Welcome to the deep dive. Today, we're unpacking the real world power of open source intelligence. Mmm, you know, Ocent, exactly. You our listener shared some really fascinating material, and well, our goal is to pull out the most valuable insights for you.
That's right, Ocent. It really boils down to finding and analyzing information that's already out there in the open.
Like public information.
Yeah, exactly. It's like being a detective who you know, only uses publicly available clues.
Wow. To really bring this home. One of the sources you sent had this powerful personal story. Oh yeah, yeah. The author talked about their grandmother's life journey Germany to the US, all documented through public records stuff that's online now, Incredible things like you know, marriage licenses, census data, even records of her passing, all accessible and painted this incredibly detailed picture.
It really hits herme how much is actually out there?
Doesn't it? It really does.
And so for this deep dive, we'll be focusing on those book excerpts you provided. Our aim is to well go beyond just defining OSAN and really extract the key insights, the practical understanding you can use.
Okay, let's unpack this then, So in a more maybe formal sense, what exactly is osent.
Well, formally osin is it's the process of analyzing publicly available facts, evidence, observations, arguments, all that stuff to form a judgment. Right, critical thinking is really at its heart that ability to you know, connect the dots and evaluate the information you find.
And this isn't exactly a new field, is it. The sources touch on its history a bit correct.
Traditionally, within intelligence circles, osent was just one of several disciplines. It sat alongside things like human that's human intelligence getting info.
From people, right, spies and stuff.
Sort of, and sigant signals intelligence or seat imagery intelligence, and Mason measurement and signature intelligence. Those were the established categories for wow a long time.
Things have changed a lot, especially recently.
Absolutely, what's really shaped ocent today is just the explosion of data from mobile phones and social media platforms like Instagram, TikTok x formerly Twitter. They're just massive public archives of information. Huge plus maps and satellite images are incredibly accurate now and easy to get hold of.
Okay, but here's where it gets interesting. Right, while all this open data is exploding, there's also this big push for security privacy. You see encrypted communication like signal and telegram everywhere. Yeah, that creates a bit of a puzzle for OCENT, doesn't it.
It definitely presents challenges. But you know, these obstacles have actually driven the development of new tools, often.
Open source tools like on GitHub.
Yeah, you can find loads on platforms like GitHub. And we're also seeing the growth of really active OCENT communities online sharing knowledge exactly, sharing knowledge through blogs, videos, even live streams. And it's not just governments anymore. Profits are using crowdsourcing and OCENT for things like finding missing people. Wow, the lines between those old intelligence categories they're getting blurrier. Analysts need a broader skill set now, and.
The sources even hint at what's coming, right with a chapter called What's Next. Sounds like it's always changing.
Precisely, the digital world is always moving, so OCENT methods, the information we can access, it'll just keep.
Evolving, which makes those core skills like critical thinking even.
More crucial, absolutely essential.
Speaking of skills, the source material really hammers home critical thinking. Why is that so vital for someone doing OCENT well?
Without critical thinking, it's just so easy to get overwhelmed by the sheer amount of data right.
Information overload totally.
And it's hard to tell what's reliable. Critical thinking is about being able to see the connections between different pieces of info and figure out, you know, what's credible and what's not.
Like journalists verifying stuff on social media.
Exactly like that, they're off on the front lines separating fact from fiction. It's a core part of the job that makes perfect sense.
You can have mountains of data, but if you can't analyze it right, it's not really useful intelligence, is it.
Not at all?
Now? Something you might not immediately link with intelligence work is mental well being, But the sources bring this up.
Yes, And it's such a crucial point ascent analysts can unfortunately encounter deeply disturbing content I can imagine, especially when dealing with topics like violence or exploitation. It's vital to acknowledge the potential for trauma for mental health challenges for ourselves and our colleagues.
Because ignoring it affects.
The work absolutely. It can seriously impact the quality of the work and of course personal lives too. It's something we have to talk about.
Another really important aspect highlighted is personal bias. How can our own beliefs mess up ocent analysis.
Well, our biases can lead us to misinterpret information, plain and simple. It undermines the impartial. That's just key to good investigations.
And you need to be aware of them exactly right.
Being aware lets you actively question your interpretations. The example and the source about the Nicholas Cage fans.
Oh yeah, the best actor investigation. Right.
It perfectly shows confirmation bias, that tendency to just favor information that supports what we already believe.
We all do it, we all do.
Recognizing that everyone has biases is the first step in reducing their influence. You have to constantly question credibility and evidence.
That's a good reminder. Okay, So the sources then get into the methods. This idea of the intelligence cycle can he gives a quick overview.
Sure, the intelligence cycle is basically a structured way of doing intelligence work. A process, Yeah, a process. It generally involves planning and requirements first, then collection, followed by processing and evaluation, then analysis and production, and finally dissemination and consumption with feedback looping.
Back like a continuous loop.
Pretty much. Yeah, it feeds back in to itself.
Okay, let's break some of that down starting with planning and requirements. What's really important in that first stage.
The planning and requirements phase is well, it's all about defining the who, what, why, and how of your investigation.
Who needs the info and what do they need exactly?
Those questions should be driven by the stakeholders, the people who need the intelligence. Without clear goals, clear objectives, you just risk wasting time chasing rabbits, right, wasting time on irrelevant information, and ending up with intelligence that doesn't actually answer the original question.
Makes sense.
As analysts, we might be tempted to just dive in and start gathering data, but setting these initial requirements is so essential. The key takeaway. Without clear goals upfront, you risk drowning in data that doesn't help total sense.
You need to know what you're looking for before you start digging. Okay, next step collection. The sources highlight this technique called pivoting. What's the art of pivoting?
In osent pivoting, it's like following a trail of digital breadcrumbs.
Okay.
When you're collecting info, you'll often find clues that lead you to other related data, things that potentially connect different findings or user accounts.
Like starting with an email address.
Yeah, that's a great example. You start with an email, and you might pivot to a username, maybe a phone number, maybe even an IP address.
And each new piece becomes a new starting point exactly.
Each new bit of information lets you pivot again build out the picture. Mastering. Pivoting really transforms scattered data into like interconnected narratives. It reveals hidden relationship is crucial. It is, and it's a skill that really improves with practice. Learning to spot those potential connections, those pivot points.
And where do we usually start this collection? The sources mentioned a few common jumping off points.
Well, analysts might start with large collections of data, you know, big data, right, or just basic search engine results, or maybe social media profiles. The specific starting point often depends on what you already know, what you're trying to find out.
Okay, so we've gathered our data. The next step in the cycle is processing and evaluation. The sources mentioned a couple of interesting techniques here, reset and gap analysis. Let's start with reset. Okay.
The reset technique it stands for refresh, explore, think, seek. It's basically a way to get a fresh perspective when you feel stuck.
We all get stuck.
Absolutely, It encourages you to take a break, maybe look at things from a different angle, think creative right, find the box, yeah, without being limited by your current focus, and then actively look for new information or new ways to approach the problem, like taking the walk exactly. The example of taking a thirty minute walk to clear your head and come back with a fresh outlook. That's reset in action.
Sounds like a good way to avoid getting lost in the weeds. And what about gap analysis? How does that help in processing and evaluating?
Gap analysis is a bit more systematic. It's a technique for breaking down an investigation.
How does it work?
It involves asking four key questions what do I already know? Oh, what does this mean? What do I still need to know? And crucially, how do I find that out?
Okay?
By methodically answering these you can break down large amounts of info into a more manageable form and identify the critical gaps in your knowledge.
The example with the image was good.
Yeah, analyzing the image, noting the boat, the German flag, the name temptation, and then asking what those details imply and what else you need to know? It really shows how effective this can be. It forces you to be methodical.
Right, It's about being methodical in your approach. Okay, after processing and evaluation comes analysis in production, making sense of it all. Documentation seems really key.
Here, absolutely essential. Taking detailed notes, capturing the data you find. You just have to do it or you'll forget or lose track exactly and depending on how complex the cases, visualizations like mind maps, charts, graphs, they can be incredibly.
Useful for seeing connections.
Yeah, for understanding entities, connections, characteristics. Link analysis charts are great for visualizing relationships between people, for instance, Right, while mind maps can help you see how different pieces of information relate and maybe spot potential pivot points you missed. The key is finding a documentation method that works for you and allows for collaboration if needed.
The sources even mentioned specific tools for this, like Hunchly in Obsidian. Yeah.
Hunchley is a browser extension. It's designed to automatically grab and organize your web based research as you go.
Sounds handy any downsites?
Well, One thing is it only works with chromium based browsers like Chrome or Edge, and some users find its little overlay box a bit intrusive. But it's powerful for.
Autocapture okay, and Obsidium.
Obsidian is different. It's note taking software. It stores your notes locally on your machine, which is great to privacy, and lets you create links between notes.
More like building a personal wiki kind of. Yeah.
It offers features like graph views, seeing the connections visually, slideshows, even automatic mind map generation.
Why do people like it?
People tend to like it because it's easy to use. Your data stays secure on your own computer, and it offers a lot of flexibility in how you organize things free for personal use too.
Good options. Yeah, okay. So once we've analyzed everything, the next step is production, putting it all together in a report. The sources emphasize this is critical, even if it's maybe not the most glamorous part.
That's so right. All that hard work you put into collecting and analyzing, it's wasted if you can't effectively communicate your findings to the people who need them, right, the stakeholders again, exactly. The report needs to clearly answer the questions defined way back in planning and requirements, and it absolutely has to be tailored to the specific audience.
So a CEO gets something different than say, a technical expert totally different.
The CEO needs the bottom line quickly. The expert might need all the technical details. The report itself needs to be well organized, easy to read, key elements, clear title and date. Obviously, and crucially, an executive summary gets straight to the point, uses the BLUF approach, bottom line up front, got it, and the information in the report needs to
be accurate, relevant, objective. The example the US government struggles to implement OSENT shows that kind of direct statement you might find in an executive summary.
Clear concise, clear, concise, tailored key for reporting uh okay, shifting gears a bit. The sources introduced this idea of the adversarial mindset. Why is it important for someone doing ocent to well think like an attacker?
Adopting an adversarial mindset? It really helps you understand potential targets. What kind of data might be valuable to someone looking to cause harm? How might they try to get it?
So you can anticipate threats exactly.
This perspective is really important for creating intelligence that can lead to proactive security measures. By understanding the techniques attackers use, how they might get into systems, how they collect information, you can better identify weak spots.
In an organization's online presence or even in individuals both. Yeah.
It's a common approach in threat intelligence, red teaming security testing, thinking like the bad guy to.
Find the holes, which leads us directly to the crucial topic of operational security op set. Why is OPSX so vital for someone involved in ocent?
OHPSC is absolutely essential. You have to protect yourself and your investigations.
Because the work can be risky.
Exactly because of the nature of the work. You might be dealing with sensitive information or looking into potentially hostile individuals or groups. Good OPS practices help prevent your activities from being detected traced back to you. It ensures your safety and the integrity of your research.
Okay, the sources outline a specific OPSE process. What are the main steps involved there? Yeah?
The OPSC process usually includes several steps. First, you analyze the threat who might be targeting you?
Okay?
Then you determine vulnerabilities where are your weak spots? Followed by a risk assessment how likely is an attack and what's the impact? And finally you apply countermeasures to plug the holes.
Right.
It's a systematic way to identify potential day and put measures in place. To reduce those risks.
One interesting method mentioned is the persona non grata or PNG method.
What's that about the PNG method? It involves creating detailed profiles of potential adversaries. You actually give them names, backgrounds, skill sets.
Like creating fictional characters sort of, Yeah.
But based on realistic threats. This helps you think from their perspective, understand their goals, how they might operate, and it helps you spot weaknesses in your own opsec strategy.
That's clever proactively thinking about how someone might target you exactly, and when it comes to actually applying those countermeasures. What kind of privacy tools are available?
There are several tools that can really enhance your OPSS. VPN's Virtual private networks are common.
What do they do again?
They encrypt your Internet traffic and hide your real IP address, makes it harder to track your online activities back to you.
Okay.
Then there's tor, the Onion router. It provides anonymous browsing by routing your traffic through multiple servers multiple relays, obscures your origin and destination.
Can you use both?
Yeah? Using both a VPN and tour together can offer an extra layer of security. Free net is another option it's a peer to peer platform using decentralized storage and encryption for anonymous communication.
Virtual machines vms are also mentioned for security. How do they help with.
OPSA VMS let you run separate, isolated operating systems on your main computer, like a computer within your computer, a sandbox exactly a digital sandbox. So if you click on a risky link or open a dodgy attachment, it's contained within that virtual environment. It can't harm your primary system. But they're not perfect, right, It's worth noting vms aren't a silver bullet against everything. Things like webcam hijacking or browser fingerprinting might still be issues.
Browser finger printing, what's that?
Ah, that's when websites collect data about your browser configuration, fonts, graphics, card drivers, plugins, all sorts of tiny details.
Could identify you potentially.
Yes, enough of these details combined can create a unique fingerprint that can identify you even if you're using a VPN or VM. It's a tricky.
Area, okay. Another key part of US and OPSEC seems to be using research accounts or sock puppets. Yeah, what's the idea there? Creating fake profiles?
Pretty much? Yeah, research accounts are separate online profiles you create and maintain specifically for your OCENT work.
To keep it separate from your real life.
Exactly, keep your personal online life completely separate from your research activities. But just creating them isn't enough.
You have to make them look real.
You got it. To make these accounts look legitimate, you need to engage in consistent activity that mimics normal human behavior, like what adding friends, making comments, liking posts, sharing relevant content stuff related to the persona you've created, and doing it at typical regional hours.
So they don't get flagg by algorithms.
Right. This helps prevent social media platforms from flagging the accounts as suspicious and potentially shutting them down. You want to blend in mean some of that you can. The source mentions nico building recipes with IFTTT, if this then that to automate posting things like soccer scores to keep a persona active.
That makes a lot of sense. Blend in to observe effectively, don't raise red flags. Okay, let's move into part two of the sources. This dives into specific OCENT touch points, starting with something really fundamental. Search engines.
Yes, search engines absolutely central to OCENT they're versatile, they're free, and often the first place you'll go on starting well pretty much any investigation.
The mastering search engines is key, more so than fancy tools sometimes definitely.
While specialized tools have their place, mastering how to use search engines effectively is absolutely essential. Don't underestimate the basics.
The sources suggest using different search engines depending on what you're looking for right, not just Google right.
Different search engines use different algorithms the index different parts of the web, so for more targeted results, it helps to use search engines popular in specific regions or languages. Examples Bad is good for researching Chinese entities, yandex is useful for Russian content. And a good tip is to set your VPN to the region you're investigating. That can sometimes give you more relevant local results.
How do you find out which search engine is popular somewhere?
The website similar web dot com for top dash websites is a good resource for identifying popular sites, including search engines, in a particular region.
Good tip. It's a good reminder that Google isn't the only game in town, and the sources also kind of push back against the idea that you always need specialized tools to be great at ocent exactly.
While specialized tools can definitely be helpful, a strong understanding of basic ocent techniques, especially how to use search engines really well, is far more important. The Defcon story, Yeah, the story about winning the Defcon twenty eight Missing Persons Capture the Flag event using mostly basic ocent skills really highlights this.
It's about the fundamentals, and that brings us to the power of Google dorking. What are these advanced search operators?
How do they help Google doorking? It sounds funny, but it's powerful. It involves using special commands and syntax within the Google search bar to really narrow down your searches.
To find stuff you wouldn't normally find.
Exactly, find information that might not show up with simple keyword searches. You can use operators like site to search only within a specific website okay, or in title to look for keywords just in the page title, or combine keywords with terms like misconduct for business intelligence or specific technology names for industrial intel.
So it's about being really precise, very.
Precise, filtering out the noise, pinpointing the information you actually need. It's a core OCENT skill.
Got it, Okay. The next touchpoint explored is subject intelligence, focusing on a person's digital footprint.
Yes, subject intelligence. It's fundamental because well, people are involved in virtually everything. Right. It's about gathering and analyzing publicly available information about an individual to get a comprehensive understanding of them, who they are, what they do, who they know.
The sources give some really compelling examples, tracking the Boston marathon bombing suspects.
Right, though there were issues with how Reddit handled that and.
How that executive's online activity led to the compromise of HP Gary.
Yeah, those really highlight how much you can learn just by analyzing someone's digital footprint, the good and the bad uses.
Which brings up legal and ethical stuff like privacy laws.
Absolutely crucial, especially with regulations like GDPR. You need to stay on the right side of the law. Getting stakeholder approval for subject intelligence is often recommended.
Now, the sources introduce this idea of pattern of life analysis within subject intelligence. What does that involve?
Pattern of life analysis? It's about examining a person's regular activities, their movements to understand their habits and behaviors online habits in ocent. Yeah, it means using digital footprint data, social media posts, location check ins, online activity patterns to figure out when, where, and with whom a person interacts.
Like online surveillance, it's essentially.
The online version of traditional private investigator work. Yeah, and it can even help you predict future actions sometimes or confirm assumptions based on observed patterns.
The dark web marketplace example.
Right analyzing the owner's posting habits when they posted could reveal clues about their time zone, maybe even their offline activities or sleep schedule.
And the John Stewart example.
Analyzing his Twitter posting times using a tool like account analysis dot app provides another concrete example of figuring out patterns from public data.
When researching people. Names can be tricky different cultures, different conventions.
Absolutely, Like in China, someone might use several different names, social names, married names, maybe a westernized name. In Russia, Russian naming conventions include a given name, a patronymic based on the father's first name, and a surname with gender variations. Being aware of these cultural nuances is really important for accurate idea identification. Don't assume Western naming conventions apply everywhere.
Usernames too, they can be really significant.
Pivot points, can't they hugely significant? People often reuse usernames across different platforms.
Pn on example showed that right linking accounts across four chan eight can.
Exactly Ron Watkins. Even if someone tries to stay anonymous on one platform, if they use the same username somewhere else, maybe on a less secure platform, it can reveal a lot.
So always start with a basic search for the username.
Always a good first step. Just plug the username into a few search engines and see what pops up.
Email addresses are another key piece of data. What can we get from an email address?
An email address can be a massive pivot point. It can leads you to associated accounts, other usernames, potentially phone numbers, even Google IDs. Google IDs, Yeah, Gmail accounts have a unique Google ID link to them. This ID can sometimes give you access to a user's publicly available data across various Google services, maps, contributions, reviews, use photos uploaded wow, and always check if an email address has shown up in data breaches.
That can be very informative, which brings us to breach data. How useful is information from data breaches seems risky?
Well, it's useful for the investigator, risky for the person breached. Unfortunately, data breaches are incredibly common.
They seem to happen all the time, they.
Do, and they can expose huge amounts of user info. Emails, passwords, often hash but sometimes cracked, usernames, IP addresses, real names.
How do you search it?
There are specialized search engines like intel X that index data from numerous breaches. You can search for an email, username, et cetera, and potentially link different pieces of information about your subject from various leaks.
Could you find passwords?
Sometimes you might even find patterns in the types of passwords someone uses across different breaches, which could help uncover additional accounts or email addresses they use. People reuse passwords a.
Lot, risky habit Okay. Phone numbers another potential data point, but the verse is to say they can be inaccurate.
They can indeed be unreliable. Numbers get reassigned, people use burners or VoIP numbers, so it's always best to try and verify a phone number using multiple sources.
Cross referencing.
Yeah, the story about verifying a foreign national's identity by cross referencing their landline number with their wife's info found in public records databases that's a perfect real world example of confirmation.
Finally, for subject intelligence, public records, what kind of gold can we find there? And what are the challenges?
Public records can be an absolute gold mine. Voter registration details, local city and county records, permits, licenses, property.
Records, but access varies hugely.
Access varies wildly depending on where you are. Voter registration info different rules in Florida VERSUS, say California local records. Some cities make it easy, others require specific info. Property records often found on county websites or secondary sources like Zilo and Trulia can have cashed or related info.
They can give you.
Addresses, ownership details, sometimes even things like security system permits.
International differences too.
Absolutely, Data protection laws very significantly country by country. Francis CNIL is very different from US regulations. There are even maps showing data protection levels globally. You need to be aware of the laws where the data resides and where your subject resides.
So you canbine official records with maybe unofficial stuff.
Exactly, you combine and enriched data from official documents, maybe social media news articles. The pivot shart example, starting with just a subject's name shows how you build out that picture layer by layer.
Okay, that covers a lot on subject intelligence. Moving on the next big area, social media analysis. This seems massive and constantly changing.
It is. Social media platforms are just incredibly rich sources of ocent data. They show connections between people, organizations, give insights into routines, locations, and often reveal other online accounts. You can pivot from.
The sources highlight correlating user accounts. What are the key things to look for when linking different profiles to the same person.
When you're trying to connect social media accounts, you look for consistency shared usernames across platforms.
That's a big one.
Identical or very similar profile photos, also patterns of interaction accounts that frequently like or comment on each other's posts that might suggest they're run by the same person or people who are closely connected.
The fbik study tracking the George Floyd protest suspect through Etsy poshmark LinkedIn that was powerful username and profile photo.
Pivots a perfect example. Following those digital breadcrumbs across different, seemingly unrelated platforms ultimately leading to identification, even confirming a tattoo from a profile picture and.
Once you have multiple accounts, maybe in a group, how do you visualize those connections? Association matrices and link analysis charts.
Yeah, those are really useful for visualizing relationships within a group. And association matrix is basically a table showing how strongly different people are.
Connected based on followers or interactions.
Exactly shared followers, frequency of interaction, things like that, and then you can turn that data into a link analysis.
Chart using tools.
Using tools like it Maltago or even simpler mind mapping software, these visuals make it much easier to see who the key players are in a network, who the influencers are, how they're connected.
The ability to continuously monitor communities on social media is also discussed. The analysis after the January sixth Capitol riot groups like Bellingcat using osand image analysis. Incredible work shows.
The real power of it, doesn't it, But monitoring groups, especially private ones, definitely has its challenges.
How do you get into private groups?
Well, you can directly observe open groups easily enough, but for private ones like on Facebook, you often need those sock puppet accounts.
We talked about fake profiles, right.
Accounts designed to blend in with the group's interests to gain access without raising suspicion. Telegram also has its own ecosystem. There are platforms like tgs dot dot com that can atalog public channels and provide spats, which can be useful starting points.
Beyond text, image in video analysis is critical. What can visuals tell us?
Oh a lot? Analyzing images and videos can give you the location where they were taken, details about what's happening, who's there, what objects are present, even clues to help figure out who owns the media or find related accounts.
Reverse image searching seems key here using an image to search online.
Yes, reverse image searching is a fundamental technique. You upload an image or its URL to a search engine and it tries to find similar images online.
Why is it useful?
It can often reveal the original source of an image, other places it's been posted, maybe higher resolution versions, or even identify objects or people within the image. The case study about identifying a sports logo and a fundraiser photo is a good.
Example which search engines are best for this.
The main ones are Google Images, Bing, Visual search and yandex Images is often very good, especially for faces or locations in Eastern Europe. Well, you might need patients. You can get a lot of results to sift through, and it doesn't always work perfectly on all social media platforms due to how they handle images, but it's always worth trying.
The sources also go into geolocation of images, figuring out where a photo or video was taken. How do we do that?
Gelocation is like being a visual detective. You look for clues within the image itself, like what language on signs. Seeing ditch text might suggest the Netherlands or Belgium or maybe South Africa, or surname, unique buildings, landmarks, mountains, types of vegetation, road signs.
The road sign example, planes or plans right.
That specific clue could help narrow it down significantly. Once you have a general region, then you use online mapping.
Tools Google street View.
Google street View is huge, Wikimapia, panoramio though partly archived, Mappillari earthcam for live webcams live on map dot com for conflict zones, and you use these tools to try and match the visual clues from the image to a real world. There's a whole step by step process involved.
And sometimes the clues are hidden in the file itself.
Metadata exactly metadata specifically exif data for images can embed information right into.
The file like GPS coordinates.
Sometimes yes, GPS coordinates showing exactly where the photo was taken, also the date and time, camera model, phone.
Type, how do you see it?
There are online tools like Jeffrey's exifuere or browser extensions or desktop software that can extract this data.
That it can be faked.
Absolutely, metadata can be easily stripped out or deliberately changed, So treat it as a clue, but always try to verify it with other evidence if possible. Don't take it as absolute gospel makes sense.
Then there's attribution. Figuring out who owns the photo or video.
Yeah, trying to identify the original creator or owner of the media and potentially other accounts they might have. Reverse image search can help here, trying to find the earliest instance or associated profiles.
Social media is also full of bad information, misinformation, disinformation, malinformation.
Yes, understanding that spectrum is important. Misinformation is false but not necessarily intended to harm. Disinformation is false and intended to harm. Malinformation is based on truth but used out of context to harm. Examples oh Pizzagate, celebrity death, hooxes, false vaccine, claims wild five G conspiracy theories. Debunking these often involves ocent techniques like what a verification process, asking who shared it, what's the source, why was it shared?
How is it created? Using tools like archive dot org to see past versions of websites, doing reverse image searches to check the photo's origin. It's about critical examination.
Social network analysis another powerful technique mentioned using graph theory sounds.
Complex it can be, but the basic idea is simple. It uses concepts from graph theory like nodes representing people or accounts and edges representing their connections, to visualized relationships like a map of connections exactly. And you can even show the stres length of a connection, maybe by the thickness or color of the edge the line maure nodes.
How tools do you use?
Tools like neo forge or Giffi are popular for creating these network visualizations. They make it much easier to identify key influencers see how information spreads, spot clusters or communities.
The example of Benjamin Strick analyzing the pro Indonesian bot network on Twitter using Giffi a.
Perfect example of visualizing complex networks to uncover coordinated activity.
And the puppy scam case study that really tied a lot of these threads together. Google dorking, pivot charts, whis data uncovering that whole network of fake websites linked by one email address.
Right Jane Do at gmail dot com. It's a great example of how different OCENT techniques work together in a real investigation, starting broad finding, pivot points, layering information.
Okay, let's move on to business and organizational intelligence. Why is understanding companies and organizations so important?
Well? Understanding these entities, their structure, ownership, back activities is crucial for so many things due diligence for investments, competitive intelligence, tracking supply chains, investigating fraud or other illegal activities.
The wire Kurt fraud example. Dan mccrumb's OSID.
Work a prime example of how impactful OCENT can be in uncovering massive corporate fraud. It shows this isn't just theoretical.
So what are some key things we look at when analyzing an organization structure? Seems important? Parent companies, subsidiaries.
Yes, Understanding the corporate structure is fundamental. Who owns whom? Where are the branches? Seeing this visually like in an org chart, if you can find or build one is really helpful.
We els.
You also look at key people, executives, board members, locations, financial health, if possible, partners, main products or services, building a complete profile.
Publicly available documents seem like a huge resource here, What are the most important ones?
They really are. Annual reports give you a great broad overview of companies' activities over the past year.
For public companies in the USA, SEC filings exactly.
For US public companies, forms like the ten K, the Big Annual Report, ten Q quarterly, and eight K for significant events like mergers or leadership changes are essential.
Where do you find them.
On the SEC's EDGR database. They contain incredibly detailed financial and operational information. Other filings like proxy statements for shareholder votes and S one forms when a company plans to go public are also valuable.
Social media isn't just for people, right, Companies use it too. How can we leverage that?
Definitely? Organizations use social media heavily for marketing, pr, customer communication, recruitment, announcing partnerships, events, So.
We can use the same tactics as subject intelligence pretty much.
Yeah, you can use similar techniques to find an organization's various social media accounts. They often link them from their main website. Analyzing their posts, who they follow, who follows them. It can reveal activities, partnerships, key employees, sometimes even information not intended to be public. Tesla's Twitter account is mentioned as a potential pivoting point.
The sources also mentioned violation trackers. What are those?
Violation trackers are databases often run by government agencies or watchdog groups that keep records of legal actions, fines penalties against companies and sometimes individuals.
Useful for due diligence, very.
Useful helps you identify if a company have a history of misconduct, safety violations, environmental issues, discrimination, lawsuits. Things like the contractor misconduct database or violation tracker. The Fair Noose case is mentioned as an example of corporate wrongdoing.
Contracts seem like another area ripe for osand what can we learn from public contracts?
Publicly available contracts, often found on government procurement websites like sam dot gov in the US, can be incredibly revealing.
What kind of details, who the.
Main contractor is, who the subcontractors are, the specific services or products being provided, maybe the technology involved, project timelines, costs, sometimes contact info, even supporting documents like blueprints or plans, occasionally. The soil hauling for Yosemite Park example shows the level of detail you might find.
Understanding contract jargon helps too, Definitely.
Knowing terms like contractor subcontractor purchase order RFP request for proposal helps you make sense of the documents.
Power mapping sounds intriguing figuring out influence through investments and donations exactly.
Power mapping involves identifying key individuals and organizations and then analyzing their connections through things like investments, campaign donations, board memberships, lobbying activities.
To reveal hidden influence.
Yeah, it can help reveal political affiliations, links to super PACs or think tanks, and other relationships that might influence decisions or policies. The tool Little Messis is mentioned for this. The twenty nineteen college admission scandal is a related example of mapping influence and money.
The sources also touch on spotting shell companies. What are the red flags?
Shell companies, often used to obscure ownership or facilitate illicit activities like money laundering, tend to have certain characteristics. No real physical address, maybe just a PO box or a mail drop. Often they use a registered agent address that's shared by hundreds or thousands of other companies very little public presence or operational activity.
Sanctions are another p area, especially internationally. How does OSEND help here?
Monitoring sanctions lists like the OFACSDN list in the US is crucial for compliance and risk assessment. OSEND helps provide context around the sanctions.
Why was they imposed, who else is involved.
Exactly, identifying all the parties involved, understanding the patterns of activity that led to the sanction like ilicit oil transfers mentioned as an example, and tracking historical contexts.
Nonprofit organizations also have public data right form nine ninety in the US. That's right.
In the US, nonprofits generally have to file an IRS form nine ninety annually. It contains a wealth of financial and operational data, revenue expenses, salaries of top executive program activities.
How do you find those?
There are online tools like Republica's Nonprofit Explore or Candid's nine to ninety finder that make searching and accessing these forms pretty easy.
Finally, for business intelligence, the website itself loads of OSUM data.
There absolutely a company's website is a primary source. You analyze its IP address, its domain name, registration, whois records via registrars like I can the actual content, the underlying code and metadata. Tools for website analysis, tools like build with can tell you what technologies a website uses, CMS, analytics, advertising networks, et cetera. Browser developer tools let you inspect the code. Commandling tools like CURL can fetch.
Headers and source code hidden info.
Sometimes you can find hidden information in website metadata or accidentally exposed files, maybe old spreadsheets, internal documents, printer names. You have to look carefully.
Robots dot txt and sitemap dot xml.
Yeah, looking at the robots dot txt file tells you what parts of the site the owners don't want search engines to crawl, which can sometimes be interesting. The sitemap doxml gives you a list of intended public pages. Analyzing DNS records using tools like mx toolbox provides info about mail servers IP addresses associated with the domain. It all builds the picture.
Even understanding basic IP addresses is helpful.
Definitely knowing how the Internet routes information via IP addresses is fundamental.
That's a really thorough look at business and organizational intel. Let's switch gears now to transportation intelligence. Seems very practical, very real world.
It really is transportation, c rail, air road. It's the backbone of global trade and movement. Being able to track, predict, or gather intel on transport can provide valuable data for logistics, security, spotting, illicit activity, you name it.
Satellite imagery plays a big role here, doesn't.
It a huge role? Satellites are used for mapping, weather forecasting, environmental monitoring, and of course, intelligence gathering.
Types of satellites.
Broadly two main types for imaging. Geostationary satellites stay fixed over one spot on the equator. They give you frequent updates high temporal resolution, but cover a wide area with less detail, lower spatial resolution. And the other type, polar orbiting satellites, circle the Earth, passing over the poles. They provide very detailed images high spatial resolution, but cover any given spot less frequently, lower temporal resolution. Think detailed snapshots versus frequent wide views.
Where does the imagery come from?
Sources like the Landset program or NASA's Earth Observatory make a lot of imagery publicly available, which is fantastic for osent. Commercial providers offer even higher resolution data.
Okay, let's dive into specific modes, starting with maritime intelligence. AIS data is mentioned. What is that?
AIS stands for Automatic Identification System. Ships over a certain size are required to broadcast information about themselves identity, position, course speed using AI transponders.
So it's key for tracking ships. Absolutely.
There are many websites and services that aggregate this AI stata, allowing you to track vessels globally, in near real time or historically.
But it has limitations.
Spoofing, Yes, that's a major limitation. AI's data can be deliberately manipulated or faked. That's called spoofing. Why would someone do that Various reasons. A Navy ship might spoof its location during a sensitive mission. A vessel involved in illegal fishing or smuggling might broadcast false coordinates to hide its activity. Someone might try to obscure a missile launch location by having ships spoof nearby, So.
You can't always trust it one hundred percent.
You have to be aware of the potential for spoofing and look for corroborating evidence if the track seems suspicious. GNSS jamming disrupting GPS signals is another issue affecting maritime and aviation navigation.
Besides tracking ships, what else can maritime ocein uncover ports seem.
Important courts are critical hubs. Analyzing port activity gives you huge insights to trade flows and ship movements. Sometimes you can find publicly available berthing reports online lists of ships scheduled to arrive and depart.
What can I Tell You.
Gives you clues about cargo types, origins, destinations, vessel schedules. Ports are also great places for image and satellite analysis, as ships are stationary for longer periods. Analyzing port infrastructure for vulnerabilities is another key area. Undersea cables often land near ports too.
Moving onto land railway intelligence what osand opportunities exist there?
Railways are vital for moving freight and passengers. Osin involves identifying rail lines visually using satellite imagery, mapping routes, finding schedules sometimes available online like the anytrip dot com dot Au example from Melbourne, and figuring out ownership and operation of rail infrastructure. Tracking freight yeah understanding how freight moves, especially the transloading process where goods switch between trucks and trains.
Analyzing track side technology like RFID tags, AI tags or radio controlled SO systems can also offer insights, including potential cyber vulnerabilities.
Aviation intelligence. Next, identifying aircraft seems basic but crucial. How do we do that?
Aircraft have several key identifiers. There's the icoid, a unique twenty four bit hex code transmitted by the planes transponder. You see this on flight tracking sites. Then the registration number, often called the tail number. Like N numbers in the US, you can look these up in registries like the FAAS to find ownership and aircraft type. The example N three eight me leads.
To a Eurocopter. Call signs too right, the call.
Sign used for radio communication. Airlines have specific call signs, like Brickyard for Republic Airways, Dragon for Cafe Pacific, Cactus. After the US Airways Flight fifteen forty nine incident, military aircraft used tailcodes and serial numbers instead of civil registrations.
Can you identify them visually? Yes?
You can learn to identify aircraft types by looking at their key features wings, engines, fuselage shaped tail configuration, The WEFT methods engines fuselage tail is a systematic way to do this. Even identifying UAVs drones involves looking at wing or rotor types.
How do we track aircraft routes using ocent flight tracking platforms? Yes?
Platforms like flight Aware Flight Tradar twenty four. ADSB exchange aggregate data from ADSB receivers and other sources worldwide.
What data do they show?
Real time and historical flight info? Aircraft identifier, call sign, hex code, type, altitude, speed, track, origin, destination. It's incredibly detailed.
Many tips for using them.
Definitely check multiple sites, as coverage and data retention can vary. Pay attention to patterns. Frequent flights between certain locations can reveal routines or bases of operation. Look for low flying aircraft that might not show up on all trackers. Be aware of things like the FAA's PIA list or LADD program, which allows some owners to limit public display of their data.
What about official notices?
Checking FAA no TAMS notices to airmen and TFRs temporary flight restrictions is important for understanding airspace closures or special conditions.
Can you track cargo on planes?
Sometimes air cargo uses an Airway Bill AWB number for tracking, similar to a shipping tracking number. Combining this with ocent from other transport sectors can help track goods across the entire supply chain.
What about air fields themselves? Illicit ones?
Yeah, ocent, especially satellite imagery analysis can be used to identify potential illicit airstrips and remote areas looking for cleared land. Maybe science of activity Combining imagery with fire detection data like NASA firms can sometimes reveal activity like burning vegetation to clear land for strips. Google Earth is great for analyzing potential airstrips over time.
Lastly, automotive intelligence, what can we find out about cars and trucks?
Automotive OCENT involves identifying vehicles, make and model. Tools like carnate dot AI can help license plates resources like World license Plates dot Com show formats, then numbers cracking routes. You can monitor routes using webcams like the famous eleven foot eight bridge webcam catching trucks hitting it. Satellite imagery, social media posts showing vehicles, also figuring out ownership and operation and understanding the vehicle's security features or technology.
Okay, that's a really comprehensive overview of transportation OCENT. Let's move into an area that feels increasingly urgent, critical infrastructure and industrial intelligence. Technology integration seems to be the key driver here.
It absolutely is. Our critical infrastructure power grids, water systems, transportation, networks, communication, systems relies more and more on interconnected technology.
Which creates vulnerabilities.
Exactly, it increases the potential attack surface. Events like nine to eleven were turning point highlighting physical vulnerabilities, but now the cyber threat to industrial control systems I sees is huge. Stucks Net showed what's possible.
Stuck's Net the worm that hit Iranian nuclear facilities.
That's the one, a landmark case showing how cyber weapons could target and damage physical industrial processes. It really people up to ICs security risks.
So OCENT here involves looking for weaknesses.
Yes, often adopting that adversarial mindset again, analyzing the physical and digital footprints of critical infrastructure operators to identify potential weak points that an attacker might exploit. Understanding the ICs cyber kill chain helps frame this.
What is the ICs cyberkill chain.
It's a framework adapted from the traditional cyber kill chain that outlines the typical stages an attacker might go through when targeting industrial control systems, from reconnaissance to achieving their objective like disruption or destruction. OCENT is crucial in that initial reconnaissance phase.
The rise of IoT, Internet of things and IoT industrial IoT plays a big role too huge.
These connected devices are everywhere now integrated into critical systems. They monitor conditions, make automatic adjustments, collect data, but.
They can be insecure. The casino example.
Right the infamous story of a casino network reportedly breached through a vulnerabiles in a connected fish tank thermometer. It sounds almost comical, but it highlights how any connected device can be an entry point if not secured properly.
So osin helps identify these devices.
Yes, osent can help identify connected IOTIOT devices associated with a target, understand their functions, and uncover any publicly known vulnerabilities or default credentials that attackers might leverage. Mapping the infrastructure is key.
How do you map infrastructure using osent?
Tools like Google Earth pro are great for plotting known locations using GPS coordinates, and there are many publicly available data sets like what. The US DHS HIFLD Open Data Portal has tons of infrastructure data. The EIA has energy maps. There are industry specific maps like Norse Petroleum's interactive map for Norway, Geri's Thermal power plant map in Japan, wyanos World Map of Nuclear Operators, even an ARMSCM map of
the Russian defense industry. Lots of data out there if you know where to look.
Public disclosures too.
Contract resumes absolutely, contracts like unususpending dot dove can reveal technology suppliers or specific systems being used. Sometimes people list detailed technical skills or specific ICs SCATA systems they've worked on in their resumes posted on LinkedIn. You can use Google dorks to search LinkedIn for these details, potentially revealing vulnerabilities.
Wireless networks are another big vector.
Wi Fi Wi Fi is everywhere. Tools like wage you wa let you map wireless networks globally by collecting data points like SSID, network name, b SSID, MAC address of the access point, encryption type, and GPS coordinates submitted by volunteers.
That raises privacy concerns war driving.
It does war driving driving around scanning for Wi Fi networks was the original method for building these databases. While the data itself is broadcast publicly, aggregating it raises privacy questions, but it's invaluable for mapping wireless footprints. Bluetooth can also be tracked, potentially inferring location or proximity based on device detection.
Think about fitness trackers. The Strava heat map incident showed how aggregated user data could reveal sensitive locations like military bases.
Other wireless types opun.
LAURA yes, Low power wide area networks like LOREWN are increasingly used for industrial IoT because they offer long range and low power consumption. Understanding these protocols is also becoming important for OCENT in this space. Baselining normal wireless activity helps spot.
Anomalies and finding cell towers.
Identifying mobile tower locations can also be part of infrastructure OCENT using contracts, public disclosures, zoning permits, and tools like cell mapper, which crowdsources tower locations based on user signal readings.
Okay, let's move to the money financial intelligence. Why is OSENT so important here?
Financial intelligence or FINANT is crucial for tracking and combating illicit activities money laundering, terrorists, financing fraud, sanctions of asion. OSIN provides the publicly available pieces of that puzzle.
Key players FINCIN FATF.
Right organizations like FINCIN Financial Crimes Enforcement Network in the US and the International FATF Financial Action Task Force, set standards and provide guidance. Regulatory bodies like the FDIC Federal Deposit Insurance corporation in the US also provide information on banks and financial data tools like the Bank Fine Suite.
Tracking criminal organizations TCOs.
Yes, transnational criminal organizations operate across borders. OSEND helps map their structures, activities, and financial networks. The MS thirteen example illustrates the kind of group involved. O FAC reports like the one on the Kinahan organized crime group often contain valuable OSENT leads.
What about PEPs politically exposed persons?
PEPs are individuals holding prominent public functions politicians, judges, military leaders, state owned enterprise execs. FtF provides guidelines. They are considered higher risk for potential involvement in bribery and corruption, so identifying them is key in due diligence and financial crime investigations.
Money laundering itself, how does OSIN help find it?
OSIN helps identify red flags associated with money laundering, things like complex corporate structures involving shell companies, transactions with high risk jurisdictions, unexplained wealth, involvement of PEPs. It complements the internal KYC Know Your Customer process as banks use understanding
common schemes. Helps spot indicators tax evation and fraud. OCIN can help uncover concealed income or assets, or identify inconsistencies that suggest false information is being submitted to tax authorities. The Walter Anderson case is mentioned as a major tax evasion example.
Verifying VAT numbers isocodes.
Yes, small practical things You can often verify value added tax VAT identification numbers online. Knowing isocuntry codes helps identify countries mentioned in financial documents or transaction data. Resources like nationsonline, dot Org list these codes. Understanding prevalent crime types by region also provides context.
Finding info on organized crime and gangs.
Resources like Wikipedia surprisingly details sometimes the National Gang Center DEA Fugitives List, and specialized news sites like insight Crime provide background information and potential leads on individuals and groups.
Negative news searching this.
Involves crafting specific search engine queries storks again to find derogatory information or negative news reports about a person or company, combining names with keywords like fraud, arrests, lawsuits, scandal, etc.
Okay, now for a really hot topic. Cryptocurrency. How has ocent adapted to this often anonymous world?
Cryptocurrency presents unique challenges and opportunities for Ocent. It's built on blockchain technology, which is essentially a public distributed ledger. It's anonymous, right'sseudonymous. Usually, transactions are linked to wallet addresses, not necessarily real world identities directly, but the transactions themselves are public on the blockchain. Understanding the basics is key key terms.
Coins versus tokens.
Right cryptocurrencies or coins like Bitcoin, BTC or Ethereum eth run on their own blockchains and are typically mined. Tokens are built on top of existing blockchains like Ethereum using smart contracts and are minted. Tokens can represent different things value like stable coins, NFTs, non fungible tokens, security tokens, utility tokens.
Bitcoin Ethereum Bitcoin is.
The original, best known, one decentralized ledger proof of work consensus created by the pseudonymous Setoshi Nakamoto. Finite supply fungible one Bitcoin is like any other. Ethereum introduced smart contracts enabling tokens and decentralized applications de apps. It's the second largest.
Proof of work versus proof of steak.
These are consensus mechanisms how the network agrees on valid transactions. POW used by Bitcoin initially involves solving complex computational puzzles. Mining, which uses a lot of energy pos used by Ethereum Now and many others, involves validators locking up staking their own crypto as collateral to validate transactions, generally more energy efficient. There are other mechanisms too, like proof of capacity or proof of acti ativity.
How does the dark web fit in with crypto?
Cryptocurrencies, especially privacy focused ones, became the preferred payment method on darknet marketplaces selling illicit goods like drugs, weapons, stolen data CSAM.
How do investigators track this?
Using the Tor browser to access the dark web, identifying marketplaces, finding sellar profiles. These profiles often contained pivot points like usernames reused elsewhere or cryptocurrency wallet addresses used for payment.
Case studies Shiny Flakes Yeah.
The young German guy Maximilian Schmidt, who ran a huge online drug empire from his bedroom excepting crypto mistakes and shipping led to his arrest shows operational security failures.
Alpha Bat and Hansa.
Two massive darknet marketplaces shut down by law enforcement and Operation Baynet. They secretly took over Hansa for a while, gathering intelligence on users before shutting both down. They seized crypto and user data shows the reach of law enforcement even in these hidden corners.
So how do you analyze crypto transactions? Use ocent blockchain explorers exactly.
Blockchain explorers are websites that let you view and navigate the public blockchain data. You can enter a wallet address or transaction ID and see its history balance incoming outgoing transactions. With following the money precisely, even though it's pseudonymous, you
can follow the flow of funds between addresses. The funnel method involves starting with a known transaction or address and tracing funds back or forward, looking for links to exchanges where crypto might be cashed out to Fiat currency requiring identity verification, or other known illicit addresses. Layering information is key. The pivot chart example starting with a transaction shows this process.
Finally, let's briefly touch on non fungible tokens or NFTs. They've had their share of crime too. They have.
NFTs are unique digital assets recorded on a blockchain think digital art collectibles.
Well kind of crimes.
Because their value can be subjective and volatile. They've been used in Ponzi schemes and rug pulls, where it creators hype a project NFTs and then disappear with the funds. Wash trading to artificially inflate prices is another issue. Investigating these often involves blockchain analysis combined with social media OCENT to track promoters.
Wow, Okay, that brings us pretty much to the end of this really deep dive into open source intelligence, all based on the incredibly insightful material you shared. We've covered so much.
We really have, from its history the basic methods ops right through to cutting edge applications in crypto transport critical infrastructure.
It's vast. Yeah, hopefully you, our listener, now have a much clearer picture of not just what OCENT is, but how it's actually used, how powerful it can be.
Yeah, seeing how information that's just out there in the open can reveal hidden connections and provide such valuable insights when you analyze it effectively. It applies across almost any field.
There are definitely some surprising facts for me, some real aha moments, like the grandmother's story at the start or the fish tank hack. It really highlights how much data surrounds.
Us, absolutely and it kind of makes you wonder, doesn't it, about the power of this publicly available information in your own areas of interest, What could you uncover, what insights might you gain using these principles.
That's a great point. And maybe on that note, here's something I'll leave you thinking about. Given this sheer, vastness of open source information and how fast it's changing, what are the really big ethical responsibilities for individuals, for organizations, how do we use this power responsibly? And how do we safeguard data in the future.
That's the big question, isn't it. It's something we'll all have to grapple with as our digital world keeps expanding.