Exploring Open Source Intelligence (OSINT): Insights from Our Recent Webinar

Training Academy Webinar Banners

The use of the internet and social media is constantly evolving, necessitating continuous adaptation in best practices for online research and investigations. A recent webinar addressed the critical issues and standards essential for ensuring that all online research and investigations are conducted lawfully and ethically. It emphasised the importance of social media as a rich and cost-effective source of intelligence, which can be of significant evidential value. Agencies are encouraged to actively promote the use of the internet in conducting inquiries, whenever it is appropriate to do so.

 

The Legal Framework

A variety of legislation governs the conduct of online research and investigations, ensuring that these activities are both lawful and ethical. Key legal frameworks include:

  • Computer Misuse Act 1990: This act criminalises unauthorised access to computer systems, providing a legal basis for prosecuting cybercrimes.
  • Police and Criminal Evidence Act: It outlines the powers and duties of police officers in relation to the investigation of crimes and the collection of evidence.
  • Regulation of Investigatory Powers Act 2000 (RIPA): It regulates the powers of public bodies to carry out surveillance and investigation, ensuring the balance between privacy and the need for surveillance.
  • Investigatory Powers Act 2016 (IPA): It governs the interception of communications, equipment interference, and the retention and acquisition of communications data.
  • Criminal Procedure and Investigations Act 1996 (CPIA): This act deals with the handling of evidence in criminal investigations.
  • Wireless Telegraphy Act 2006: It controls the use of wireless telegraphy apparatus and the management of radio spectrum.
  • Data Retention & Investigatory Powers Act 2014: This act outlines the requirements for data retention by service providers.
  • Protection of Freedoms Act 2012: It includes provisions to protect civil liberties and reduce the burden of government surveillance.
  • Data Protection Act 2018: It controls how personal information is used by organisations, businesses, and the government.
  • Forensic Science Regulator Act 2021: It ensures the quality and integrity of forensic science services.
  • Human Rights Act 1988: Specifically, Articles 6 and 8 of the European Convention on Human Rights (ECHR) focus on the right to a fair trial and the right to respect for private and family life, respectively.

 

Identifying Risks When Searching for Material Online

The webinar began by addressing the inherent risks associated with searching for material online. The trainer emphasised that while the internet is a treasure trove of information, it also harbors significant dangers. Cyber threats such as malware, phishing, and identity theft are prevalent risks that can compromise both personal and organisational security.

Participants were advised to exercise caution when accessing unknown or suspicious websites. The trainer recommended using virtual private networks (VPNs) to enhance anonymity and protect sensitive data. Additionally, employing secure browsers and search engines that prioritise privacy can mitigate the risks of tracking and data leakage.

 

Internet, Intelligence & Investigation (III)

In most cases, securing evidence or intelligence from social media sites, blogs, and other online platforms will be through internet investigations. This approach is governed by significant legislation that impacts how law enforcement and other agencies conduct online inquiries.

Open Source Intelligence (OSINT) refers to the collection, evaluation, and analysis of information from publicly available sources. Although referred to as “open source,” all intelligence-gathering activities for policing purposes must comply with current legislation. III encompasses many OSINT activities but excludes offline aspects and includes closed sources that do not fall under OSINT.

 

Social Media Intelligence

Social media intelligence involves gathering intelligence from social media sites using both intrusive and non-intrusive means, from open and closed social networks. This is a component of OSINT, offering valuable insights and data for investigations.

Internet Searching Levels

The webinar outlined different levels of internet searching, each with specific requirements and authorities:

Level 1 – Overt Open Source Research: Publicly visible and non-intrusive.

Level 2 – Covert, Non-Repeated Open Source Research: Limited and non-intrusive research.

Level 3 – Covert Advanced Open Source Research and Monitoring of Targeted Individuals: Requires RIPA Directed Surveillance Authority (DSA).

Level 4 – Covert Advanced Open Source Research of Groups and Networks: More in-depth and extensive.

Level 5 – Undercover Online Activity: Requires RIPA Covert Human Intelligence Source (CHIS) authority.

 

Accurate Data Handling

Accurate data handling is paramount in OSINT to ensure the reliability and integrity of the intelligence produced. The webinar covered best practices for managing data, from collection to analysis.

Participants were advised to maintain meticulous records of their data sources and collection methods to facilitate transparency and reproducibility. The session introduced various tools for data organisation and analysis, including Excel for data structuring and Python for more advanced data manipulation and analysis.

The importance of data verification was stressed, with techniques such as cross-referencing and triangulation being recommended to confirm the accuracy of information. The speaker also discussed the use of metadata analysis to gain additional insights and verify the authenticity of digital content.

 

Management of Sensitive Information

The webinar addressed the management of sensitive information, a critical aspect of OSINT. Handling sensitive data requires stringent measures to protect its confidentiality and integrity.

The training highlighted the necessity of secure storage solutions, such as encrypted databases and secure cloud services, to safeguard sensitive information. Access controls and user authentication were also discussed as vital components of a robust data security strategy.

Participants were reminded of the ethical responsibilities involved in managing sensitive information. The speaker advocated for the adoption of a principle of least privilege, ensuring that only authorised personnel have access to sensitive data. Regular audits and compliance checks were recommended to maintain high standards of data security.

The OSINT webinar provided a thorough and insightful exploration of the field, equipping participants with the knowledge and tools necessary to conduct effective and ethical intelligence gathering. From identifying online risks and leveraging search engines and social networks, to understanding legal frameworks and managing sensitive data, the session covered a wide array of critical topics. As the digital landscape continues to evolve, staying informed and adapting to new tools and methodologies remains essential for professionals in the OSINT domain. This webinar served as a valuable resource for anyone looking to deepen their understanding and enhance their capabilities in open-source intelligence.

There is a lot more that can be covered – and to understand what people have taken away from the webinar, read some testimonials and feedback below. 

To find out how Red Snapper Learning can support your professional development goals or to inquire about our training, contact our Head of Practice at dipesh.mistry@rsg.ltd | 0203 119 3373.