HOW TO BEGIN
FREQUENTLY ASKED QUESTIONS
Since our foundation, certain questions have become recurrent.
You will find below, the most frequently asked questions and their answers.
OSINT (Open Source Intelligence) is a method aimed at collecting and analyzing information extracted from freely accessible sources (websites, accounts on networks or social media, satellite imagery, paper journals, etc.).
More than an assembly of tools and methods, it’s usual to speak of a “state of mind”, turned towards investigation, made of rigor and ethics.
OSINT is not just about exploiting data on the Web. Simple discussions or radio signals can be considered as open sources.
Other areas of intelligence may use open sources. This is the case of :
- OSINT applied to social networks
- According to the American doctrine, this is the analysis of geolocalized information from imagery (traditional photographs, infrared images, radar, etc.) obtained by satellites, planes, drones, etc. France restricts Image Intelligence (ROIM) to research and development activities concerning image acquisition and analysis techniques;
- According to the American doctrine, GEOINT combines the techniques of acquisition of geolocalized imagery, the analysis linked to this information (IMINT), and the addition of geodetic, geological and meteorological data. France refers to GEOINT all Geospatial Intelligence operational activities;
- Analysis of electromagnetic signals and radio communications. In French: ROEM (Renseignement d’origine électromagnétique);
- Measurements analysis of a sensor (radio waves, nuclear, acoustic…) in order to determine its origin;
- Extraction of technical information related to Web sites or other entities accessible on the Internet.
Many other terms can be used in OSINT conversations such as COMINT, ELINT, FISINT, etc.
Since the purpose of OSINT is to consult open access sources, this method of information is legal.
However, some referenced information may not be freely available (public referencing not consented to by its owner), and any access to it may therefore be considered illicit.
Due to its transversal nature, OSINT can be used by different actors in multiple domains:
- In journalism, for fact-checking purposes;
- In the judiciary, by law enforcement agencies, for data analysis;
- In the field of computer security, during a recognition phase before a pentest or audit;
- In business intelligence;
- On an individual basis, in order to see what traces can be left on the Internet.
OSINT is a practice, which can be acquired through practice. We can exercise on ourselves, by collecting and analyzing the traces we leave on the Web, but also thanks to specialized sites and accounts.
- @Quiztime : twitter account offering image geolocation quizzes. The team also proposes an annual challenge;
- @Sector035 : twitter account of Sector035 which proposes an OSINT challenge;
- Spying Challenge : competition mixing OSINT, social engineering and physical intrusion challenges;
- Cyber Detective CTF : website with many OSINT challenges presented in a complete scenario;
- HackTheBox : the registration on this site in itself requires to solve a technical challenge;
- TraceLabs : monthly CTF (Capture The Flag) dedicated to the search for missing persons, in relation with law enforcement. Unlike the other sites mentioned above, these are real cases.
Numerous resources are also available, whether in the form of articles or conferences :
- Bellingcat : an investigative journalism website specializing in fact-checking and open source intelligence;
- OpenFacto : french non profit organization which aims to promote OSINT in the francophone community;
- GIJN : network of investigative journalists sharing OSINT resources;
- OSINT At Home : OSINT tutorials by Benjamin Strick;
- conINT : an event that includes conferences on OSINT;
- DEFCON Recon Village : a series of conferences dedicated to technical recognition, organized at DEFCON each year.
There is no magic tool in OSINT.
In most cases, a simple web browser will do the job.
However, depending on the assumptions, you may need specific tools, which are listed here.
OpSec (Operations Security) is the act of protecting your identity during an investigation.
Beforehand, the threat model must be determined: against whom or what do we want to protect ourselves and why.
This threat model will then enable us to define the protection measures to be implemented:
- use of a sock puppet account (online identity you use only for an investigation).
- use of a VPN (Virtual Private Network)
It is an illusion to seek to secure oneself online without having defined the risks linked to an investigation in a reasoned way.