Let start by defining what open-source intelligence is. Open-source intelligence (OSINT) is derived from data and information that can be accessed by the general public. More specifically, OSINT consists of all information that is published or broadcast for a public audience, available to the public by subscription or purchase, can be seen or heard by any casual observer, made available at a meeting open to the public, published online (forums, social media, message boards, blogs, comments, articles, open letters and propaganda, etc.)
These sources are not only present on the surface web, but also the deep and dark web. For investigators and analysts, OSINT is a necessary tool for their investigations and analyses. That’s why OSINT is so widely used, which makes sense.
On the downside, open-source data and information can easily overload teams due to the huge volume of unstructured data. Collecting and processing this data in a timely manner is not humanly possible without the help of OSINT tools. Furthermore, a large part of investigations consists of collecting open-source intelligence from the dark web, which cannot be accessed by standard browsers. When collecting data from the dark web, investigators do not want to be exposed to potential threats or being detected by threat actors. That’s why OSINT tools are required to meet these OSINT challenges.
OSINT and SOCMINT tools and techniques are designed to assist investigators and analysts with their specific investigations and analyses. SOCMINT refers to social media intelligence which requires special tools such as dark web monitoring software next to dark web scanning software. SOCMINT has gained in importance since threat actors use social media (especially on the dark web) to communicate with other threat actors or groups, buy and sell stolen goods, and buy resources such as toolkits for cyberattacks, weapons, other goods to e.g., plan and execute cyber or terror attacks, and receive payments in cryptocurrencies.
When choosing the right OSINT tools, it is important to look at the various functionalities that are needed to get actionable insights for taking action. For instance, crime investigators would like to use crime prediction software, social media investigation tools, and criminal investigation software to solve cases and prevent crimes. Other features they could be looking for are dark web security monitoring, cybersecurity footprinting, or location-based intelligence capabilities that will help them to get insight into the identities, movements, and intentions of threat actors.
All these OSINT tools help investigators to analyze massive amounts of unstructured data, also in foreign languages, as well as provide tailored analytics to deliver immediate, high-impact results to meet these OSINT challenges that would otherwise be tedious and time-consuming.
Since open-source intelligence (and SOCMINT intelligence) require an investigator or analyst to identify and correlate multiple data points to validate a threat before action, only the best OSINT tools must be used.
It is important to know that no matter how good the OSINT tools are, there must be a clear strategy and framework in place for acquiring and using open-source intelligence. For instance, one of the criteria for an OSINT solution must be the ability for investigators and analysts to search for specific keywords or phrases relevant to their investigation. Depending on the type of investigations, other criteria might consist of collecting and analyzing data relating to human trafficking on the dark web, natural disasters, or cyber protection.
In general, when answering the question “What is OSINT?” there are two aspects to consider: passive and active OSINT data and information collection. Passive collection relates to open source threat intelligence, which combines a variety of analyzed threat feeds into a single, easily accessible location such as the GUI of a WEBINT platform that uses artificial intelligence, machine learning, and natural language processing to automate the process of prioritizing and dismissing alerts based on the user’s specific needs. Active collection is the use of a variety of techniques to search for specific insights or information such as metadata, code search, identities, behavior patterns, networks, locations, intentions, etc.
Overall, an AI-powered WEBINT platform, such as the one of Cobwebs Technologies, is ideally suited to meet the open-source intelligence and SOCMINT intelligence needs of organizations.