This is going to be a brief introduction to OSINT and its function. I recommend everyone take time to learn these valuable skills and if you are interested further, to take time and research on your own or read some of the later content I will be posting here. Open Source Intelligence is the active data collection from public sources. OSINT within this context has been around since record keeping began, but with public records and documents becoming more easily accessible with the sudden domination of instant communications and social media, information has become much easier to exchange hands and be aggregated by public sources. Though OSINT is primarily used by 3 letter agencies like the NSA, FBI, and CIA, but also law enforcement, and business, this puts us alongside a strong backing with plenty of support and tools which are used by the public as well as these agents.

OSINT Categories

OSINT Sources are commonly divided into 6 categories, with some overlap in between.

  • Media, print newspapers, magazines, radio, and television from across and between countries.
  • Internet, online publications, blogs, discussion groups, cell phone videos, YouTube, and other social media websites.
  • Public Government Data, public government reports, budgets, hearings, telephone directories, press conferences, websites, and speeches.
  • Professional and Academic Publications, information acquired from journals, conferences, symposium, academic papers, dissertations, and theses.
  • Commercial Data, commercial imagery, financial and industrial assessments, and databases.
  • Grey literature, technical reports, pre-prints, patents, working papers, business documents, unpublished works, and newsletters.
  • Out of these 6 I would look to specialize in or take special interest in Internet and Public Government Data as these 2 alone will cover most if not all of your OSINT needs.

    Risk Assessment

    Now that we have clarified and classified OSINT I need to make a point about risk. A practical use OSINT does carry a varying amount of risk and potential danger to those performing the operation but also to those being targeted during the operation. As the practitioner the volume of information you have to deal with becomes cumbersome and can place many curious eyes on you and carries the risk of information on yourself being sought out, like a Spy Vs Spy scenario. But there is also risk to the target as the amount of data being distributed increases the data available, most of the public sources being used has a flag feature that places searched and index information in a category to be found easier in the future but also flags that you or others have been looking for it, which could do harm to the target if that is not your intention. And if you are looking beyond simple investigation and you are a journalist. While you have some protection in asking questions, and researching for recognized media outlets, you can be imprisoned, even executed, for seeking out OSINT. Private individuals illegally collecting data for a foreign military or intelligence agency is considered espionage in most countries. Of course, espionage that is not treason and has been a tool of state for quite some time.

    Additional Resources

    Below I will be providing several links to allow you to explore more into OSINT practices. I will also be posting more in the future in regards to OSINT and will be taking many ques, guides, and tools from these sites.

  • https://osint.org/
  • https://resources.infosecinstitute.com/
  • https://inteltechniques.com/
  • https://shop.hak5.org/
  • https://null-byte.wonderhowto.com/
  • https://www.youtube.com/watch?v=6kBOCnOlwqI&list=RDQMdmZE44K88nc&start_radio=1