ArchiveOODA OriginalTechnology

2019 and the Evolving Role of OSINT

Introduction

SIGINT (Signals Intelligence) and OSINT (Open Source Intelligence) are entering a new position within the public sphere in 2019. Watershed events in 2018 have finalized a long, slow transition from the monopoly of shadowy intelligence agencies and the occasional investigative journalist into a space fully accessible and contestable by anybody with an internet connection. An analysis of a case from 2018 highlights some of the emerging characteristics and actors.

“Anatomy of a Killing”

Soldiers in uniform lead two women and two young children along a dusty footpath. They are blindfolded, instructed to kneel, and then riddled with bullets as onlookers gape and the soldiers jeer. A cell phone video containing this scene went viral on social media pages across West Africa and beyond this summer. Different versions accused soldiers from several Sahel countries, all succeeding in causing outrage against the accused.

The video lent itself to multiple interpretations. As soon as it became the cause of public outrage in Cameroon, the government dismissed it as fake news or as having originated elsewhere in the Sahel. The nondescript landscape, the lack of unique markers on the faded uniforms of the soldiers, and the poor audio quality of the video strengthened both the deniability and the power of framing statements.

The video footage, viewed by unknown thousands from West Africa to Washington DC and beyond, is clear enough. Removing the most graphic footage, the team published their OSINT journey in tracking down the actors behind the killings.

2019 

The heroics of the investigation aside, the process of the entire event cycle, from the atrocity to the eventual conclusion of the legal proceedings and sentencing, suggests a number of takeaways for 2019. These takeaways are both opportunities and problems. In the words of OODA Founder Matt Devost, however, these problems may just be “opportunities with a different risk profile.”

Opportunities

The BBC Africa investigation highlights the incredible power and depth available to the open source researcher. From satellite imagery to massive searchable databases of obscure information, individual OSINT researchers can access what was previously only accessible to governments. Armies of these researchers, often simply hobbyists with no substantial technical or coding knowledge, are sharing tools through online forums and advancing the field at a startlingly fast pace. Within its various forums, one sees the daily expansion of OSINT tools into new data troves, methods, and tactics.

Bellingcat and Others

While the atrocity investigation was conducted under the aegis of BBC Africa, it was supported by several freelance researchers. Some of these researchers are connected to Bellingcat, the so-called “the home of online investigations.” This organization serves as one of the major hubs for these kinds of OSINT researchers, many or most of whom are hobbyists and freelancers.

Hosting quizzes and “how-to” articles with titles like “Using Time-Lapse Satellite Imagery to Detect Infrastructure Changes,” “How to Collect Sources from Syria If You Don’t Speak Arabic,” and “Automatically Finding Weapons in Social Media Images,” Bellingcat brings together researchers and advances techniques to pierce through disinformation. Researchers associated with the group have independently corroborated Human Rights Watch and Amnesty reports and disproved Russian claims on the use of cluster bombs in Syria. They have also identified one of the Paris bombers 3 days after his suicide attack. Their most impressive and public-facing achievement to-date, however, is likely their establishment of the true identity of the Skripal poisoning suspects, linking them directly to Russian military intelligence.

Other individuals and organizations have rounded out the OSINT field, providing podcasts, free tools, trainings, and even merchandise. This author’s favorites resources include the /awesome-osint repository on GitHub and the several podcasts including The Privacy, Security, and OSINT Show and The OSINT Podcast.

As one scratches beneath the surface of all of these pages and organizations, however, one quickly realizes that they are nearly all comprised of individual researchers from a variety of backgrounds with a largely self-taught arsenal of skills and tools. Herein lies the essence of one of the leading benefits of OSINT in 2019: it is a democratic tool that allows anybody with the interest and ability to self-learn to pull back the shrouds covering important information and stories.

Problems

Aside from “Vicarious Trauma” that an unknown number of researchers have acquired from viewing unedited, brutal footage (yes, there is also a Bellingcat how-to article on “How to Prevent, Identify, and Address Vicarious Trauma“), there is the ever-present risk of losing potentially life-threatening data. This can happen both intentionally and unintentionally.

In one unintentional instance, a modern take on the WWII warning “loose lips were sinking ships” saw US-service members around the world contributed to “heat maps” on workout ap Strava. These heat maps provided clear information on personnel movements and patrols at secretive military installations (yes, there is also a Bellingcat article on “How to Use and Interpret Data from Strava’s Activity Map“).

On the intentional side, malicious actors have access to the same tools. Individuals, organizations, and nation-states make use of these same tools for their own purposes. Disregarding the constant OSINT operations conducted by governments, criminals can use these techniques to improve their own activities. Individuals and groups, whether “hackers” or not, now rely on OSINT tools to customize and refine everything from sophisticated spearphishing attacks (computer as target) to more traditional criminal activity (person as target).

Conclusions

Aside from data-leakage, the broadest and likely the most critical threat of OSINT in 2019 is the same problem driving fake news. It takes incredible amounts of time and effort to sift through the “noise” of information and misinformation. While the BBC investigation brings hope that malevolent actors can be brought to justice, there is nobody investigating most instances of the kind. Whether in the Sahel, Soho, or New Jersey, there are masses of data and information out there in which malicious actors can hide. While this part is the bad news, the good news is that the tools to find them are out there. And with the leaps and bounds in AI and other technologies, these tools will only become more powerful.

Michael Brooks

Michael Brooks

Michael Brooks is an OSINT researcher and OODA Analyst and with a background in international development and security across Central Africa and the Middle East. Currently based in Berlin, Germany, he holds a BA in International Policy from Patrick Henry College and a Masters in International Security from the University of St. Andrews.