In this blog, a Senior Fivecast Tradecraft Advisor compares intelligence operations online and in the real world to highlight the OSINT skills gap that many intelligence officers face.
We often talk about Open-Source Intelligence (OSINT) being the collection of ‘publicly available’ information. That makes it sound like anyone can go out there and get it, without any risk whatsoever. However, ‘publicly available’ doesn’t necessarily equate to ‘easily available’, or ‘safely available’ and that description can undersell the essential skills and experience required to maintain a secure and effective OSINT capability.
In many ways, the ability to detect and monitor risky or unlawful activities and networks online is like mounting a ‘traditional’, real-world intelligence operation.
Real-world intelligence operations
Real-world intelligence operations take many forms, but one example is physical surveillance, which generally refers to trained staff watching and following the person of interest, reporting back their activities and interactions. However, the sophistication of that operation will depend on the training and experience of the watchers. If they are a professional and well-resourced team, they will be able to obtain a large quantity of ‘publicly available’ information (i.e. which locations the target visits and who they meet). What’s more, and perhaps most importantly, the person or group of interest will be none the wiser.
On the other hand, if a poorly resourced team – with little to no training – attempts that same collection of information, they are unlikely to gather the required levels of insight, and they risk inadvertently tipping off the person of interest (POI) that their activities are being monitored. Such a realisation is likely to trigger two possible outcomes; the POI goes to greater lengths to conceal their activities, leading to less or even misleading information being gathered during future operations, and/or the POI is able to lead the intelligence officers into a trap – whereby the team gets “burnt” and can’t operate effectively against that target network again.
Online intelligence Operations
Accessing and monitoring ‘publicly available’ data online can be viewed through the same prism, and similar risks apply to OSINT investigations if key skills are missing. If online operations are undertaken by poorly trained and poorly equipped intelligence officers, there is a high risk of the POI being alerted to the fact they are under investigation.
Additionally, the quality and extent of information obtained is likely to suffer. This is exacerbated by the masses of data available online compared to the physical world. Having the skills to filter through this data to uncover only the most valuable insights is essential.
Essential OSINT Skills
A key skills gap often overlooked by OSINT teams is the management of their online footprint. The digital clues they leave behind persist, and can be detected well after the event, in some cases revealing damaging information including, identity or intent, IP addresses referring back to their organisation or location information. These footprints can also leave the door open to cookies, scripts, trackers and more.
Register for our Intel Hub to watch the Advanced Threat Investigations webinar with our partner Authentic8 to learn more about how OSINT investigations can be conducted successfully and safely online.
A much better outcome is likely if intelligence officers are appropriately equipped with infrastructure that obfuscates their activities. If in addition they also have the training, tools and skills required, they will be well placed to obtain a rich picture of their target’s online activities and associates; meaningfully and securely contributing to the overall investigation.
Bridging the OSINT Skills Gap
When it comes to the collection of ‘publicly available’ information across the Surface, Deep and Dark Web, Fivecast ONYX delivers comprehensive and obfuscated capabilities that – combined with advanced AI-enabled risk analytics – help overcome the OSINT skills gap facing investigation teams.
Fivecast ONYX is designed to meet the stringent security requirements of government agencies and protects the identities of analysts as they undertake online intelligence investigations crucial to their missions. With Fivecast ONYX, analysts can securely and anonymously triage and filter multi-media data to rapidly identify only the riskiest content and media for review, protecting the identity of analysts while saving hours of manual data interrogation.