Open Source Intelligence Investigation - From Strategy to Implementation

Preface

Acknowledgements

Contents

Editors and Contributors

Introduction

1 OSINT as an Integral Part of the National Security Apparatus

Abstract

1.1 Introduction

1.2 OSINT and Counter Terrorism Strategy

1.3 The CENTRIC OSINT Hub

1.4 Concluding Remarks

References

2 Open Source Intelligence and the Protection of National Security

Abstract

2.1 Introduction

2.2 From Threat to Threat

2.3 Online Radicalisation

2.4 Counter Measures

2.5 Conclusions

References

3 Police Use of Open Source Intelligence: The Longer Arm of Law

Abstract

3.1 Introduction

3.2 Understanding Intelligence in Policing

3.3 Intelligence Collection Disciplines

3.4 Characteristics of Open Source Intelligence

3.5 Modelling Open Source Intelligence

3.6 Conclusions

References

4 OSINT as Part of the Strategic National Security Landscape

Abstract

4.1 Introduction

4.2 Understanding the Strategic Landscape into Which OSINT Must Be Applied

4.3 Understanding the Intelligence Cycle in Which OSINT Must Exist and the Wider Intelligence Mix in Which It Must Integrate

4.3.1 Understanding the Application of OSINT in Operational Decision Making

4.3.2 UK Government Intelligence: Its Nature, Collection, Assessment and Use

4.4 How Might an Overarching Information Governance Architecture Support OSINT for Decision Making Within the Wider Intelligence Mix and Cycle?

4.5 Summary

References

5 Taking Stock of Subjective Narratives Surrounding Modern OSINT

Abstract

5.1 Introduction

5.2 Contextual Background

5.3 Lack of Public Clarity

5.4 Opposing Narratives

5.5 Independent Reviews

5.6 Conclusion

References

Methods, Tools and Techiques

6 Acquisition and Preparation of Data for OSINT Investigations

Abstract

6.1 Introduction

6.2 Reasons and Strategies for Data Collection

6.3 Data Types and Sources

6.3.1 Structured and Unstructured Data

6.3.2 Where and How to Obtain Open Source Data

6.3.2.1 Supporting Manual Searches

6.3.2.2 Web Crawling and Spiders

6.3.2.3 Web Metadata

6.3.2.4 APIs

6.3.2.5 Open Data

6.3.2.6 Social Media

6.3.2.7 Traditional Media

6.3.2.8 RSS

6.3.2.9 Grey Literature

6.3.2.10 Paid Data and Consented Data

6.3.2.11 Data on the Deep and Dark Web

6.4 Information Extraction

6.4.1 Natural Language Processing

6.4.1.1 Main Body Extraction

6.4.1.2 Entity Extraction

6.4.2 Modelling

6.4.2.1 Entity Relation Modelling

6.4.3 Feedback Loops

6.4.4 Validation Processes

6.4.5 Disinformation and Malicious Intent

6.4.6 Software Tools for Data Collection and Preparation

6.5 Privacy and Ethical Issues

6.5.1 Privacy by Design

6.5.2 Being Polite Online

6.5.2.1 Monitor Web Crawls and Respecting robots.txt

6.5.2.2 Keeping to API Limits

6.6 Conclusion

References

7 Analysis, Interpretation and Validation of Open Source Data

Abstract

7.1 Introduction

7.2 Types of Data Analysis

7.2.1 Textual Analysis

7.2.1.1 Text Processing

7.2.1.2 Word Sense Disambiguation

7.2.1.3 Sentiment Analysis

7.2.2 Aggregation

7.2.2.1 Document Clustering

7.2.3 Connecting the Dots

7.2.3.1 Network Analysis

7.2.3.2 Co-occurrence Networks

7.3 Location Resolution

7.3.1 Geocoding

7.3.2 Reverse Geocoding

7.4 Validating Open Source Information

7.4.1 Methods for Assigning Priority

7.4.2 Approaches for Recognising Credibility

7.4.3 Methods for Identifying Corroboration

7.5 Conclusion

References

8 OSINT and the Dark Web

Abstract

8.1 Introduction

8.2 Dark Web

8.2.1 Darknets on the Dark Web

8.2.2 Dark Web Size

8.2.3 Dark Web Content

8.3 OSINT on the Dark Web

8.3.1 Landscape of Dark Web Activities of Investigative Interest

8.3.2 Challenges Faced by LEAs on the Dark Web

8.4 OSINT Techniques on the Dark Web

8.4.1 Crawling

8.4.2 Search Engines

8.4.3 Traffic Analysis and de-Anonymization

8.5 Case Study: HME-Related Information on the Dark Web

8.5.1 Methodology

8.5.2 Experimental Evaluation

8.6 Conclusions

References

9 Fusion of OSINT and Non-OSINT Data

Abstract

9.1 Introduction

9.2 OSINT Data

9.2.1 Geographical Data

9.2.2 Statistical Data

9.2.3 Electoral Register

9.2.4 Court Records

9.2.5 Social Media

9.2.6 Blogging Platforms

9.2.7 Search Engines

9.2.8 Internet Archive

9.2.9 Freedom of Information

9.3 Non-OSINT Data

9.3.1 Criminal Records

9.3.2 Financial Records

9.3.3 Telecommunication Records

9.3.4 Medical Records

9.3.5 Imagery, Sensors and Video Data

9.4 Fusion Opportunities

9.4.1 Targeted Search

9.4.2 Validation of Other ‘INTs’

9.4.3 Filling in the Missing Links

9.4.3.1 Identity Matching

9.4.3.2 Enhanced Social Network Creation

9.4.4 Environmental Scanning

9.4.5 Predictive Policing

9.4.6 Situational Awareness During Major Events

9.4.7 Identification and Tracking of Foreign Fighters

9.4.8 Child Sexual Exploitation

9.5 Conclusions

References

10 Tools for OSINT-Based Investigations

Abstract

10.1 Introduction

10.1.1 Effective Cyber-Risk Management

10.2 Key Assessment Themes

10.2.1 Security

10.2.1.1 Privacy

10.2.1.2 Protecting Against Malware

10.2.1.3 Unnecessary Bundled Software

10.2.1.4 Cloud-Based Services

10.2.2 Reliability

10.2.2.1 Code Quality

10.2.2.2 Open Formats and Standards

10.2.3 Legality

10.2.3.1 Licensing

10.2.3.2 Authorities

10.3 Completing a Tool Review

10.4 Assessment Framework

10.4.1 Document Information

10.4.2 Supplier Assessment

10.4.3 External Assessments

10.4.4 Practitioner’s Assessment

10.5 Conclusion

References

11 Fluidity and Rigour: Addressing the Design Considerations for OSINT Tools and Processes

Abstract

11.1 Introduction

11.2 Intelligence Analysis

11.3 What Do We Design?

11.4 Designing for Fluidity and Rigour

11.4.1 Fluidity as a Design Concept for OSINT Investigations

11.4.2 Rigour as a Design Concept for OSINT Investigations

11.5 Conclusions: Guidance for Designing Analysts’ Tools

Acknowledgments

References

Pratical Application and Cases

12 A New Age of Open Source Investigation: International Examples

Abstract

12.1 Introduction

12.2 Conclusion

References

13 Use Cases and Best Practices for LEAs

Abstract

13.1 Introduction

13.2 OSINT in an Increasingly Digital World

13.3 OSINT Best Practices for LEAs

13.3.1 Absolutes

13.3.2 Exploitables

13.3.3 Information Auditing

13.3.4 Strategic Data Acquisition

13.3.5 OSINT Pitfalls

13.3.5.1 Leakage

13.3.5.2 Anonymization

13.3.5.3 Crowd-Sourcing and Vigilantism

13.3.5.4 Corrupting the Chain of Evidence

13.3.5.5 Source Validation

13.4 LEA Usage of OSINT in Investigations: Case Examples

13.4.1 Exploiting Friendships in an Armed Robbery Case

13.4.2 Locating Wanted People Through Social Media

13.4.3 Locating a Sex Offender

13.4.4 Proactive Investigation Following a Terrorist Attack

13.5 Going Undercover on Social Media

13.6 Conclusions

References

14 OSINT in the Context of Cyber-Security

Abstract

14.1 Introduction

14.2 The Importance of OSINT with a View on Cyber Security

14.3 Cyber Threats: Terminology and Classification

14.4 Cyber-Crime Investigations

14.4.1 Approaches, Methods and Techniques

14.4.2 Detection and Prevention of Cyber Threats

14.5 Conclusions

References

15 Combatting Cybercrime and Sexual Exploitation of Children: An Open Source Toolkit

Abstract

15.1 Introduction

15.2 The Extended Impact of Cybercrime

15.3 Tools for Law Enforcement

15.4 The Role of OSINT

15.5 The UINFC2 Approach

15.5.1 Citizen Reporting Form

15.5.2 LEA/HOTLINE UINFC2 Platform

15.6 Concluding Remarks

Acknowledgments

References

16 Identifying Illegal Cartel Activities from Open Sources

Abstract

16.1 Introduction

16.2 The Principles

16.2.1 The Definition of a Cartel

16.2.2 The Sources of Information

16.2.2.1 Government Procurement Records

16.2.2.2 Company Registry

16.2.2.3 Legal Databases

16.2.2.4 Other Open-Source Intelligence (OSINT) sources

16.2.3 Cartel Patterns

16.2.4 Security Models

16.2.4.1 Negative Security Models and Supervised Learning

16.2.4.2 Positive Security Models and Unsupervised Learning

16.3 Data Acquisition from Open Sources

16.3.1 The Architecture

16.3.2 Entity Extraction

16.3.3 Filtering Out Suspicious Items in the Fusion Centre

16.3.4 Feature Engineering

16.3.5 Fitted Parameters of Economic Models

16.3.6 Network Science and Visualization

16.4 Machine Learning Methodologies

16.4.1 Evaluation of Predictive Methods

16.4.2 Logistic Regression

16.4.3 Decision Trees

16.4.4 Boosting

16.5 Conclusion and Further Work

References

Legal Considerations

17 Legal Considerations for Using Open Source Intelligence in the Context of Cybercrime and Cyberterrorism

Abstract

17.1 Introduction

17.2 Citizens’ Perceptions and Human Rights

17.3 Investigatory Powers

17.3.1 Existing and Proposed Powers

17.3.2 (Un)Lawful Practices

17.4 Data Protection

17.4.1 The Legislation

17.4.2 Further Considerations

17.5 Data Acquisition

17.6 Rules of Evidence

17.6.1 Seizing Digital Evidence

17.7 Unused Material

17.8 Different Jurisdictions

17.9 Overcoming Problems

17.9.1 Europol

17.9.2 Joint Investigation Teams

17.9.3 Eurojust

17.9.4 CEPOL

17.9.5 Interpol

17.10 Summary

17.11 Conclusion

References

18 Following the Breadcrumbs: Using Open Source Intelligence as Evidence in Criminal Proceedings

Abstract

18.1 Introduction

18.2 What Is the Difference Between Intelligence and Evidence?

18.3 Practical Issues

18.4 Legal Framework

18.5 European Convention on Human Rights

18.6 Uses of OSINT as Evidence

18.7 Conclusion

References