As the Internet has come to play an increasingly central role in people’s lives across the globe, the information on people, businesses, places and things has expanded exponentially. This has major implications for data collection and intelligence. Open-Source Intelligence (or OSINT) is the process of using this data and other publicly available information, to research somebody or something.
The U.S. Department of Defense defines OSINT as intelligence “produced from publicly available information and is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.” This definition is important because it helps differentiate between “information” and “intelligence” – two terms commonly used interchangeably. Intelligence in an active procedure with a stated purpose (e.g., conducting customer due diligence or doing research on a business competitor) whereas information merely refers to the data that is available.
OSINT has a long history, playing a central role in the interception and analysis of foreign radio broadcasts during WWII. In the digital age, however, the scope of information that can be accessed for OSINT is magnitudes greater.
Strategies for OSINT, while relying heavily on the use of search engines like Google and Bing, goes beyond the traditional online search. Searches can also extend into the “deep web”, accessing sites that are publicly available but not listed in traditional search engines. Furthermore, applications like Google Earth, Zillow and social media networks provide bountiful information on geography, real estate and personal relationships respectively. There are also both online and offline databases maintained by local, state and national government authorities that house business incorporation records, building blueprints, campaign finance contributions and much more. However, working with such vast amounts of data requires tools and information mapping techniques to aggregate and organize what is collected.
Rae Baker identifies the seven key steps for OSINT as follows:
- Start with what you know (email, name, username, etc.)
- Define requirements
- Gather the data
- Analyze collected data
- Pivot as needed, using new gathered data
- Validate assumptions
- Generate report
The applications for OSINT are essentially limitless. For financial institutions, it plays a critical role in Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures as well as more general risk management. Journalists, law enforcement agents, cybersecurity professionals and general researchers utilize OSINT to cover stories, investigate criminal activity and missing persons cases and identify hackers. In fact, Chris Pallaris estimates “that OSINT provides between 80 and 95 per cent of the information used by the intelligence community.” Individuals can also employ OSINT strategies and tactics for client research, double-checking property listings and searching for contact information of targeted parties.
As FinTech and RegTech companies continue as increasingly important players in the financial industry, OSINT will be at the heart of such developments. Leveraging open-source information to create financial and non-financial risk ratings, screen negative media, monitor regulatory developments and even anticipate black swan events are just a number of the benefits provided by this powerful, though often underestimated, strategy.