Stay up to date with the latest OSINT news around the world.

This week in open-source intelligence (OSINT) news: OSINT moves to the forefront of the U.S. intelligence strategy, TikTok ban ignites debate of surveillance dangers vs. free speech, experts caution about common OSINT mistakes and criminals collect ransom for healthcare data.

This is the OSINT news of the week: 

OSINT leaders comment on new IC strategy: The INT of first resort

Calling OSINT “the INT of First Resort” is in the title of the new intelligence community (IC) OSINT strategy document that was released last month. The spy agencies that have traditionally favored gaining intelligence from highly secretive sources — such as human intelligence, spy satellites, and electronic signals — are officially shifting their focus to open-source data.

Gathering publicly available information (PAI) for intelligence purposes isn’t new — analysts have been gathering foreign newspaper clippings and other public materials for decades. But the new strategy acknowledges the need for the IC to prioritize harnessing the explosion of public and commercial data available on the internet, and organize and analyze that information using technology like AI. The strategy also calls for focusing on coordinating the acquisition and sharing of open-source data and establishing a “centralized, multi-domain data catalog to enhance transparency.”

“Intelligence community officials have been considering the place of OSINT for several years, especially since Russia’s invasion of Ukraine. Officials have acknowledged the value of OSINT, while struggling to standardize open source tradecraft across agencies.”

Justin Doubleday, Federal News Network

TikTok ban: free speech vs. surveillance threat

President Biden announced last week that he has signed legislation to ban or force a sale of TikTok, a wildly popular social media app with more that 170 million users in the U.S. Lawmakers who pushed for the restriction have cited concerns that the company’s ownership structure could allow the Chinese government to gain access to Americans’ data. As expected, TikTok plans to challenge the law in court, claiming that the proposed ban would violate free speech rights to millions of people. 
Although the divest-or-ban legislation captured public attention only recently, the U.S. officials have been working on the bill for months, which included a heated session with the TikTok CEO Shou Zi Chew to question him about the company’s ties to China. But despite the company’s assurances that it would wall off Americans’ user data from China and ongoing opposition from some Democrats and Republicans, the congressional leaders continued to push for the ban. Ultimately, lawmakers were able to sidestep a potentially lengthy and contentious debate in the Senate by tying the legislation to passing foreign aid, a cause that already had significant bipartisan backing.

“A collection of liberal Democrats and libertarian Republicans in both chambers have continued to oppose the legislation over concerns that it gives the federal government too much power to restrict businesses or that it curtails speech online.”

Cristiano Lima-Strong, The Washington Post

“Seven Deadly Sins” list of OSINT mistakes

When news breaks, especially in armed conflict zones like Iran and Ukraine, open-source research enthusiasts shift into high gear to scour satellite images and social media footage to try and make sense of it all. But well-meaning OSINT buffs often don’t follow best practices of open-source approaches and techniques, creating confusion instead of clarity and undermining the credibility of legitimate OSINT practices and methods. In their detailed analysis of the “Seven Deadly Sins of Bad Open Source Research”, Bellingcat experts highlight the common mistakes that OSINT researchers make to help aspiring analysts judge the quality of their work and improve their OSINT tradecraft.  

Among the usual blunders, the Bellingcat authors mention the researchers’ failure to provide the original source, letting their own bias cloud judgment, not properly archiving online content, lacking context, incorrectly using investigation tools, editing the footage to the point when it’s no longer trackable to the original source and believing that being the first to report on an event is more important than thoroughly validating the data.

“We work in a young and rapidly evolving field, facing a deluge of information. Mistakes should be no cause for surprise or shame. Everybody makes them. But a good open source researcher is open about doing so – they correct their errors quickly and vow to do better next time.”

Tristan Lee, Kolina Koltai, and Giancarlo Fiorella, Bellingcat

Cybercriminals steal healthcare data. Again.

UnitedHealth Group’s subsidiary, Change Healthcare, has admitted that it has paid a ransom to buy back stolen patient data. The attackers have reportedly gained access to Change Healthcare’s networks on Feb. 12, using compromised credentials on an application that allows staff to remotely access systems. A message briefly posted on a ransomware website claimed responsibility for the attack. CyberScoop, a prominent media outlet in the cybersecurity market, reports that the administrators of that site collected a $22 million ransom payment, which moved around to various cryptocurrency accounts over the course of March, showing signs that the perpetrators were attempting to obscure the final destination of the money.

Change Healthcare has acknowledged in a statement that sensitive and personal health information related to “a substantial portion of people in America” could be among the data stolen by cybercriminals. The news broke a few days before the Chief Executive of UnitedHealth Group was scheduled to testify before a congressional committee – fueling the growing criticism of the company’s handling of personal data and whether, more broadly, UnitedHealth Group’s dominant position in the U.S. health care industry represents a systemic threat.

“Nearly two dozen screenshots purportedly from roughly 4 terabytes of Change Healthcare data were posted April 7 to the website operated by RansomHub, a website whose operators either auction off previously hacked data or conduct attacks themselves. RansomHub gave Change Healthcare until April 20 to buy the data before it was to be sold to the highest bidder.”

AJ Vicens, reported on nation-state threats and cybercrime, CyberScoop

Every other week, we collect OSINT news from around the world. We’re also gathering information on cyberthreats, federal intelligence strategies and much more. Follow us on X and share the OSINT news you’re keeping up with.

To keep up to date on the latest OSINT and cybersecurity news, join our newsletter below.

Subscribe on LinkedIn

OSINT news