In this blog, a Fivecast Tradecraft Advisor explores the important role that open-source intelligence (OSINT) plays in identifying national security data breaches and the need for an ethical framework for those entrusted to work with OSINT.
After recent revelations about the damaging breach of U.S. National Security over public internet forums such as Discord, experts now believe that Air National Guardsman Jack Teixeira’s unauthorized disclosure of classified U.S. military intelligence onto the Surface Web may have taken place as early as February of 2022, a significant national security breach that remained undetected until April of 2023. The information in question was intentionally leaked from classified communications by Teixeira then posted in private Discord groups which then propagated to additional online platforms such as Telegram.
When breaches like this occur, OSINT-focused companies well-versed in applying intelligence techniques across the Surface, Deep, and Dark Web can and should deploy their considerable expertise in countering breaches, hacks, and other threats. Ethical considerations should play a pivotal role whenever organizations consider the acquisition, storage, and usage of leaked classified information. These ethical concerns are of particular importance to public sector-facing entities, as it demonstrates a suitable level of respect for its clients and preserves its reputation as a contributor to national security priorities rather than an opportunistic firm employing a “winner-scrape-all” approach. To explore this further request our industry brief on ethics and OSINT:
While Teixeira has been arrested and charged with violations of the Espionage Act, prior to his arrest, the intelligence was disclosed to at least 50 members of the Discord Channel “Thug Shaker Central” and propagated across platforms and countries, including Russia. Although he was a member of the Air Force, the data he possessed contained sensitive information shared by the CIA, the NSA, and others. This breach highlights numerous key elements relating to intelligence.
Data has no loyalty
This spillage of highly-classified intelligence – including at the top-secret level – onto the Surface and Deep Web platforms serves as a potent reminder that undetected data is unprotected data. Information, regardless of its origin, carries no intrinsic protection against loss, denial via encryption, or theft via espionage and exfiltration. Put another way, information has no innate sense of loyalty or ownership. Once released from the disseminating authority or agency, it can and will flow to the weakest gap in the security perimeter including gaps in partner organizations.
Regardless of the security measures, including passwords, mandatory quarterly training, access controls, and air-gapped systems, data was exfiltrated, uploaded, and spread across continents within weeks, highlighting the need for OSINT as an enabler to detect the breach.
Breaches without Boundaries
This interconnectivity between organizations, entities, people, and networks operating in a security-cleared environment is mirrored on the Surface Web, where data is practically irretrievable once leaked. The U.S. Government requested that the technology companies do their utmost to remove the leaked imagery and data from the platform but with limited results. Breaches anywhere, if left undetected and unchecked, will almost inevitably propagate across platforms. Once outside a nation’s borders and on an adversary’s social media platform, the information is here to stay.
The need for an ethical framework
For OSINT professionals, establishing rules of engagement on whether to collect these critical breaches for their missions, analysis, and retention can seriously impact the clients they serve. It may also impact prospective future engagements and the credibility of the organization. To best position themselves for future crises, intelligence teams can and should set a mission and values-driven ethical framework as a compass when time is short, the mission is critical, and the best course of action is ill-defined. A failure to have these procedures on hand can result in costly missteps that squander reputations and expose analysts to conflicting guidance within the organization.
At a high level, publicly available information (PAI) represents a vital subset of open-source intelligence (OSINT), but it should not be viewed as equivalent to the information that results from hacked records, leaked correspondence, or breached credentials. This distinction becomes even more important and relevant as publicly available data and leaked data are often found on the same platforms, therefore the “winner-scrape-all” approach is not necessarily the best approach. Care needs to be taken in terms of what data should be considered within bounds for an investigation, and this adherence to ethics can also serve as an important safeguard against honeypot data, viruses, and other dangers associated with accessing unverified data.
Ethical Uses of Publicly Available Information
OSINT is often misconstrued as an invasion of privacy, as the term open-source means different things to different people. Similarly, with other intelligence disciplines, OSINT can and should be harnessed ethically when employed correctly. Sharing information openly, publishing articles, and engaging in dialogue within the public sphere does not preclude that information from being leveraged in support of safety, law enforcement, national or corporate security.
Organizations contemplating the purchase of stolen, hacked, or leaked data should pay significant attention to the legality of the action, the underlying purpose, and the substantial risks associated with engaging in dialogue or transactions with potentially sanctioned non-state actors or state-sponsored advanced persistent threats (APTs). When operating in such a space, analysts and their team leads should be familiar with national and international guidance involving actions that concern the spillage of classified materials, payment to ransomware hacking groups, and interactions with Dark Web providers. Fivecast has taken a considered approach to acceptable use cases, which include:
- Violent Extremist Threats
- Security Vetting & Insider Threats
- Foreign influence operations
- Transnational Organized Crime
- Force Protection
- Protective Security
- Financial intelligence (KYC, AML, fraud detection)
OSINT is an essential and valuable tool for organizations with access and responsibilities concerning sensitive collection methods and classified intelligence. PAI not only aids in ensuring that clearances are issued with the required level of due diligence, but also protects clearance-holders proactively from blackmail, external threats, and the secondary effects of breaches. National security, law enforcement, and other intelligence agencies and teams should ensure they are fully leveraging the valuable insights of PAI to protect their own communities and the communities they serve.
OSINT organizations stand ready to take on this immense challenge, responsibly delivering value to clients, with efforts firmly in an ethical foundation based on fundamental principles of fairness and proportionality. In this manner, ethical organizations can serve as a bulwark against multiple threats while distinguishing professional efforts from competitors who employ an unrestrained approach. Fivecast delivers ethical access to customers whose operations and missions are in line with our core values and commitment to public safety and enabling a safer world while empowering national security, law enforcement, and defense agencies.