Transcript Intro to Open Source Intelligence

Open Source Intelligence
(OSINT)
Introduction to OSINT
This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered in the
OSPA OPSEC Academy
http://www.opsecacademy.org
What is OSINT?
OSINT: Open Source Intelligence; publicly available information. i.e., information
that any member of the public could lawfully obtain by request or observation, as
well as other unclassified information that has limited public distribution or
access.
OSINT represents a constant threat to any organization or mission, and can
account for up to 80% of actionable intelligence, which is generally not
protected and not classified.
In most cases, it’s legal to obtain information in this way. This means that
despite the high potential for harm, this critical information may be obtained
at little or no risk to the intruder.
Definitions:
 Open Source Data (OSD): the raw print, broadcast or information in any
other form from a primary source. This can include photographs, tape
recordings, satellite imagery, personal letters, online postings, etc.
 Open Source Information (OSIF): Generic information generally intended
for wide dissemination that combines multiple pieces of data using some
level of validation. Examples include books, newspapers and news reports.
 Validated Open Source Intelligence (OSINT-V): Information to which a high
degree of certainty can be attributed. This includes two categories:
 Information which comes from an established reliable source and/or
can be validated by comparing to other data
 Information which can be established as valid in its native format. i.e.,
news reports showing a state leader’s speech. This, of course, must
consider the possibility of manipulation or forgery.
OSINT Sources
Intelligence can be gathered from a broad range of publically available sources.
•Media
•Television, radio, newspaper, magazines
•Internet
•Search engines
•Google, Bing, Yahoo
•User-generated content
•Blogs, forums, social-networking, wikis
•RSS feeds
•Peer to Peer (P2P)
•Geographic
•Maps and environmental and navigational data
•Observation
•Camera, video recorder, reporting
•Academia
•Experts, research, conferences
OSINT Sources
Intelligence can be gathered from a broad range of publically available sources.
•Government at all levels
•FOIA
•Building permits
•Patent offices
•Paid Services and Public Records
•Credit reports
•People searches
•Real Estate records
•Military records
•Association directories
•Business Records
•SEC filings
•Legal activities
•Press releases
What is the value of OSINT?
OSINT has incredible value, both positive and negative to the originator or
dedicated recipient of the information:
1. Journalists and researchers use OSINT to generate a story or obtain greater
information on a subject. The US Library of Congress collects vast amounts of
this type of data.
2. OSINT gives context to classified information. Generally, only select
information meets the criteria for classification, with unclassified sources of
information filling the gaps.
3. OSINT gives adversarial forces a starting point and additional resources
necessary to leverage further attacks or exploitation.
4. OSINT reveals the intent of friendly or adversarial forces.
5. OSINT reveals current status, capabilities or other contemporary information.
Who collects and uses OSINT?
Military, friendly
and enemy
Law
Enforcement
Criminals
Business
Government
Spies
Who collects and uses OSINT?
“Intelligence units mine the benefits of public sources”
-Government Computer News, March 17, 2006
“Man uses Facebook to help police catch criminal”
-ABC News, March 20, 2010
“Could Twitter robbers get to you?”
-NBC News, June 3, 2009
Who collects and uses OSINT?
“Is your sensitive company info being leaked on LinkedIn?”
-Washington Times, April 18, 2006
“CIA mines ‘rich’ content from blogs”
-ComputerWorld, May 19, 2011
“Spy Agencies Turn to Newspapers, NPR and Wikipedia
for Information”
- US News, September 12, 2008
OSINT
The Internet
In the modern context, it’s tempting to think of OSINT as “the Internet”. While the
advent of the internet has brought new opportunities to analysts and adversaries
alike, OSINT has been a problem for the intelligence community for years before
the advent of the modern Internet. Examples of resources that are of value to an
adversary and predate the internet are:
Job
announcements
Public records,
like building
permits
Personal
records, like
credit reports
News and
periodicals, like
press releases,
radio,
television, etc
iChanges
The Internet, and related technologies have, however, added to the already
immense quantity of critical information that may be obtained by the public. For
example:
Webpages,
blogs
Chatrooms,
forums, file
sharing
Company
information in
whois, online
filings, etc
Online news
Why create such information?
Generating information is the natural result of doing business. Much of the
information that may be beneficial to an adversary is created for a legitimate
purpose, such as business filings or press releases.
The important thing to consider is how this information can provide clues to
identify targets, activities, real-time operations and more. When it’s necessary to
create and share information, only the information that’s necessary to be shared
should be included, and even that must be evaluated for its potential impact.
I’m online, therefore I am.
-Descartes
See for yourself
Consider how easy it is to find information
about yourself. If you were an adversary,
perhaps a business competitor, burglar, foreign
military, or something else entirely, what could
you learn from your physical and online presence?
Personal:
• Search white pages http://www.whitepages.com
• Search social networks: http://www.wink.com
• Search for your email address in Google
• Type in your address into Google Maps, and zoom in to street view
• Search in your refuse bins- what are you throwing away?
• What are you saying in chat rooms or forums?
Business:
• Check your press releases and job listings. Have you listed your network
security equipment in job descriptions?
• Search refuse bins for sensitive memos, employee directories, etc
• What is revealed on your company webpage?