OSINT, or Open-Source Intelligence, is a discipline within the broader field of intelligence collection and analysis. It has been conducted since there have been publicly available media to analyze and report upon. The United States government has formally had OSINT as a part of their intelligence collection plan since 1941 when they opened the Foreign Broadcast Information Service to monitor radio broadcasts worldwide. OSINT is nothing new. What has changed in recent years is how much publicly available data a single collector or small team can acquire in a short period of time.
OSINT became a more prominent intelligence methodology with the rise of broadcast media. With the advent of a highly connected, digital society, many analysts now feel OSINT is a preeminent intelligence source. Who needs a spy satellite when you have the “trillion eyes of the internet” and can buy imagery from Maxar?
There is some argument around the definition and limits of OSINT. Here at 443ID, we take an expansive view of OSINT. Our preferred definition is: Open-Source Intelligence (OSINT) refers to any actionable information that can be legally gathered at reasonable cost from publicly accessible sources.
We crafted our definition to clearly illuminate the value proposition for business. We intend to bring the best practices of the Intelligence Community’s OSINT practitioners to the risk assessment and mitigation business.
Open-Source Intelligence (OSINT) refers to any actionable information that can be legally gathered at reasonable cost from publicly accessible sources.
With that in mind let’s break that definition down a bit. When an operational definition is well crafted, there is often utility in decomposing its meaning phrase by phrase.
The first phrase that jumps out in our definition of OSINT is “actionable information.” Information that is not actionable is, by its very nature, not intelligence. A piece of knowledge in an irrelevant context or without supporting corroboration is useless. 443ID carefully curates the best signals from the OSINT world to ensure they allow you to take real action regarding risks your company faces.
“Legally gathered” is another important portion of the OSINT definition. The internet is expansive and the types of data, how they are stored, and the security employed around them vary wildly. We ensure that all data we ingest is legally acquired and compliant with the regulations of the countries our clients operate within. Our signal profiles operate with data gathered in open, transparent manners.
Cost is a factor with any tool. Even at the level of a nation state, intelligence can be expensive. OSINT should not be. “Reasonable cost” is a factor that some OSINT companies forget about. If you are paying massive amounts of money to access data from the internet, your OSINT provider may be engaged in something much closer to bribery than true Open-Source collection. At 443ID, we strive to obtain excellent quality data at little to no cost to keep our product affordable and accessible to small businesses and the Fortune 500 alike.
Publicly Accessible Sources
“Publicly accessible sources” is the final piece of our definition. This does not mean anyone in the public could do this work. As an example, just because 95% of all Twitter posts are on public-facing, non-private accounts does not mean any member of the public could reasonably analyze millions of tweets per day for trends. A trained OSINT professional or data scientist can. Publicly available, in our context means that the data is there and the team has the means to effectively capture and contextualize it.
At Verosint, we believe the addition of modern tailorable risk profiles based on OSINT will revolutionize the identity assessment and risk mitigation industry. Risk will always be there, but with enough OSINT you can rest easy that your business will not be the one successfully targeted by those online seeking to deceive you about who they are.