Is gaining access to OSINT data ‘easy’? In this blog, a Senior Tradecraft Advisor at Fivecast explores this question while highlighting some of the misconceptions around OSINT data and how to close OSINT data collection gaps by gaining access to perceived closed spaces.
Even though OSINT data is generally housed in publicly available spaces, it is a common misconception that gaining access to OSINT data is simple or straightforward. This misconception often comes from the perceived lower barrier of entry to open-source intelligence compared to other sources of intelligence. However, as experienced OSINT analysts know, you do not have to go too far in an investigation to come up against both technical and operational barriers when attempting to access valuable OSINT data.
OSINT Blind Spots
As the digital tides shift, information vital to investigations flows through a variety of spaces. It’s increasingly important for analysts to follow these waves of data across all platforms your investigation touches. This especially includes seemingly unreachable online networks that can house extremely valuable OSINT data. These ‘perceived closed spaces’ or blind spots include applications or sites that require logging in and/or sit behind privacy walls. Some examples include:
- Dark Nets: TOR, i2p, Freenet, GNUnet, Zeronet
- Messaging Applications: Discord, Telegram, WeChat
- Private accounts or Groups on the Deep Web
As all OSINT analysts know, threat actors are becoming increasingly tech savvy, especially when it comes to finding new platforms to recruit and espouse their narratives. Often, threat actors will engage in activities such as pushing conversations and activity to other platforms, locking down content and generally weaving across the web to obfuscate their activities. OSINT capabilities that facilitate tracking threats as they transition across open-source platforms and gaining access to perceived closed spaces are invaluable in such investigations.
Help for OSINT Analysts
So, how can OSINT analysts access and curate data in perceived closed spaces to ensure it is not missed or becomes a blind spot in investigations? There are several key considerations:
- Misattribution and obfuscation to protect the anonymity of analysts and enable unencumbered intelligence access. Fivecast ONYX data collection is obfuscated and secure to relieve analysts of the burden of managing anonymity and security.
- Breadth of access across a wide range of online data on the surface, deep and dark web, including the less common online platforms and perceived closed spaces that are not easily discoverable. Fivecast ONYX delivers unmatched access combined with persistent and ongoing collection of real-time data with automated storage and data retention.
- Extraction of critical insights pertaining to accounts, POIs, groups, channels and topics. The powerful customizable risk detectors of Fivecast ONYX put AI and machine learning at the fingertips of analysts to zero in on the most relevant data quickly and efficiently.
- Network analysis to identify different connections, groups, influencers and lines of communication. Fivecast ONYX delivers network analysis capabilities that are based on a risk assessment of real-life connections and interactions between entities online.
Peace of mind for OSINT Analysts
To achieve successful investigation outcomes, analysts must be confident that they have the tools at their disposal to avoid blind spots and be able to review and quickly assess all relevant publicly available data.
The key OSINT capabilities described above give analysts the peace of mind that they can gain access to and review multiple layers of the online footprint of a POI, group, or narrative and include alternative sources of intelligence data to build a rich intelligence picture.
A final tip for OSINT analysts – keep an open mind and stay creative and curious!