Stay up to date with the latest OSINT news around the world.

This week in open-source intelligence (OSINT) news: a new OSINT event; China pulls ahead of the U.S. in OSINT research; examining two different outages – Russian internet and the darknet index site Dark.Fail; and using satellite images to expose deceptive shipping practices and trace prison expansions.

This is the OSINT news of the week: 

Join us for OSINTUp

First off, if you’re an OSINTer looking to level up in your career or brush up on OSINT skills, join us Thursday, February 22, for OSINTUp. This virtual skill-sharing event will showcase sessions from leading OSINT experts, like My OSINT Training’s Micah Hoffman, OSMOSIS Institute’s Cynthia Hetherington, Trace Labs’ Tom Hocker and more. They’ll share OSINT tips, insights and resources and highlight the many paths to OSINT investigations and careers.

Learn more and register here.  

With so much information, even the spies are struggling to make sense of it all

There's an overwhelming flood of data swirling around, making life tough even for seasoned operatives from agencies like the NSA and CIA. U.S. intelligence agencies have struggled for years to tap into openly available data, such as social media posts and cell phone location pings, but it’s now beginning to change.

In recent months, the intelligence community has embarked on a journey to outline a national OSINT strategy, which will focus on development of tools and techniques and promoting collaboration and coordination between government entities. Federal intelligence agencies have always prioritized information that they gather using more traditional covert methods, but U.S. policymakers are now warning that failing to take full advantage of OSINT can be costly and even dangerous when it comes to national security.

“Our greatest weakness in OSINT has been the vast scale of how much we collect.”

Randy Nixon, Director of the CIA’s Open Source Enterprise division

China has OSINT figured out. Experts suggest the U.S. can learn from them.

The importance of building strong OSINT practices has made it into another story – authors of the Bloomberg cybersecurity newsletter suggest that while the rest of the world was chasing secrets, China realized long ago that valuable information is available in plain sight. According to William Hannas, a former CIA official who is now lead analyst at Georgetown University’s Center for Security and Emerging Technology, China has about 100,000 science and technology intelligence workers, including open-source collectors, analysts and field operatives — no other country has anything remotely comparable.  
 
The U.S. is beginning to ramp up its efforts to gather and analyze open-source information — its intelligence agencies are looking into using AI and other emerging technologies to help sift through the flood of data. However, compared to China, the U.S. seems to still be falling behind and needs to step up its efforts in adopting effective strategies, policies and tools to help race against its rivals.

“The revolution in artificial intelligence, and the avalanche of open-source information alongside what we collect clandestinely, creates historic new opportunities for the CIA’s analysts.”

Bill Burns, CIA Director

Russian internet goes dark, and nobody knows why

Russia had its biggest internet outage last month, affecting hundreds of mobile applications and websites, and now conflicting information is emerging about what could have caused the disruptions. Russia's Digital Development Ministry said the outage was the result of technical problems with its Domain Name System Security Extensions (DNSSEC); however, independent observers have suggested that the outage could have been caused by Russian authorities preparing for a potential move of all users in the country to the national DNS server.
 
While the real cause of the outage remains undetermined, Newsweek has analyzed information from different sources, including reports from Russian news outlets, to look for links between the internet service disruption to the Russian government’s need to reduce the threat of attacks and boost security during government officials’ meeting in St. Petersburg, where they participated in events dedicated to marking 80 years since lifting of the siege of Leningrad.

“A large-scale Internet network failure has occurred in Russia. Banking applications, including Sberbank, are not functioning. Failures are noted in the operation of mobile operators. Reasons for the failure are unclear.”

Anton Gerashchenko, Adviser to Ukraine's Minister of Internal Affairs

Outage on Dark.Fail. DoingFedTime explains why it’s a big deal

Another notable outage — Dark.Fail, a go-to site for the darknet community, which acts as a directory to what’s out there in the dark corners of the web. Dark.Fail is an index site that lists various darknet sites and shows a green dot if they are active. Recently, the site went down, and it seems to be more than just a minor hiccup. Meanwhile, Dark.Fail’s .onion domain on the Tor network was still up and running. 

Author, speaker, and self-proclaimed hacker Sam Bent, who also goes by the name DoingFedTime (a nod to the time he spent in federal prison), dissects the outage and analyzes the advantages of the Tor network infrastructure over the regular internet/surface web. Bent knows his way around Dark.Fail and is an avid proponent of having an index site to help navigate the back alleys of the dark web. His article also dives into the reasons for having other index sites, such as Daunt.Link; guides you on how to use a Tor Taxi directory; and profiles a forum site Dread.

“Dark.Fail isn’t just another website that popped up overnight. It’s been around for a while, making its mark since way back in 2018. Think of it like an old tree in a park that’s seen many seasons change.”

Sam Bent, DoingFedTime

Myanmar’s secret prison revealed by satellite images

New satellite analysis suggests that Myanmar is expanding its prison-building program, prompting fears that it plans to jail thousands of pro-democracy protesters. Analysis of the images taken before the February 2021 military coup through to January 2024, indicate that 27 of 59 prisons showed signs of large-scale expansion or the construction of new wings or buildings. The satellite images also reveal ongoing construction or expansion of 53 labor camps.
 
The post-coup growth of the prison system has coincided with the mass arrests of political opponents, journalists and activists. The most high-profile prisoner is Aung San Suu Kyi, Myanmar’s civilian leader who was arrested at the start of the coup, prompting fears she might be taken to Insein prison in Yangon City — the country’s most notorious jail. Suu Kyi, however, has so far avoided being held within Insein — instead, Myanmar’s leader was taken to the Naypyidaw prison, constructed just outside the newly built military capital. Satellite images show that Naypyidaw has also undergone an expansion — with large new buildings appearing inside and outside its perimeter.

“Due to the security surrounding these additions, and factors such as location and their high-security structure, we believe they are new detention facilities connected to the official prisons.”

Matt Lawrence, Director of Myanmar Witness

Into the Abyss: ensuring compliance using accurate real-time data and insights 

The evolving geopolitical landscape has created additional pressure to maintain sanctions and export control compliance. Eric Orsini, Head of Compliance and Regulatory Affairs at Lloyd's List Intelligence (LLI) suggests that operationalizing sufficient due diligence doesn’t have to be hard to be effective. In his LinkedIn post, Eric tells a story of LLI tracking a vessel called Abyss through Automatic Identification System (AIS) gaps, ship-to-ship transfers, and probable dark port calls – a port call where the vessel was not broadcasting its AIS, thereby hiding its true location.
 
The owners of the Abyss went into a great deal of trouble attempting to obscure the Iranian origin of the ship’s cargo, turning off its AIS to mask the fact it loaded in Iran, and providing falsified documentation about illicit ship-to-ship transfers. Thanks to tracking the Abyss’ activity and location, LLI was able to identify deceptive shipping practices and help make expedited decisions leveraging historic and real-time data.

“Having accurate real-time data and insights could be the difference between compliant and legally permissible trade or sending your product and profits to the abyss.”

Eric Orsini, Head of Compliance and Regulatory Affairs at Lloyd's List Intelligence

Every other week, we collect OSINT news from around the world. We’re also gathering information on cyberthreats, federal intelligence strategies and much more. Follow us on X (Twitter) and share the OSINT news you’re keeping up with.

To keep up to date on the latest OSINT and cybersecurity news, join our newsletter below.

Subscribe on LinkedIn

Tags
Dark web research OSINT news