Open Source Intelligence

(OSINT)
Introduction to OSINT
What is Open Source Intelligence?

 Open Source Intelligence or OSINT is data collected

from Publicly available sources to be used in an
intelligence context.
 OSINT is primarily used in national security, law
inforcement and business intelligence functions.
 In the intelligence community the term “open” refers
to overt, publicly available source (as opposed to
covert or clandastine sources).
History of OSINT:

In 1941. United states president Roosevelt directed

the creation of the Foreign Broadcast Monitoring
Service, later to be renamed The Foreign
Broadcast Intelligence Service, under the
authority of the Federal Communications
Commissions.
OSINT Sources
 Media:
• print newspapers
• Mass media publication
• Content from media aggregators
• Magazines
• Radio
• Television
• Books, etc
 Internet:
 Online publications
 Blogs
 Discussion group
 Citizen media (cell phone videos, user-created content)
 YouTube
 Social media websites (i.e-Facebook, Instragram,
Twitter, Telligram, etc.)
Public Government Data:
 Public government reports
 Budget
 Hearings
 Telephone directories
 Press coferences
 Websites
 Speechs, etc.
Professional Academic Publications:
 Journals
 Conferences
 Symposia
 Academic papers
 Dissertations, etc.
Commercial Data:

 Commercial imagery
 Financial and Industrial assessments
 Databases, etc
Gray Literature:
 Technical reports
 Preprints
 Patents
 Working papers
 Business documents
 Unpublished works
 Dissertations
 Newsletters, etc.
Types of OSINT:
Active OSINT:
 Direct contact with the target
 More reliable results
 Hihg risk of detection
 Example: port scanning
Passive OSINT:
 Contact based on third-party services
 May include false positives and noise
 Low risk of detection
 Example: security Apls
Advantages:
 Money-Saving
 It’s Legal
 Regularly Updated
 National Security
 Big Picture View
 What is the value of OSINT?
OSINT has incredible value, both positive and negative to the originator or
dedicated recipient of the information:

1. Journalists and researchers use OSINT to generate a story or obtain greater

information on a subject. The US Library of Congress collects vast amounts of
this type of data.
2. OSINT gives context to classified information. Generally, only select
information meets the criteria for classification, with unclassified sources of
information filling the gaps.
3. OSINT gives adversarial forces a starting point and additional resources
necessary to leverage further attacks or exploitation.
4. OSINT reveals the intent of friendly or adversarial forces.
5. OSINT reveals current status, capabilities or other contemporary information.
Common Social Media Sources:
 Facebook
 Youtube
 Twitter
 TweetDeck
 Instagram
 Linkedin
 Pinterest
 Reddit
 whatsApp
 Tumblr
 Nextdoor
 Snapchat
 Myspace
 Blogger
 Telegram
 Flicker
 Baidu
 TikTok
 Pastebin
 Talk
 4chan
 YY.com
 Meetup
 justpaste,.It
 Tinder
 Quora
 Wechat, etc
The Most common osint resources:
 Metadata search
 Search engines
 Social media
 Online communities
 Email address
 Usernames
 People search engines
 Telephone number
 Online maps
 Code search
 Documents
 Images
 videos
 Domain names
 IP Addresses
Who collects and uses OSINT?

Military, friendly
Business
and enemy

Law Government
Enforcement

Criminals
Spies
Rules for Using Open Source
Intelligence in Investigations
1. Have social media accounts
When using social media in your searches, most
networks will requre that you have an account in order
to search with any depth. Many investigators set up a
separate account to use for investigations to ensure
anonymity.
 Some social media networks prohibit fake accounts so
read the rules before you sign up.
2. Learn how to use geolocation
 Geolation can be a valuable addition to the OSINT
toolbox. IT uses clues in photor or videos to determine
the exact location where the photo or video was taken.
This is useful to corroborate claims by those using
these media as evidence and for finding a location if it
wasn’t supplied.
3. Check your facts
 Double-check your results when researching anything
online. Anyone can put information and mis-
information on the web, so it’s important to know the
source and, when there is any doubt, to corroborate
anything you plan to present as fact.
4. Be anonymous
 There are several ways to hide your identity when
searching online and sometimes it’s a good idea to do
so. Using Tor Browser is one reliable way to search
anonymously. There are also search engines that don’t
track users.
5. Don’t pretext
 When using social media in your investigations, never
misrepresnt yourself in order to become Friends with
a subject. Not only does this violate the terms of most
socail media networks.
6. Check your bias
 When conducting online research, it’s very easy to use
search terms.
7. Spend on OSINT tools
 Some OSINT websites require you to join and pay a
monthly, annual or pre-use fee. While there many free
OSINT resources, it’s also a good idea to join some to
increase the depth of the searches you can perform
and to help you find information faster.
8. Stay current
 The internet is constantly changing. An open source
resource that was there yesterday could be gonve
today and new, useful OSINT tools pop up every week.
Read blogs, follow OSINT experts on Twitter and stay
abreast of changes in the industry that can affect the
efficinecy and accuracy of your investigation.
9. Know that OSINT has limits
 And, Finally, recognize that online research has its
limitations and that there’s some incorrect and
incomplete information on the internet.
Useful Browser Extensions:
OSINT Bookmark
Simple Link Extractions

Download al items that match a pattern

Multi account containers

HTTPS everywhere

No script

Privacy Badger

uBlock Origin
OSINT Tools:
 Metadata search
 Code search
 People and identity investigation
 Phone number research
 Email search and verification
 Linking social media accounts
 Image analysis
 Geospatial research and mapping, etc
OSINT Process