OSINT is A State of Mind
Most true ‘OSINTians’ are members of a small group who go public. They go public on their skills, knowledge and findings. And there are the dark OSINTians, they never go public on what they do. They treat OSINT like Gollum treats his precious. I can understand that it might give them an advantage in certain cases and I think we all keep certain gems to ourselves when it comes to techniques or tooling, but one thing they have in common, when they go public they only talk about the end results.
When they publish their results, they are applauded for it and rightly so. Great research is great research, but its a shame their methods remain a secret.
When it comes to OSINT i’ve noticed one thing that stood out over all these years, which is what I want to write about today.
OSINT as a mindset
OSINT isn’t a tool or script you build or got your hands on. I see too many people starring themselves blind on finding and building tools that will do certain OSINT stuff. Scrapers, scripts, reverse lookup tools, etc.
I like them too and couldn’t do without them. My point is what is the use of a tool or script If you do not have a search plan? What are you looking for? Where can you find what you are looking for?
I my opinion there simply isn’t one tool to conduct OSINT.
Unless You Count Your OSINT mindset!
When you start doing research you need think about how to find all the data that is needed to come to an certain (actionable) intelligence view. You have to consider the use of certain sources and tools and weigh them against each other to make decisions. You must keep your personal bias in mind because it could blur or influence your research. In fact on each question you formulate you must be your own devil’s advocate. Are you being objective? Are these the right questions? Does the data provide everything needed to answer the question(s)?
This is al part of the mindset. Critical thinking is key to conduct OSINT research. Keep in mind the data you collect could contain information to deceive you. For instance fake news, bots, falsified reports are everywhere. Are the sources you use trustworthy and why are they considered trustworthy by you? I read in on cases and reports by OSINT researchers all the time.
What most reports do not describe is:
What was the initial research question?
What were you trying to answer?
What sources did you pick to answer that question
Are those sources reliable?
Whats gaps are there left behind from choosing those sources?
What keywords did you formulate to try and answer that question?
Why those specific keywords?
Why did you use that tool or script?
Most important, when conducting the research what question(s) couldn’t you answer? And a partial answer is an answer, so describe that!And last but not least not finding the answer to your question(s) is an answer to!
Its the intelligence cycle which makes ones search as complete as possible. I rarely see that cycle/process in reports. Which leaves me with so many questions when i read reports. I mean when you conduct osint research you should have nothing to hide in your used steps, tools and methods.
You need to be transparent on the way you did your research. Think about it, what value do conclusions have when the chosen path isn’t 100% transparent? Personally I like to mindmap each step i take, to keep track on what i am doing and to prevent i missed a step or didn’t exhaust a step to its full extend.
Not saying this is the best method for conducting osint research but at least the research is whole process is 100% transparent to me and the other party/client.
These are the steps I take :
1. Pick your research subject (preferably do an intake with your client and define the question(s)Define answerable question!)
⁃ Get me everything on John Doe isn’t answerable (what is everything?!)
⁃ Has John Doe been in location x with person y is a answerable question!
2. Do homework on the subject (know your client and its adversary)
3. Define the main research question, preferably with a subset of questions. One of the oldest ‘tricks’ in the book is using the the 7 W’s. (It’s 8 actually).
⁃ what with
⁃ which method
4. Define sources
5. Gather keywords on each research (sub)question
6. Think of what (osint) tools should be needed for this research
7. Quick scan search (i call this the timer search to prevent from drowning in info once you really start researching)
8. Are preliminary findings what you expected to find?
Otherwise repeat step 1 to 5.
9. Gather the needed info, exhaust your sources.
10. Refine & analyse the found information.
11. Are the secondary findings what you expected to find?
Otherwise repeat step 1 to 8.
12. Report. And include everything! The things you found & analyzed also the things you didn’t find. Test your findings withmethods like ACH techniques.
13. Let the report rest, really. Do not immediately send your report out. After letting it rest be your own devils advocate. Ask yourself If i was a client or subscriber to this report would it contain all the right (objective) findings? Maybe let someone read it who isn’t familiar with the research subject matter also, they tend to be objective and could come up with some great questions to dig in and make your findings even better.
14. When one gets back on your findings/report with new questions repeat all above steps.
So there you have it an intelligence (research) cycle which can only work when you set your mind in a proper way thinking to it.
I know i takes a whole lot of effort and discipline to work on cases this way. It is a time consuming process constantly reviewing your steps and logging every step like a crumb path. But when you do it you can always take a step back, because sometimes you will cross an intersection in your research with a dead end. Just go one step back look into your log and go in the other way at the intersection. This also helps in your later report as you can always declare which choices you made on what ground at that moment in time.
To sum it all up osint as a mindset isn’t just looking into some open sources. Osint as a mindset requires critical thinking about how to collect as targeted as possible raw data, refine the data and distill it into (actionable) intelligence and being transparent on methods used, choices made and being clear about gaps in your analysis.
This blog was originally posted on Medium on Jan14, 2018