FIC 2023 OSINT is on a roll

As a reminder, OSINT (Open Source Intelligence) refers to open source investigations in a variety of contexts including law enforcement, cyber protection, journalism and fact checking. The term also covers other disciplines such as GEOINT, which analyses geographical data, and SOCMINT, which analyses social media.

OSINT and the war in Ukraine

The day began with the account of an official from the Ukrainian State Bureau of Investigation (SBI). Established in 2015, the bureau’s activities have intensified since the start of the conflict in February 2022 and it now employs almost 1,600 people. Against the exceptional backdrop of the Russian invasion, its objectives include combating corruption, identifying Ukrainian citizens who are collaborating with Russian forces, and collecting evidence on war crimes committed in Ukraine and identifying the perpetrators.

To do this, the bureau’s members rely on the SBI Recognition System (a facial recognition tool), images taken by Ukrainian forces and members of the SBI network, and sometimes photos posted by soldiers from the opposing side. The work involved in reconstructing the reality of the theatre of conflict from digital traces to gain strategic knowledge was summed up by one speaker: “OSINT works best as a collaborative tool”.

OSINT is useful for companies too

OSINT practices are also proving to be a useful decision-making tool for companies. In a round table discussion moderated by François Jeanne-Beylot, President of the French Economic Intelligence Union (SYNFIE), Hortense Grelier, Head of SEB’s Intelligence and Innovation Department, explained that open source intelligence sends information to the group’s various departments for operational support purposes.

Other companies have different approaches. Henri de Banizette, coordinator of economic security for Auchan Retail International, says that the main challenge is ensuring business continuity, sometimes in risky environments, when assessing third parties during mergers and acquisitions or supporting departments investigating fraud or litigation cases, for example.

Sylvain Hajri, founder of the OSINT-FR community and EPIEOS, a company specialising in OSINT, proposed a different approach to OSINT using a “red team” method. This involves playing the role of an “opposing party” to identify flaws and obtain feedback that will ultimately serve to strengthen the physical or digital defence measures of the organisation being observed.

Analysis work and legal framework

Alexis Pinon, Director of Digital Investigations at Avisa Partners, stressed the importance of OSINT analysis work. The large amount of information available and the tools available to analyse it in depth (facial recognition, information on a username or an IP address, etc.) are particularly useful in finding personal information. It is therefore essential to use the available tools wisely, and to be wary of bias and “false positives”.

Marc-Antoine Ledieu, a lawyer and CISO, spoke about the legal framework for practising OSINT. According to him, the following questions should be kept in mind: Will the information system hosting the data be available to all Internet users? Do we have the right to copy the data collected? Do we have the right to use the data? He also emphasised the distinction between open data (data held by public authorities for re-use) and leaks (private information such as trade secrets, personal data or intellectual property information).

Tools and methods used in OSINT

The analyst who uses the pseudonym “Palenath” demonstrated how he finds people wanted by Interpol based on their activities on social media. Pierre-Antonin Rousseau, Coordinator of AEGE’s OSINT & Veille club, managed to trace the alleged perpetrators of a scam by bouncing back and forth between various online sources.

Emmanuel Kessler, Head of Europol’s Partnership and Outreach Team, talked about the work of the European Cybercrime Centre’s OSINT team in supporting the digital investigations carried out by its investigators. This work includes weekly newsletters on the latest cyber incidents, malware developments and legal issues in the cyber domain, along with targeted topical reports to assist investigators in their work.

Julien Métayer, co-founder of the OZINT platform, shifted the focus in his presentation, adopting the point of view of the “targets”. According to him, people who practise OSINT do not see online information in the same way as an average Internet user. Therefore, all information posted online, even the most innocuous, could for example be used in an attempted intrusion via phishing.

Jihad, Ukraine and dating sites

What links jihad, Ukraine and dating sites? OSINT, of course. Damien Ferré, founder of Jihad Analytics, described his work on analysing the propaganda of Al-Qaeda and the Islamic State (IS). His presentation provided an opportunity to contrast the highly centralised communication of IS with the decentralised communication of the various al-Qaeda cells spread around the world, which have their own communication methods and potentially exchange information with each other.

Two of the founders of the Fox project presented their research methods for obtaining information on the presence of Russian troops in Belarus. The first step involved identifying the Russian armoured vehicles that were being transported to the city of Smolensk; the second used their in-house-developed SOCMINT tool to geolocate Russian soldiers.

Emmanuelle Welch, a private investigator, described dating apps as alternative search tools. She uses software to change an account owner’s geolocation, giving her an additional tool to geolocate wanted persons. This also allows her to conduct operational security audits for sensitive organisations, checking the information that some of their registered members may disclose on these sites.

All these contributions, which were presented to a full house, give an impression of the many subjects this discipline deals with and the opportunities it offers for specialists in safety, strategic intelligence and cybersecurity. Bringing together OSINTers to discuss their work is crucial, and this was a key message repeated throughout the day. The next OSINT Day will take place in March 2024.