The dangers of making assumptions with Open Source Intelligence.

Recently I have come across a great many individuals and companies talking about OSINT (Open Source Intelligence), SOCMINT (Social Media Intelligence), IMINT (Imagery Intelligence) and any other of the "INT's".

I have also gained a great deal of really intelligent and aware contacts in this field, and I particularly enjoy some of the insights that those contacts share with me, as it helps me learn different tips and tools.

A few days ago however, I discovered something pretty dangerous on one of these insights. It was a software vendor showcasing their latest piece of technology which 'connected the dots' through information gathered from the public space.

Due to the amount of data out there in OSINT sources - I mentioned before in my other article - it's close to 2 billion images PER DAY - it's pretty obvious that we do need some sort of technology to assist with our day to day investigations, as it would be completely impossible to gain insights or meaningful data by investigating manually.

So tech companies are creating solutions to these issues, and connecting to all of the open and closed API's out there in publicly available data realms. This is fantastic, as it allows us to take keywords and topics to discover what is being discussed, and data that was uploaded by "Mr No Followers", might be key evidence that could go unnoticed due to lack of impact (trending/reposting/sharing).

Some of the solutions created have been harvesting and scraping solutions, where software effectively goes out to the internet and scrapes/downloads it. Which is a MASSIVE privacy and data storage NO NO, as this breaches all of the data regulations in Europe, and in fact most of the world. See the article here where Clearview were doing exactly that and got in real trouble.

The article I discovered by this software vendor effectively showcased the fact that their software could connect to an API that could identify the details on an aircraft tail number, then branch off that investigation and take that data to do further research and discover data about individuals linked to that discovered data.

This is fantastic tech, and a great workflow for massive data - as it can reduce down the analysts work time, and manual work that would have been done otherwise. To create the same result, i needed two browser windows, and was actively manually comparing data across the two - a very manual process.

Due to my background - I was at a Digital Forensics vendor for 5 years, and before that I worked on solutions to financial crime - I always like to validate data. My questions are: "Where is the proof?" "What is the evidence" "How did we get that evidence" "Can that workflow be recreated?"

The reason for this is that there are peoples livelihoods at stake, their reputation, their employment. We need to be sure that the data we are seeing, is accurate, and can be recreated so others can see this data.

In the article, they showed their system linking an aircraft tail number to a company, then linking that company to a company director, named that company director, then insinuated in their report that he had a criminal record and posted all of this information publicly on the internet.

However, an analysis of the data in question by myself and another extremely intelligent analyst Alia showed that the plane had a fake tail number and the original aircraft and it's flight logs were found.

The company director associated with the real tail number was completely innocent, and has a good career, excellent reputation and works for a great company, and hopefully, this sort of thing never comes back to haunt him because as we know, once something is on the internet, it's never really gone, even if it is deleted - sites like the wayback machine can attest to that.

This is the danger of making assumptions with open source intelligence, and having the human element remain active 'at the wheel', to check, double check and confirm the data being displayed is actually correct and the analysis can then take that data and turn it into evidence.

All of this article is my own work, I don't pay third party companies to write articles in my name, so excuse the spelling, grammar and typos.

This article names no businesses and accuses no real individuals of wrongdoing. Any assumptions about the subjects within this article may be entirely fictional and for educational purposes.

Please feel free to add comments and insights - I love the feedback!

About

Sam has a long standing background in Technical Pre-Sales Support, Solution Consulting and Compliance. Sam is a specialist in supporting new and potential client opportunities, by building and delivering bespoke Proof of Concept projects utilising the entire product estate. His rich and varied skillset allows him to immerse customers into new product experiences, tailored to their personal workflows.

Sam is currently working in the field of OSINT investigations, solving regional and international based crime and incident and showing the route to result as a 'use case' demonstration utilising live open source data.

Sam has authored a number of Industry related articles on subjects including GDPR, Financial crime, OSINT and Digital Forensics.

Sam’s areas of interest include Cloud Technology, Artificial Intelligence and OSINT investigations.

In his free time Sam likes flying light aircraft, motocross, superbikes and Drift Motorsport.