Skip to main content

Über dieses Buch

One of the most important aspects for a successful police operation is the ability for the police to obtain timely, reliable and actionable intelligence related to the investigation or incident at hand. Open Source Intelligence (OSINT) provides an invaluable avenue to access and collect such information in addition to traditional investigative techniques and information sources. This book offers an authoritative and accessible guide on how to conduct Open Source Intelligence investigations from data collection to analysis to the design and vetting of OSINT tools. In its pages the reader will find a comprehensive view into the newest methods for OSINT analytics and visualizations in combination with real-life case studies to showcase the application as well as the challenges of OSINT investigations across domains. Examples of OSINT range from information posted on social media as one of the most openly available means of accessing and gathering Open Source Intelligence to location data, OSINT obtained from the darkweb to combinations of OSINT with real-time analytical capabilities and closed sources. In addition it provides guidance on legal and ethical considerations making it relevant reading for practitioners as well as academics and students with a view to obtain thorough, first-hand knowledge from serving experts in the field.





Chapter 1. OSINT as an Integral Part of the National Security Apparatus

The roles of law enforcement agencies include maintaining law and order, protecting citizens and preventing, detecting and investigating crime. OSINT can provide critical capability for LEAs and security services to complement and enhance their intelligence capability, as the ability to rapidly gather and accurately process and analyze open source data can be a significant help during investigations and used for national level strategic planning to combat crime. Thus, purposeful and legal monitoring, analyzing and visualizing data from open data sources should be considered as mandatory requirement of any national security strategy. This chapter showcases the breadth of current and potential uses of OSINT based on UK’s CONTEST strategy which provides the underlying basis of measures to prevent, pursue, protect and prepare against terror. It further proposes that to achieve efficient and innovative solutions, LEAs may be well advised to consider collaborations with private and public partners including academia using the successful implementation of the CENTRIC OSINT Hub is an example of how academia and LEAs can collaborate within the OSINT sphere in order to bring research into reality for the security and protection of citizens.
Babak Akhgar

Chapter 2. Open Source Intelligence and the Protection of National Security

Given the scale and complexity of the threats from international terrorism, intelligence agencies must continue to advance counter-terrorism measures to keep us all safe; and most importantly, seek new ways in which to embed progressive developments to ensure that the primary driver for change in counter-terrorism practice is not simply the next successful attack. Harnessing the power of OSINT via Big Data continues to be a game-changer for counter-terrorism policy-makers, professionals and practitioners. The purpose of this chapter is to explain the importance of OSINT within the context of national security and the role of intelligence agencies to prevent and protect citizens from the threat of international terrorism. To outline the operational requirements for intelligence agencies use of OSINT, this chapter also outlines key components of the modern terrorist threat, which includes explanations of terrorist radicalization development processes and how OSINT and the power of Big Data analytics is increasingly being used to combat terrorism and prevent violent extremism.
Andrew Staniforth

Chapter 3. Police Use of Open Source Intelligence: The Longer Arm of Law

While the internet and online social networks have positively enriched societal communications and economic opportunities, these technological advancements have changed—and continue to change—the very nature of crime, serving to breed a new sophisticated and technically capable criminal. Furthermore, the borderless nature of the phenomenon of cybercrime and the transnational dimensions of human trafficking, drugs importation and the illegal movement of firearms, cash and stolen goods means that criminals can plan their crimes from jurisdictions across the world, making law enforcement particularly challenging, the very reason why LEAs must maximise the potential of OSINT and seek new and innovative ways to prevent crime. Hence, it is essential for all practitioners, policy-makers and policing professionals to understand what OSINT is and what it is not, how it can be used and the limitations or conditions on it, as well as understanding more about the scale, scope and complexity of the threats from criminals whose methods of operating are becoming increasingly sophisticated. The purpose of this chapter is to explain the role and function of OSINT within the context of policing and existing intelligence collection disciplines, as well as to define OSINT from an LEA perspective and describe its position within the intelligence profession of policing.
Andrew Staniforth

Chapter 4. OSINT as Part of the Strategic National Security Landscape

This chapter looks at the context, application and benefits of OSINT for use in decision making, as an integrated part of the wider intelligence mix and, as an essential component within the overall Intelligence Cycle. OSINT is a growing and increasingly critical aspect in decision making by LEAs—and has been even before the burgeoning use of social media brought open source to the fore. But, its full integration into the wider intelligence mix, as well as into an overarching information governance framework, is essential to ensure efficient and effective contribution to usable intelligence able to support better informed decision making. Fundamentally, unless the system in which OSINT is used as interoperable as the system is in which decision-making is taking place, the application and value of OSINT will be far less effective, efficient and meaningful. This chapter addresses OSINT in the context of the Intelligence Process and the need to resolve the challenges and issues surrounding the integration and use of OSINT into the Intelligence Cycle. It further discusses how an overarching information governance framework may support OSINT for decision making within the wider Intelligence Mix.
Laurence Marzell

Chapter 5. Taking Stock of Subjective Narratives Surrounding Modern OSINT

This chapter highlights ongoing research towards improving current public perceptions of UK policing OSINT. The work aims to evaluate contemporary public misconceptions, exaggerations and under-acknowledgements of modern investigations and surveillance. In this sense the chapter is primarily qualitative building on existing literature that has focused specifically on the practicalities and various technical facets of modern OSINT usage. The chapter’s positions contribute to the increasingly complex and diversified field of modern OSINT by highlighting public concerns and counter-narratives to the reactive and proactive benefits, in particular through concerns of disproportionality, transparency, misuse and accountability.
Douglas Wells

Methods, Tools and Techiques


Chapter 6. Acquisition and Preparation of Data for OSINT Investigations

Underpinning all open-source intelligence investigations is data. Without data there is nothing to build upon, to combine, to analyse or draw conclusions from. This chapter outlines some of the processes an investigator can undertake to obtain data from open sources as well as methods for the preparation of this data into usable formats for further analysis. First, it discusses the reasons for needing to collect data from open sources. Secondly, it introduces different types of data that may be encountered including unstructured and structured data sources and where to obtain such data. Thirdly, it reviews methods for information extraction—the first step in preparing data for further analysis. Finally, it covers some of the privacy, legal and ethical good practices that should be adhered to when accessing, interrogating and using open source data.
Helen Gibson

Chapter 7. Analysis, Interpretation and Validation of Open Source Data

A key component for turning open source data and information into open source intelligence occurs during the analysis and interpretation stages. In addition, verification and validation stages can turn this OSINT into validated OSINT, which has a higher degree of credibility. Due to the wide range of data types that can be extracted from open information sources, the types of data analysis that can be performed on this data is specific to the type of data that we have. This chapter presents a set of analysis processes that can be used when encountering specific types of data regardless of what that data is concerning. These methods will assist an open source investigator in getting the most from their data as well as preparing it for further analysis using visualisation and visual analytics techniques for exploration and presentation.
Helen Gibson, Steve Ramwell, Tony Day

Chapter 8. OSINT and the Dark Web

The Dark Web, a part of the Deep Web that consists of several darknets (e.g. Tor, I2P, and Freenet), provides users with the opportunity of hiding their identity when surfing or publishing information. This anonymity facilitates the communication of sensitive data for legitimate purposes, but also provides the ideal environment for transferring information, goods, and services with potentially illegal intentions. Therefore, Law Enforcement Agencies (LEAs) are very much interested in gathering OSINT on the Dark Web that would allow them to successfully prosecute individuals involved in criminal and terrorist activities. To this end, LEAs need appropriate technologies that would allow them to discover darknet sites that facilitate such activities and identify the users involved. This chapter presents current efforts in this direction by first providing an overview of the most prevalent darknets, their underlying technologies, their size, and the type of information they contain. This is followed by a discussion of the LEAs’ perspective on OSINT on the Dark Web and the challenges they face towards discovering and de-anonymizing such information and by a review of the currently available techniques to this end. Finally, a case study on discovering terrorist-related information, such as home made explosive recipes, on the Dark Web is presented.
George Kalpakis, Theodora Tsikrika, Neil Cunningham, Christos Iliou, Stefanos Vrochidis, Jonathan Middleton, Ioannis Kompatsiaris

Chapter 9. Fusion of OSINT and Non-OSINT Data

Open Source Investigations do not exist in a vacuum. Whether they are law enforcement or intelligence agency driven, private industry or business driven or the work of a private investigator, it is more than likely that the investigations began with some data that is available openly and some that is not. Thus, from the outset the investigation has some open and some closed source information attached to it. As time goes on in the investigation, the police may elicit information from both open and closed source in order to establish the details surrounding the crime and to build their case. This chapter introduces some of the available data sources for developing open source intelligence and for closed source intelligence. It then puts these data sources into context by highlighting some examples and possibilities as to how these different data types and sources may be fused together in order to enhance the intelligence picture. Lastly, it explores the extent to which these potential synergies have already been adopted by LEAs and other companies as well as future possibilities for fusion.
Tony Day, Helen Gibson, Steve Ramwell

Chapter 10. Tools for OSINT-Based Investigations

This chapter looks at the essential applications, websites and services used by practitioners to form their OSINT toolkit, which may range from simple browser plug-ins to online services, reference databases and installed applications and every practitioner will have their list of favourites. The chapter does not recommend a particular piece of software or service or give detailed advice for specific system set-ups, rather it aims to equip the reader and their organisation with a framework to assess the tools at their disposal to give them some reassurance that they are suitable for their OSINT investigation and can demonstrate that they are secure, reliable, and legal.
Quentin Revell, Tom Smith, Robert Stacey

Chapter 11. Fluidity and Rigour: Addressing the Design Considerations for OSINT Tools and Processes

In comparison with intelligence analysis, OSINT requires different methods of identifying, extracting and analyzing the data. Analysts must have the tools that enable them to flexibly, tentatively and creatively generate anchors to start a line of inquiry, develop and test their ideas, and to fluidly transition between methods and thinking and reasoning strategies to construct critical and rigorous arguments as that particular line of inquiry is finalised. This chapter illustrates how analysts think from a design perspective and discusses the integration of Fluidity and Rigour as two conflicting design requirements. It further proposes that designs for OSINT tools and processes should support the fluid and rapid construction of loose stories, a free-form approach to the assembly of data, inference making and conclusion generation to enable the rapid evolution of the story rigorous enough to withstand interrogation. We also propose that the design encourages the analyst to develop a questioning mental stance to encourage self-checking to identify and remove dubious or low reliability data.
B. L. William Wong

Pratical Application and Cases


Chapter 12. A New Age of Open Source Investigation: International Examples

Whether individuals and organisations are ready for it or not, new opportunities and challenges presented by open source information from a variety of sources are something we must face now and in the future. It should be understood that this vast volume of online open source information allows anyone, for better or for worse, to become an investigator. What they choose to investigate could range from war crimes in a far-away country, to SWAT teams on their doorstep, and awareness of this behaviour is crucial in so many different ways. There are also many new tools being developed for those individuals and organisations in the public and private sphere that are aimed at aiding the process of open source investigation, be it for discovering information in the first place, or organising the information that’s discovered in a more accessible fashion. This chapter describes current cases of OSINT use by non-LEA (citizen) actors including their tools and techniques.
Eliot Higgins

Chapter 13. Use Cases and Best Practices for LEAs

The dramatic increase in the use and proliferation of the internet over the last 15–20 years has seen increasingly large amounts of personal information made, not necessarily intentionally, available online. Consequently, law enforcement agencies have recognised they must open their eyes to this information and begin to use it to their advantage, especially since one of the key benefits of utilising open source information is that it is significantly less expensive to collect than other intelligence. This chapter illustrates how OSINT has become increasingly important to LEAs. It discusses how those carrying out open source intelligence investigation work online might best go about such a practice through the use of specific techniques and how an officer may protect themselves while carrying out such an investigation. It further presents exemplar case studies in how these best practices may, or already have been, exploited in order to bring about tangible results in real investigations.
Steve Ramwell, Tony Day, Helen Gibson

Chapter 14. OSINT in the Context of Cyber-Security

The impact of cyber-crime has necessitated intelligence and law enforcement agencies across the world to tackle cyber threats. All sectors are now facing similar dilemmas of how to best mitigate against cyber-crime and how to promote security effectively to people and organizations. Extracting unique and high value intelligence by harvesting public records to create a comprehensive profile of certain targets is emerging rapidly as an important means for the intelligence community. As the amount of available open sources rapidly increases, countering cyber-crime increasingly depends upon advanced software tools and techniques to collect and process the information in an effective and efficient manner. This chapter reviews current efforts of employing open source data for cyber-criminal investigations developing an integrative OSINT Cybercrime Investigation Framework.
Fahimeh Tabatabaei, Douglas Wells

Chapter 15. Combatting Cybercrime and Sexual Exploitation of Children: An Open Source Toolkit

This chapter presents the UINFC2 “Engaging Users in preventing and fighting Cybercrime” software platform, showcasing how software tools designed to detect, collect, analyse, categorise and correlate information that is publically available online, can be used to enable and enhance the reporting, detection and removal capabilities of law enforcement and hotlines in response to cybercrimes and crimes associated with the sexual exploitation of children. It further discusses the social, economic and wider impact of cybercrime on a European and global scale, highlighting a number of challenges it poses to modern society before moving on to discuss the specific challenge posed by the proliferation of online child exploitation material and discussing the functionalities of the UINFC2 system as a response mechanism.
Elisavet Charalambous, Dimitrios Kavallieros, Ben Brewster, George Leventakis, Nikolaos Koutras, George Papalexandratos

Chapter 16. Identifying Illegal Cartel Activities from Open Sources

In a truly free marketplace, business entities compete with each other to appeal and to satisfy the purchasing needs of their customers. This elegant and efficient process can only succeed when competitors set their prices independently. When collusion occurs among competitors, prices rise, quality is often compromised and the public at large loses. In all developed countries around the world, price fixing, bid rigging and other forms of collusion are illegal and prosecuted through judicial systems. The relevance of OSINT for this form of activity is two-fold: as covertly conducted activity between parties, market manipulation and price fixing is particularly difficult to detect and prove while, at the same time, it is particularly susceptible to automated information discovery which can be vital for law enforcement agencies. However, finding even weak threads of evidentiary material requires extensive human and financial resources. This chapter proposes an automated methodology for text and data analysis, which aims to save both professional time and cost by equipping investigators with the means to detect questionable behavioural patterns thus triggering a more intimate review. This is followed by working examples of how OSINT characteristics and techniques come together for law enforcement purposes.
Pál Vadász, András Benczúr, Géza Füzesi, Sándor Munk

Legal Considerations


Chapter 17. Legal Considerations for Using Open Source Intelligence in the Context of Cybercrime and Cyberterrorism

The aim of this chapter is to raise awareness of some of the legal issues around open source investigations of cybercrime and cyberterrorism. The issues raised relate to different stages of the investigation process and highlight instances within each where various types of legislation may affect the activities carried out, or the progress of a case. Rather than attempt to provide an in-depth legal analysis, the author uses UK and European law to illustrate difficulties that may be encountered or factors that may need to be considered in this particular type of investigation. General issues of data protection and human rights are outlined and addressed and more specific topics such as lawful actions, disclosure and digital evidence are explored. The chapter also considers the reasons behind the legal issues and suggests some ways that problems may be overcome.
Alison Lyle

Chapter 18. Following the Breadcrumbs: Using Open Source Intelligence as Evidence in Criminal Proceedings

Intelligence and evidence are fundamentally different and while evidence can always provide some degree of intelligence the reverse is not the case. If intelligence is to be relied on evidentially it will need to meet the same forensic standards and clear the same legal hurdles as any other form of evidence. Therefore LEAs need to be aware of these standards and hurdles at the outset and to ensure—so far as practicable—that they are in a position to address them. This chapter addresses some of the legal issues that arise if OSINT material is to be used in legal proceedings, particularly within countries that are signatories to the European Convention on Human Rights (ECHR).
Fraser Sampson
Weitere Informationen

Premium Partner