Feature

OSINT – the Cinderella of the Investigative family?

OSINT (open source intelligence) can be a powerful intelligence and investigative tool but is too often overlooked and underdeveloped in the suite of capabilities available to investigators. In too many organisations there are significant barriers to the adoption of effective OSINT, as well as a failure to adapt fast enough to emerging technologies and data sources. A cultural shift is needed, as well as investment in technology, in order to elevate the status of OSINT and ensure that it is used to its full potential.

The case for OSINT
OSINT is, in my view, a critical component of the modern investigator’s toolkit. The volume of data available online is constantly growing, providing investigators with a rich information source to draw from. The insights that OSINT can offer are unlikely to be found in internal datasets, curated databases, or sanctions lists. Failure to make use of open source data can lead to both embarrassment and intelligence failure. There are many powerful examples where OSINT was instrumental in the solving of a case: Bellingcat’s insights on the downed flight MH17 in 2014 relied exclusively on OSINT, and the technique featured heavily in the recent FT investigation into Sanjeev Gupta and Greensill Capital.

OSINT should also be considered an essential element of counter-terrorism and counter-misinformation programmes. The mapping of terrorist networks on social media – especially the more grassroots right-wing extremist groups that are now popping up on platforms like Parler – is a highly effective means of identifying the individuals behind these crimes.  Investigators have also had great success identifying networks that are spreading misinformation/ disinformation and the real-life identities behind them. In 2015, a year into my time leading the UK’s Counter Terrorism policing efforts from Scotland Yard, our teams convicted one of the early returners from Syria. Imran Khawaja received 12 years for preparing for acts of terrorism, attending a training camp and possessing firearms. OSINT provided much of the evidence.

Whether you are the police chasing criminals and terrorists, intelligence agencies pursuing spies, banks looking for money launderers and fraudsters, or others with investigative duties, it is hard to not to conclude that open source investigations are of growing strategic significance. Furthermore, they can save money as a rapid and economic way to understand an offender early in an investigation before deploying more expensive and intrusive tactics.  Why then are so many organisations still failing to take advantage of the wealth of opportunity provided by OSINT?

What are the barriers to adoption?
Misconceptions
The reasons for lack of investment in OSINT are often based on a misunderstanding of what exactly open source intelligence entails, and how valuable it is. Open source intelligence can conjure a somewhat negative image, with connotations of hacker-like behaviour and invasions of privacy. However, the type of OSINT whose adoption I am arguing for can be better described as online open source investigation: making use of freely available online information in a targeted and non-invasive way.

Cultural and technological barriers
Culture and technology deficit are also factors in this attitude towards OSINT. Many wrestle with outdated technology architecture and spend most of their efforts focusing on how better to curate internal data. However, this is driven by the culturally outdated assumption that the greatest insights will always be found in the mountains of data that big organisations have spent decades accumulating. This was once true, but increasingly the insights from open source data into individuals and companies will almost always be significant and often be greater than those found internally.

Where organisations are realising the importance of open source data, they are often only using it in the form of curated datasets, thus limiting its potential impact. These datasets don’t capture all of the rich, valuable information available on the internet. For example, a well-known curated dataset, LexisNexis, offers six petabytes of data. The entire internet is thought to have over 1,200 petabytes (as of 2020). By relying solely on this database, investigators could be missing out on 99 per cent of available data, meaning that they will almost certainly lose out on valuable insights.

Lengthy and bureaucratic processes
Whilst there is clearly a need for thorough and fair procurement processes in every organisation, their complexity and length can also stifle such investments. This was evident in my own experiences: in 15 years as a Chief Police Officer, I was most able to deliver cutting-edge technological change successfully at speed when there was an especially urgent requirement.  In early 2012 I joined the Metropolitan Police as part of a new leadership team tasked with dealing with the aftermath of the 2011 riots, where it was concluded that rioters had run rings around the police by organising themselves on social media. The forthcoming Olympics meant that there was an urgent requirement for capability to counter this sort of risk, meaning that I was able to set up the UK police’s first serious OSINT team in just a few months.

In this case, the bookends of the 2011 riots and 2012 Olympics created a unique forcing function that facilitated operational clarity and the circumvention of normal procurement rules. After this success I pushed continual investment, but the lack of obvious urgency around OSINT capability meant that progress continued to be slow. As I was retiring from policing, I found myself outside New Scotland Yard announcing to the world  that Sergei and Julia Skripal had been subjected to a nerve agent attack in Salisbury. Subsequently, Bellingcat identified the two Russian agents responsible simply from advanced open source investigative techniques – again highlighting the vital importance of OSINT.

Increasing flexibility and the role of technology
To facilitate increased investment in OSINT, systemic, strategic and technological change is needed.

Firstly, organisations need to shift towards more flexible commercial and procurement methods that reflect the reality that many high-quality open-source tools are to be found in early-stage companies. These companies often find that they are accidentally designed out of the complex procurement processes in governments and other large institutions.

Secondly, there is a need for a new strategic approach to investigative processes. Organisations need to recognise the changing landscape and makes a conscious decision to allocate a proportion of technology investment and training budgets towards equipping investigators with cutting-edge open-source tools.
Thirdly, technologies that offer a sophisticated mix of functionality designed to professionalise the OSINT investigation should be supported and invested in.

Technology plays a vital part in reducing operational difficulties in using OSINT by increasing:
•    Security: gathering online data risks revealing the investigator’s identity, undermining operations
•    Speed: data can overwhelm without technology that helps you quickly get to the relevant information
•    Insight: finding connections and presenting data from disparate sources.
•    Connectivity to other data: OSINT will always be one part of a wider strategy that combines various strands of data to help investigators to see the full picture. The ability to combine data from different sources, both structured and unstructured, is essential.

Today there is an exciting portfolio of companies I work with in this field. Blackdot Solutions provide some of the best software to assist open-source investigators; Deloitte are helping big organisations, especially in the financial services sector, transform their investigations through use of social media; and Quest is a specialist security and investigations company which has set up a ‘threat matrix’ with Signify to tackle the racist abuse of leading sports men and women – especially in football.

Conclusion
My own experience, as well as recent events, have demonstrated the increasing value of including OSINT in an investigation strategy. There are numerous advantages to doing so, and tools, such as Blackdot’s Videris platform, are available to help investigators use open source information quickly, securely and effectively. However, without a strategic drive to ensure the open source tools are part of a deliberate mix of capabilities in the investigator’s toolbox, many organisations will find that cultural, technical and commercial barriers leave this part of their armoury underpowered.

Written by Sir Mark Rowley QPM.
Sir Mark Rowley was one of the most senior police figures in the UK with 31 years of service. He led UK Counter Terrorism Policing between 2014-2018. Previously, he held positions as Assistant Commissioner at the London Metropolitan Police and Chief Constable of Surrey Police.

Sir Mark Rowley

Partners

View the latest
digital issue