National Cyber Warfare Foundation (NCWF)

Open Source Intelligence for Non-Government Entities (Feb. 2023)


0 user ratings
2024-05-18 22:54:21
SmithyColada

 - archive -- 
Open-source intelligence (OSINT) can be generally defined as intelligence produced from information that is publicly available (Williams & Blum, 2018). For most people, the term “intelligence” does not seem relevant to the life of a normal person (who is not a super spy or working for the FBI or CIA). OSINT, however, is not so mystical. Through terrifyingly personal marketing strategies, online horror stories told in YouTube videos about the dangers of doxing and swatting, and, more recently, within articles highlighting intelligence campaigns in Ukraine orchestrated largely by an international public online, OSINT has slowly, but surely, crept into the mainstream in every way but by name. As it becomes easier and easier to remotely access the lives of other people, OSINT has also developed, reaching billions of people every day. When you consider the mass amount of data added to the internet daily (in 2021, 2.5 quintillion bytes every day), it is not surprising that OSINT has become something anyone can access (Bulao, 2022). OSINT is no longer something possessed solely by government agencies. Open-source intelligence can be a viable, multifaceted means for non-government actors to improve the safety, security, and accountability of corporations, governments, and otherwise publicly
accessible entities.

Connected to various court systems on an international scale, Open-Source Intelligence can be used by professionals, victims, and victim advocates for government accountability, human rights investigation, and the documentation necessary for these means. In Dubberley’s article, Open-Source Intelligence is highlighted as a supplementary means of evidence that, with verification, can be incredibly useful in proving abuses that would often go unnoticed. Although the authors of the Digital Witness acknowledged that open-source investigations are changing the standard practices of human rights fact-finding, it is particularly important to note that, “open-source techniques are not the silver bullet that will solve all challenges in the investigation and documentation of human rights abuses, nor in holding perpetrators accountable for such abuses” (Murray et al., 2022). OSINT corroborates other forms of evidence, such as witness testimonies, strengthening their case in court. A video posted on social media such as the one used in court to show extrajudicial killings by the Cameroonian military is a perfect illustration of this concept. To verify that information, advocates traveled to the site of the killings and collected further evidence that verified the content of the video (Murray et al., 2022). Activists and journalists have always utilized open-source material to gather primary and secondary accounts that can be used to garner public and, hopefully, legal attention. In its simplest form, an OSINT investigation can involve filtering through search engines for evidence or signs of human rights violations and abuses. Boolean searches, for example, can ignite an investigation and help an individual find evidence of such abuses (Dubberley et al., 2021). For the criminal justice system, the court of public opinion, and commission groups such as the UN Human Rights Council, public websites, internet databases, and social media platforms are a gold mine of evidence for war crimes, human rights abuses, and other unethical government or individual behaviors (Murray et al., 2022).

In support of Dubberley’s conclusions, there are several instances in which activists have used openly collected data to spark real investigations. The UN Human Rights Council used social media material released by activists as, “central… findings of the Fact-Finding Mission on Myanmar on hate speech” (Human Rights Watch, 2021; Murray et al., 2022). Similarly, satellite
imagery analysis can be extremely valuable for human rights investigations (Dubberley et al., 2021). With proper spatial and spectral resolution, human rights abuses in certain communities are visible from above and can be found and documented (Dubberley et al., 2021). Because satellite imagery can be found openly online or bought by anyone, it can be used to track, disprove, and corroborate information. In Ukraine, Satellite OSINT helped unilaterally counter Russian disinformation intended to hide human rights abuse. After Russian soldiers retreated early during the Ukrainian-Russian conflict, the residents of Bucha, Ukraine began to post grisly videos of mass murder (Amos, 2022). Moscow, and more precisely Foreign Minister Lavrov, publicly denied war crimes allegations, claiming that the scene had been staged using Cadavers (GlobalData, 2022; Smith-Boyle, 2022). This theory was disproved with open satellite imagery from MAXAR which displayed dead bodies in the streets two weeks before the Russian retreat (GlobalData, 2022). Although there has not yet been verified identification of the soldiers who committed this atrocity, OSINT, in this case, was incredibly valuable in the court of public opinion which had a very tangible impact on military aid and on Ukrainian morale. Ukrainian citizens were empowered to further protect themselves both due to a sense of demonstrated injustice and by the weapons supplied by foreign governments.

Albeit outdated, the principles outlined in Dubberley’s work and, subsequently, its summary continue to apply to instances of human rights abuse. Open-source intelligence is a means in which citizens can interact with the injustices that governments try desperately to hide and erase. In the digital age, everyone has become an observer; every phone, satellite, camera, and post can become a piece of evidence that displays a portion of the truth. On a global scale, activists, researchers, lawyers, victims, curious observers, and, sometimes, bored people who stumble across information online communally make it more difficult for agents of the government to get away with their crimes.

Although similar in nature to the review of Dubberley’s article, Alexa Koenig’s journal speaks distinctly to the weaknesses of OSINT in an accountability setting. The article opens with a powerful retelling of a video that displayed crimes in Libya: the brutality of a Commander as he slowly kills kneeling men one by one (Koenig, 2019, p. 250). The International Criminal Court issued a warrant based upon this social-media video, creating an opportunity for those involved in these crimes to be prosecuted. Despite this success, the author warns that the existence of modern “deep fakes” warrants future concern of the place that OSINT evidence has in a courtroom for non-state actors for both survivors and perpetrators (Koenig, 2019, p. 253).
Without visual verification techniques and due to the sophistication and lowered cost of creating these videos, images, and recordings, it is more difficult in the modern world to prove reality from fabrications (Koenig, 2019, p. 252). In many ways, it is becoming more difficult over time to filter through the mass amount of evidence online and to discern if that material can be trusted. As technology continues to advance, it threatens, “to obfuscate the who, what, when, and where of international crimes” (Koenig, 2019, 254). Human rights non-government organizations who work to locate, preserve, verify, analyze, and utilize online visual imagery must continue to adapt to these problems and use triangulation methods to back online posts by triangulating physical, testimonial, and other documented evidence outside of information more readily freely online
(Koenig, 2019, p. 254). Technology, in this regard, has been used to harm public OSINT operations, forcing advocates and legal groups to safeguard their operations through further examinations of evidence which require a greater deal of resources and expertise.

Despite these challenges, sources continue to display various modern examples of the use of Open-Source Intelligence by citizens for the public good. In Hamilton Bean’s book on OSINT and its place in reshaping U.S. government practices, Bean highlights several cases in which a member of the public tipped off the U.S. government with information critical to national
security. For example, Shannen Rossmiller conducted online sting operations to cyber-hunt and capture “would-be jihadists” (Bean, 2011, p. 108). Her testimonies in court assisted in the arrest of an Army Specialist actively aiming to aid Al-Qaeda.

Because OSINT is accessible to the public and can provide information that would normally be classified for those in a government agency, those who engage with OSINT are also uniquely equipped for informed citizen activism. This activism can promote legal changes that help national or local security. The book highlights one group throughout its sixth chapter: the nine-eleven commission, composed mostly of the families of that attack’s victims, who utilized OSINT-empowered political advocacy to pass several policy reforms (Bean, 2011, p. 109). As a tool for politicians, victims who use OSINT to empower and popularize their cause help empower legal reform at higher levels of government. According to Bean, members of the public can increase their authority and legitimacy by integrating open-source discourse with public
dialogue strategies (Bean, 2011, p. 129). With OSINT citizens can assess an administration’s public characterization of intelligence, determine the level of consensus across the Intelligence Community around an issue, uncover the level of uncertainty of intelligence assessments, and assess how open the Intelligence Community is to sharing intelligence with the public. Equipped with those findings, activists can then increase the effectivity of their political action (because that information helps activists learn what and when to push for certain agendas), spur officials to scrutinize classified assignments (which would promote an increase in public sharing of information), and challenge or bolster confidence in certain intelligence assumptions with the latest information (which can help overall public safety and security) (Bean, 2011, p. 126-128). This method extends beyond government-based legislation. Regulations, for example, against ecologically damaging corporate practices can be attacked with these methods. In this way, OSINT becomes a means for the public and for victims to better push for safety and security focused reform.

In a less legally focused dissertation, Daniel Daniels speaks about the way OSINT can be used to ensure corporate security and the safety of the personally identifiable information of a company’s consumer base. “Information security studies,” Daniels notes, “have shown that just the accidental release of information to the public was the second highest cause of all data breaches and resulted in an average loss of $194 per capita” (2014). In these studies, Open-Source Intelligence and the operational awareness developed through its practice were found to have a significant relationship (Daniels, 2014). To state it clearly, OSINT can be used for counter-intelligence purposes to increase levels of security for a corporation. If an organization knows what information about itself and its workers is publicly accessible online via search engines, community threads, company blogs, and corporate websites, it can more readily prepare for enemy attacks (Daniels, 2014). OSINT can be used to identify observable behaviors that adversaries may key into, to determine how that information could be interpreted or pieced together to collect critical information, and to then select and eliminate those vulnerabilities to a non-exploitable level (Daniels, 2014). End-user behavior (taught and practiced on an employee level) can help prevent profile-enabled scammers and hackers from stealing an employee's credentials or tricking an employee into downloading malware. Behavior awareness practices taught at a company level can help employees reduce or avoid information sharing online that could help threat actors break into a company’s servers or data centers (such as a sticky note on an employee’s desk with a password and username that he or she accidentally showed in a workplace selfie). Beyond training, OSINT conducted by a company can show actual levels of compliance with security practices by members of staff. The vulnerability of a company to external malicious actors can only be fully understood through an overview of accessible Open-Source information. As companies continue to have access to updated, extensive data sets of confidential information of billions of users, the security of that data has become increasingly important. OSINT, although not full proof, is a substantial means for corporations to make informed security decisions.

It is important to note that Open-Source Intelligence is an incredibly powerful tool for malicious actors to “plan out attacks” against any corporations, government, and otherwise publicly accessible entity (Zhang et al., 2022). Online articles, search engines (such as Google or Baidu), video recordings (such as on YouTube or Bili-Bili), social-networking platforms, personal blogs, or any surface web platform are all means of gathering vulnerabilities for an attacker. Reconnaissance data is, “vital to a successful attack” (Zhang et al., 2022). These network scanners, data gathering tools, and social engineering techniques, however, do not always have to be used for personal or financial gain. In the same way that these collection methods can be used internally by a company to improve security practices, there are many instances in which White-Hat hackers have publicly shared exploits they found via OSINT to force companies to improve their security practices and to warn the public of data breaches.

White-Hacker hackers are ethical hackers who utilize their talents for the public good. There are several instances in which individuals, legally and non-legally, published their methods of exploitation to push for corporations, governments, or other entities to improve their safety, security, and accountability practices. In twenty fifteen, Charlie Miller published a video of him and another hacker remotely breaking into a Fiat Chrysler and controlling every aspect of the vehicle “from the radio and brakes to transmission and steering” (King University, 2019). This video and its fast virality led to the recall of one point four million vehicles, preventing malicious actors from using those exploits to harm members of the public (King University, 2019). In twenty ten, Andrew “Weev” Auernheimer compromised and released data from one-hundred and twenty thousand accounts from the AT&T 3G iPad customer website (Musil, 2014). Auernheimer publicly admitted to the release to several media outlets, expressing his intention to warn AT&T and the public after the company ignored his requests to fix the exploit. The website used by the company allowed for a loop-hole that gave a user access to other users “email addresses and [the] unique identifiers used to authenticate the devices on AT&T’s 3G wireless network”(Musil, 2014). Although his act forced AT&T to patch this vulnerability, the company pursued legal action against him. Aurenhimer was arrested, convicted, and held for three years before the conviction was overturned on appeal (Musil, 2014). With a new hatred for the federal government, Aurenhimer helped protect thousands of AT&T customers from a simple exploitation that compromised the personal data that they entrusted to AT&T.

Against and for corporations and the government, OSINT has become a more readily accessible information tool as time has passed. What was once an activity left only to state-sponsored actors has now become a tool for the masses for the better and occasionally for the worst. Activists, hacktivists, advocates, victims, lawyers, and companies continue to use Open-Source Intelligence to improve public and private transparency and safety. Although deep fakes and artificial intelligence have made it more difficult to verify information online, open-source intelligence can be used by an individual to improve the safety, security, and accountability of a corporation, government, or other publicly accessible entity. The public can protect themselves or their companies against scammers by using OSINT as a means of counterintelligence. Similarly, OSINT can be used as an instrument of accountability against governments, corporations, or any group that covertly neglects or harms the interests of the public. It is entirely up to the individual to make use of the information available to them at the touch of a finger. With some time, research, and online guidance, anyone can begin their journey into this not-so-mystical intelligence world.

References

Amos, D. (2022, June 12). Open-source intelligence methods are being used to investigate war
crimes in Ukraine. NPR.
npr.org/2022/06/12/1104460678/open-source-intelligence-methods-are-being-used-to-inv
estigate-war-crimes-in-ukr.

Bean, H. (2011). No more secrets: Open source information and the reshaping of U.S.
intelligence (Praeger Security International). Ebook Central. Praeger.

Bulao, J. (2022, November 26). How much data is created every day in 2022? Techjury.
techjury.net/blog/how-much-data-is-created-every-day/.

Daniels, D. B. (2014). Assessing the impact of security behavior on the awareness of
open-source intelligence: A quantitative study of IT knowledge workers (dissertation).
ProQuest Dissertations Publishing, Minneapolis, Minnesota.

Dubberley, S., Koenig, A., & Murray, D. (2021, March). Review of Digital witness: Using open
source information for human rights investigation, documentation and accountability.
Journal of International Criminal Justice, 19(1), 229–233.

GlobalData. (2022, May 13). The role of OSINT in the War in Ukraine. Army Technology.
army-technology.com/comment/osint-war-in-ukraine/.

Daniels, D. B. (2014). Assessing the impact of security behavior on the awareness of
open-source intelligence: A quantitative study of IT knowledge workers (dissertation).
ProQuest Dissertations Publishing, Minneapolis, Minnesota.

Dubberley, S., Koenig, A., & Murray, D. (2021, March). Review of Digital witness: Using open
source information for human rights investigation, documentation and accountability.
Journal of International Criminal Justice, 19(1), 229–233.

GlobalData. (2022, May 13). The role of OSINT in the War in Ukraine. Army Technology.
army-technology.com/comment/osint-war-in-ukraine/.

Human Rights Watch. (2021, January 13). Myanmar: Serious rights abuses persist. Human
Rights Watch. hrw.org/news/2021/01/13/myanmar-serious-rights-abuses-persist.

King University. (2019, June 23). 5 famous White Hat Hackers You should know. King
University Online. online.king.edu/news/5-famous-white-hat-hackers-you-should-know/

Koenig, Alexa. (2019). “Deep Fakes, Open Source Information, and International Criminal
Law.” AJIL Unbound, vol. 113, 250–255.

Murray, D., McDermott, Y., & Koenig, K. A. (2022). Mapping the use of open source research in
UN Human Rights Investigations. Journal of Human Rights Practice, 14(2), 554–581.
doi.org/10.1093/jhuman/huab059.

Musil, S. (2014, May 20). AT&T hacker 'Weev' sends Feds 'invoice' for time in prison. CNET.
cnet.com/tech/services-and-software/at-t-hacker-weev-sends-bitcoin-invoice-to-feds-for-t
ime-in-prison/

Perper, R. (2019, November 13). Uighur activists say China is running nearly 500 detention
camps and prisons in Xinjiang based on satellite images. Business Insider.
businessinsider.com/uighur-activists-satellite-images-china-500-camps-prisons-in-xinjian
g-2019-11.

Press Association. (2014, September 29). Peter Nunn jailed for Abusive Tweets to MP Stella
Creasy. The Guardian.
theguardian.com/uk-news/2014/sep/29/peter-nunn-jailed-abusive-tweets-mp-stella-creasy

Smith-Boyle, V. (2022, June 22). HOW OSINT has shaped the war in Ukraine. American
Security Project. americansecurityproject.org/osint-in-ukraine/.

Williams, H. J., & Blum, I. (2018, May 17). Defining second generation open source intelligence
(OSINT) for the Defense Enterprise. RAND Corporation.
rand.org/pubs/research_reports/RR1964.html.

Zhang, Frank, R., Warkentin, N., & Zakimi, N. (2022). Accessible from the open web: a
qualitative analysis of the available open-source information involving cyber security and
critical infrastructure. Journal of Cybersecurity (Oxford), 8(1).
Doi.org/10.1093/cybsec/tyac003.


Comments
new comment
Nobody has commented yet. Will you be the first?
 




This link is from a restricted area of the forums.
Forum



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.