OSINT Teamwork Example

Article: https://wondersmithrae.medium.com/osint-teamwork-how-we-won-the-trace-labs-defcon29-black-badge-51a26879ad56

Resources

Below are a list of some of the best curated lists of tools to assist an internet investigation. Check back for regular updates.  If you find a resource worth adding please feel free to link in the comments.

Michael Bazzell Inteltechniques: https://inteltechniques.com/menu.html

Jivio Awesome OSINT (GitHub): https://github.com/jivoi/awesome-osint

Justine Nordine OSINT Framework: http://osintframework.com/

Robin Good: https://contentcuration.zeef.com/robin.good

Paul Myers Research Clinic: http://researchclinic.net/

Dr Neal Krawetz: http://fotoforensics.com/

 

Key Author: First Draft

First Draft is one of my personal favourite resources for anyone with an interest in open source intelligence. I discovered the organisation when looking at the connection between OSINT and journalism. There are numerous articles and guides well worth exploring.

Website: https://firstdraftnews.org/

One guide in particular I would like to draw special attention to is :

Journalism and Vicarious Trauma
A Guide for Journalists, Editors and News Organisations
APRIL 2017
By Sam Dubberley & Michele Grant

Featured Article: https://medium.com/1st-draft/new-guide-offers-dialogue-and-guidance-on-vicarious-trauma-da4cf62801d8

Source: https://firstdraftnews.org/wp-content/uploads/2017/04/vicarioustrauma.pdf

 

 

 

What is OSINT? Part one

Open Source Intelligence, what is it? At first it might seem straightforward if your research begins and ends with a brief scan of Wikipedia. Let’s start this series of posts by beginning there, after all, it is convenient, it ranks high in search results and is often considered an authority of information.

https://en.wikipedia.org/wiki/Open-source_intelligence

“Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context.[1]”

So here is our first definition, let’s take a closer look. If we follow the link to the source behind this definition, it takes us here:

http://www.oss.net/dynamaster/file_archive/040320/fb893cded51d5ff6145f06c39a3d5094/OSS1997-02-33.pdf

The reference is to a PDF “Open Source Intelligence: What Is It? Why Is It Important to the Military?” by Robert D. Steele. Interestingly enough, the specific quote is not in the document.

The author does state that:

“OSCINT is intelligence derived from public information–tailored intelligence which is based on information which can be obtained legally and ethically from public sources.”

Within a few minutes of looking for a definition, we have two definitions, and no I did not through a C in there for my own amusement. So far, the definition is as clear as mud. There are good points made in each definition and they are not contradictory so at the very least we could combine them. I will come back to these definitions a bit later, for now let’s keep with the Wikipedia article. Scrolling down the page we have a new definition:

“Open Source Intelligence (OSINT) is the collection and analysis of information that is gathered from public, or open, sources.”

And another:

“OSINT is defined by both the U.S. Director of National Intelligence and the U.S. Department of Defense (DoD), as “produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.”

And another:

“Security researcher Mark M. Lowenthal defines it as “any and all information that can be derived from overt collection: all types of media, government reports and other documents, scientific resarch and reports, commercial vendors of information, the Internet, and so on. The main qualifiers to open-source information are that it does not require any type of clandestine collection techniques to obtain it and that it must be obtained through means that entirely meet the copyright and commercial requirements of the vendors were applicable.””

We are at five definitions, which one are you going to pick? The shortest one perhaps? After all, it makes copying and pasting that much easier. Perhaps we can simply identify who the authority is on the discipline and take their definition…

Two sources I see more frequently cited than others are from the US Intelligence Community and from NATO:

https://www.gpo.gov/fdsys/pkg/PLAW-109publ163/html/PLAW-109publ163.htm

http://www.au.af.mil/au/awc/awcgate/nato/osint_hdbk.pdf

Taking all of these definitions into account we have a few key characteristics including:

  • Overt collection
  • Publicly Available
  • Open Sources
  • Disseminated
  • Unclassified
  • Purpose is to address an intelligence requirement
  • Copyright and commercial requirements
  • Legally and ethically

If we combine all of these elements we could start to create an all-encompassing definition, however the reality is that some of the elements can be argued with, especially from certain perspectives and circumstances, making efforts to create a catch-all definition difficult.

More to come in Part 2…