The cult of the search in open-source intelligence

Open-source intelligence (OSINT) is having a moment. Just a few years ago, presentations on OSINT began with a quote from one of a few different senior intelligence community officials who reportedly said that somewhere between 80-90% of valuable information comes from public sources. Many presentations today start similarly, but OSINT no longer needs the validation of government greats. Films like Searching and Don’t f**ck with Cats have introduced the discipline to a wider audience, organizations such as Trace Labs host popular OSINT competitions for the common good, and the investigators associated with the website Bellingcat are now media fixtures.

These developments are welcome news but have created a somewhat misleading perception of OSINT as a field primarily for technically advanced investigators who use sophisticated techniques and programs to doggedly hunt down the proverbial “needle in a haystack” of information. The reality is that most OSINT work in the corporate security environment is more akin to wading through piles of gems and the greater challenge for intelligence analysts is typically deciding how to arrange these gems into a coherent narrative.

One reason for this is the need for speed. Anyone who has worked in corporate intelligence is probably familiar with competing deadlines, short-term requests, and crisis situations that constantly require re-evaluation of intelligence priorities. This problem is especially serious for “one-man shops”— of which there are many — and for analysts with responsibilities for both investigative and global risk analysis. It is even more severe for companies that do not have dedicated analysts at all. During a recent intelligence training, an investigator responsible for following up on countless workplace incidents asked, fairly, how someone in his position could be expected to keep up with the OSINT field amidst his other duties. All in all, the rapid-fire pace of a corporate security or consulting environment prevents most OSINT tasks from looking like the drawn-out affairs highlighted in crime documentaries or Bellingcat’s inquiries into geopolitical incidents.

Standardizing and formalizing information collection also lessens the need for the most technical kinds of OSINT in an established intelligence program. A quick search of well-known investigative databases fills in the gap on much of the needed personally identifying information and in some cases criminal records (at least within the U.S.). Pre-established lists of sites can help analysts quickly go to reliable data sources for intelligence. And paid platforms such as ONTIC, Scopenow, LifeRaft Navigator, Echosec and others connect the dots on social media identities and assist in monitoring.

Whether intelligence is handed to the analyst on a plate — as in the scenarios above — or original research needs to be conducted, it is often the case that there is too much information to digest rather than not enough to find. It is at that point that the critical skills of interpretation and concise writing or presentation take over. Finding the Facebook profile of a subject in a workplace violence case does not do much if an analyst cannot explain how dozens of posts or photos offer insight into the behavior of a person of concern. Similarly, it is not enough to find incidents of crimes or terrorism in a foreign travel location. The analyst must, additionally, weave together a story that helps a security manager making decisions on executive protection or facility security.

Do not get me wrong – creativity and OSINT study are required of practitioners. There is no greater satisfaction than finding a foreign-language PDF file that provides color on a question that would otherwise be answered only through interviews with locals. Neither is there anything more important than semi-purposefully stumbling into an obscure blog that maps out the ideology of a threat actor. Yet the daily life of an OSINT specialist is more about trudging along than sensational finds. As a corollary, hiring managers should be seeking reliable analysts rather than OSINT superstars. Let us not worship the digging too much.

Daniil Davydoff, CPP, is Director, Research Management and Operations at Eurasia Group and director of social media for the World Affairs Council of Palm Beach. He has been published by ASIS International/Security Management, Risk Management Magazine, The National Interest, The Carnegie Council for Ethics in International Affairs, Foreign Policy and RealClearWorld, among other outlets. His views do not reflect those of his company.

Daniil Davydoff can be contacted on LinkedIn or at davydoff@eurasiagroup.net

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

Are you ready to elevate your security game and take charge of your data-driven decision-making? As today's industry leaders know, data is key to driving impact and success.