full interview and more episodes at authentic8.com/needlestack or subscribe to the show to get episodes delivered straight to your inbox.

Tags
Anonymous research Digital fingerprint OSINT research