Have you or your friends ever joked that you would be an excellent “stalker” due to the large amount of information you’ve collected about a person simply by scrolling through their social media pages? If so, you’ve engaged in OSINT practices. Open-source intelligence, or OSINT, is a method of gathering intelligence (meaning “information” in this context) from publicly available sources. It is essentially a fancy term for the act of researching with the target of collecting information of a subject, usually a person. Some basic examples of OSINT include determining where a picture was taken by searching online to find pictures of similar places, or googling someone’s name to see where they went to high school or if they made the honor roll. While these examples don’t seem too concerning, there are tools and software available that have increased the depth of OSINT capabilities. With this software comes many concerns over the ethics of gathering such information and the moral implications of searching for certain intelligence.
Mark M. Lowenthal, former Assistant Director of Central Intelligence for Analysis and Production for the CIA, defines OSINT as “any and all information that can be derived from overt collection: all types of media, government reports and other documents, scientific research and reports, commercial vendors of information, the Internet, and so on. The main qualifiers to open-source information are that it does not require any type of clandestine collection techniques to obtain it.” [1]
Since OSINT is all about the clever usage of public sources, its purpose is to not violate any laws by only accessing public information that can be found without a warrant and without “shady” practices. However, due to the increasing amount of personal information available on the internet, the act of OSINT poses concerns surrounding the access of information that one may not want to be accessed.
OSINT tools today are utilized by the government to support counter-terrorism efforts. By tracking propaganda and mobilization on social media, investigators gain awareness about potential threats to national security. OSINT tools are also used by the government to detect cybersecurity attacks, organized crime, and misinformation. [2]
Many OSINT tools are available for personal use, as programmers often make them publicly available as a GitHub repository. This specifically raises some concerns, as anyone with malicious intent can simply find a repository and access information that, while not “private,” is not intended for public knowledge.
Examples of OSINT Tools
- One tool often used by employers to find information on job candidates is called MOSINT. MOSINT was made by user “alpkeskin” on GitHub, and it is simple to set up and use. The program prompts the user to type in an email address and then quickly prints information related to the email, such as a list of online accounts connected to it. Employers can use this list to judge a candidate’s digital footprint.
- A similar tool is Maltego. Maltego searches the web to find connections between names and email addresses, aliases, companies, accounts, documents, and more, and then presents this information in a digestible format.
- A tool with less propensity for malicious purposes is called BuiltWith. BuiltWith shows the user how a given application or website was made, such as the programming language and development environment used. It can also detect the libraries that the developer utilized.
- Similar to BuiltWith, Intelligence X finds deep information about a website. Instead of finding what a site is made with, IntelligenceX stores past versions of a website and preserves past data sets, even information that was purposely deleted. It has been used to collect data from email servers of political figures, such as Hillary Clinton and Donald Trump. [3]
Should OSINT be regulated?
OSINT is not regulated since it implies the legal access of public information. According to the ACLU, surveillance in the United States is mostly controlled by the USA/Patriot Act: a post-9/11 law that increased the authority of the government to use surveillance powers in the name of national security. [4] Should citizens have the liberty to privacy at the risk of national security? Should normal, non-government-affiliated people have access to OSINT tools?
Sources: