Accessing and leveraging publicly available (open source) information online is critical to a wide range of investigators, from government intelligence agencies to academic researchers and journalists. Regardless of their mission, they face risks and threats when conducting open source research. If you are looking for someone or something that doesn’t want to be found, your technology or behavior could compromise your investigation.
To protect yourself, your organization and your investigation, open source investigators must practice good operational security.
OSINT OPSEC Standards Earning Attention Outside of Government Space
Government investigators and intelligence analysts conduct open source research with well-defined mission requirements and legal authorities as well as technical means to maintain operational security. These guardrails ensure the information collected can be used effectively and protects both the researcher and their organization. On the other hand, the ad-hoc nature of open source research outside of the government context can leave organizations or individual investigators at risk. Understanding the need for operational security is one step, the next is implementing a security plan and utilizing the proper tools.
As the amount of publicly available information grows and its utility increases, organizations of all types are recognizing the need to formalize their open-source collection strategy in a similar manner. Adhering to formal principles improves the odds of a successful open-source investigation, from ensuring evidence is properly collected to providing guidance on security and tradecraft.
New Human Rights OSINT Investigations Guide Has Value for Other Practices
A new guide on open source investigations for human rights violations is an excellent example of the value formal standards and methodologies can have for investigators. “The Berkeley Protocol on Digital Open Source Investigations” was developed for international criminal and human rights investigations by the Human Rights Center at the UC Berkeley School of Law and the Office of the United Nations High Commissioner on Human Rights. The Berkeley Protocol is a “A Practical Guide on the Effective Use of Digital Open Source Information in Investigating Violations of International Criminal, Human Rights and Humanitarian Law.”
While the guide is geared towards international criminal investigators, its applications go beyond this unique user group. Organizations such as NGOs, academic institutions and journalists can utilize the Berkeley Protocol to inform their open source collection policies.
OSINT OPSEC Considerations
One of the most important and widely applicable sections of the extensive guide focuses on security. An aspect of open source investigations that can be overlooked, especially when the investigator lacks a formal framework to reference, the Berkley Protocol provides practical guidance on how investigators can protect themselves and their organizations when online. At a high level, these same principles apply to any open source investigation effort.
Here is a selection of the Berkeley Protocol’s security considerations:
- Managing attribution: The investigator should avoid revealing identifiable elements about themselves, their organization, their sources and their intent. Investigators should also be cognizant of the distinction between anonymity/non-attribution and misrepresenting themselves online to gather information.
- Expect observation: Open source investigators should assume they’re being monitored and conduct activities in a manner consistent with their online persona to avoid revealing identifying elements.
- Secure environments: Investigators should utilize technical systems or environments that limit exposure to cyberthreats when conducting online activities
- Separate personal/professional activities: Investigators should use distinct hardware/software to avoid cross-contamination of personal information and the anonymous investigative persona.
- Browser security: The browser is one of the most common tools for online investigations but is often overlooked as a vulnerability. Tracking methods such as cookies, beacons and analytics can, unbeknownst to the investigator, reveal identifying elements or location data. Browsers are also vulnerable to cyberthreats such as malware.
The more than 100-page guide is an excellent resource for experienced open source investigators and organizations with a nascent open source research team looking to craft their own framework.
Building OSINT OPSEC in Your Organization
Regardless of your mission set, from uncovering evidence of crimes against humanity to conducting analysis of competitive businesses, open source research must be a thoughtful exercise. Investigators need to have a plan, the proper tools and an understanding of their digital operating environment to blend in and stay safe. Conducting a risk assessment as well as anticipating adversarial threats and observers are all a part of the operational security posture. Good operational security is both the tools you use and how you use them. Investing in these resources up front will buy down risk and support the continued success of your investigative efforts.
For organizations looking to use a purpose-built solution, Authentic8’s Silo for Research is an analyst research platform that empowers your teams to investigate all corners of the web securely and anonymously. The platform provides an integrated suite of workflow productivity tools and enhanced OSINT tradecraft functionality, ensuring 100-percent isolation from toxic content. With Silo for Research, your organization eliminates the expense and risk of cobbled-together collection tools and local browsers that will betray you.
Authentic8 also offers OSINT Academy, an online training resource for Silo for Research customers. Authentic8’s unique OSINT training provides analysts with instructions and best practices on how to incorporate advanced skills and toolsets into their workflows to create efficiencies in the intelligence production cycle. This OSINT training program for law enforcement, security teams and intelligence analysts comprises self-paced, on-demand online courses.
To learn more about Silo for Research and OSINT Academy, you can get in touch with Authentic8 here.
Open and Dark Web Research Tips and Techniques: Learn how to access and analyze suspicious or malicious content without exposing your resources or your identity
What is Managed Attribution, and How Does It Improve Online Investigation? While many online investigators recognize the need to avoid tipping off the target, they still are fuzzy on the specifics of what is managed attribution
What VPNs and Incognito Mode Still Give Away in Your Online Identity: VPN and Incognito Mode reveal a ton of data to visited websites that managed attribution solutions can conceal, manipulate for analyst anonymity