We sit down with the author of the new OSINT reference book Deep Dive: Exploring the Real-world Value of Open Source Intelligence, Rae Baker. Baker is an expert in OSINT with an emphasis on maritime intelligence, analyzing vessels and ports around the world. In this episode, she shares tips from her book, blog and career, and we explore her one-of-a-kind OSINT training game, Kase Scenarios.
Rae Baker is the foremost expert in Maritime Intelligence, focused on hunting vessels and tracking elusive AIS signals in her role as Senior OSINT Analyst in Adversary Intelligence. Rae specializes in Human Targeting and Corporate Reconnaissance, utilizing her skills to chart illicit organizations. These practiced skills serve well in Rae’s volunteer positions with OSINT-oriented non-profits and speaking engagements at Recon Village; DEFCON, Shmoocon, and the Layer 8 conference. Further emphasis on her skills and knowledge can be demonstrated in the certifications and awards she’s achieved, including Associate of ISC2 (CISSP), SANS GOSI, AWS Solutions Architect, and Trace Labs OSINT CTF First Place Black Badge as well as the Most Valuable OSINT badge.
Rae Baker
We came up with this idea to create an Immersive OSINT training platform and what it's set up like a storyline. So we pick key areas that might use OSINT.
Aubrey Byron
Welcome to Needlestack, the podcast for professional online research. I'm Aubrey Byron, a producer and your host for Today.
Shannon Ragan
And I'm Shannon Reagan, fellow needlestack producer and co host. Aubrey and I are taking over the podcast again for another book club episode. If you'll recall, at the end of season one, we did an episode on We Are Bellingcat, and this is how they tell me the world ends. Both great reads, highly recommend. But today is something special. Today we actually have the author of the book we're going to discuss in the guest seat.
Aubrey Byron
Today, we're joined by senior OSINT analyst, co founder of Case Scenarios, private investigator, and author Rae Baker, who recently released her first book, deep Dive exploring the Real World Value of Open Source Intelligence. Rae, welcome to the show.
Rae Baker
Thanks for having me.
Aubrey Byron
Absolutely. So I have your book in hand, which is chock full of resources for open source researchers and covers everything from social media to financial intelligence to transportation. What made you want to write this book? To start us off.
Rae Baker
I wanted to provide some sort of entry level text for people who are looking to get into OSINT. There are a few OSINT books out there, and they're great, but they're a little intimidating, I think, for beginners, people just starting. And frankly, I wanted to include transportation because that's kind of my thing, and a lot of them do not have that. So I wanted to cram that in there somewhere.
Aubrey Byron
Awesome. I know it's probably difficult in an ever changing environment like OSINT to have things in print. How did you think about what you would include as far as just, like, the longevity for people reading it?
Rae Baker
Yeah, I was very strategic about what I put into the book because I didn't want it to be obsolete by the time it hit the shelves. So I focus mostly on methodology and the Why? Why are you doing this, and then how can you find it? And maybe how you pivot to the next thing, because that's what Osin is. It's being curious, creative thinking how to get from one piece of data or information to the next. So by focusing on that, I feel like I hopefully will not date it as soon as it comes out. And then if you have those basics, any tool should I mean, you can apply any tool to that.
Shannon Ragan
Yeah. I was reading your blog recently, and the book is the same. You're just a great writer. It's easy to understand and digest, like, really complex information. You're welcome.
Rae Baker
My mom always said that. I never believed.
Shannon Ragan
Thanks, mom. Yeah, it was really easy to follow. So I think if you have been in the OSINT world for a long time, there's still lots of great information that you'll gain out of it. But if you're just starting, it is a good way to get your feet wet and kind of go like, one step at a time. So speaking of your blog, you have also been a leader in the OSINT community for a long time. You've gained prominence in this space, in maritime in particular. I'm curious, how did you kind of end up in transportation and maritime intelligence?
Rae Baker
I fell into it. A lot of this, I feel like, was right place, right time situations. I had started going back to school, and I was looking for things to talk about, things to put myself out there online, because you want to present yourself as an expert and get people to notice you to get a job. So I started writing blogs, and I would pick a topic that I wanted to know more about. I would throw it into a blog, and I'd try and teach through the blog myself and whoever else wanted to read it. But I didn't really expect anybody to read it concepts. So I did a few, and they were mostly cyber related, and I was looking for something new, and I saw somebody, and I don't remember who it was, posted something about maritime and, like, tracking vessels. And I was like, that's pretty cool. I wonder what you can do with OSINT. So I wrote a blog, and it took off more than I expected it to. And I feed on that. I was like, okay, I'll write another one. So I wrote another blog, and it just kind of picked up from there.
Rae Baker
And now people consider me like a maritime smee, and they come to me about boat stuff, and I try to do my best.
Shannon Ragan
I think maritime SME is the best kind of smee to be, I like to think.
Aubrey Byron
Yeah, that whole chapter was fascinating. And I wanted to ask, what are some of the applications for those who aren't familiar with maritime? What are some observations that you've had from things you've monitored too?
Rae Baker
So a lot of it is geopolitical, obviously. We see that now with China and Russia and Ukraine and all of that, and the Suez Canal stopping shipments, all of that is very integral to us and other countries. If ships get stuck somewhere or a ship gets sunk or there's some kind of political issue that stops traffic, all of that has a ripple effect to every other country, basically. So that's how it affects all of us. And then in the cyber realm, they're like floating ICS construction. So on the ship, it's like a system of systems. And you can hack a computer, you can hack a ship, you can watch how it moves. You can track it. If you're another country, we wouldn't want them to track our vessels, obviously. So monitoring what kind of access people have to vessels and information and data and the systems is very integral. I would argue to everyone, but at least to cyber.
Shannon Ragan
I hadn't been privy to this space before, but I think you mentioned that maritime intelligence or like researching ports, it's not inherently sexy, but there's just a ton going on there. Like, it is where world trade happens, it's where drug trafficking happens. I think of all the heist movies that I've seen that have had a scene on a port, this is still where a lot of shady stuff goes down. And using OSINT to shed light on that, I think it's just really fascinating. And there is just a ton of information out there to be gleaned.
Rae Baker
Oh, for sure. I mean, if you think of a port, you're thinking like, oh, a few ships pull in, but they're like cities, there's companies there, there's people there, there's different jobs, people, thousands of people work at these ports, like the bigger ones, and you got to think of how much cargo comes in in a day. And then you have the cranes, you have the systems that are connected to the internet that park ships automatically. All sorts of little systems there.
Shannon Ragan
Yeah, lots of places for things and people and threats to hide.
Rae Baker
Yes.
Shannon Ragan
Speaking of this topic, the book is a good resource. It does focus on this a bit. I think there's also just some great takeaways, like in your blogs, there were some great posts on just kind of the fundamentals of OSINT research for maritime intelligence. Go to sites breaking down the terminology to be aware of the type of information that you can find, the basics of how these things operate. Do you have for our listeners, either as a teaser for the book or just good information? Any baseline tips for people that are in OSINT but might be new to maritime intelligence?
Rae Baker
A lot of maritime intelligence that I do anyway, is finding an area, an area that you're interested in. Whether you have a project in that area and you're looking at something specific, or you're just kind of poking around to figure out what you can see. You find an area, you monitor it a little bit over time, or if you have historical data, you look back over time. What has gone on, who has arrived, who has left, what cargo has come, what cargo has left? Has there been any issues there? And then you weigh it with what you're seeing now. So if a certain ship has never been to that port, or even in that region of the world, and then all of a sudden they're there, that would be of interest. I would want to know why. And it might not be nefarious, but those are the anomalies that I'm generally looking for.
Shannon Ragan
Yeah. It seems like there's great parallels to the cyber world in terms of these things could be innocuous, they could be innOSINT. But in combination, like, what is the context of all this going on together? It's really cool.
Aubrey Byron
You do talk about a lot more ozone subjects than transportation intelligence. I want to make sure, just in case, no, that's not someone's bag. And also just talking about where to find information through what you can glean from a social media page, maybe in places people don't realize. But you also talk about OSINT in general, and in the book you describe it as a passive intelligence. Can you tell us what you mean by that?
Rae Baker
So passive reconnaissance or intelligence means you're not actively touching a system. So if you are a pen tester, you're going into the system and seeing what you can see. I'm looking from afar. I don't want people to know I'm there. I'm just observing. So I would not take a password and log in. I might collect a password and I might present it in a report, but I'm not using that password to log in and see what is available to me. I think that's the key difference. I'm not interacting. I'm not contacting people on the phone like an investigative journalist would. I am just looking for the data and then presenting what I find.
Shannon Ragan
Could you speak a little bit more on any other safeguards that you take while you're research, when you don't want people to know who's looking around?
Rae Baker
Sure. I use all of the good ones, VPNs, virtual machines. I use sock accounts, which are fake accounts that you use to monitor groups and people online and kind of look around on social media. Those are the key ones that I use to kind of protect myself. I don't announce that I'm around. I try to hide in the background.
Shannon Ragan
Yeah, right. On another subject I wanted to touch on, we talk a lot on the show about kind of the nature of OSINT and that it's slowly kind of gaining steam against the other ends or the perception of it is changing and kind of gaining clout alongside them. Who do you think could really benefit from this book? Either being in other INTs or new to OSINT, I guess. Who's your target audience for this?
Rae Baker
When I wrote this, I was trying to write a book that I would have wanted. When I started, I tried to keep it super simple, present the why. Here's a thing. Maritime intelligence. Why do we care about maritime intelligence? Well, here's why. What can we do with that information? This is what you can do. How do we collect that? Here's how you collect it. So I tried to break it down in steps, and then I do give some tools here and there that have been around for a while that hopefully will not disappear. I talk a lot about Twitter in there, and that kind of like, went up in the air for a while and I was like but yeah, I tried to break it down. And the audience for the book is, of course, beginners. I want somebody to be able to pick it up and just get into OSINT right then. But also there is a lot of stuff for intermediate levels and even, like, advanced. I would say that there are not many maritime intelligence documents out there for the public. And if there are, please send it to me, because I don't have it.
Rae Baker
So I wanted to include things like maritime. I include rail. Rail is super important. I mean, the military all over the world uses rail to bring things into their bases and out of bases and shipping. It's just as important as maritime. And I included automobiles and flight tracking as well. I think all of that kind of stuff is new to a lot of people and exciting. And then you have the current event stuff, social media, disinformation, misinformation, dipping your toe in a little bit of everything to see maybe what you're into.
Shannon Ragan
Yeah, it's a journey. That's great.
Aubrey Byron
Yeah. Another chapter I found really fascinating was the chapter on critical infrastructure, which actually kind of overlaps with a book we talked about. This is how they tell me the world ends by Nicole Perloth. Yeah, I found some of the Osant application for that really fascinating, and it.
Rae Baker
Crosses over with a lot of the transportation because they are considered critical infrastructure like rail and ports and things. They're very integral. So being able to understand that, you can go onto showdan or just the Internet and Google a certain system. Like, for an example, if you knew a port and you wanted to find out maybe what technology they have at the port, I mean, you could easily Google it, look on their website, maybe find a hint of what they use. You can go find the manual for it. You could sometimes find the full manuals and layouts for all of the systems that are at these ports or on these ships or on these trains. And there's a lot you can do with that if you're an adversary.
Aubrey Byron
Absolutely. Before we wrap up, I want to highlight another project of yours, which is Case Scenarios. I had the opportunity to demo it. It's an immersive OSINT training experience, and I was really blown away. Not just by the sort of opportunity for how you can practice OSINT tradecraft or learn OSINT tradecraft if you're new to it, but also just that it was very fun. I'm a little bit of a gamer, and so it was a very video game like experience. Can you tell us a little about how you developed this tool and what kind of feedback you received?
Rae Baker
Sure. So case was kind of born of the fact that so many people go through OSINT training or not even are looking for OSINT training and can't find it. Or if they do go through the training, they finish the training, and then they're like, okay, now what? What do I do with this? How do I apply it? You know, where do I practice? What do I do. So we came up with this idea to create an Immersive OSINT training platform. And it's set up like a storyline. So we pick key areas that might use OSINT. So investigative journalism, like a detective, and we put you in the shoes of the lead role. So the one that I gave you access to was called Dark Waters, and you are playing an investigative journalist, and you're trying to solve the mystery of this town, Glenrock in Pennsylvania, and we ask you Osinc questions along the way. So it's super interactive. There's lots of video, audio, photos. Like, I'm outside taking pictures of things in the dirt. I'm a graphic designer before OSINT, so I tried to meld that in there a lot. And I think that it does a good job of allowing people to play around with these skills and kind of test them out, see if they like it.
Rae Baker
They get to feel what it's like to be maybe an investigative journalist or a detective or any of those roles. And it has unlike a capture the flag, you go on and you can play a capture the flag event. There's a stakeholder in case. So a boss is giving you a task or a friend is giving you a task, and you have to accomplish something versus, like, here's a question. Here's another question completely unrelated to the first one. So you're building on the last question to the next question. You're building the story. It's progressing, and you're solving the case, or whatever it may be in that scenario. And then at the end, cool, you in. You get a badge and you can play another one, hopefully. Yeah.
Aubrey Byron
It took me a minute to realize when I hit the first set of questions that it's using real world information. This is a real town. A lot of the things are out there on the Internet, and that's where you're going to find your answers. So you really are performing OSINT rather than sort of, just, as you would say, like, reading about it and hoping you retain all that information for later.
Rae Baker
Yeah, and people really like that, actually. We got a lot of feedback on how we did the town because you're down on the ground, like, searching around through the town. And it's really cool.
Aubrey Byron
Yeah. Walking around Google Earth and some to find a mural. In some points I mentioned I play games. It reminded me a lot, actually, of a game I really like called Her Story, which is like a live action puzzle.
Shannon Ragan
Have you played it?
Rae Baker
I was like, yeah, it is very much like Her Story. And the idea is that eventually, once we make a few production moves along and we can get real actors and real audio actors to do the roles in it, so it feels even more immersive.
Aubrey Byron
That's awesome. Yeah. If anyone's not familiar, it's sort of a live action puzzle game where you search video archives by transcript to solve a mystery. And yeah, if you've already played case scenarios and like them, you might check it out.
Rae Baker
Yeah, I like her story a lot.
Shannon Ragan
I got the demo of the demo from Aubrey earlier, and I was like, this is so cool. Is there anything else like this? Like this quality, or just I feel like this type of training oath, and training, like you said, is hard to come by, let alone in a pleasurable gamelike atmosphere.
Rae Baker
Yeah, exactly. It's fun. And I'm a huge true crime nerd. I've seen probably everything, and so I put a lot of that in there, too. We have a free one that's coming out. We're releasing it soon. It's going through beta testing now, but it's called betRaeal. And you're playing a private investigator who's trying to help the DA. Solve a murder, and it's very like if you've seen the staircase, it's very similar to that. And some more news, recent news stories that have been out.
Aubrey Byron
Yeah, well, I'll have to put that on my calendar for when it comes out.
Shannon Ragan
We'll be sure to link to anything that people can sign up for in the show notes, so be sure to check those out. I did just want to ask you've written a whole book on the topic. If you could boil it down. What are three things that you would want people to know about the book or that they could learn from reading this book?
Rae Baker
Oh, wow. Just three things. Okay.
Shannon Ragan
We won't cut you off at a hard three.
Rae Baker
Well, first of all, that it's not just for beginners. I want to put that out there because it sounds like it's very accessible for just beginners, but it does cover a lot of things that could help intermediate levels and advanced levels. Second, I did as much as I could to make it accessible, and I had a few people actually point out to me that they noticed that I used she instead of he for all the examples, which I never told anybody that I did that, but I was glad people noticed that I did that. I tried to represent women as much as I could within the book and make it accessible, break down topics, and kind of push you off to go do extra research to get into the stuff that you like to do as you're reading the book.
Shannon Ragan
I think so. In a rare all female episode of NeedleStack. Thank you. Think she is the main pronoun in this book?
Rae Baker
Well, it's such a stupid simple thing. I was starting to write it. I'm like he. No. Why am I putting he? Out of spite? I just put she.
Aubrey Byron
I love it. All right, well, thank you again so much for joining us, Rae. If you are interested, please pick up Deep Dive. It looks like this and is out as of May 9, so you can go get it today if you liked. What you heard. You can view our transcripts and other episode info on our website, Authenticate.com Needlestack. That's authentic eight needlestack. And be sure to let us know your thoughts on Twitter at needlestackpod and to like and subscribe wherever you're listening today. We will be back next week and we'll talk more about OSINT. As always, we'll see you then.
Rae Baker
Thanks for having me.
Aubrey Byron
Thank you.
