OSINT, or open-source intelligence, is a kind of reconnaissance operation that became extremely popular in the last few years. The known events in the Eastern Europe gave the other punch in the popularity of this activity. Both sides receive tons of information from just scavenging in social networks. There are also dozens of other, much more peaceful appliances for that activity. But what is the secret of using such a technique? How to use open-source intelligence?
1. Name the thing you are going for.
Any pointless activity is at least not very productive. In the case of OSINT, having no target in the investigation makes it just an eternal netstalking event for you. Knowing the exact type of information will not only define where you are about to stop, but also decrease the number of tools you are about to use. Not all OSINT tools are free – ones designed for the detailed analysis of the logs you’ve found may cost a pretty big sum of money. Hence, you will possibly save your money as well.
2. Choose the sources.
Having the defined target, you are good to determine what kind of sources you will use. Social networks of different types will provide you with different data. Searches in Google may also give you some interesting facts; using specific resources with the information about entrepreneurship will give you the other portion of pretty confidential information. If you know the other places where the info may be posted (the site of the university, clinic, etc) – you are good to go.
- Facebook, Instagram and Twitter will arm you with info about the subject’s opinion on certain topics, and recent activities. In particular, Instagram can show you the locations where the subject was last time. Friend Lists in all of these networks will give you the info about personalities from the subject’s life
When we are talking about searching the information on a certain topic, hashtags in those networks will ease your job by orders of magnitude. - Instagram, Pinterest will show you the interests of the subject. Preferred types of pictures, favourite colour combinations, beloved animals and clothing styles. If you want to surprise a girlfriend – these are the best places to search for ideas.
- Facebook and LinkedIn are the places where people often leave the information about their employment. The last one is created specifically for that purpose, so if you want to know where the subject is (or was) working – here you go.
3. Choosing the instruments
In social networks, you will likely find information that does not need any processing. Names, locations, facts – all these things are ready for you to take them into account. However, not all things you’ll find during the operation will be so easy to analyse. For photos, geotags, some toponyms and metadata you will need to use additional software. Fortunately, the vast majority of programs for that purpose are free.
Digital photos may contain a lot of information, both on the exact composition and in the metadata. On the photo you can spot the sightseeings, shops or cafes that may uncover the location where the photo was taken. Buildings may also be the tip to uncover the place: with the use of specific tools, based on neural network analysis, you can get the precise location of that place – of course, with a chance to miss. EagleEye is one of the most esteemed free tools for picture analysis.
Some websites are offering the full kit of different tools for open-source intelligence. Sites like OSINT Framework offer dozens of tools, up to 3-5 instruments for each reconnaissance surface. Combining them will bring you much wider and more relevant information. It is also important to note that a lot of tools for OSINT you can find on the web are open-source and available only for Linux.
4. Safety rules
OSINT can easily be classified as spying or netstalking, depending on who’s judging. One may say that these things are not so bad, but the majority of people will say that it is amoral. That’s why it is better to use OSINT only in cases when you are not intended to contact the subject. However, the fact that you tried to find some information on someone during the course of OSINT events will not likely be detected if you will keep it a secret.
OSINT is stealthy, contrary to the classic reconnaissance methods, which still may be detected. But saying things like “I’ve seen that in your photo” when there are no really remarkable things on it will definitely point at your investigation. If the subject will check it out, of course. Sure, for just collecting the information from open sources you will not be held accountable. However, society may react sharply in that case.
5. Compiling the collected information
After having the full kit of information you may need, it’s time to compile it into a one piece, that will answer the question that pushed you to this investigation. It is similar to a jigsaw puzzle, or the mosaic – get all particles conjuncted and you will get a picture. After the successful OSINT event, you may have the full dossier on the person, or the complete information about the event. Analysing the information may be not very easy, but, again – when you know what you were going for, and made a right choice on the OSINT tools – you will likely get the information in a pretty easy-to-analyse form.
Some of the OSINT tools (and ones advised above) can already output the information in the readable form. However, some give you just raw data, which still needs the additional processing. Doing it yourself, or applying some other programs for making it structured – that is only your choice. Both of these methods may give you an acceptable result, but manual analysis will shape the results in the form that is most suitable for you.