OSINT operations introduction

OSINT operations introduction

The main objective of worldwide intelligence services is to be aware and stay ahead of any incident or transaction before it even occurs, if possible. In this context agencies use all kind of HUMINT/SIGINT means. Article provides an intro on basic OSING methodology.

The main objective of worldwide intelligence services is to be aware and stay ahead of any incident or transaction before it even occurs, if possible. In this context agencies use all kind of HUMINT/SIGINT means.

Now, since this sum of intelligence may be huge in size and only a portion of it may worth of focus and analysis, what are the criteria’s of selecting accurate data?

In order to make this clear it is needed to define what is considered as valuable information and if it’s a part of context worth of collecting and analyzing. As this is not an operator’s training course but rather an introduction on field intelligence gathering, following bullet points will be an overview of major focus terms but not a full and conclusive guide

Knowledge Value ChainIntelligence Value Criteria (As collected on field):

1. Value of information. Intelligence data pieces importance are as significant as the target/objective they are associated with. What needs to be filtered also is the time period they are valid for.

2. Value of targeted entity mentioned on or/and holding the information. The nature of importance of the entity associated with the intelligence gathered, is also a factor that is amplifying the importance of data collected. For instance, a piece of data intercepted or mentioning a high value political target is considered to be more important that intercepting a conversation between his driver and his secretary. This is not always the rule, of course, as it depends on the content of intelligence, also.

3. Cross-Checking vs deception. In the context of counterintelligence while enforcing an effective security policy, intelligence maybe falsified in purpose or manipulated in order to misinform opponents or guide them into another direction. This is used as an act of protection, in order to gain leverage against the opposing side by leading someone to a forced action (like beating sticks into bushes to drive a fox out) or send opponents on a wild goose chase (an art of deception) while accomplishing your goals. Therefore, information obtained should always pass a filter/crosscheck for validity and integrity before it becomes useful as many operators use same methods of deception and manipulation.
4. Validity of Source. Never reject intelligence because the source is considered as “not generally trusted”. Most of the times, source’s validity may be a factor to consider, but under no circumstances it should be taken as a granted and absolute indicator which in turn, leads to “reject by default” when it comes on intelligence gathering. This is a serious mistake, as it has been proven that data coming from “not trusted sources”, both on HUMINT and SIGINT level, have provided very important intelligence (or even raw evidence. e.g. a photograph, testimony, etc.). There have been proven cases of leakage or communication over, gossip web sites, blogs of no importance, people with reputation of misinforming, that lead to successful operations later on (especially on terrorism cases where such ways of communication are widely used. Example using adds for hire, adds for selling, etc.).

5. Influence / Impact of information. Each piece of information has specific importance and impact on an issue. If this is going to be big or small, depends in its content, time validity, importance of source, importance of context it’s going to be used, etc.

Depending on these factors, it can be classified and archived on a priority table (e.g. Database). Criteria used for classification, also vary, depending on the intentions and goals people may have when they have a use for it.

For instance, a piece of data describing movement of a ship’s supplies cargo from Africa to Europe may seem worthless to an Army operator, but it may worth a lot for a port Authority if it’s able to combine it with other piece of data on smugglers. All pieces of data worth something to a proper party in time. (note: special chapter and article maybe needed here to explain the importance of sharing intelligence in a compartmentalized way).

It is also important to emphasize that intelligence is the foundation of building a case analysis in order to select a set of actions to follow. Such a set of actions, maybe of small scale or could evolve into a complex design of strategy full implementation plan.

Which is why selecting actions should take place by analyzing only real facts (raw intelligence, filtered and classified) and not based on conjecture, personal considerations, fallacies, etc. Intelligence should be validated, cross checked and properly associated to the respective context (classification). Intelligence should be provided as raw knowledge and not as a product of subjective thinking by operator (fallacy).

There are also other factors to take under consideration, especially when you are on the field and don’t have the luxury of time to verify intelligence data to great extent, but this would take a long training course and this article’s objective is to introduce intelligence first collection phase than train someone as a field operator.

Some safety and security details are also described below just to give some hints which needs to be taken under consideration when someone is on intelligence collection (HUMINT-SIGINT) while everything is in action.

1. Telecommunications are a product of third-party services. They are constantly monitored, filtered and administered by entities not visible or known to operators on field. This is crucial to remember as what someone transmits/receives over public comms, could be filtered (traffic shaping/ keyword flagging) by third parties. Operators/consultants need to take additional security measures to protect communications when needed. A very simple measure is to give intel only while being in face to face meetings.

Another way of digital protecting intelligence is to use encryption or steganography while using digital communication. This may be achievable by using parts of software or hardware. Point of caution here. Hardware encryption is providing high level security and usually raises flags and attracts attention as it shows that intelligence transmitted maybe of great value. Encryption may save data, but certainly works as a beaming light for anyone monitoring comms. An evaluation on the fly, should be considered if there is really such a need to use high grade level of encryption or not.

2. Participating in social groups/media on electronic networks is always a case to consider, but take notice that there will be also many people, in them, able to hear or collect information as possible opposing operators. In such cases, fake profiles with limited activity may be used in combination with other technological tools to evade tracking (e.g. anonymizing proxies, public wi-fi, etc.).

3. Using borrowed or even stolen devices (bought in black market) in order to communicate, should be done with extreme prejudice and caution, as there is no way to know if they are hacked/rooted/bugged/tapped. Best to avoid.

4. Nothing is 100% secure and full proof. Providing security is also very expensive. This should be carefully considered when it comes on using equipment and planning actions investment in order to protect intelligence. Security cost equation vs value cost of protected object must always be a basic argument when it comes on guarding intelligence (same concept here, as in any other security domain). Value of data should not be exceeded by security measures cost in place. Besides having a false decision on financial investment, at the end of day, attention attracted by measures in place, may do more harm than good. Unless the intention is to do exactly that. Attract attention on a low-level data target (aka deception).

By concluding this introduction article (by no means concluding on subject), one question may arise as an outcome of the things mentioned here.

How valuable is a piece of intelligence for you, and to what extent of length, on interception/protection actions you wish to go?

Alexandros Niklan
Sr. Security Consultant