OSINT OPSEC is critical for any type of investigator to protect their mission, organization and themselves from cyber adversaries.
Accessing and leveraging publicly available (open source) information online is critical to a wide range of investigators, from government intelligence agencies to academic researchers and journalists. Regardless of their mission, they face risks and threats when conducting open source research. If you are looking for someone or something that doesn’t want to be found, your technology or behavior could compromise your investigation.
To protect yourself, your organization and your investigation, open source investigators must practice good operational security.
Government investigators and intelligence analysts conduct open source research with well-defined mission requirements and legal authorities as well as technical means to maintain operational security. These guardrails ensure the information collected can be used effectively and protects both the researcher and their organization. On the other hand, the ad-hoc nature of open source research outside of the government context can leave organizations or individual investigators at risk. Understanding the need for operational security is one step, the next is implementing a security plan and utilizing the proper tools.
As the amount of publicly available information grows and its utility increases, organizations of all types are recognizing the need to formalize their open-source collection strategy in a similar manner. Adhering to formal principles improves the odds of a successful open-source investigation, from ensuring evidence is properly collected to providing guidance on security and tradecraft.
A new guide on open source investigations for human rights violations is an excellent example of the value formal standards and methodologies can have for investigators. “The Berkeley Protocol on Digital Open Source Investigations” was developed for international criminal and human rights investigations by the Human Rights Center at the UC Berkeley School of Law and the Office of the United Nations High Commissioner on Human Rights. The Berkeley Protocol is a “A Practical Guide on the Effective Use of Digital Open Source Information in Investigating Violations of International Criminal, Human Rights and Humanitarian Law.”
While the guide is geared towards international criminal investigators, its applications go beyond this unique user group. Organizations such as NGOs, academic institutions and journalists can utilize the Berkeley Protocol to inform their open source collection policies.
One of the most important and widely applicable sections of the extensive guide focuses on security. An aspect of open source investigations that can be overlooked, especially when the investigator lacks a formal framework to reference, the Berkley Protocol provides practical guidance on how investigators can protect themselves and their organizations when online. At a high level, these same principles apply to any open source investigation effort.
Here is a selection of the Berkeley Protocol’s security considerations:
The more than 100-page guide is an excellent resource for experienced open source investigators and organizations with a nascent open-source research team looking to craft their own framework.
Learn more: What is Managed Attribution, and How Does It Improve Online Investigation?
Regardless of your mission set, from uncovering evidence of crimes against humanity to conducting analysis of competitive businesses, open-source research must be a thoughtful exercise. Investigators need to have a plan, the proper tools and an understanding of their digital operating environment to blend in and stay safe. Conducting a risk assessment as well as anticipating adversarial threats and observers are all a part of the operational security posture. Good operational security is both the tools you use and how you use them. Investing in these resources upfront will buy down risk and support the continued success of your investigative efforts.
Learn more: What VPNs and Incognito Mode Still Give Away in Your Online Identity
For organizations looking to use a purpose-built solution, Authentic8’s Silo for Research is an analyst research platform that empowers your teams to investigate all corners of the web securely and anonymously. The platform provides an integrated suite of workflow productivity tools and enhanced OSINT tradecraft functionality, ensuring 100-percent isolation from toxic content. With Silo for Research, your organization eliminates the expense and risk of cobbled-together collection tools and local browsers that will betray you.
Authentic8 also offers OSINT Academy, an online training resource for Silo for Research customers. Authentic8’s unique OSINT training provides analysts with instructions and best practices on how to incorporate advanced skills and toolsets into their workflows to create efficiencies in the intelligence production cycle. This OSINT training program for law enforcement, security teams and intelligence analysts comprises self-paced, on-demand online courses.
To learn more about Silo for Research and OSINT Academy, you can get in touch with Authentic8 here.
How to access and analyze suspicious or malicious content without exposing your resources or identity
Learn how to maintain anonymity while investigating financial crime online to protect researchers, their organizations and the quality of investigations
Available exclusively to Silo for Research customers, OSINT Academy product and tradecraft training provides online courses for open-source intelligence professionals