A few days ago, one of the thousands self-proclaimed experts on OSINT held a presentation in one of the capitals of Europe. A crowded audience of mid-level business executives hungrily listened to the "expert" at the podium. They all wanted to learn about what you can do with open source intelligence and also how the displayed skills could be used against their own companies. A great initiative for a knowledge seeking group of business professionals. But there were a few problems on the horizon.
· They probably bought all the nonsense that was presented, just because they did not understand that the presenter was spinning the old early 1990's wheel of OSINT concept with a few sprinkles of words like Cyber, Threat and Deep & Dark Web.
· They probably bought it because they did not do their due diligence on the presenter. They believed that it was an expert due to its non-verifiable background in one of the national intelligence agencies. The safest way to tell people that you are an expert without saying or proving anything is to claim” I can’t tell you because its classified”.
· The usual weapon, the poorly crafted power point pack, was filled with impressive buzzwords and acronyms that for a novice creates an aura of prestige and secrecy - ”Wow, this person really knows what he is talking about”. The truth is that the presenter never been active as an OSINT executive or worker. To chant "Yes Sir I can Google!" is not OSINT.
· OSINT was presented as ”an activity on the internet”. Sadly, this view of OSINT is also echoed at the national intelligence level around the world. Some nations now claim that OSINT = Web Intelligence. Clearly, adherents to other traditional collection disciplines such as HUMINT, SIGINT etc. are trying to diminish the value of OSINT.
The positive outcome of this poor presentation was that I realized that the Intelligence and also the corporate world still have a problem that is no different from what existed in the late 1980’s.
Firstly, Intelligence is a process and a product tailored to a specific requirement. One person’s intelligence product is another person’s data or information product. Regardless of what collection discipline that supplies the data and information, the process to create a tailored intelligence product is 99% of the time the same. And regardless of the origin of the source, an Intelligence product is useless if you don´t have a requirement or objective to make it actionable.
Secondly – if an intelligence product is based only on SigInt, HumInt, ImInt, OsInt etc. it is probably of lesser value than an all source intelligence product. Content with context is key. And maybe the key value added for Open Source Information is to provide context, sanity check, validation and a control function of the other collection disciplines. But the target is missed, if the disciplines are in locked Silos and a turf war legacy.
Thirdly, with regards to OSINT, I have seen many examples where nations tend to think in volume instead of quality with speed. I have seen too many examples of complex technology overload, information overload and fixation with traditional intelligence cycle processes. I have seen examples of recruiting that is fixed on titles, degrees and formal backgrounds instead of looking at qualities like creativity, curiosity and adaptability to constant change. Threat Intelligence & OSINT (if we want to keep that acronym) of today should equal dynamic methods and processes that should be reflected in sense making tools and frameworks. It is all about digital transformation. And digital transformation includes how non-digital sources (HUMINT, SIGINT, etc.) needs to be normalized and included in the information repository that the analyst accesses. The analysts need to change focus to actionable output and dynamic workflow. They need to adapt to methods and solutions that minimizes the output into just what is needed. The “learn to search on Google and then cut& paste” approach that the above-mentioned presenter boosted needs to be eradicated.
The end users (the clients) also need to be trained in how to make relevant and focused questions and understand what can be done using only Open Source Information and they need to understand that a response to a focused request that support a future action is Intelligence.
The whole community also need to be aware that the self-proclaimed experts will continue to proliferate in the Egocentric Era will live in. This is the biggest danger. Fake experts that search Fake news is not the best recipe for success.
So, let’s agree: Legal and Ethical AnyInt that supports your organization or business is what we all need.
It is a fact that many government agencies both in the U.S. and around the world restrict their employees from visiting social networking sites (SNS) through the use of a firewall filter. This is also true for many major corporations. While some employees honor their organization's policy, many are turning to free proxy services in order to get their daily social networking fix on Twitter, Facebook,YouTube, etc.
It is a widely accepted belief from OSINT (Open Source Intelligence) practitioners that these kind of restrictions ultimate effect, will be to further isolate the intelligence agencies from the "real" or unclassified world. In our daily operations, we use professional and social network sites to identify and reach out to individuals who may ultimately offer, and be willing to share their expertise, working knowledge and potential network in a collaborative manner to facilitate, promote and share other resources for potential opportunities or joint ventures. Doing it “old school “ would require massive investments in time, money and OpSec (Operational Security) which may ultimately yield very little usable information and/or contacts.
Yes, we do understand the problem and risk associated with intelligence officers that use secret compartmentalized and classified information which may prove to trigger things on the internet; however, it is our belief that these errors and mistakes are caused by lack of training and education in the new cyber operating environment and do not represent a new phenomenon. Examples of this date all the way back to the early 90's when seasoned intelligence officers took information from classified material and performed searches on the early day search engines like AltaVista, commercial databases like Dialog and the now defunct Reuters Business Briefing (predecessor to Factiva) We also saw examples of how news from wire services were wiped clean from source and time stamps and then marked as classified; a practice which is still common today in many intelligence services.
THE FIX?BETTER AND SMARTER TRAINING IN REAL OSINT, not the cut and paste and Googlification that we see in so many places. OSINT is NOT how to search the Internet or creating search strings in digital oceans. That is just a small piece of the trade craft.
Government agencies could learn a lot from the commercial intelligence activities, since they live an breath publicly and legally obtainable information that is coined "OSINT" by the intelligence agencies.
And we are all humans 3.0 with the same drive and desire to stay connected and be up to speed with our friends, family and colleagues. This human drive, coupled with today's social media networking sites (SNS) provides for a better quality of life and will exponentially promote our evolution as active participants in today's global society. The end result of this employer restriction and control is and will always be human adaptation to overcome this control. People are now turning to free proxy services to reach their Facebook, LinkedIn and Twitter feeds. Employees are routinely using their private smartphones to communicate via social networking inside the workplace to avoid detection and recourse from their employers and these social media networking sites keep log files.
So what is the answer? The answer lies in education, training and employer implemented policy which adapts to new social media phenomena versus waging an expensive and futile effort to control this phenomena.
We know, from years of experience, that smart clients and companies use external consultancies and advisers as proxys. This is a better and smarter way, but it also poses a question: Should Government agencies that deal with HUMINT and SIGINT deal with OSINT? Would it not be better to outsource this to companies that live and breathe in this kind of environment and may have 50+ commercial clients that actually act as a super proxy, making it impossible for anyone to figure out which client is asking for what and ultimately promotes complete anonymity and operational security?
Big consultancies such as McKinsey & Company and Strategy+, in addition to smaller outfits such as ourselves, Infosphere AB, enable and promote environments where you always stay in touch with people and experts around the globe in a dynamic collaborative setup that encourages and feeds an openness. This concept of an environment and culture of openness is not well nurtured in the government intelligence agencies, nor in big international companies internal intelligence operations. True implementation of this concept will require a shift in the "old school" thought process and belief that more classification and over classification is good for the advancement and safety of society as a whole.
Just more frustrated.