Open Source Intelligence A New Era of Information Gathering PDF

OPEN SOURCE INTELLIGENCE: A NEW ERA OF INFORMATION GATHERING
By
Orcun Tagtekin
A Capstone Project Submitted to Faculty of
Utica College
August 2014
In partial fulfillment of the Requirements for the Degree
Master of Science in Cybersecurity Program

UMI Number: 1564628
All rights reserved
INFORMATION TO ALL USERS

The quality of this reproduction is dependent upon the quality of the copy submitted.
In the unlikely event that the author did not send a complete manuscript
and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.
UMI 1564628
Published by ProQuest LLC (2014). Copyright in the Dissertation held by the Author.
Microform Edition © ProQuest LLC.
All rights reserved. This work is protected against
unauthorized copying under Title 17, United States Code
ProQuest LLC.
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 - 1346
© Copyright 2014 by Orcun Tagtekin
All Rights Reserved
ii
Abstract
Social media sites have not only changed the way people communicate and build
relationships, it has also enabled intelligence agencies to collect specific intelligence on a
particular individual, group, social network, or organization. Open source intelligence
(OSINT) is a discipline that intelligence agents use to systematically collect, process, and
analyze publicly available, relevant information. It is estimated that OSINT provides between
80 to 95 percent of the information used by the Intelligence Community (I.C.) (Pallaris,
2008). The purpose of this research was to examine the usability of Internet based OSINT
collection tools and the legal challenges pertaining the collected information. Today, OSINT
tools are actively utilized as part of the intelligence gathering. At the same time these tools
are used by the platforms that threaten national security and personal privacy all over the
world. OSINT tools like Maltego, Shodan, and Spokeo are as easily used for devious means
as they are for good. One must be able to sort through the facts, comments, and data of all the
gathered information and extract the valuable results. Although OSINT has a number of
limitations the benefits of its use far outweigh its perceived weaknesses.
Keywords: Cybersecurity, Paul Pantani, cyber-threat, spear phishing.
iii
Acknowledgements
I would like to express my sincere gratitude to my Professor Paul Pantani for his
guidance, patience, and continuous support of my research. His guidance helped me in all the
time of research and writing of this thesis. I would never have been able to finish my
dissertation without the guidance of Professor Pantani. Besides my professor, I would like to
thank my second reader Amr Abel-Wahab, for his encouragement, insightful comments, and
hard questions. Finally, I would like to thank the Utica College Cybersecurity faculty for
mentorship and guidance throughout the Utica College Cybersecurity Graduate Program.
iv
Table of Contents
Open Source Intelligence: A New Era of Information Gathering ........................................... 1

Classified and Confidential................................................................................................... 3
OSINT Growth...................................................................................................................... 4
Proper Tool Selection ........................................................................................................... 9
Challenges and Limitations to Internet Based OSINT ....................................................... 11
Literature Review.................................................................................................................... 12
Capabilities of Internet based OSINT Tools....................................................................... 14
Benefits and Disadvantages of Internet Based OSINT....................................................... 16
Ethical and Legal Issues regarding Internet based OSINT................................................. 21
Solutions to OSINT Challenges.......................................................................................... 26
Discussion of the Findings...................................................................................................... 26
Research Problem ............................................................................................................... 27
Literature Review................................................................................................................ 27
Research Defined Themes .................................................................................................. 27
Comparison of Findings with Existing Studies .................................................................. 33
Limitations of the Study...................................................................................................... 35
Recommendations................................................................................................................... 35
Future Research .................................................................................................................. 37
Conclusions............................................................................................................................. 38
References............................................................................................................................... 41
v
Open Source Intelligence: A New Era of Information Gathering
Open Source Intelligence (OSINT) plays an essential role in information gathering. The
North Atlantic Treaty Organization Open Source Intelligence (NATO OSINT) handbook
describes the importance of OSINT. OSINT is vital to the all-source intelligence process because
it gathers information “from public and overt sources in order to produce actionable intelligence”
(Benavides, 2011, p.9). Sources that are commonly used include: newspapers, books, broadcasts,
military trade journals, and the Internet. “OSINT provides the historical background information,
the current political, economic, social, demographic, technical, natural, and geographic context
for operations, critical personality information, and access to a wide variety of tactically useful
information about infrastructure, terrain, and indigenous matters” (Moshirnia, 2013, p.390).
Pallaris (2008) found that intelligence gathering has traditionally involved the discovery
of secrets using a closed system of collection and analysis. Sophisticated Strategic Intelligence in
the United States has been implemented as early as the Revolutionary War. George Washington
successfully utilized this form of intelligence in the Battle of Trenton. He designed plans to
launch a surprise attack on Trenton, using intelligence obtain from a spy working with the
Hessians (Benes, 2007). During World War I (WWI), the U.S. intercepted a letter, the
Zimmerman Telegram, which was sent from the Foreign Secretary of Germany, Arthur
Zimmerman, to the German ambassador to Mexico. The letter encouraged Mexico to attack the
United States, if the U.S. appeared to be entering WWI. This form of counter-intelligence,
specifically espionage was one of the reasons the U.S. entered the First World War (Oliver,
2012).
Moreover, 1985, known as the year of the spy, was a pivotal time in the U.S. I.C. Within
that year, former National Security Agency employee William Pelton, was arrested for selling
1
military secrets to the Soviet Union. Moreover, several formal U.S. Navy personnel were also
arrested for providing intelligence to the Soviet Union. Larry Wu Tai Chin, a Chinese double
agent working as a translator for the Central Intelligence Agency (CIA), was arrested for spying
on the U.S. for the Chinese government since 1952.
The events of September 11, 2001 (9/11), forced the U.S. into a new era of security and
intelligence gathering. 9/11 was the first attack within the U.S. by a foreign enemy since the
Japanese military attack on Pearl Harbor. The attacks in New York City and Washington, D.C.
prompted the passing of the Patriot Act. The vital part of the Patriot Act in U.S. intelligence
comes from the second provision in which it allows the interception of communications if they
are related to terrorist activities and allows law-enforcement agencies to share information
related to terrorist activities with federal authorities (Grabianowski, 2007).
The new methods of information gathering have changed scholarly and professional
practices among different disciplines. Widespread diffusion of digital technologies drew
attention to the importance of publically available information. Today, the intelligence
community uses information available to the general public to collect, process, integrate, share,
and analyze social behavior, and even private data about targeted entities (Benavides, 2011)
According to Pallaris (2008), it is estimated that OSINT provides between 80 to 95 percent of the
information used by the I.C.
The use of tools to gather information from publicly available sources may lessen an
overreliance on confidential information. The quality and use of Internet based OSINT depends
primarily on its quality and analysis. The use of sophisticated tools allows analysts to mine for
data as effectively as possible. According to Martin (2014), “much public domain has
historically been located in databases, but things have expanded to more open formats” (p.40).
2
Typically there is a lot of misinformation that needs to be sorted through before the crucial
pieces of information are uncovered. There are many open source Internet search engines
available for use, but the three most common ones are: Maltego, Spokeo, and Shodan (Martin,
2014).
The purpose of this research was to analyze the usability of open source information in
intelligence gathering and identify challenges pertaining to the legality of collected information.
The research intended to answer the following questions: What are the capabilities of Internet
based open source tools; Maltego, Spokeo, and Shodan? What are the limitations of Internet
based OSINT? What are the legal issues related to gathering Internet based OSINT?
Classified and Confidential
The importance of OSINT is still, to a certain degree, being ignored by the I.C.
According to Pallaris (2008), confidential information was deemed more valuable and credible
than open source information. Therefore, most agencies have a tendency to continue using
human intelligence (HUMNIT) and signal intelligence (SIGNIT). Former clandestine officer,
Robert Steele, who now heads Open Source Solutions Network Inc., stated, “Everything we
needed to know to prevent 9/11 was either known to elements of the U.S. government but, not
shared across agency boundaries, or openly published in foreign language media we chose to
ignore” (Vlahos, 2005, para. 3). Not only is the Unites States experiencing inaccessibility of
crucial information that could affect the safety and general welfare of its citizens, but also
countries around the world such as, the United Kingdom. British Liberal Democrat, John Pugh
(2007) stated the following:
Large tranches of Whitehall don’t know what open-source is. We need a partnership
approach for public-sector procurement and open-source scores well in this respect. But
3
open-source has its enemies and its enemies are very close to government, including
those at the top of government who are intending to stay there. (para. 3)
Lack of policy and the U.S. government's failure to capitalize on open source information
has put public safety at risk in the past. Despite increased adaptation to OSINT, U.S. Senate
Select Committee (2012), in the article Review of the Terrorist Attacks on U.S. Facilities in
Benghazi, Libya, September 11-12, 2012, stated, “the intelligence community failed to
emphasize on collecting intelligence and ignored open source information from social media and
blogs posts by Libyan nationals, that could have warned the potential security threats to the U.S.
facilities” (p.2). Incidents such as these however, have become less frequent in recent years.
OSINT Growth
The increased use of OSINT was induced by the changing needs of intelligence
organizations around the world and the rapid development of computer technology. During the
Cold War U.S. intelligence services were preoccupied with determining a limited number of
largely state centric challenges; determining the intentions and capabilities of the Soviet Union.
Since the Cold War, the threat to the security of the United States has become more diverse and
varied. Threats to national security range from the proliferation of weapons of mass destruction
to intra-state conflicts, illegal immigration, energy security, and even organized crime. Thus, the
Center for Security Services addresses a broadening of the security agenda of the United States
that shifts the focus of intelligence agencies to more widely available information sources
(Center for Security Services, 2008).
Evolution of the Internet. The evolution of the Internet and the emergence of the
collaborative World Wide Web (Web) have alerted security officials to the potential of new tools
and technologies for collecting, analyzing, and distributing knowledge of global affairs. “The
4
proliferation of website, portals, wikis, and blogs have opened a world of information hitherto
unavailable to most intelligence professionals” (Pallaris, 2008, para. 6). The evolution of the
Internet has created more security threats to government agencies because there is now the
possibility for hackers to access sensitive data. In recent years, it is alleged that the Chinese
government attempted to hack computer networks within the United States. The governments of
the U.S. and China have accused the other of similar activities and stealing of sensitive
government information. MacLeod (2014) stated that the Chinese government frequently claims
to be a victim of foreign cyber-attacks, oftentimes being a target of U.S. intelligence agencies
attempting to gather information. Whistle-blower, Edward Snowden’s revelations about the
National Security Agency (NSA) activities have proved very useful in countering the U.S.
government’s critiques of China. U.S. cyber espionage activities abroad are not a secret endeavor
and other countries, including China, engage in similar activities.
Expanding Sources. Intelligence sources have undergone an expansion. Once an online
encyclopedia with little credibility, Wikipedia is now one of the most cited intelligence sources.
Additionally, applications such as Google Earth are providing geospatial intelligence that was
only available to government agencies up until a couple decades ago (Pallaris, 2008). Google
Earth now has a new version, Google Earth Pro, that allows a user see the same high-resolution
imagery, terrain, and 3D buildings that are available in the desktop version of Google Earth
(Google, 2014). This new feature is an example of how existing technology is rapidly evolving.
Intelligence failures. Colgan (2008) presents an example of a wide scale intelligence
failure, the 9/11 attacks on the U.S., that has driven the development of OSINT. A published
report found that not only could the attack on the World Trade Center in New York could have
been prevented, but also, that there was an overreliance on Signals intelligence (SIGNIT),
5
Human Intelligence (HUMNIT), and classified information. According to Vlahos (2005), Osama
Bin Laden had been planning the attack on the U.S. for several years and his threats were
detailed in documentaries, books, and on the Internet in various languages. Open source
information was disregarded by U.S. intelligence agencies, which was primarily on account of
the information being readily accessible, the I.C. not knowing how to effectively harness
information of that nature, and a bias that developed over the years due to the overwhelming
effort placed on acquiring secret information. Vlahos (2005) stated “the U.S Government is
spending less than 1 percent—about $500 million—of the estimated $70 billion total yearly
intelligence capabilities budget on gathering and using information in the public sphere” (p.1).
The article further discusses several experts’ opinions regarding the intelligence capabilities
budgets and other implications of OSNIT.
Foreign press. Moshirnia (2013) addressed the importance of OSINT and examined the
effects that suppressing foreign speech will have on domestic security. The article detailed the
importance of OSINT in the war on terror, repeated Congressional findings, and
recommendations for stronger OSINT collection, analysis, and dissemination. The article
presented several recent examples of government actions that obstruct the crucial functions of
OSINT. As mentioned previously, the information pertaining to the 9/11 terrorist attacks were
widely public and derived mainly from foreign sources. The article exclaimed that it is
imperative for U.S. intelligence agencies to take precaution when dealing with the foreign press
because should another terrorist organization plan another attack they can easily intercept via
counter intelligence. Moshirnia (2013) concluded that “U.S security often derives from foreign
production of terror-related intelligence; therefore, cutting off the flow of this information will
undermine American safety” (p.2-3).
6
Risky intelligence collection. Another facet of terror-related intelligence was discussed
in the Review of the Terrorist Attacks on U.S Facilities in Benghazi, Libya, September 11-12,
2012. The review of the report written by the Senate Select Committee on Intelligence (SSCI)
focuses on the analysis and action of the I.C. surrounding the attacks in Benghazi. The report
also addresses other issues about the attack involving the Department of Defense and the
Department of State. The report outlines the purposes of the Committee, description of the
September 11-12, 2012, attacks in Benghazi, findings by the Committee and various
recommendations, and lastly, its mission to ensure the future safety of U.S. personnel working
abroad. (United States Senate. Committee on Intelligence, 2014). The United States Senate
Committee on Intelligence (2014) concluded “diplomacy and intelligence collection was
considered risky because intelligence personnel work in high-risk locations around the world in
order to prevent future attacks on the United States and its allies” (p.2).
Dr. Libor Benes, addressed the rapid development of technology and the educational
implications it has on information gathering. His scholarly paper analyzes how rapidly advancing
new technologies change society, information, OSINT, and intelligence education. Benes further
indicated how innovative education is a continuous process and can only come about from an
integrated, collaborate approach to learning. New technologies are substantially changing
American society and the way U.S citizens exchange information. Some examples of the
expanding mix of tools that are rapidly affecting our communication in our culture are gadgets
such as, iPads and smart phones, laptops, search engines, software, cyberspace, and social media
(Benes, 2013). According to Benes (2013), “the high and fast know-how and technology level
throughout the world and decreasing amount of resources will require high, fast, and life-long
education” (p. 13). The rapid amount of OSINT data collection taking place will require analysts
7
to continue learning the most efficient ways to gather information suitable for their individual
queries. Education and technology have a symbiotic relationship with one another. The article
further outlines two trends in the impact of new technologies on Society and OSINT: micro and
macro impacts. The conclusions drawn from the article described the reason why teaching about
new technologies and OSINT should take place within broader society and outlined several
mechanisms for doing so (Benes, 2013).
Globalization. Globalization has had a significant role to play in the prevalence of
OSINT. Batterson and Weinbaum (2001) stated, “Globalization is changing the way we live our
lives, everything from making an airline reservation to getting the latest stock quotes or sports
score” (p.3). This briefing book, which outlines both positions related to the debate on
globalization, does not draw conclusions regarding the controversy, but rather allows the reader
to make their own inferences. They present their findings as answers to the following questions:
Does Globalization foster Economic Growth?, Is Globalization Good for the Consumer?, Is
Globalization Good for the Worker?, Is Globalization Good for the Environment?, Is
Globalization Good for Developing Nations?, Does Globalization Promote Human Rights?, Does
Globalization Foster the Growth of Democratic Governments?, and Does Globalization Improve
the Quality of Life?. Lastly, a list of the pros and cons regarding Globalization is indicated
(Batterson & Weinbaum, 2001).
Countries with stronger economies are trading outside their borders and money is
transferred to various parts of the world on a daily basis. The commercial sectors of first world
countries are now trading, lending, and borrowing money with other countries (Batterson &
Weinbaum, 2001). Batterson and Weinbaum (2001) concluded that, “Globalization accelerate
economic growth, increasing standards of living, and but there are winners and losers” (p.24).
8
Globalization is providing numerous benefits for countries, but only those with democratic
governments. The book postulated that globalization put OSINT at the forefront of intelligence
because it is the easiest way for governments to collect information about other countries. There
are different implications Globalization has on developing nations and the world powers that
may have more of a dependence on open source platforms (Batterson & Weinbaum, 2011).
Proper Tool Selection
Intelligence agencies would benefit by learning to operate in a world with fewer secrets,
and this requires selecting the right tools that can gather information from unclassified,
publically available sources (Pallaris, 2008). While the United States has utilized intelligence for
as long as it has been operating intelligence agencies, in many ways OSINT is still in its early
stages. One of the problems in intelligence gathering using open source tools is the reliability.
The access for anyone to post information on the Internet and the absence of regulation over
content accuracy carries a threat of potential misinformation (Martin, 2014). Determining the
reliability of the information requires comparison of many different resources and collected data.
It is difficult to objectively evaluate source credibility without determining the reliability of the
source, especially to support a situation assessment or decision-making incident. Classification,
authentication, and usefulness of the intelligence resources are based upon the analysts and their
timely analyses of collected data. Information judged inaccurately or incorrectly can lessen the
validity of the results (Vere Software, 2012).
There are limitations in using OSINT such as, privacy restrictions of the provider, large
numbers of results to process, lack of documentation of open source tools, and a limited number
of trained professionals. According to Benes (2007), “the quality and use of intelligence depends
on information quality, intelligence, and the policy maker” (p. 2). Solutions can only be found to
9
these problems by finding the right tool for the job and person to analyze the outcome.
Intelligence professionals need tools that can reduce the number of permutations, and able to
harvest information to mine data and extract data about the desired target. There are numerous
Internet based open source software platforms available for intelligence collection such as,
intelligence gathering tools: Maltego, Spokeo, and Shodan. These tools are designed to gather
information about a target entity using publicly accessible information.
Maltego. Maltego is an open source tool developed by Paterva and Pink Matter in order
to gather information about a target entity using publically accessible information from online
sources (DEFCON, 2014). According to Krishnan (2012), “With Maltego we can find the
relationships, which people are linked to, including their social profile, mutual friends, and
companies that are related to the information gathered, and websites” (p.1). Although Maltego is
popular and free of charge, the collected information is saved on the providers servers, free
versions limit the number of results to search about a target. Meanwhile, the paid version is
expensive, using the software to gather information about an individual might lead to termination
of service from a resource. Furthermore, registration is required for users and runs slow due
operations based on a shared server with other users, and finally the data exchange between the
client and the server is not encrypted.
Spokeo. Spokeo is another open source intelligence tool. Spokeo is used gather
information about a person through a search engine and free white pages to find people by name,
email, address, and phone for free. However, this kind of information gathering can only be
accomplished within the United States. Spokeo uses public records to present limited findings
and charges money to reveal the rest of information about the target individual (Pearson, 2012).
10
Shodan. is a robust search platform, but unlike other each engines looks for specific
information more valuable to intelligence professionals (Occupytheweb, 2014). One of the
problems with Shodan is that is it available to everyone, including hackers. According to Pearson
(2012), Shodan conducts its search for computers via software, geography, operating system, IP
address, and additional factors. Furthermore, Shodan displays vulnerabilities, and ways to take
over control of a target system, but requires technical knowledge for the successful exploitation
of target platforms. In contrast, Maltego and Spokeo only require a basic knowledge of
conducting Internet based searches and do not present as much of a threat to targets platforms as
Shodan.
Challenges and Limitations to Internet Based OSINT
From individual rights perspective, OSINT requires proper checks and balances. OSINT
poses challenges for privacy protections and intellectual property enforcements. According to
Benes (2007), threats created by new technologies can affect society or security through
implications of abuse as a weapon.
In some cases the use of gathered content without permission is illegal, interference from
open information may unintentionally reveal personal information about an individual, and
publishing information about a group or organization may lead to political and economic
damages. The NSA has the capability to intercept electromagnetic communications. If an
electronic device that can send messages or information, the NSA could potentially capture this
data. There are issues regarding the Patriot Act and civil liberties, but cyber security has evolved
into much more than prior to 9/11. Intelligence professionals today have more duties than their
previous counterparts, which include: define the job of intelligence analysts, protect the nation
from domestic and international threats, and generate information that will lead to successful
11
execution of the intelligence based activities. These external and internal factors incorporate
counter intelligence, which actively pertains to all security control measures designed to ensure
the safety of information against espionage, subversion, or sabotage (Military Intelligence, 2014).
Intelligence specialists were concerned that government agencies, especially the CIA,
were not taking sufficient advantage of Internet based OSINT. Intelligence agencies have relied
upon intelligence tools, such as spy satellites, electronic listening stations, and spy
networks. Today, intelligence agencies and police agencies are increasing their use of social
networking sites, tweets, blogs, and application (apps). Police Enforcement Agencies in the
United Kingdom are already utilizing Twitter to decrease crime levels through major
metropolitan cities. The Manchester Police’s #Shopalooter hashtag campaign successfully joined
civilian participants and police to find looters bragging on about their exploits via Twitter. The
movement was so widespread that it reached other parts of the country and gave way to other
crime fighting movements, such as e-neighborhood watch and reaching out to groups that are
traditionally hard to contact (Bartlett, Miller, Crump, & Middleton, 2013).
State accountability mechanisms have struggled to adapt to the online open source culture.
Intelligence agencies now accept OSINT as not a substitute for traditional intelligence disciplines,
but rather as an additional resource for gathering more information. Some additional resources
used to collect open source information are: “newspapers, Internet, books, phone books,
scientific journals, radio broadcasts, television, and individuals” (Benavides, 2011, p.9).
Literature Review
The purpose of this research was to analyze the usability of Internet based OSINT in
intelligence gathering and to identify challenges pertaining to the legality of collected
information. The questions that were intended to be answered through the literature review are:
12
What are the capabilities of Internet based open source tools; Maltego, Spokeo, and Shodan?
What are the limitations of Internet based OSINT? What are the legal issues related to gathering
Internet based OSINT?
According to Pallaris (2008), OSINT information gathered from publicly available
sources for the purposes of meeting specific intelligence requirements have become more
prevalent within the I.C. in recent years. In the past, intelligence agencies preferred the
acquisition of classified information above non-classified information. During the Cold War, U.S.
intelligence agencies were primarily concerned with uncovering Russian secrets rather than
collecting open source information from the television, radio broadcasts, scholarly journals, and
similar sources (Pallaris, 2008). The U.S. government had shifted its focus to newer areas of
regulation such as, terrorism and illegal immigration, meanwhile, the Internet further increased
the necessity of fully utilizing open source information. While traditional intelligence
organizations may not find Internet based OSINT as a complete solution for their intelligence
needs, “most governmental agencies depend on it to create tailored knowledge supportive of a
specific decision” (Benavides, 2011, p.9).
Borene (2011) addresses the growing perception that Internet based OSINT is not a
priority in the U.S. intelligence community. This perception is due to the fact that Internet based
open source information is believed to be less credible, yet that misconception has been
discredited by recent literature outlining various strategies to overcome that obstacle. Many
misconceptions about the application of OSINT continue to endure throughout the I.C.
According to Morrow (2013), six of the most common misconceptions of Internet based OSINT
include: it is less credible, intelligence requests require classified information; every kind of
analyst can gather information; Internet based OSINT equals Google; it is free; and it is easy.
13
Entities around the world are engaging in information warfare, and Internet based OSINT is an
asset to defeat a technological adversary. Moreover, today’s military commanders will likely
benefit from this information when implementing effective battle strategies.
Capabilities of Internet based OSINT Tools
While open source platforms make mining and data collection easier for information
analysts it is not a means to an end. Ultimately, the analyst must be well versed in the software
and have strong critical thinking skills in order to make the best of information available
(Lowenthal, 1998). Lowenthal’s article on the expertise level of OSINT analysts addressed the
need for analysts to be exploiting and processing OSINT like all other raw intelligence
(Lowenthal, 1998).
The use of tools to gather information from publicly available sources may lessen an
overreliance on confidential information. The quality and use of Internet based OSINT depends
primarily on its quality and analysis. The use of sophisticated tools allows OSINT analysts to
mine for data as effectively as possible. According to Martin (2014), “much public domain has
historically been located in databases, but things have expanded to more open formats” (p.40).
Typically there is a lot of misinformation that needs to be sorted through before the crucial
pieces of information are uncovered. There are many open sources Internet search engines
available for use, but the three most common ones are: Maltego, Spokeo, and Shodan.
Shodan. In a blog published in WonderHowTo, an anonymous hacker described Shodan,
an aggressive search engine designed to find specific targets akin to Google. Occupytheweb
(2014) stated, “Shodan is a search engine specifically for hackers and is described as “the
world’s most dangerous search engine” (p.1). The author, a hacker, detailed the many uses of the
search engine and outlined a tutorial on how to actually use it. The anonymous hacker concluded
14
that Shodan looks for information that is highly valuable to intelligence professionals
(Occupytheweb, 2014).
Maltego. Krishnan (2012) presented that Maltego has an advantage for mining data
within social media platforms. With Maltego, intelligence analysts could “find the relationships
people are linked to, including their social profile, mutual friends, and companies that are related
to the information gathered” (p.1). Furthermore, Maltego allows users to run transforms,
functions that map one entity onto another (Krishnan, 2012). Martin (2014), also Maltego’s
ability to mine data from social media sites, and stated that an “entity is something the user might
want to investigate and includes: domains, websites, email addresses, individuals name servers,
location, and even telephone numbers” (p.41). New entity types are then created drawing data
from any source including closed information systems. “In Terminigh’s example, the email given
by the person registering the offending domain may show up in a WHOIS listing and finding
evidence that can lead to further leads” (Martin, 2014, p.42). Leads can be any of the following:
IP addresses, phone numbers, and other entities that can identify a target (Martin, 2014).
Spokeo. Spokeo, a public search engine only accessible within the United States uses
public records making its data retrieval more limited compared to other search engines. Pearson
(2012) stated, “Spokeo gathers information from free white pages to find people by name, email,
address, and phone free of charge” (p.2). Pearson’s blogs lists over 38 open source tools plus
addresses the value of using older sources of OSINT, specifically MySpace (Pearson, 2012).
Mark M. Lowenthal addressed the limits of open source collection tools as no substitute for
competent OSINT analysts. According to Lowenthal (1998), “technology cannot replace skilled
analysts who make difficult choices about what to collect and what to analyze” (p.3).
15
Benefits and Disadvantages of Internet Based OSINT
OSINT benefits. OSINT offers advantages for its users, namely, being cost-effective,
shareable, and provides context where clarity of sources are limited. Vere Software (2011)
published an article that stated, “the ability of an analyst to exploit the Internet for OSINT can be
had at relatively little cost compared to other sources and access is free to target subjects” (p.2).
Specialized software can help analysts reduce the time spent on data collection by promoting
searches and evaluations rather than documentation. Ultimately, Vere Software concluded that
“OSINT is inherently challenging because the very qualities that make it valuable to operations
can also, reduce it credibility” (p.3). Colgan (2012) primarily focused on OSINT’s free or low
cost gathering, and attributed this cost-effective feature to data collection and gathering. Other
benefits of OSINT that were mentioned by Colgan include: up-to-date information, freeing up of
scarce intelligence assets for concentration on mission-critical information and gaps, and
involves no political or organizational risks.
Another benefit of Internet based OSINT is that it can be widely disseminated because it
is usually intended to reach a broader audience. For example, the Internet has sharing
possibilities that can reach many people in different parts of the world in a relatively short
amount of time. An article published in the Military Professional Bulletin states “the fact that
OSINT can be shared makes it a high value commodity. Other media sources such as the radio,
television, and newspaper are widely accessible and easily shareable” (Draeger, 2009, p.42).
Holland (2013) elaborated on OSINT being easily disseminated because public information is
easier to share between agencies making it an advantage and further, as an alternative source of
information is does not compromise a sensitive source that might reveal and technological or
strategic advantages.
16
Classified information has the potential to become OSINT. For example, the Wiki leaks
incident, where former government official Edward Snowden exposed government secrets of
classified information to the public. A recent article in Business Insider described Snowden as
“an importance intelligence asset that ended up in the hands of Russia’s security services”
(Kelley, 2014, para. 9). Kelley (2014) reported that U.S. whistleblowers can have a major impact
on government intelligence and there is still an inherent distrust in the Russian Government
although the Cold War is over.
Disadvantages of OSINT. OSINT poses several disadvantages to the I.C., it does not
offer a complete solution to their information needs, may be inaccurate, and may not be useful to
actionable intelligence on the tactical or strategic level. An article published in the Australian
Institute of Professional Intelligence Officers considered how OSINT can provide additional
information that most government and defense agencies can use for its purposes, but there are
certain situations where it is not the final solution (AIPIO, 2008). Other forms of intelligence,
utilized to effectively troubleshoot an indicated problem are not as illusive. Furthermore, there is
a lack of processing of OSINT that can provide the combination, collection, and analysis of
information on all stages (Colgan, 2008). Colgan (2008) stated that “the intelligence cycle is
made up of five cycles (only four in the U.K.): 1) Planning, 2) Acquisition/Collection, 3) Data
Processing, 4) Analysis and 5) Dissemination” (p.7).
According to Steele (2007), apart from the failure to invest in processing (tasking,
processing, exploitation, and dissemination) the U.S. has created three consistent errors since the
evolution of OSINT: no standards, no geospatial attributes, and no integration. The lack of
standards in regards to data collection has left analysts with no boundaries or line upon which to
17
conduct their data searches. Further mentioned is how there are machines that can’t keep up with
incoming data and place where that data is collected.
Error making. Noble (2014) addressed how open source intelligence is often “used as
foundation for the planning and targeting of other high value collection activities”, but is difficult
to take full advantage of its information for several reasons (p.1). OSINT may have limited
credibility due to the fact that anyone can post information over the Internet and that information
often goes unregulated so there is often an abundance of information. Regarding OSINT, “it is
not always easy to find some key information because only a small fraction of the Internet is
indexed; it is not easy to extract and combine key information because most of the reports are
free text; and it is not easy to assess report credibility” (Noble, 2014). The article concluded that
in order to effectively use OSINT is it imperative that an accurate assessment of its data be
conducted.
Reliability. In terms of reliability, the primary issue is that anyone can post content that is
unregulated and creates a great deal of erroneous data, but does snippets of valuable information.
Utilizing an assessment methodology that considers the following three considerations when
assessing the reliability of information:
1. The actual historical reliability of that source on similar events or
subjects, taking into account the report’s self-assessment of reliability.
2. The report’s consistency with confirmed facts and precedents.
3. It’s consistency with information available from other sources. (Noble,
2014)
The article also, mentioned that the information must be frequently synthesized from various
sources in order to make an effective comparison (Noble, 2014).
18
Tactical and strategic intelligence. An article published by Creative Commons in 2001
indicated that one disadvantage of OSINT is that it is not as useful for actionable intelligence on
the tactical and strategic levels. Benavides (2011) referred to how tactical Intelligence is
necessary when planning and implementing tactical operations. Strategic Intelligence is required
for forming policy and military plans at national and internal levels (Benavides, 2011).
According to Benavides (2011), “strategic and tactical Intelligence differ primarily in level of
application but may also vary in terms and scope of detail” (p.10). The same analytical processes
take place in both forms of intelligence and thus, make OSINT less valuable. According to the
article, mining for data using open information sources is less beneficial than an insurgent
attaining classified or secret data. Further mentioned is that even if sources provide information
into enemy strategies there is often not enough time for a commander to action. The article drew
the conclusion that in cases such as these, the traditional forms of Intelligence, HUMNIT and
SIGNIT are highly preferred. (Benavides, 2011).
A proponent for OSINT in the development of strategic intelligence Robert David Steele,
the former clandestine officer who now heads Open Source Network, Inc., regarded OSINT as
not only important for government use, but also, military, law enforcement, business, academia,
non-profit organizations, the media, and civil societies. Steele provides his opinions regarding its
usefulness. He stated that OSINT could become the “foundation for a total reformation of both
the governmental function of intelligence and the larger concept of national and global
intelligence, what some call collective intelligence or the world brain” (Steele, 2007, p. 97).
Steele further alluded that secret information and open intelligence sources are incompatible.
Steele’s opinions are based towards the future of information collection and doing away with
prior notions of what is valuable or invaluable intelligence in a digital world (Steele, 2007).
19
Draeger (2009), addresses that OSINT’s value applies to all soldiers in any situation,
from strategic to tactical, and essentially is for everyone. Draeger (2009), also stated “OSINT
could thoroughly provide general information, such as country studies, mapping, biographical,
satellite imagery, and technical information about the operational environment making it of great
tactical value of OSINT in the army” (p.42). The article further addressed OSINT’s implications
on the typical solider and makes comparisons of technology available to soldiers past and present.
In the past, soldiers used maps made almost exclusively from the National Geospatial-
Intelligence Agency and other sources. Today, due to the rapid change in intelligence needs and
the role that OSINT now plays in the I.C., each soldier is now more informed, dynamic and
knowledge based (Draeger, 2009). According to Draeger (2009) a soldier today “will utilize
information tools such as, Google Earth or search engines in order to gain situational awareness”
(p.42).
OSINT Analysts. Another obstacle in the use of open source information indicated in a
report published by the Congressional Research Service addresses the incompetent or poorly
trained OSINT analysts. Best and Cumming (2007) concluded that many analysts lack sufficient
subject matter expertise and therefore, are unable to analyze OSINT effectively. The main
problem with the lack of subject matter expertise lies primarily with linguistic and cultural
knowledge of the target. For example, an analyst tracking a foreign diplomat will likely falter in
their research should they not be knowledgeable of the diplomat’s language or customs. The
report acknowledges the necessity of the advanced training in the subject matter in order to yield
effective analysis. Other factors that point to the competency of intelligence analysts are
common sense and critical thinking skills. The report further detailed the government’s
comparisons of its current data collection personnel to its past analysts in that they are more
20
isolated and unaware of certain things that may make them more valuable in the intelligence
community. For the purposes of OSINT, adequate training given to acquire subject matter
expertise seems sufficient.
Although OSINT is an intelligence discipline, is has only become prominent within the
I.C. in recent years. It is for this reason that Draeger (2007) addressed the difficulty of becoming
proficient or an expert in Internet based OSINT. As exemplified by Best and Cumming (2007),
there are ways to gain expertise in the field. There are recommended steps to take in order to
become a certified expert in Internet based open source information collection. First, develop a
plan of operation that combines Information Technology (IT) education, web-based instruction,
and a combination of on the job and formal training. Lastly, emphasis is placed on attaining a
mentor in the field who is an experienced OSINT user and producer or librarian (Draeger, 2007).
Ethical and Legal Issues regarding Internet based OSINT
Ethical considerations. An article published in the Research Institute for European and
American Studies addressed the widespread use of OSINT and ethical concerns surrounding the
collection of information. There are ethical considerations regarding the collection of OSINT
that can be considered a benefit in data gathering. OSINT collected using ethical means and
methods can be used in legal proceeding and further, without the risk of exposing sensitive
information (Pallaris, 2008). According to Pallaris (2008), “OSINT can constitute almost no risk
compared to other intelligence operations that required to the use of spies and other clandestine
assets” (para.10).
Social Media Intelligence (SOCMINT). A Centre for the Analysis of Social Media
(CASM) policy paper detailed the emergence of social media as another platform considered to
be Internet based open source information. Extensive research pertaining to policing through
21
social media in the United Kingdom, has found that “it allows the police to engage the public and
media in potentially transformative ways” (Bartlett, Miller, Crump, & Middleton, 2013, p.21).
Police forces across the U.K have a strong presence on Twitter and have Facebook pages. The
involvement of police departments in social media had led to cost effective investigations,
production of evidence, and co-produced safety through various Twitter campaigns and
neighborhood e-watch initiatives. The policy paper concluded that the most significant use of the
social media by UK police was the identification of suspects and arrests made during the 2011
London riots. The police uploaded photos to a Flickr stream and a dedicated website in order to
identify these victims. When the UK needed to develop a security strategy for the 2012 Summer
Olympics they named it Intelligence-based as result of the success of the Flickr photo stream
(Bartlett, Miller, Crump, & Middleton, 2013).
Internet based OSINT, once limited to social media based sources, is now providing
more information and quicker retrieval as expressed by Talkwalker author, Paul Brelsford.
According to Brelsford (2014), “using social media monitoring tools provide fast, relevant, and
intuitive platforms to load and align highly defined collection efforts based on the objectives and
requirements of decisions maker” (p.4). As a result, social media postings can provide faster
reporting on an important event than traditional reporting techniques. In the wake of an
impending storm, natural disaster, or terrorist attacks it was mentioned that social media is a new
mechanism that provides quicker results and faster dissemination of information (Brelsford,
2014). Brelsford (2014) concluded that “Government and Defense intelligence are continually
exploring and developing strategies to utilize social media platform to mine OSINT” (p.10).
An article published in the U.S. Marine Corps Gazette discussed the disaster relief efforts
of the 2010 earthquake in Haiti and the 2011 protests and riots in the Arab Spring. Martin (2014)
22
found that “the use of Open Source Intelligence (OSINT) and social media played a critical role
in the understanding the operational environment” (p.1). The main reason is due primarily to the
fluidity and accessibility of media. Martin (2014) hypothesized that given the popularity of social
media platforms like, Facebook, Twitter, and YouTube, along with the extent that they are
woven into the both the life of the average citizen and the national consciousness of the
American public, told in specific real time updates puts it at the forefront of identifying hard hit
areas caused by natural disasters. Martin stated that intelligence oversight considerations will
make Internet based OSINT one of the most important sources of information in a domestic
disaster relief scenario.
Data quantity. Draeger (2013), detailed an important advantage of using OSINT in the
massive quantity of available information. His article indicated how intelligence agencies in the
past focused on secret, classified information that was likely scarce, but now OSINT can provide
an abundance of data to choose from. OSINT gives analysts another perspective to view an event,
person, or series of events that that are not classified. The article further addressed how the vast
production of open source information does not slow down target subjects or OSINT analysts in
the process of collecting data.
Other scholars present differing opinions regarding data quantity. Benjamin Robert
Holland’s dissertation provided a broader understanding of OSINT and key concepts in social
media analysis. The most significant criticism was the large amount of notice that is generated by
so much information in the public domain (Holland, 2013). A significant concern in the I.C. is
“the increasing amount of difficulty and time required to sort through the information to find the
valuable nuggets of intelligence from a continually growing source of public information”
(Holland, 2013, p.11). The dissertation drew the conclusion that the amount of information
23
available through OSINT is growing larger every day and explained several remedies to harness
its expansion.
OSINT and other forms of intelligence. OSINT has an effect on other forms of
intelligence. OSINT can be applied to a few of the intelligence disciplines. Of all intelligence
disciplines, Imagery Intelligence (IMINT) products are found in abundance and are very useful.
Good imagery and videos are important sources of information for intelligence analysts. Satellite
imagery such as Good Earth and videos provide excellent visualization and most are free. Images
produced by Google Earth have a high resolution and clarity, which can help in identifying
people, terrain, buildings, and objects. Videos provide understanding and insight as well. OSINT
provides an abundance of information that can be used for interrogation (Draeger 2007).
According to Draeger (2007), OSINT searches facilitated through social networking sites
like Facebook, Twitter, and YouTube can build detailed biographical portfolios on individuals,
non-state and state representatives, and governmental officials. Draeger analyzed how OSINT
provided SIGINT information for intelligence analysts. Radio types, signal frequencies, global
positions satellite, commercial signal jamming equipment, software, encryption methods, keys,
and instructions are all readily accessible for anyone searching. The American University's
Management of Global Information Technology Program published student produced analytical
reports each semester on all aspects of one country's information technology. It has been
discovered that radio stations around the world now have audio feeds to permit users to listen to
them over the Internet, and television is also making more and more of its content accessible on
other platforms, such as the Internet. Draeger further indicated that there are a number of
excellent sites that will help any researcher locate these stations and find out which ones have
Internet feeds (Draeger, 2007).
24
Privacy and social media. According to Martin (2014), Open Source Information
naturally extends into social media. Options have become more limited as social media platforms
have taken measures to protect user privacy. Another danger for social media networks is that
malicious actors can use the same techniques used to get around privacy protection and honest
OSINT analysts. The article urged the awareness that high net worth individuals and companies
should have in order to protect themselves against hackers and other who have nefarious motives.
Even if individuals or their families don’t attract the attention of kidnappers, they may invite a
spearfishing attack, equally troublesome for them as the malicious party gathers open
information about them to initiate a full fledging attack.
Personalizing OSINT. Chris Pallaris further indicated most governments would need to
coordinate their approaches to the growing demands of intelligence. Various government
agencies may be expending more energy than necessary by duplicating the same searches to
answer energy agency-specific solutions. The point of OSINT, in Pallaris’ opinion, is to
collecting information that will answer a specific question, however, if everyone is answering the
same question only one search is necessary. The solution to this sort of predicament can be found
by addressing some fundamental questions:
1. How should one build an organization capable of exploiting the collective intelligence
of thousands of disparate sources?
2. How does one break down information silos and encourage greater knowledge-sharing
and collaboration?
3. Where does one find staff capable of thinking and working across disciplines?
4. How does one manage the rapid evolution of technology?
25
5. What policies and processes can be put in place to boost operational effectiveness?
(Pallaris, 2008).
Solutions to OSINT Challenges
One possible solution to the issue identified by Pallaris (2008) would be to establish a
national OSINT center that provides information to all branches of the government. Pallaris’
findings indicated that not only the legislative and execute branches could benefit from this, but
the judicial branch could equally benefit. The judicial branch also relies on OSINT to render
their decision on important court hearings.
Switzerland: pioneering OSINT. An article published in the Research Institute for
European and American Studies discussed Switzerland’s prominent role in the development of a
global society. The relevant editorial piece indicated that the high index European country is now
at the forefront of OSINT in that it has developed a number of recent initiatives to facilitate the
collection of open source information (Pallaris, 2008). Where Switzerland was once only
regarded for its culinary contributions in recent years it has evolved into an OSINT pioneer.
Pallaris (2008) stated that it has, “an interdepartmental OSINT working group that has been
established to explore possible synergies between various governmental agencies. The Strategic
intelligence Service (SND) and the Military Intelligence Service (MND) have institutionalized
OSINT, as has the domestic intelligence service” (p.3).
Discussion of the Findings
This section presents the major findings of this project, compares these findings, and
addresses any limitations that were found. Two questions that allowed the findings to be
analyzed were: 1) Did the findings fit the problem, and 2) How important were the findings.
Ultimately, these questions facilitated the analyses of themes in the literature review.
26
Research Problem
The purpose of this research project was to present a hypothesis that will analyze the
usability of Internet based OSINT in information gathering, and identify the benefits and
challenges pertaining to the legality of collection and data mining. The research questions were:
What are the capabilities of Internet based open source tools; Maltego, Spokeo, and Shodan?
What are the limitations of Internet based OSINT? What are the legal issues related to gathering
Internet based OSINT?
Literature Review
The literature Review reviewed scholarly articles, books, and other sources in order to
provide a summary and critical evaluation of each work as it pertained to OSINT. All sources
utilized were relevant in some manner in attempting to answer the research questions. The
findings and conclusions of all the sources were interpreted throughout the literature review.
Most of the sources used were current (not more than 10 years old) and provided context to the
research problem in which the research was conducted. Moreover, the topic of the project was
Internet based open source information so it was crucial to review newspaper articles, surveys,
dissertations, and various online sources in order to achieve a fully comprehensive review. The
literature on OSINT was found to affect all sectors of society both nationally and globally.
Research Defined Themes
The research conducted for this project provided information related to the questions
being researched. These findings provided the basis for the outcome of this project. The themes,
based on the findings of the research are presented in this section
OSINT Growth. The research presented the rapid development of Internet based OSINT
and its growing importance within the U.S. I.C. Examining OSINT historically illustrates how
27
society has evolved and why intelligence agencies are looking beyond HUMINT or SIGINT to
satisfy their changing information needs. It was useful to attain sources that affirmed this theme
in the project as it confirms the purpose of this research. Chris Pallaris, author of the article Open
Source Intelligence: A Strategic Enabler of National Security addressed the use of OSINT
among government agencies worldwide (Pallaris, 2008). Pallaris (2008) found that “Today,
OSINT’s importance is widely acknowledged and estimated that OSINT provides between 80
and 95 percent of the information used by the intelligence community.” (p.1).
Benavides (2011) confirmed the importance of OSINT by addressing the state of current
affairs. Benavides (2011) stated that, “most governmental agencies depend on OSINT to create
tailored knowledge supportive of a specific decision” (p. 9). The other sources in the Literature
Review provided differing perspectives on OSINT, but also reiterated the importance of it.
Internet based OSINT growth was primarily attributed to the rapid development of
technology. It is important to distinguish the intelligence needs of the Cold War from the current
digital age. Today, the threats to national security are varied and more complex. The Center for
Security Services (2008) stated that, “these threats to national security range from the
proliferation of weapons of mass destruction to intra-state conflicts, illegal immigration, energy
security, and organized crime.” (p.38). This source presents how the security agenda of the
United States has broadened its focus and is increased reliance on OSINT.
Globalization has also been a factor in the emergence of OSINT utilization. Other factors
that are relevant are intelligence failures in preventing terrorist attacks against the U.S., and risky
intelligence collection practices of U.S. personnel working in other countries. The Senate Select
Committee offered a contradictory viewpoint to this theme when they concluded, “diplomacy
and intelligence collection was considered risky” (Senate Select Committee, 2014, p.2).
28
Proper Tool Selection. The sources examined addressed the various methods OSINT
analysts use in order to gather pertinent information for their data mining. The methods OSINT
analysts use in order to mine for data as efficiently were examined. OSINT produces such a
significant amount of information that it is challenging to collect pertinent data without first
encountering a significant amount of superfluous data. The three most common open source
search engines used by the intelligence community are: Maltego, Spokeo, and Shodan. Krishnan
(2012) discussed how Maltego has a distinct advantage for mining data within Social Media
Platforms. Social media sites like Facebook, Twitter, and Instagram are all susceptible to
searches by Maltego. Krishnan (2012) stated, that with Maltego intelligence analysts can, “find
the relationships people are linked to, including their social profile, mutual friends, and
companies that are related to the information gathered” (p.1).
According to the sources examined, Shodan was determined to be a powerful search
engine, which can find specific targets much like Google. Occupytheweb (2014) stated, “Shodan
is a search engine used by hackers and is described as the world’s most dangerous search engine”
(p.1). A disadvantage of this search engine is its accessibility to hackers and the potential for
others to infringe on privacy laws. The sources presented in the Literature Review address less of
a reliance on confidential information as mining for Internet based OSINT becomes more
mainstream (Pallaris, 2008). Spokeo, another search engine “gathers information from free white
pages to find people by name, email, address, and phone free of charge” (Pearson, 2012, p. 2).
OSINT Benefits. The sources examined presented findings that there are more benefits
to using OSINT over potential drawbacks. In terms of the usability of OSINT it fares well for
frequent use. Accepting the benefits of OSINT provides a general understanding of how that
affects the preferred OSINT tools. According to Vere Software (2011), “the ability of an analyst
29
to exploit the Internet for OSINT can be had at relatively little cost compared to other sources
and access is free to target subjects” (p.2). The cost-effectiveness was a benefit that was
addressed by other sources. Colgan (2012) bolstered this assertion by focusing on OSINT’s low
cost attributed to data collection and gathering. Additional benefits such as, up-to date
information, freeing up scarce intelligence assets for concentration on mission-critical
information and gaps, and involves no political or organizational risks.
Another benefit of Internet based OSINT is that the information is shareable. The Internet
is one example of how information can be quickly spread. Not only can that information be
spread quickly, it can also, reach people all over the world. Draeger (2009), concluded that “the
fact that OSINT can be shared makes it a high value commodity” (p.42).
Ethical Considerations. Another theme from the Literature Review was the ethical
implications on the collection of sensitive OSINT data. Traditionally, classified or secret data
was a breach of privacy, but was viewed as necessary for Intelligence purposes. Uncovering
Russian secrets was not a concern of the U.S. public. Today, technology has given intelligence
agencies the power to collect information that may be personal and infringe on the rights of not
only foreign governments, but also, the rights of U.S. citizens. For example, the U.S. government
has been accused of monitoring cell phone conversations to collect data. Nevertheless, there can
be benefits of collection of data through OSINT (Pallaris, 2008). Pallaris (2008), an advocate of
OSINT stated, “OSINT can constitute almost no risk compared to other operations that required
the use of spies and other clandestine assets” (para.10). Compared to other forms of intelligence,
OSINT is the ethically sound because it would not require hacking personal accounts or private
records to uncover data.
30
SOCMINT. Another theme that was revealed during the Literature Review was the role
that social media has in Internet based OSINT. Primarily there are numerous sources to gather
Internet based OISNT. With the rapid development of computer and Internet technology
SOCMINT has become one of the most prevalent sources of information. Social media platforms
like Facebook, Twitter, and Instagram are being utilized by millions of people throughout the
world. Brelsford (2014) addressed “using social media monitoring tools provides fast, relevant,
and intuitive platforms to load and align highly defined collection efforts based on the objectives
and requirements of decision maker” (p.4). Social media posts are now reporting events faster
than traditional news outlets. Social media has changed the way information is reported and
shared.
Limitations and Weaknesses. The Literature Review exposed several challenges to
OSINT. OSINT analysts should understand that as beneficial as OSINT is, there are limitations
to its use. Some of these limitations were found within the OSINT Intelligence Cycle. Colgan
(2008) stated that the intelligence cycle in the U.S. is made up of five stages: 1) Planning, 2)
Acquisition/Collection, 3) Data Processing, 4) Analysis, and 5) Dissemination. Steele (2007),
though an advocate for OSINT, addressed that the failures to OSINT were related to internal
governmental functions. The U.S. failed to invest in processing and further created three
consistent errors since the evolution of OSINT: a lack of standards, geospatial attributes, and
integration. The sources reviewed also addressed limitations that have been implemented by the
U.S. Intelligence Community.
Next, another disadvantage to OSINT is the significant amount of inaccurate information
it generates. While a benefit of OSINT is that the data quantity is vast, there is also an abundance
of misinformation. Evidence Based Research (2014), identified inaccurate information as a
31
disadvantage and the primary reason why it lessens the credibility of OSINT. According to
Evidence Based Research (2014), “it is not always easy to find some key information because
only a small fraction of the Internet is indexed; it is not easy to extract and combine key
information because most of the reports are free text; it is not easy to assess report credibility”
(p.1). A solution was presented to assess the data being collected that considered the following
three considerations when assessing the reliability of information:
1. The actual historical reliability of that source on similar events or subjects,
taking into account the report’s self-assessment of reliability.
3. It’s consistency with information available from other sources. (Evidence
Based Research, 2014, p.2)
The literature reviewed indicated that the amounts of incoming OSINT data is
overwhelming, and if the information were significantly decreased OSINT analysts may still
encounter problems with gathering information. The usability of gathered data may depend more
on the skill or expertise of those that are using it rather than the information itself or some
external factor. Advanced training for all OSINT analysts is recommended to yield an effective
analysis of collected data. Other factors that address the competency of intelligence analysts are
common sense and critical thinking skills. Today, many analysts lack subject matter expertise
because they are isolated and less aware than their prior counterparts. (Best & Cumming, 2007).
Draeger (2009) address this same disadvantage and recommended several steps in order
to become a certified expert in open source information collection. Steps include IT education,
web-based instruction, and a combination of on the job or formal training. Emphasis was placed
on attaining a mentor who is experienced with gathering and analyzing the data. The author
32
attributed the difficulty of becoming proficient or an OSINT expert to its recent prominence
within the I.C. Although they do not share the same explanation for this disparity, Best and
Cumming (2007), and Draeger (2009) each offer solutions to mitigate the situation.
Another disadvantage related to the legality of OSINT usage is a lack of privacy
protection within social media platforms. Social media platforms like Facebook, Twitter, and
Instagram all afford many benefits to OSINT, however, there may be ways for hackers to get
around the privacy protection already in place. Users with malicious intent can use the same
techniques used to get around privacy protection and honest OSINT analysts (Martin, 2014).
This potential breach of privacy is significant to the research problem because it makes
SOCMINT somewhat of a dichotomy. While it OSINT provides many benefits, the lack of
security makes it more susceptible to hackers (Martin, 2014).
Comparison of Findings with Existing Studies
OSINT data is important to the I.C. Today, most intelligence agencies rely upon OSINT
to some degree. Benavides (2011) stated, “most governmental agencies depend on it to create
tailored knowledge supportive of a specific decision” (p.9). This research problem reframes the
question of not whether OSINT should or should not be used, but to how much of the data
should be used. Depending on its purposes some agencies will use it to supplement their findings
or while other agencies rely on it entirely.
Today, OSINT is one of the more significant data sources for intelligence agencies. Not
only has it been brought on by rapid advancements in technology, but facilitated by the changing
agenda of intelligence agencies worldwide. The evolution of the Internet was one of the main
catalysts in influencing globalization. Due to the change in the agenda of intelligence agencies,
OSINT is not only beneficial and imperative for national security. One of the most
33
groundbreaking discoveries of this research was the role OSINT plays in national security.
Intelligence agencies need to heed the threats of terrorists, especially if they make their threats
via open source platforms.
This project surveyed sources that mentioned a particular form of Internet based OSINT,
SOCMINT. Social media based sources was the final development that propelled Internet based
OSINT into necessity status within the U.S. I.C. People around the world are using social media
to report on recent events and are doing so quicker than more traditional reporting mechanisms.
These findings add another dimension to intelligence gathering because remaining current with
world news is crucial.
Moreover, Brelsford (2014) addressed the rapid development of social media.
Brelsford’s (2014) stated, “Government and defense intelligence are continually exploring and
developing strategies to utilize social media platforms to mine OSINT” (p.10). Social media
developed so quickly within recent years that it is understandable that government agencies
would want to maximize the methods to extract data from it.
Furthermore, the information provided by social media can aid in saving lives. Martin
(2014) stated,
given the popularity of social media platforms like Facebook, Twitter, and YouTube,
along with the extent that they are woven both into the life of the average citizen and the
national consciousness of the American public, told in specific real time updates puts it at
the forefront of identifying hard hit areas caused by natural disasters. There were some
holes in the existing research that should be addressed. (p. 40)
There were several inconsistencies in the sources when it came to the use of OSINT for
tactical or strategic intelligence. A disadvantage of OSINT was it being less useful for actionable
34
intelligence on a strategic level. Due to the fact that the same analytical processes take place in
both forms of intelligence it makes OSINT less valuable (Benavides, 2011).
However, Draeger (2009) stated that OSINT is valuable to all soldiers in any strategic or
tactical situation. The article compares the evolution of the information soldiers now have access
to on the battlefield. Soldiers no longer have to wait for maps, but utilize Internet based
information tools gain situational awareness. It can be inferred that on a surface level that OSINT
may not be as valuable for tactical or strategic intelligence, but upon further analysis can be
useful than previously thought.
Limitations of the Study
A limitation of this study was the limited amount of literature addressing the legality of
gathering open source information and data collection. One of the questions that the research
intended to answer was to identify the benefits and challenges of the legality of collection data
and mining. While there were a few sources that presented a minimal amount of material
regarding this topic, the research could not generate a fully comprehensive response. Compared
to other forms of intelligence OSINT is assumed to be the most ethically sound. While ethics of
OSINT analysts and other users are not addressed, Internet based OSINT could promote more
ethical practices related to mining for data among social media platforms. OSINT collected using
ethical means and methods can be used in legal proceedings and without the risk of exposing
sensitive information (Pallaris, 2008).
Recommendations
The methodologies necessary for adequate assessment of data being gathered or collected
have received considerable attention in the literature examined (Evidence Based Research, 2014).
Evidence based research came up with one solution to solve the issue of limited reliability that
35
inevitably leads to a lack of credibility in OSINT. Evidence Based Research (2014) proposed
that the following three questions be considered when assessing the reliability of information:
1. The actual historical reliability of that source on similar events or subjects, taking into
account the report’s self-assessment of reliability.
3. It’s consistency with information available from other sources. (Evidence Based
Research, 2014, p.2)
Cybersecurity professionals who choose to pursue careers as OSINT analysts or who will
frequently be extracting or mining for data in other fields are impeded by their skill or expertise
just as much as the data itself. In fact, most research indicates that OSINT already comes with
disadvantages to OSINT analysis because there are large amounts of useless data that make
extracting it is difficult and quite unreliable. Furthermore, due to the fact that just anyone post on
the Internet seemingly useful data when it is in fact it leads to more unreliable information.
Nevertheless, a few authors have suggested that even if the vast amounts of information
was decreased significantly that OSINT analysts may still encounter problems with information
gathering. (Best & Cumming, 2007; Draeger, 2009). Despite the rapid growth of the Internet and
data being accumulated on a daily basis, OSINT analysts should undergo advanced training to
yield an effective analysis of the data they are collecting. Draeger (2009) suggested a plan of
action that would allow one to become a certified expert in open source information collection. It
is a culmination of IT education, web-instruction, and a combination of on the job training or
formal training. A would-be OSINT expert should attain a mentor that is an expert user, and
producer of intelligence data.
36
Future Research
Another recommendation for future research is to determine the effects of suppressing
foreign speech. Two authors considered the consequences that the U.S. government had on
limiting foreign speech on national security (Morshirnia, 2013; Vlahos, 2005). It would be
beneficial to the research literature to include the full impact of this kind of action in order to
gain various viewpoints on the matter.
Other recommendations for further research include: continue to explore the
technological advancements in U.S. society and correlate them more closely with globalization;
identify which strategies are particularly effective to gain expertise in OSINT analysis; determine
how social media platforms can become more secure in order to prevent security breaches; and
explore the impact that social media platforms have on news reporting and the overall
dissemination of information throughout the world.
A limitation of this study was the lack of sources available in order to explore the issue
surrounding the legality of gathering information and data collection. While there were a few
sources that touched upon legal and ethical implication of using OSINT the literature in its
totality was not as comprehensive. While the current literate indicates that OSINT is the most
ethical compared to other forms of intelligence other scholars have differing opinions. The
security provisions of social media platforms have become a concern in recent years. Additional
research from various perspectives is necessary to address current and future outcomes regarding
ethical concerns. There is a possibility that some scholars will take the stance that OSINT
analysts do not extract data with the most ethical intentions. Further research could also pinpoint
what areas are more susceptible to security breach or infringement of privacy laws. Additional
research into the hacking activities of governmental officials and regular hackers will help
37
identify what leads to a security breach and under what circumstances will OSINT analysts
possibility risk mining confidential information.
Conclusions
The purpose of this research project was to answer the following questions: What are the
capabilities of Internet based open source tools; Maltego, Spokeo, and Shodan? What are the
limitations of Internet based OSINT? What are the legal issues related to gathering Internet based
OSINT?
Pallaris (2008) states: “Today, OSINT’s importance is widely acknowledged. It is
estimated that OSINT provides between 80 to 95 percent of the information used by the
intelligence community” (para. 2). Currently, the majority of authors agree that Internet based
OSINT is the most widely used form of intelligence by the U.S. I.C. Others believe that OSINT
is the only form of intelligence available to certain governments. Irrespective the overarching
consensus is that OSINT has made secret intelligence, HUMINT or SIGNIT virtually obsolete.
The agenda of U.S. intelligence agencies has changed dramatically and includes points of
concern that once never existed. Terrorist attacks, cyber warfare, and illegal immigration were
not issues of concern during the Cold War. It was important to detail the evolution of OSINT in
order to see why it came into prominence and the crucial role in plays in modern society.
An important aspect is the inference that Internet based OSINT has far more benefits than
drawbacks. Although there is a significant amount of information generated and that can lead to
a lack of credibility there are ways to get around those disadvantages. Meanwhile, some scholars
did contradict each other’s viewpoints, especially regarding whether OSINT is useful for
strategic or tactical situations. It was determined by Draeger (2009) that OSINT is valuable to all
soldiers no matter what strategic or tactical situation they may find themselves in. Draeger
38
(2009), stated “knowledge soldiers will not wait for maps, but will utilize information tools, such
as, Google Earth or search engines to gain situational awareness” (p.42).
The preferred methods that OSINT analysts use to effectively collection information is
using open source search engines. The most common open source search engines used by the
intelligence community are: Maltego, Spokeo, and Shodan. From the literature is was determined
that not all search engines are equal. It was found that social media platforms are more
susceptible to searches by Maltego. The most notorious of the search engines was considered to
be Shodan. Noted for its robust search capabilities and ability to target a subject very much like
Google, Shodan is regarded with apprehension within the I.C. The most basic search engine, but
the most commonly used by the I.C. is Spokeo because it gathers information that can be found
in the white pages.
It was determined that OSINT is one of the best forms of intelligence available to
intelligence agencies. The rapid advancement of technology and the Internet facilitated a
transformation in the intelligence agenda of the U.S. Therefore, OSINT beneficial for national
security. Another revelation found is that intelligence agencies may have created their own
weaknesses and limitations due to faulty infrastructure and intelligence cycle. Further, the vast
amounts of data generated may not be such as limitation if the OSINT analyst is poorly trained
or incompetent. This finding indicates that OSINT usability may depend more of the skill or
expertise of those that intend to use it rather than the data itself or some external factor.
A limitation of the study was a lack of sources that addressed the legality of gathering
information and data collection. The research question that pertains to the benefits and
challenges of the legality of data collection was addressed in limited sources. Pallaris (2008)
found that it was the most ethically sound form of intelligence. Other scholars may contend this
39
position due to the sensitive data that can be uncovered through data mining within social media
platforms. Current search engines can generate anywhere from a basic search to finding out what
groups you belong to, your friends, and even your address. Sensitive information that falls into
the wrong hands, such as those of hackers can have major legal implications for social media
users who want to protect their private information. Although there is some literature that
addresses the legality of open source gathering it does not result in a complete analysis and
therefore, the issue of whether it is ethical or not is still open to interpretation.
All in all, OSINT has made its mark on the U.S. I.C. and is here to stay. There are far
more benefits to its use and it is likely that more and more people will be accessing, mining, and
collecting data in order to satisfy the queries of their hearts. OSINT is an important area to
explore for Cybersecurity professionals because it will provide a foundation for its use and can
be an opportunity to develop strategies to defend against hacking, stealing of sensitive data, or
any other security concerns of the Internet. These strategies can extend to corporate servers,
clouds, and exclusive software used only by a select few in any given organization. It is worth
mentioning that OSINT includes various things, such as radio, television, books, magazines,
however, in our highly digitized world the Internet will be the biggest playing field –the world
cup of security, is now in cyberspace and the best players will be those well-versed in OSINT,
hence, those who have received the most extensive training.
40
References
Bartlett, J., Miller, C., Crump, J., & Middleton, L. (2013). Policing in an Information
Age. Creative Commons. Retrieved from www.demos.co.uk
Batterson, R., Weinbaum, M. (2001). The Pros and Cons of Globalization. Washington
University in St. Louis: Center for the Study of American Business
Bradbury, D. (2011). In Plain View: Open Source Intelligence. Computer Fraud and Security.
4, 5-9. doi: 10.1016/S1361-3723(11)70039-2
Brelsford, P. (2014). White Paper: Employing a social media monitoring tool as an OSINT
platform for Intelligence, Defense, and Security. talkwalker.com
Benavides, E.B. (June 2011). Open Source Intelligence (OSINT) Link Directory:
Targeting Tomorrow’s Terrorist Today (T4) through OSINT. Creative Commons.
Benes, Libor (2013). OSINT, New Technologies, Education: Expanding Opportunities
and Threats. A New Paradigm. Journal of Strategic Security. 6(5), 22-37.
Retrieved from http://dx.doi.org/10.5038/1944-0472.6.3S.3
Best Jr., Richard A., and Alfred Cumming. Open Source Intelligence (OSINT): Issues for
Congress: RL34270 Congressional Research Service: Report (December 5, 2007):
International Security & Counter Terrorism Reference Center, EBSCOhost.
Congressional Research Service: Report: International Security & Counter Terrorism
Reference Center, D.C., 2007, 1-23
Bloxham, A. (2011, May 19). Osama bin Laden's past video messages. Al-Qaeda. Retrieved
from http://www.telegraph.co.uk/news/worldnews/al-qaeda/8522949/Osama-bin-Ladens-
past-video-messages.html
41
Borene, Andrew M. Unclassified Information. Journal Of Counterterrorism & Homeland
Security International ( International Security & Counter Terrorism Reference Center) 17,
no. 4 (Winter 2011): 10-12
Center for Security Studies. CSS Analysis in Security Policy (ETH Zurich) 3, no. 32 (April 2008)
Colgan, G. (2008). OSNIT: A Basic Introduction: The Promises and Perils of Open Source
Intelligence. AIPIO
Chappell, B. (2014, May 27). Florida’s IQ Limit for Death Penalty Isn’t Constitutional
Supreme Court Says. NPR. Retrieved from http://www.npr.org/blogs/thetwoway/
2014/05/27/316315-861/florida-s-iq-limit-for-death-penalty-isnt-constitutional-
supreme-court-says
Draeger, W. R. (2009). Take advantage of OSINT. Military Intelligence Professional
Bulletin, 35(3), 39-44. Retrieved from http://search.proquest.com/docview/10177022-
33?accountid=14585
Duba, N. (2012). DEFCON-20:Douba- Sploitego-Maltego’s Partner in Crime. Retrieved
from http://www.defcon.org/images/defcon-20/dc-20-presentations/Douba/DEFCON-
20-Douba-Sploitego.pdf
Grabanowski, E. (2014, July 6) How the Patriot Act Works. HowStuffWorks.com. Retrieved
From http://people.howstuffworks.com/patriot-act.htm
Google. (2014). Google Earth. Retrieved from http://www.google.com/earth/explore/
products/earthview.html
Holland, B. R. (2012). Enabling open source intelligence (OSINT) in private social networks.
(Order No. 1512318, Iowa State University). ProQuest Dissertations and Theses, , 60.
Retrieved from http://search.proquest.com/docview/1022633488?accountid=14585.
42
(1022633488)
Karthik, R. (2012, July 24). Nine must-have OSINT Tools. Search Security.in. Retrieved
from http://searchsecurity.techtarget.in/photostory/2240160106/Nine-must-have-
OSINT-tools/2/1-Maltego
Kelley, M. B. (2014, May 1). Wikileaks Just Blew a Big Hole in the Snowden Narrative.
Business Insider. Retrieved from http://www.businessinsider.com/wikileaks-told-
snowden-to-stay-in-russia-2014-5
Krishnan, H. (2012). Information Gathering Using Maltego. InfoSec Institute. Retrieved from
http://resources.infosecinstitute.com/information-gathering-maltego/
Latham, Oliver (2012). Politicization of Intelligence Reporting: Evidence from the Cold War.
University of Warwick: Department of Economics PhD Session Retrieved from
http://www.2warwick.ac.uk/fac/soc/economics/news_events/conferences.peuk12
Lowenthal, Mark M. Open Source Intelligence: New Myths, New Realities. Defense Daily
Network Reports, D.C.: Office of Strategic Services, 1998
MacLeod, C. (2014, May 19). China Accuses U.S. of Hacking. USA Today Retrieved from
http://www.usatoday.com/story/news/world/2014/05/19/china-hacking/9293521/
Martin, R. M. (2014). Disaster Relief Intelligence Support. Marine Corps Gazette, 98(1), 39-
42. Retrieved from http://search.proquest.com/docview/1477207200?accountid=145-
85
Morrow, C. D. (2013). OSINT: Truths and misconceptions. Military Intelligence
Professional Bulletin, 39(2), 31-34. Retrieved from http://search.proquest.com/
docview/1477457287?accountid=14585
Moshirnia, A. V. (2013). Valuing Speech and OSINT in the Face of Judicial Deference.
43
Harvard National Security Journal, 4(2), 385-454
Noble, D. (2014). Assessing the Reliability of Open Source Information. 1st ed. [ebook]
Vienna: Evidence Based Research, Inc, p.7. Retrieved from https://www.google.com/
url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&ved=0CEAQFjAF&url=http%3A
%2F%2Fwww.fusion2004.foi.se%2Fpapers%2FIF04-1172.pdf&ei=BRTyU-
XDD6e_sQTP4Ag&usg=AFQjCNGKRla4uXOMzBvydxtx1FToDn1SVw&sig2=ox
EJKEKubgo6r9aRQKcgXA&bvm=bv.73231344,d.cWc
Occupytheweb. (May, 2014). Hack like a pro: How to find vulnerable targets using
shodan – The worlds most dangerous search engine. Retrieved from http://null-
byte.wonderhowto.com/how-to/hack-like-pro-find-vulnerable-targets-using-
shodan-the-worlds-most-dangerous-search-engine-0154576/ on May 22, 2014
Pallaris, C. (2008, May 5). Open Source Intelligence: A Strategic Enabler of National
Security. Institute for European and American Studies. Retrieved from
http://rieas.gr/research-areas/editorial/633.html
Pearson, D. (2012, December 27). OSINT Tools: Recommendations List. Social
Engineering Blogs Retrieved from http://www.socialengineeringblogs.com-
/category/spokeo/
Pugh, J. Mp. (2007, February 4). UK Government Ignores Open-Source Potential.
Retrieved from http://www.computing.co.uk/ctg/news/1844996/uk-government-
ignores-source-potential
Steele, Robert David. Open Source Intelligence. Strategic Intelligence: The Intelligence Cycle,
by Loch Johnson, 96-122. Westport, CT: Praeger, 2007
United States Senate. Committee on Intelligence. (2014). U.S. Senate Select Committee
44
On Intelligence: Review of the Terrorist Attacks on U.S. Facilities in Benghazi,
Libya, September 11-12, 2012. Washington DC: 113th Congress.
Vere Software (2011). How Authentication, Collection, and Reporting Strengthen
OSINT’s Value. Vere Software Investigative Tools. Retrieved from
http://www.veresoftware.com
Vlahos, K. B. (2005, July 28). Non-Secret Intelligence gets Cold Shoulder. Fox
News. Retrieved from http://www.foxnews.com/story/2005/07/28/non-
secret-intelligence-gets-cold-shoulder/
45

Open Source Intelligence A New Era of Information Gathering PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Open Source Intelligence A New Era of Information Gathering PDF

Uploaded by

Copyright:

Available Formats

OPEN SOURCE INTELLIGENCE: A NEW ERA OF INFORMATION GATHERING

A Capstone Project Submitted to Faculty of

In partial fulfillment of the Requirements for the Degree

Master of Science in Cybersecurity Program

All rights reserved

INFORMATION TO ALL USERS

All Rights Reserved

relationships, it has also enabled intelligence agencies to collect specific intelligence on a

particular individual, group, social network, or organization. Open source intelligence

80 to 95 percent of the information used by the Intelligence Community (I.C.) (Pallaris,

Keywords: Cybersecurity, Paul Pantani, cyber-threat, spear phishing.

Open Source Intelligence: A New Era of Information Gathering ........................................... 1

on the U.S. for the Chinese government since 1952.

related to terrorist activities with federal authorities (Grabianowski, 2007).

practices among different disciplines. Widespread diffusion of digital technologies drew

attention to the importance of publically available information. Today, the intelligence

information used by the I.C.

Classified and Confidential

(2007) stated the following:

(Center for Security Services, 2008).

to be a victim of foreign cyber-attacks, oftentimes being a target of U.S. intelligence agencies

attempting to gather information. Whistle-blower, Edward Snowden’s revelations about the

and other countries, including China, engage in similar activities.

Expanding Sources. Intelligence sources have undergone an expansion. Once an online

Intelligence failures. Colgan (2008) presents an example of a wide scale intelligence

budgets and other implications of OSNIT.

importance of OSINT in the war on terror, repeated Congressional findings, and

undermine American safety” (p.2-3).

Committee on Intelligence (2014) concluded “diplomacy and intelligence collection was

integrated, collaborate approach to learning. New technologies are substantially changing

mechanisms for doing so (Benes, 2013).

Globalization. Globalization has had a significant role to play in the prevalence of

(Batterson & Weinbaum, 2001).

Proper Tool Selection

source, especially to support a situation assessment or decision-making incident. Classification,

validity of the results (Vere Software, 2012).

information about a target entity using publicly accessible information.

client and the server is not encrypted.

information more valuable to intelligence professionals (Occupytheweb, 2014). One of the

Challenges and Limitations to Internet Based OSINT

implications of abuse as a weapon.

damages. The NSA has the capability to intercept electromagnetic communications. If an

traditionally hard to contact (Bartlett, Miller, Crump, & Middleton, 2013).

intelligence gathering and to identify challenges pertaining to the legality of collected

Internet based OSINT?

According to Pallaris (2008), OSINT information gathered from publicly available

needs, “most governmental agencies depend on it to create tailored knowledge supportive of a

specific decision” (Benavides, 2011, p.9).

benefit from this information when implementing effective battle strategies.

Capabilities of Internet based OSINT Tools

Shodan. In a blog published in WonderHowTo, an anonymous hacker described Shodan,

involves no political or organizational risks.

although the Cold War is over.

Processing, 4) Analysis and 5) Dissemination” (p.7).

evolution of OSINT: no standards, no geospatial attributes, and no integration. The lack of

incoming data and place where that data is collected.

assessing the reliability of information:

1. The actual historical reliability of that source on similar events or

subjects, taking into account the report’s self-assessment of reliability.

2. The report’s consistency with confirmed facts and precedents.

3. It’s consistency with information available from other sources. (Noble,

sources in order to make an effective comparison (Noble, 2014).

SIGNIT are highly preferred. (Benavides, 2011).