How reliable is Open Source Intelligence?

Introduction

In an era of disinformation where anyone can post anything on the internet, can businesses really trust online sources?  Investigators and researchers have always needed to be discerning when navigating the online world, and this is becoming more acute with ever-growing amounts of internet data. Hoping to make this process easier, some firms opt for curated databases that omit broader open sources like smaller media outlets, social media, or online forums. But by ignoring these increasingly rich sources, are researchers missing vital information in their investigations?

This article examines a common misconception many firms hold: that OSINT sources is largely unreliable, and curated databases are better. We’ll demonstrate how ignoring online sources not included in curated databases is detrimental to your investigations and ultimately dispel the myth that internet data is unreliable. 

Why OSINT is reliable

Scale of reliability

Before discrediting all publicly available internet data, remember that all sources exist on a scale of reliability. Just because information comes from a non-open source does not mean it is automatically more accurate. Consider internal data obtained from Know Your Customer (KYC) files. KYC processes and the data collected are subject to human error. Sometimes, poorly trained staff may collect inaccurate information or not take the appropriate steps to verify it. The latter was recently highlighted in an enforcement order against a UK bank, where core issues with KYC procedures were revealed. According to the enforcement order, the bank relied solely on self-certification when establishing the source of wealth for high-net-worth individuals. It didn’t undertake independent verification, despite this being a regulatory requirement. In effect, significant information collected in the KYC files was wrongly regarded as highly reliable. 

Even commonly trusted official corporate records are notorious for having inaccuracies. National corporate registries are publicly available in many countries like the UK and Australia, and are considered an important part of any due diligence or investigative process. Yet despite this, corporate records contain many errors and in countries where the data is self-reported and unverified, like the UK, it may be completely untrue. High-profile investigations and reportings have shown inaccuracies and fraudulent information, including falsified addresses, fake companies, and bogus shareholders. While the corporate registry information comes from an official and ‘trusted’ source, it is still imperfect data. 

These discrepancies prove that information cannot be neatly and confidently categorised as ‘reliable’ or ‘unreliable’ based on whether it derives from uncurated open sources. All information exists on a scale of reliability and must be taken in context and weighed against other findings. 

Quality public data 

“Open source data” is a very broad category, and it is not particularly helpful to paint it all with the same brush.  Within the OSINT world are many high-quality and reliable sources that investigators and researchers would do well to consider.

In certain jurisdictions like the United States, official records like court judgments and campaign contribution information are readily available through government websites. In some states, marital records, criminal records, and bankruptcy records can also be accessed. These are official sources managed by a government body and openly accessible to the public.

In addition to government listings, quality media publications are generally a trustworthy source of information. Journalists who report and write for respectable publications must abide by the ethical rules of journalism and meet high standards before publishing. Well-known publications that enjoy a favourable reputation due to a longstanding history of fact-based reporting, like the New York Times, can be considered reliable open sources. Well-researched stories can point to emerging scandals, violations, or reputational issues. For example, the Financial Times helped expose the now-insolvent electronic payment processor and financial services provider Wirecard for fraud well before the German regulator – the Federal Financial Supervisory (BaFin) – took notice. Quality and reliable investigative journalism appears on different websites as well as those of the publications themselves, from Twitter posts to high-standard and well-sourced leaks such as those from the International Consortium of Investigative Journalists. 

Examples of high-quality open sources: – Court judgements – Criminal records – Marital records – Bankruptcy records – Trademark or patent registrations – Campaign contributions – Corporate records – Trade names – Well-respected media publications (e.g. Financial Times, New York Times, Wall Street Journal) – Leaked databases or investigations from reputable sources (i.e. Pandora Papers, Panama Papers)

The investigative jigsaw

Even less reliable open sources can form an essential part of your investigative process, as long as any information discovered is considered in context. It’s a cliche, but investigations are like a jigsaw – the individual pieces don’t tell the whole story on their own, but taken together in context they paint a powerful picture. For example, finding a social media profile of your subject that indicates a lavish lifestyle contrasting to existing internal information is still useful. While the social media profile is not a credible source of information on its own, it can back up a suspicion and lead to a targeted investigation of your subject’s source of wealth. Similarly, information from less reliable sources can help guide you on where to look next during your research. Blog posts or forum discussions that indicate your subject has dealings with a company in a particular jurisdiction may prompt you to check the official registry and follow the corporate record trail. 

OSINT can also reveal allegations or scandals before convictions or official rulings, signalling reputational risk. While claims might be unsubstantiated, it’s essential to consider the findings in context before dismissing them. 

When looking at findings from a less reliable open source, ask: – Does this information support or conflict with what I already know? – How can I verify this claim (or parts of this claim) with a more official or reputable source?  – How does this information fit into the current narrative of my subject? – Is this information time-stamped? – How does it fit into my subject’s known timeline? – Does this information correlate with any hunch or existing suspicion?

Forming suspicions

In the same way that OSINT findings can lead to your next clue, they help corroborate suspicions and form your overall assessment. Any incriminating online information about your subject should play a role in the investigatory process. For instance, public forums or less mainstream publications may contain personal opinions which are less reliable than other sources, but they can still raise or confirm suspicions about potential nefarious activity which you should be aware of. 

It is worth remembering that unlike prosecutors, private companies should act on and report suspicions rather than prove things beyond a reasonable doubt. OSINT can give you enough information to form evidence-based judgments, whether that involves combining internal sources with government sources, social media findings, or online publications. Regulators expect regulated institutions to take  immediate action when holding suspicions, not wait for indisputable proof.

Practical guidelines for assessing reliability 

The concern that OSINT is unreliable is very much unfounded. Open source investigation best practices, i.e.. High-quality publicly available data is vital for investigations, and even less reliable sources still fall on a ‘scale of reliability’ to be considered alongside other records. The danger of exclusively using curated databases that ignore a growing pool of open source data points is the potential to miss a vital piece of the investigation, whether that be a clue that leads to further investigative paths or something more concrete. Here are some practical guidelines for assessing the reliability of open sources:

• Analyse the source. Does the source seem obviously partisan, biased, or politically motivated (e.g. a state-controlled media outlet like Russia Today)?  For media sources, is there information on journalistic best practices or fact-checking?
  
• Assess the source’s historical accuracy. Is it a longstanding publication with a good track record (e.g. the Financial Times) or a relatively new and unproven publication?
  
• Cross-reference findings with other sources. Targeted searches may reveal your new findings are shared with a more reliable source.
  
• Use technology. Artificial intelligence (AI) tools speed up research processes and improve investigations by automatically differentiating between reliable and less reliable sources, and looking for information shared across several sources, allowing analysts to investigate more efficiently and accurately. 

How Videris Can Help

OSINT tools like Blackdot’s Videris help investigators streamline their research and investigation in a single interface.  It allows investigators to search across multiple disparate data sources (e.g. search engines, news and social media, corporate records etc.) to quickly identify relevant information on their subject. 

With AI capabilities that screen high data volumes and rank sources for relevance, investigators can speed up their processes and improve investigation outcomes.  

Book a demo today.