... what we've seen with things like dating apps, even in Russia and Ukraine where Russian soldiers have gone online, set up a Tinder profile with their military outfit and geo- located to certain areas around Ukraine that aren't publicly acknowledged.
And while that's not public, public, where you can just Google it.
It's still open- source information and folks can then republish that to the internet.
So those are places where you might not even realize you're exposing yourself.
Welcome to NeedleStack, the podcast for professional online research. My name is Matt Ashburn, a cybersecurity guy with a penchant for online research.
And I'm Jeff Phillips, tech industry veteran, and curious to a fault.
Yeah, that's right. And today we're going to be talking about OSINT. That may be a new term for some folks, that really is open- source intelligence, an abbreviation for open- source intelligence. And we're going to talk about the role that it plays in world events.
And if you've been listening to NeedleStack in the past couple of weeks, you know that we've been covering the digital fingerprint, the world of online research, and all of those things.
But today we're going to focus... In the next couple of episodes actually, we're going to focus on OSINT.
And that really is using information that is openly available, whether it's on the internet and media, on social media, or any other sources, and using that to facilitate online research, that is beneficial to us. And it's important to note too, that as an intelligence discipline, it's not just collecting information, it's actually performing analysis on that data and information that you collect.
So that way you can inform whoever the decision- maker is with whatever product that you're producing, whether that's a law enforcement investigation or informing a government agency or informing your corporation or organization on whatever discipline that you're focusing on. And we have a couple of incidents that have happened in the past couple of weeks, past couple of months, there's obviously the conflict with Russia and Ukraine, as well as the Winter Olympics.
And today we have a panelist who's going to shed some light on this stuff. Jeff, who is with us today?
Well, Matt, today we have with us Abel Vandegrift. Abel is the director of government strategy at Authentic8. And so he advises the federal teams that focus on the government in terms of what's going on with regards to policy development, budget trends, to help them identify opportunities and shape customer engagements.
Welcome to the show today, Abel.
Thanks, Jeff. Thanks, Matt. Glad to be here.
Now, a lot of people are familiar with many of the open sources that are out there. And when we talk about open sources, we're talking about publicly available information that is available through the internet or traditional media. So for example, newspapers, radio, television as traditional media, but also more modern platforms like social media websites, Facebook, Twitter, LinkedIn, and even dating websites and applications like Tinder or Bumble and others that are out there.
There's also a lot of content in the communication that occurs. So with Facebook, for example, over some other social media platform, not only do you get the content, but you also can see the associations people have whether or not they're friends, associates, who they communicate with, who they hang out with, and especially important in times of conflict where they're actually located, or at least where they're purporting to be located.
So there's lots of information available out there.
Also, think about websites and other information that may be out there as well. So for example, maybe transit schedules or information on a government website about public funding of certain programs and things like that. All of these are encompassed in what we would call open- source information, but Abel, there are a lot of types of information out there and these are not the only types of open- source information.
What are some of the other types of information that are out there that we would consider open sources?
Yeah. So like you said, we have social media, journalism, things that are producing based on reports on the ground, but another valuable aspect of OSINT is what governments are saying. So whether it's US government and allies putting out statements and documents, things that are in their government purview that can be used by both allies and adversaries to get a sense of what the US government is thinking versus what they're actually doing, and as well as their plans.
And the same thing goes for adversary governments, being able to research their documents, particularly in more autocratic nations, where it can be difficult having the online research skills to get into those places and really get a sense of what those governments are planning on doing, what kind of statements and how that's matching up to reality.
And Abel, we talk about the recent events in Russia, Ukraine, right?
And one of the interesting things that I observed, and I think you as well is that there was a lot of open- source information out there about troop movements, maybe a buildup along the border, that type of thing, openly available whether from satellite imagery, or social media, or any of the other sources that were out there.
But it was very interesting to see the declassification of official government information from the United States to help supplement that and complement that.
Right? Can you talk a little bit about that?
Yeah, sure. So this is one thing that's been noted by people in the media is how aggressive the Biden administration has been over the last few weeks in coming out with very specific intelligence that's gathered via classified means without revealing sources and methods, but putting it out there to either warn certain allies or to kind of challenge our adversaries and let them know that we know what you're thinking, we know what you're planning and putting it out there sort of shapes that information environment.
So if we're saying Russia's going to invade on Wednesday and Russia has continued to say, oh, no, we're not invading.
We're not invading. It could buy more time until they feel actually challenged to go actually invade.
Yeah. And advise also the folks on the defensive side, and Ukraine, in this example, some additional time as well.
Prior to the Russian invasion of Ukraine, there was a lot of build- up there. And as Abel said, a lot of disclosure of specific information that the US had insight on through whatever means.
Obviously, closed sources, not open sources, but that was complementing the open sources. And it was interesting to see too, that there was a bit of a reversal in, I believe it was the Wednesday prior to the actual invasion. There was some troop movements and OSINT was showing troops moving around. And a lot of people online at least were assuming that the Russians were retreating and, oh, well, maybe this all is just posturing.
Maybe that there is no invasion. And so there is a bit of a false perception that occurred there.
Yeah. And that's where that analysis piece that you mentioned earlier comes into play of seeing these pieces in the abstract helps to build a bigger picture that requires additional analysis and maybe zooming out even further to get a real sense of, well, what would they be doing in reference to their stated political or military objectives versus what somebody on the ground is seeing, that reflects a certain narrative or requirement that we have.
And there's also the concept of what is termed auxiliary intelligence. Can you tell us a little bit about what a auxiliary intelligence means, that might be a completely foreign term for a lot of people?
Yeah, sure. So this is something that has been around, but one that I have just come across recently in article on the Cipher Brief by Thomas Ewing. And the idea of auxiliary intelligence is these auxiliaries are groups, whether they're NGOs, individuals, people out in the public sphere that are doing OSINT collecting on either ongoing world events in a specialized area, doing research on certain types of government disclosures, but the governments can leverage these auxiliary groups.
So recent example noted in the article was the general at STRATCOM was holding a talk with folks and he brought up the fact that a lot of amateur researchers were publishing satellite imagery of Chinese nuclear silos that they had not previously seen. And his response was, please, encouraging the public to continue to bring those types of imagery forward so that they could leverage it.
So in that sense, there is the auxiliary intelligence where the government is subtly implying that they need this without establishing an official relationship, but it can go down further where they could contract with a certain group to help provide them OSINT do a kind of public- private partnership on a softer touch engagement.
And because the government can control a lot of sensitive information. If they decide to pass a law, let's say that allows for a lot more financial disclosure information to be published or to be shared with certain groups that enables OSINT groups, while not necessarily being directly tasked.
The government understands that they have an interest in it, it's of interest to the United States government.
So by providing those types of information out there, it in a sense gives the OSINT researchers the opportunity to draw out more valuable information.
Yeah, that's a pretty cool symbiotic relationship.
Right? And the other thing is that leveraging open- source and the so- called auxiliary intelligence is beneficial in a few ways. And I think one of the other ways is that the government may have some kind of sensitive information that they'd love to share, but now having a parallel version of that same information collected from open sources allows them much broader sharing of information and getting that much faster to the folks that need it there on the ground and in this case Ukraine.
So really good stuff can come from that.
So we've been talking a lot about OSINT and specifically to the recent Russia and Ukraine events, Abel, what are some other examples of world events where OSINT played a key role?
That's a great question.
I think one thing that OSINT can do in terms of shaping a longer- term or political situation is, let's say, for example, the Summer Olympics in Beijing.
It may not have been a particular concrete conflict event where OSINT was playing a role, but in the roll- up to that, OSINT has allowed for researchers and governments to publish information on human rights abuses all sorts of other issues that are challenging to Beijing's narrative of being an open country.
So that type of OSINT can help lay the ground for what ends up being a diplomatic boycott or some of the other pieces that went into the Beijing Olympics and that narrative there.
But there are many other examples. I mean, the plane that Russia shot down in Ukraine, I don't know, five or six years ago, that a well- known OSINT group called Bellingcat eventually did a lot of intensive OSINT research to identify the plane and where it was shot down, all of that kind of really hardcore investigative work that couldn't have been done via other sources.
Do you know if that information that Bellingcat collected, was it ended up being used in any official capacity, or did it guide people into being able to make arrests or identifications?
No arrests on that, as far as I'm aware.
So, unfortunately, when it comes to these types of large international events, that kind of thing can be challenging to hold people accountable, but at least in the court of public opinion, you're able to put that out there.
However, in event like January 6th, the attack on the capital there is where a lot of open- source information did end up leading to arrests, whether it was from participants uploading photos and videos of themselves in the capital, to people filming others in there doing those types of things, the DOJ even put out photos from surveillance cams and other assets and asked the public, Hey, can you identify this person via social media or something else and allow them to engage and arrest those individuals.
So that's a really great example of crowdsource, open- source intelligence leading to concrete results, where the government relied on researchers to make that happen.
And that was pretty fascinating.
It was the first time, in my knowledge, at least, where the government has in such a broad way, encouraged open- source intelligence from the public.
I think just the volume of suspects that they had to deal with, right?
Really required that.
And it was pretty fascinating to watch.
Yeah. And I think because it was such a large volume of folks, it eliminated not completely, but somewhat the problem with a witch hunt like we saw with the Boston bombing back in 2013 where the government didn't encourage people to go out and track these people down.
But on the internet, folks did look at either recordings or surveillance and said, oh my God, I think it's this guy, found him on social media, turns out that wasn't the person.
And that can be pretty tragic for the person who's accidentally identified as some sort of perpetrator.
Yeah. That's a great cautionary tale. So I'm glad you mentioned that. The great Reddit witch hunt after the Boston bombing.
It was interesting that you mentioned, right? And I recall that the government came out related to January 6th and basically asked for help identifying people.
How are people outing themselves in being and having OSINT collected about them?
Where is this happening? What are some examples of it?
Sure. So you have January 6th where it's folks posting it themselves and it not being an accidental, they're just posting a selfie, and oh, I can actually see the capital in the background. They're there, they're proud. They're broadcasting that, they're stating it. So there's really no...
But for other places where folks may not realize that they're putting this information out there is what we've seen with things like dating apps, even in Russia and Ukraine where Russian soldiers have gone online, set up a Tinder profile with their military outfit and geo- located to certain areas around Ukraine that aren't publicly acknowledged.
And while that's not public, public, where you can just Google it. It's still open- source information and folks can then republish that to the internet.
So those are places where you might not even realize you're exposing yourself to OSINT depending on what type of role you have and whether you could be targeted for something.
Or if you know, you're in a armed conflict, you probably don't want to do that kind of thing.
Yeah. Good advice there on operational security if you're in a place where you're not supposed to be. Well, I'd like to thank our guest today, Abel being here. And if you liked what you heard today, you can subscribe to our show wherever you get your podcast, watch episodes on our YouTube channel. And also if you use scripts and other episode info on our website at Authentic8, that's authentic with the number 8. com/ NeedleStack.
Next week, we'll be back with more on OSINT, open- source intelligence, and discussing the role of law enforcement, as well as some privacy and security implications for collecting open- source intel as a law enforcement officer.
See you then.