Maybe the old axiom—the more things change, the more things stay the same—isn’t actually true, at least when it comes to exploiting open source intelligence.
I joined the US Army in 2005. US troops had already been fighting in Iraq for two years and in Afghanistan for four. However, my initial SIGINT training still focused on Cold War-era communications systems and electronic orders of battle. During my deployment to Iraq in 2007 we were sent into harm’s way with collection and analysis systems that were still in beta testing!
Yet America’s adversaries had evolved. In the last few decades, the world has seen internet cafes, WiMax, and satellite internet proliferate. Reporters embedded today on the front lines of the Battle for Mosul receive 3G coverage on their smartphones. Our friends and enemies are more reliant on digital communications than ever before. Stronger encryption technologies and social networking are becoming paramount in the day-to-day functions of states and subnational actors.
Open source intelligence (OSINT) now makes up the majority of Digital Network Intelligence (DNI). This discipline must be cross-trained across the board. Professionals involved in intelligence and law enforcement must thoroughly understand OS-DNI in order to do their jobs more effectively, and not treat it as a secondary information source. OS-DNI capabilities should be a “must have” versus a “should have.”
Although units exist across the intelligence and law enforcement communities that perform OS-DNI, those shops still remain a tiny minority and a ‘new fad’. The four I have visited in the last year are groups full of older people who still merely translate news articles and speeches. This mindset across the national security community toward exploiting OS-DNI must change, and quickly.
First and foremost, state actors utilize open source capabilities in numerous ways, as it is freely available and does not require costly SIGINT infrastructures. The Russian operation to influence the last Presidential election using thousands of social media puppet accounts to cause disinformation is a key example. Other movements such as the Arab Spring have challenged many regimes across the Middle East. Smaller states without the resources and expertise of the US rely heavily upon OS-DNI, which has provided them with the locations of military units, and rival political leaders, and foreign commercial VIPs.
In addition, OS-DNI has become one of America’s greatest weapons against terrorist groups such as the Islamic State and al Qaeda. For early June of 2015 an aerial bombing was conducted utilizing geotags from Instagram against an Islamic State safehouse. That data was OS-DNI that I suspect was extracted and viewed using the shareware tool GeoCree.py. Subnational actors’ aggressive use of this open source capabilities remains both their strength and weakness. These groups depend heavily on social networking for propaganda, recruitment, support, and fundraising.
While these groups’ reliance on open source somewhat exposes them to surveillance and state players OS-DNI still favors sub-national operations, as they can perform target research, target reconnaissance, and even conduct cyberattacks utilizing social networking and online public records. For example, the Palestinian terror group Hamas recently exploited OS-DNI by following Israeli soldiers on social media to determine the location and functions of units by posing as attractive men and women. Cyber players such as Anonymous perform spearfishing campaigns or conduct distributed denial of service (DDOS) attacks using information they unearthed via Google Hacking or exploring EXIF.
Non-state players in OS-DNI (as well as cyber in general) also have access to information that only state players used to have the capability of obtaining. There are perhaps 3.5 billion people now connected to the Internet. Collection methods, shareware, and lack of security in new technologies are allowing less sophisticated players access to satiate their intelligence needs. At my position at the cybersecurity firm Fortalice I use and exploit OS-DNI every day to support both the private and public sectors. My target set has ranged from cyber stalkers to dangerous extremists.
What can be done to counter its effects on the state and regular citizens? Sadly, the truth is the door has been opened, and there is no closing it. To counter the threats we face from adversaries in the OS-DNI realm information security (INFOSEC) is: mitigation. Good steps to mitigate threats through education, making violators accountable by penalizing poor operational security (OPSEC), and restricting the use of mobile devices and cameras in sensitive places. Failure to do so empowers criminals and America’s adversaries.
Vince Crisler, a cyber security tech guru I admire, told me cyber security is still an unchartered wilderness of “everyone doing his or her own thing.” It strongly reminds me of the painful modernization of SIGINT in the Department of Defense around the time I joined the military. This means encouraging a culture of professionalism around social networking and reviewing privacy laws to determine what should—and should not—be public information, as the laws are very far behind the technology.
But more broadly, what can be done to empower ourselves? Continue to embrace and teach up-to-date open source methodologies. OS-DNI empowers SIGINT, HUMINT, and IMINT users. It should not be the realm of all source analysts alone or a discipline purely unto itself. All practitioners in the national security and law enforcement fields should learn how to utilize it.
After I left the National Security Agency in 2013, I disappointed to lose many of my classified capabilities—until I embraced OS-DNI. I personally estimate 70% of all DNI I now analyze was derived from OS-DNI. By making effective use of many of the shareware cyber security tools and researching OSINT resources from gurus such as Michael Bazzell, I believe I can now do 80% of what I could at NSA/CSS when it comes to targeting.
Let’s shed the old way how we looked at OSINT for what it used to be and acknowledge the leviathan it has become.
Charles DeBarber is a Digital Network Intelligence (DNI) professional specializing in social media exploitation, network reconnaissance, mobile device forensics, and geospatial metadata intelligence (GMA). He is former US Army Intelligence and consults with government and commercial clients on cyber intelligence behalf of Fortalice, LLC as a Program Manager. He is also a Cyber Analyst on the CBS reality show Hunted. Follow him at @CharlesDebarber.
photo: U.S. Air Force photo by Tech. Sgt. Nathan Lipscomb.