OSINT & Protective Intelligence: In the digital age

The goal of this article is simply to open the minds of those who may be interested in learning more and encouraging them to conduct their own research and find new and innovative ways to incorporate these aspects into their protective operations as this is just a basic overview of just some ideas and in no way covers the huge amount of resources out there at our disposal.

I have written similar articles in the past of various types of Intelligence categories although I now want to hone in on the application of protective intelligence analysis within the close protection and security Industry. Specifically we are going to look at this from an OSINT perspective and digital aspect as protective intelligence also includes HUMINT, SIGINT, Surveillance etc.

We live in a digital age, the internet was once simply a means of entertainment and communication however over the years it has evolved to be a crucial part of everyday life. As it has evolved so to with it has the risks and vulnerabilities that where once inconceivable to to those working in a protective role..

The threat landscape for clients and events are under constant review due to the dynamic nature of the world we live in today. Nevertheless this also means that we have a growing arsenal of resources at our disposal in regards to intelligence specifically that which is Open Source.

Lets look at some useful methods and techniques we can leverage in order to give us a greater advantage and hopefully a ‘better hand’ then our adversaries.

Client Based Analysis

When Identifying the threat landscape of a new client or task it is important to not just consider their public persona, professional standing, logistics protocols, previous history of risk, etc. But it is vital that we also gain a greater understanding of their digital footprint so as we can begin to assess as to what level of information an adversary could use to gather a profile on their target/your client.

I always like to begin by using a technique known as ‘Pivoting’ this is when you use one piece of information to lead onto another. For example we can start by the typical google search of the clients name, although unlike the day to day ‘googler’ we are going to refine our search queries by using what is known as

 ‘Boolean Operators’.

We are not going to go through the full list of Boolean operators as that is a full article in itself however lets look at some of the main ones we can use to our advantage.

1. Quotation marks (“John Doe”) - If we put John Doe into a google search this could provide results that include both the name John and the name Doe but with the use of quotation marks this tells google that we want specific results that only include “JOHN DOE” in sequence as one whole name rather than displaying results for both john and doe.

Lets just say for this example that results came back and included findings that stated john doe worked for NASA. Now we can use this information to pivot our search query to narrow in on JOHN DOE who works at NASA.

2. PLUS SIGN (+) - now we could search using quotation marks again by inputting “JOHN DOE” “NASA” but this would result in displaying findings for both john doe and for NASA so instead we can add the plus sign to tell google that we want anything that is related to john doe but includes direct reference with NASA so our search query now becomes - “John Doe”+”NASA” giving us exact results.

3. SITE: - The method above could give us back all results including newspaper articles, interviews etc. Bu t what if we wanted to find results from a specific website using our search query? We would now use the SITE: Boolean operator. If we want to search for results solely from one specific website the we could adapt our search query to - “John Doe”+”NASA” Site: (Followed by the site we want results from).

Okay so lets now say we have used the above methods and found some information on the company website including an email address for our client..Now we can use this email address to pivot onto our next level of intelligence gathering.

There are many other more advanced ways of analyzing a targets digital footprint such as Maltego but we will save this for another day.

Data Breaches

So we now know the name, company and email address for the target and very possibly some other information such as background, age and role from company bios etc.

But now we can use this email address to assess if an adversary could acquire personal information such as direct phone numbers, home addresses, ip addresses and even personal passwords belonging to our client.

Instead of writing a whole section on this simply check out this video as I have done a practical demonstration of how to do this:

https://www.facebook.com/watch/?v=2841989819178270

I don’t think I need to explain just how dangerous this information could be to our operations and the clients organisation and reputation alike as if an attacker was to gain access to someones email address, social media accounts ect then they could reap havoc and spread spyware, launch ransomware or even just simply embarrass them publicly.

These are just the tip of the ice berg when we consider just how deep the ocean of Open Source Intelligence is, one of the absolute best collections (in my opinion) of information and tools for OSINT is what is known as The OSINT Framework, it is a collection of links to various tools and resources available to our disposal, each are categorized into starting points based on the primary source / information we wish to pivot from so be sure to check it out, you will not be disappointed!

The OSINT Framework:

GEOSPACIAL Intelligence

So we have all seen these cars driving around with roof mounted 360 degree cameras for mapping out Geospacial data used for developing google street maps etc. And we are familiar with Google earth but many don’t realize the true potential of this technology and data sets in the application of protective intelligence.

GOOGLE EARTH STUDIO

This is one of my favorite resources for pre-op planning and logistics. Yes you can take a screen shot of the standard google earth imagery but did you know that you can create interactive videos which include your own data sets?

These can be vital in our pre-op mission briefing as well as emergency planning as you can easily develop clear and direct route planning with the use of its satellite and 3D imagery making what was once a 20 minute presentation of route analysis into a 3 minute interactive video explaining every aspect of the logistics with in-depth and fluid visual detail breaking down each step of the operation. This is specifically helpful for auxiliary staff to understand who may not have a background in operational planning. It is also good for getting the ‘Lay of the land’ for those tasks that don’t accommodate for pre-reconnaissance with an advanced team as the level of detail in the 3D mapping is extraordinary, it can provide details such as exits and entrances including the fine details such as whether the door opens inwards or outwards etc,

Explaining Google Earth Studios is also an article within itself but I HIGHLY recommend checking it out and spending a few days getting to know just how powerful it is.

Here is a link to its website and also a video clip of a basic example:

Google Earth Studio: https://earth.google.com/studio

For the more elaborate of tasks there are various databases available online which offer unique insight into political and sociological ideologies of various regions specifically those with political unrest and conflict zones including ones such as:

Global Terrorism Database:

CIA World FactBook:

SOCMINT: Social Media Intelligence analysis  

Social Media is the ultimate cash cow in relation to both targeted and mass intelligence. It is important to remember that social media accounts are mainly free services as the grim reality is that the users themselves are the commodity for the company. Every time we download a new app or join a social media account and even simply reading an article on some websites first we need to click that dreaded ‘ACCEPT’ button. By doing this we are consenting for the company to gather and sell an abundance of data about us.

Here we are going to look at some more advanced methods of SOCMINT that do require some preparation however can be well worth the effort!

Lets say we have been informed of a possible hostile who may have malicious intent towards our client or task.

The first step will be to gain a profile of this individual that includes basic information such as full name, a picture to use for PID (Positive Identification), etc. Then we might want to have a look through their social media posts to gather an understanding of their psychological tendencies etc.

Again here is a useful video to save time writing and it will give a practical demonstration on a method used to identify the targets various social media accounts which may lead onto other avenues of pivoting.

VIDEO:

This method is also very useful in the world of corporate security and for HR departments to monitor activity of an individual.

Protective Intelligence and the use of OSINT can also be utilized during and throughout any protective operation not just for High Level CP/EP teams but also for security control rooms at mass capacity events to monitor activity for both proactive and post incident response.

TWEETDECK

Tweetdeck was initially made by Open Source developers but once the big dogs realized its full potential twitter actually purchased it from the developers for $40 Million dollars back in 2010.

Tweetdeck is in ‘my opinion’ one of the best free Open Source resources for active live monitoring which can be a huge asset to security teams at all levels as it allows for real time monitoring and engagement of activity and has a number of advanced features which enable us to make use of its filters to acquire and monitor specific content associated to our threat landscape and task at hand. (Con -It will only index content on twitter not other social media)

Such filters include:

• Content - Tweets matching keywords, media type, dates and time, language, or including or excluding retweets.
• Location: Tweets geotagged in a specified location.
• Users: tweets from specific accounts, such as potential hostiles that we have identified and flagged via our pre-op intelligence gathering stage and included them as members of a monitor list.
• Engagement: tweets with a minimum number of retweets, likes or replies.

Additionally it allows us to set up alerts if tweets are posted with any certain specified keywords, this may include a big list such as our clients name, company, hate speech keywords or words which suggest hostile intent such as dead, kill, fuck, knife, etc. There is no limit to this other than your imagination although it is important to note that greatest risks can be what we call ‘information overload’ meaning that if we add to many keywords without direct parameters this can inundate us with too much information and therefore reduce our identification and response times to actual valid actionable intelligence.

Yet again we could do a whole article on this so take it for a test ride in a controled environment and get to know it before deploying it in the field.

Yes this article is to cover free open source methods although it would not be complete without mentioning paid professional services such as ECHOSEC

Echosec is a highly professional OSINT software platform used by corporate, diplomatic and government agencies for open source threat intelligence. If you have a high networth client and a healthy budget then maybe this is exactly what you are looking for, visit the website to learn more.

ECHOSEC: 

DISCLAIMER: This is not intended to be a definitive guide but more of an overview of some possible opportunities and avenues to check out as each task and client alike vary in regards to threat landscape so it is important to first identify this and then assess some of these options for suitability within your protective operation. Additionally I am not endorsed by any of these services.

If you liked this article then please let me know, feel free to connect with me on LinkedIn, check out some of my other articles and also like my company page on Facebook as we post related video content every week which you may also like.

But most importantly please please help show support by sharing this article and if you have any other tools or resources then please drop them in the comment section to share with others.

Also for those interested I will be instructing an OSINT training course this summer at ESA HQ in Poland with our partners from the Information Warfare Center from America, click the link below to find out more:

LINKEDIN:

ELYSIUM RISK MANAGEMENT FACEBOOK PAGE: https://www.facebook.com/Elysium2020