In the last 17 months, open-source intelligence (OSINT) has become a more widely recognized intelligence discipline. Trends suggest that the need for OSINT, which is data derived from publicly available information (PAI), will grow in the future for government agencies and private companies.
For this Overwatch brief, analysts identified key events where OSINT gained more mainstream attention and how private and public sectors are beginning to recognize the criticality of OSINT.
Key Events
Capitol Riots
Since the Capitol Riots that occurred on January 6, 2021, the FBI has used OSINT to identify individuals involved in criminal activity during this event. Using social media, the FBI continues to ask for the public’s help identifying participants in the riot. Volunteer sleuths have created OSINT-based movements to investigate Capitol Rioters independently. One such group, which calls themselves the Sedition Hunters, has successfully identified many Capitol Rioters and provided that information to the FBI.
In addition, the Department of Justice’s Capitol Breach Investigation Resource Page has a list of every defendant charged in federal court in relation to the Capitol Riot. News media organizations, investigators, and researchers use this data set to conduct further OSINT on Capitol Rioters.
In a previous brief, Overwatch used OSINT to identify information about Capitol Rioter Evan Neumann, who fled to Belarus and was granted asylum there. Our open-source research confirmed Neumann’s extensive history in Eastern Europe, interest in “bomb-making,” and business ties to Russia.
Russia-Ukraine War
Before Russia invaded Ukraine on February 24, 2022, many researchers used OSINT to identify Russian troop movements by reviewing videos posted to TikTok, VK (Russia’s version of Facebook), and Telegram. Overwatch found multiple TikTok videos that showed Russian troop movement close to the Ukrainian border or in Belarus’s Gomel Region, where there were no planned military exercises.
While the Russian officials continuously denied plans to invade Ukraine, TikTok videos showed military vehicles and aircraft, weapons systems, and mobile medical units moving closer to the Ukrainian border. Additionally, OSINT was used through satellite imagery to locate field hospitals in Belarus and pontoon bridges.
After Russia invaded, Ukrainians constantly uploaded videos of airstrikes against civilian infrastructure and the Russian military in Ukraine. Analysts used the publicly available data to geolocate where airstrikes took place in Ukraine and identify what Russian military units were in the country.
Private and Public Sector
In 2020, activity from each person online generated 1.7 megabytes of data per second. A significant amount of that data came from social media, with 4.62 billion users globally. Social media by itself is forecasted to be a 939-billion-dollar industry by 2026. Every day, analysts, investigators, and researchers are on social media collecting open-source information to fulfill information requirements for clients in the private and public sectors.
OSINT in the Job Market
A quick job search on LinkedIn for OSINT suggests that more private sector companies outside human resources, PI firms, law firms, or security and investigations, some of the industries with the highest OSINT demand, see the need for the intelligence discipline. For example, Live Nation Entertainment, which manages ticket sales for live entertainment in the U.S. and internationally, put up a job posting for a Threat Analyst. One of the primary duties is to “conduct public records and social media searches.”
Another OSINT job in the private sector listed on LinkedIn was for a Crypto Enhanced Due Diligence Analyst, posted by the company Brex. In the ad for the job, one of the responsibilities is to conduct “open-source intelligence to mitigate money laundering and regulatory risks.”
The need for due diligence and compliance also continues to increase; a market expected to grow by roughly 12 billion dollars from its current 16.82 billion dollars by 2026.
Government
Additionally, before the Russian invasion of Ukraine, the U.S. government began to see more value in OSINT. In the Intelligence Authorization Act for the Fiscal Year of 2022, the report suggests using OSINT to counter China’s malign influence. “The Intelligence Community must reorient to engage in a strategic competition with the PRC while countering China’s malign activities globally. To do so, it must continue to build open-source intelligence capabilities and augment capacity; enhance sharing of intelligence capabilities; and strengthen the analytical and collection capabilities relating to non-military threats including technology competition.”
Further, according to Fed Scoop, the U.S. Army is creating a new unit that will use PAI to defend against foreign influence. Fed Scoop reported in March 2022, “By blending military intel with commercial data, publicly available information on foreign adversaries and certain national intelligence systems, it will provide insight necessary for Army Cyber Command to operate and defend networks and influence foreign audiences, the spokesperson added. The team brings together personnel from a wide variety of disciplines across the intelligence and non-intelligence communities.”
Analysts note that creating the new unit will likely prove beneficial. We used OSINT to identify foreign influence from the Chinese state in our first Overwatch brief: Quantum Technology, the People’s Republic of China, and Tsinghua University.
Emerging Technology and OSINT
In a March 2022 interview with Mckinsey and Company, Amy Zegart, a Senior Fellow at the Hoover Institution and Professor of Political Science at Stanford, explained how emerging technologies like AI are challenging intelligence agencies today. These challenges, according to Zegart, all happen in the open-source space.
Zegart said, “They’re doing it in five ways. I call them the five “mores.” The convergence of technology is creating, number one, more threats for the United States—more threats through cyberspace, in particular, that our intelligence agencies need to understand. The second more is more speed: the acceleration of decision-making time means that intelligence has to operate at the speed of networks, not the speed of bureaucracy.”
“The third more is more data; intelligence analysts, like the rest of us, are drowning in data. The fourth more is more consumers—more decision makers outside the government who need intelligence. Think about voters who need intelligence about foreign election interference or tech leaders who need intelligence about cyberthreats.”
“Then there’s the fifth more: more intelligence competitors. I devoted two years and a whole chapter to ‘nuclear citizen detectives’ who are tracking the most secretive nuclear threats around the globe using only unclassified and publicly available information like commercial satellite imagery.”
OUR ASSESSMENT
With the current global conflict and mass adoption of social media, OSINT will become a more mainstream intelligence discipline, helping to dispel misinformation and provide accurate reporting on events. Should the Chinese state invade Taiwan in the future, we assess that analysts will use OSINT to dispel Chinese Communist Party and Chinese State media propaganda, as has been done with the Russia-Ukraine War.
The domestic use of OSINT will grow as private sector companies see a higher demand for due diligence and deep-dive research that alleviates risk for their clients or business. Further, while OSINT has been a part of U.S. government operations since World War II, the success of the usage of OSINT to monitor the Russia-Ukraine War provides a strong use case for the government to put more resources into open-source intelligence.
With internet users creating a massive data trail daily, the need to collect, protect, and analyze that information will only increase. As a result, we assess that both private and public sectors will seek out OSINT subject matter experts to learn more about how their personal data becomes disseminated or compromised and how to limit their digital footprint.