 | This article has multiple issues. Please helpimprove it or discuss these issues on thetalk page.(Learn how and when to remove these messages) (Learn how and when to remove this message)
|
Open source intelligence (OSINT) is the collection and analysis of data gathered from open sources (overt sources and publicly available information) to produce actionable intelligence. OSINT is primarily used innational security,law enforcement, andbusiness intelligence functions and is of value to analysts who use non-sensitive intelligence in answeringclassified,unclassified, orproprietary intelligencerequirements across the previous intelligence disciplines.[1]
OSINT sources can be divided up into six different categories of information flow:[2]
OSINT is distinguished from research in that it applies theprocess of intelligence to create tailored knowledge supportive of a specific decision by a specific individual or group.[3]
Collecting open-source intelligence is achieved in a variety of different ways,[4] such as:
OSINT, broadly defined, involves gathering and analyzing publicly accessible information to produce actionable insights.[5]
TheU.S. Department of Homeland Security defines OSINT as intelligence derived from publicly available information, collected and disseminated promptly to address specific intelligence needs.[6]
NATO describes OSINT as intelligence obtained from publicly available information and other unclassified data with limited public distribution or access.[7]
TheEuropean Union defines OSINT as the collecting and analyzing information from open sources to generate actionable intelligence, supporting areas like national security, law enforcement, and business intelligence.[8]
TheUnited Nations has also recognized OSINT’s potential, noting its value in monitoring member states’ compliance with international regulations across various sectors, including public health and human rights.[9]
In theprivate sector, companies likeIBM define OSINT as the process of gathering and analyzing publicly available information to assess threats, inform decisions, or answer specific questions. Similarly, cybersecurity firms such asCrowdStrike describe OSINT as the act of collecting and analyzing publicly available data for intelligence purposes.[10]
OSINT practices have been documented as early as the mid-19th century in the United States and early 20th century in the United Kingdom.[11]
OSINT in theUnited States traces its origins to the 1941 creation of theForeign Broadcast Monitoring Service (FBMS), an agency responsible for the monitoring of foreign broadcasts. An example of their work was the correlation of changes in the price of oranges in Paris with successful bombings of railway bridges duringWorld War II.[12]
TheAspin-Brown Commission stated in 1996 that US access to open sources was "severely deficient" and that this should be a "top priority" for both funding andDCI attention.[13]
In July 2004, following theSeptember 11 attacks, the9/11 Commission recommended the creation of an open-source intelligence agency.[14] In March 2005, theIraq Intelligence Commission recommended[15] the creation of an open-source directorate at the CIA.
Following these recommendations, in November 2005 theDirector of National Intelligence announced the creation of the DNIOpen Source Center. The Center was established to collect information available from "the Internet, databases, press, radio, television, video, geospatial data, photos and commercial imagery."[16] In addition to collecting openly available information, it would train analysts to make better use of this information. The center absorbed theCIA's previously existingForeign Broadcast Information Service (FBIS), originally established in 1941, with FBIS head Douglas Naquin named as director of the center.[17] Then, following the events of9/11 theIntelligence Reform and Terrorism Prevention Act merged FBIS and other research elements into theOffice of the Director of National Intelligence creating theOpen Source Enterprise.
Furthermore, the private sector has invested in tools which aid in OSINT collection and analysis. Specifically,In-Q-Tel, aCentral Intelligence Agency supported venture capital firm in Arlington, VA assisted companies develop web-monitoring and predictive analysis tools.
In December 2005, the Director of National Intelligence appointedEliot A. Jardines as the Assistant Deputy Director of National Intelligence for Open Source to serve as the Intelligence Community's senior intelligence officer for open source and to provide strategy, guidance and oversight for theNational Open Source Enterprise.[18] Mr. Jardines has established the National Open Source Enterprise[19] and authoredintelligence community directive 301. In 2008, Mr. Jardines returned to the private sector and was succeeded byDan Butler who is ADDNI/OS[20] and previously Mr. Jardines' Senior Advisor for Policy.[21]
![Systematic Software Engineering uses open source intelligence, compiled by [[Janes Information Services]], as part of its intelligence platform.](/mt/?noimg=&dark=on&url=http%3a%2f%2fen.wikipedia.org%2fwiki%2fFile%3aCommand_Post_Computing_Environment_multiple_screens_Photo_US_Army_released_to_Public_Domain.jpg)
The web browser is a powerful OSINT tool that provides access to numerous websites and both open source and proprietary software tools that are either purpose-built for open source information collection or can be exploited for either gathering open source information or to facilitate analysis and validation to provide intelligence. A cottage industry of both for-profit and not-for-profit investigative and educational groups such asBellingcat, IntelTechniques, SANS, Liferaft and others, offer indices, books, podcasts and video training materials on OSINT tools and techniques. Books such as Michael Bazzell'sOpen Source Intelligence Techniques serve as indices to resources across multiple domains but according the author, due to the rapidly changing information landscape, some tools and techniques change or become obsolete frequently, hence it is imperative for OSINT researchers to study, train and survey the landscape of source material regularly.[22] A guide by Ryan Fedasiuk, an analyst at theCenter for Security and Emerging Technology, lists six tools open-source analysts can use to stay safe and utilize operational security (OPSEC) when conducting online investigations. These includeVPNs, cached webpages,digital archive services, URL and file scanners, browser sandbox applications, andantivirus software.[23]
Numerous lists of aggregated OSINT content are available on the web. The OSINT Framework contains over 30 primary categories of tools and is maintained as an open source project onGitHub.[24]
A main hindrance to practical OSINT is the volume of information it has to deal withinformation explosion. The amount of data being distributed increases at a rate that it becomes difficult toevaluate sources inintelligence analysis. To a small degree the work has sometimes been done by amateur crowd-sourcing.[25]
Private individuals illegally collecting data for a foreign military or intelligence agency is consideredespionage in most countries. Espionage that is nottreason (e.g. betraying one's country of citizenship) has been a tool of statecraft since ancient times.[26]
McAfee Institute offers several government-recognized certification programs in open-source intelligence (OSINT) and related investigative disciplines. TheCertified in Open Source Intelligence (C|OSINT) program provides structured training in the collection, verification, and analysis of publicly available information, aligning with recognized standards for intelligence and law enforcement professionals.
McAfee Institute’s certification programs are approved by the Missouri Department of Higher Education and Workforce Development (MDHEWD),[27] listed in the National Initiative for Cybersecurity Careers and Studies (NICCS) training catalog maintained by the U.S. Department of Homeland Security, and recognized by the U.S. Department of Defense Credentialing Opportunities On-Line (COOL)[28]program for all military branches.
According to the McAfee Institute, the C|OSINT certification validates professional competency in conducting lawful and ethical online investigations, emphasizing intelligence tradecraft, digital profiling, and open-source data analysis. Graduates receive lifetime access to updated course materials and instructor support.
The OSINT Foundation is a professional association for OSINT practitioners in the United States Intelligence Community.[29] It is open to U.S. Citizens and seeks to raise the prominence of the open-source intelligence discipline.[30]
OSMOSIS (an association for OSINT professionals) provides courses and conferences that lead to the designation of being Open-Source Certified (OSC). OSMOSIS is an offshoot of the Hetherington Group, a private investigation and corporate & market intelligence group. According to the OSC, its goal is to "help standardize our profession and demonstrate that our members are Legal, Ethical, and Competent practitioners of investigating and analyzing Publicly Available Information." Further they state that, "To obtain the OSC designation, practitioners must meet certain requirements to demonstrate dedication to their craft and pass a 100-question exam."[31]
The company IntelTechniques offers online and live training that can lead to the Open Source Intelligence Professional Certification (OSIP) and/or help individual practitioners develop and formalize their skills, sans certification. Their certification program "provides participants with an opportunity to work through a real-world scenario and demonstrate that they can produce an intelligence product that meets a high professional standard."[32] In addition to their training program, IntelTechniques.com offers a community that serves supports those seeking the OSIP certificiation, but is also open to practitioners who enroll in the training program itself without the intention of seeking certificiation. This community facilitates an exchange of information about best practices, the training itself and tradecraft & methodology in a moderated environment.
Other organizations including Bellingcat, offer training as well other options for OSINT practitioners to associate and exchange information on OSINT best practices and issues.
{{cite web}}:Missing or empty|title= (help){{cite book}}: CS1 maint: location missing publisher (link)| International | |
|---|---|
| National | |
| Other | |
