Recently I have come across a great many individuals and companies talking about OSINT (Open Source Intelligence), SOCMINT (Social Media Intelligence), IMINT (Imagery Intelligence) and any other of the “INT’s”.
I have also gained a great deal of really intelligent and aware contacts in this field, and I particularly enjoy some of the insights that those contacts share with me, as it helps me learn different tips and tools.
A few days ago however, I discovered something pretty dangerous on one of these insights. It was a software vendor showcasing their latest piece of technology which ‘connected the dots’ through information gathered from the public space.
Due to the amount of data out there in OSINT sources – I mentioned before in my other article – it’s close to 2 billion images PER DAY – it’s pretty obvious that we do need some sort of technology to assist with our day to day investigations, as it would be completely impossible to gain insights or meaningful data by investigating manually.
So tech companies are creating solutions to these issues, and connecting to all of the open and closed API’s out there in publicly available data realms. This is fantastic, as it allows us to take keywords and topics to discover what is being discussed, and data that was uploaded by “Mr No Followers”, might be key evidence that could go unnoticed due to lack of impact (trending/reposting/sharing).
Some of the solutions created have been harvesting and scraping solutions, where software effectively goes out to the internet and scrapes/downloads it. Which is a MASSIVE privacy and data storage NO NO, as this breaches all of the data regulations in Europe, and in fact most of the world. See the article here where Clearview were doing exactly that and got in real trouble.
The article I discovered by this software vendor effectively showcased the fact that their software could connect to an API that could identify the details on an aircraft tail number, then branch off that investigation and take that data to do further research and discover data about individuals linked to that discovered data.
This is fantastic tech, and a great workflow for massive data – as it can reduce down the analysts work time, and manual work that would have been done otherwise. To create the same result, i needed two browser windows, and was actively manually comparing data across the two – a very manual process.
Due to my background – I was at a Digital Forensics vendor for 5 years, and before that I worked on solutions to financial crime – I always like to validate data. My questions are: “Where is the proof?” “What is the evidence” “How did we get that evidence” “Can that workflow be recreated?”
The reason for this is that there are peoples livelihoods at stake, their reputation, their employment. We need to be sure that the data we are seeing, is accurate, and can be recreated so others can see this data.
In the article, they showed their system linking an aircraft tail number to a company, then linking that company to a company director, named that company director, then insinuated in their report that he had a criminal record and posted all of this information publicly on the internet.
However, an analysis of the data in question by myself and another extremely intelligent analyst Aliashowed that the plane had a fake tail number and the original aircraft and it’s flight logs were found.
The company director associated with the real tail number was completely innocent, and has a good career, excellent reputation and works for a great company, and hopefully, this sort of thing never comes back to haunt him because as we know, once something is on the internet, it’s never really gone, even if it is deleted – sites like the wayback machine can attest to that.
This is the danger of making assumptions with open source intelligence, and having the human element remain active ‘at the wheel’, to check, double check and confirm the data being displayed is actually correct and the analysis can then take that data and turn it into evidence.
All of this article is my own work, I don’t pay third party companies to write articles in my name, so excuse the spelling, grammar and typos.
This article names no businesses and accuses no real individuals of wrongdoing. Any assumptions about the subjects within this article may be entirely fictional and for educational purposes.
Please feel free to add comments and insights – I love the feedback!