Presentation on theme: "Open Source Intelligence (OSINT) Introduction to OSINT This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered."— Presentation transcript:
Open Source Intelligence (OSINT) Introduction to OSINT This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered in the OSPA OPSEC Academy http://www.opsecacademy.org
What is OSINT? OSINT: Open Source Intelligence; publicly available information. i.e., information that any member of the public could lawfully obtain by request or observation, as well as other unclassified information that has limited public distribution or access. OSINT represents a constant threat to any organization or mission, and can account for up to 80% of actionable intelligence, which is generally not protected and not classified. In most cases, its legal to obtain information in this way. This means that despite the high potential for harm, this critical information may be obtained at little or no risk to the intruder.
Definitions: Open Source Data (OSD): the raw print, broadcast or information in any other form from a primary source. This can include photographs, tape recordings, satellite imagery, personal letters, online postings, etc. Open Source Information (OSIF): Generic information generally intended for wide dissemination that combines multiple pieces of data using some level of validation. Examples include books, newspapers and news reports. Validated Open Source Intelligence (OSINT-V): Information to which a high degree of certainty can be attributed. This includes two categories: Information which comes from an established reliable source and/or can be validated by comparing to other data Information which can be established as valid in its native format. i.e., news reports showing a state leaders speech. This, of course, must consider the possibility of manipulation or forgery.
OSINT Sources Intelligence can be gathered from a broad range of publically available sources. Media Television, radio, newspaper, magazines Internet Search engines Google, Bing, Yahoo User-generated content Blogs, forums, social-networking, wikis RSS feeds Peer to Peer (P2P) Geographic Maps and environmental and navigational data Observation Camera, video recorder, reporting Academia Experts, research, conferences
OSINT Sources Intelligence can be gathered from a broad range of publically available sources. Government at all levels FOIA Building permits Patent offices Paid Services and Public Records Credit reports People searches Real Estate records Military records Association directories Business Records SEC filings Legal activities Press releases
What is the value of OSINT? OSINT has incredible value, both positive and negative to the originator or dedicated recipient of the information: 1.Journalists and researchers use OSINT to generate a story or obtain greater information on a subject. The US Library of Congress collects vast amounts of this type of data. 2.OSINT gives context to classified information. Generally, only select information meets the criteria for classification, with unclassified sources of information filling the gaps. 3.OSINT gives adversarial forces a starting point and additional resources necessary to leverage further attacks or exploitation. 4.OSINT reveals the intent of friendly or adversarial forces. 5.OSINT reveals current status, capabilities or other contemporary information.
Who collects and uses OSINT? Military, friendly and enemy Law Enforcement Criminals Business Government Spies
Who collects and uses OSINT? Intelligence units mine the benefits of public sources -Government Computer News, March 17, 2006 Man uses Facebook to help police catch criminal -ABC News, March 20, 2010 Could Twitter robbers get to you? -NBC News, June 3, 2009
Who collects and uses OSINT? Is your sensitive company info being leaked on LinkedIn? -Washington Times, April 18, 2006 CIA mines rich content from blogs -ComputerWorld, May 19, 2011 Spy Agencies Turn to Newspapers, NPR and Wikipedia for Information - US News, September 12, 2008
In the modern context, its tempting to think of OSINT as the Internet. While the advent of the internet has brought new opportunities to analysts and adversaries alike, OSINT has been a problem for the intelligence community for years before the advent of the modern Internet. Examples of resources that are of value to an adversary and predate the internet are: OSINT The Internet Job announcements Public records, like building permits Personal records, like credit reports News and periodicals, like press releases, radio, television, etc
The Internet, and related technologies have, however, added to the already immense quantity of critical information that may be obtained by the public. For example: iChanges Webpages, blogs Chatrooms, forums, file sharing Company information in whois, online filings, etc Online news
Generating information is the natural result of doing business. Much of the information that may be beneficial to an adversary is created for a legitimate purpose, such as business filings or press releases. The important thing to consider is how this information can provide clues to identify targets, activities, real-time operations and more. When its necessary to create and share information, only the information thats necessary to be shared should be included, and even that must be evaluated for its potential impact. Why create such information? Im online, therefore I am. -Descartes
Consider how easy it is to find information about yourself. If you were an adversary, perhaps a business competitor, burglar, foreign military, or something else entirely, what could you learn from your physical and online presence? Personal: Search white pages http://www.whitepages.com Search social networks: http://www.wink.com Search for your email address in Google Type in your address into Google Maps, and zoom in to street view Search in your refuse bins- what are you throwing away? What are you saying in chat rooms or forums? Business: Check your press releases and job listings. Have you listed your network security equipment in job descriptions? Search refuse bins for sensitive memos, employee directories, etc What is revealed on your company webpage? See for yourself