4 OSINT Trends and Challenges on the Horizon

By Charles Brown

Blackdot Blog Featured Image (2)
Contents

    Get the latest news and insights sent straight to your inbox

    OSINT — or Open Source Intelligence — has existed for decades. The process of collating and analysing publicly available data, and transforming it into actionable intelligence, OSINT has proved its use in a diverse range of investigation types over the years.

    But it was Russia’s invasion of Ukraine in 2022 that brought the term sharply into the public eye. OSINT was being used by at-home and professional investigators alike to determine the whereabouts of Russian forces, in many cases disproving Russia’s claims of innocence or victory.1

    And while OSINT has seen its share of the spotlight in previous years, the future promises to hold even more. In this article, we hear from two experts on four of the most major OSINT trends and challenges to expect in the years to come.

    Supporting resource: For a thorough explanation of OSINT and its practical uses, check out our article What is OSINT?

    Trend 1: Disinformation Campaigns

    Disinformation campaigns aren’t new, but new ways of tackling them will be, says Andrew R., a Cyber Crime Intelligence Manager. 

    Over recent years, there has been increased focus on disinformation and misinformation campaigns as a major national security and broader societal threat. Such threats have evolved throughout the last few years, with ongoing political instabilities providing opportunities to those looking to spread false information, and the war in Ukraine solidifying the trend.

    All of this has led to the professionalisation of the counter-dis/misinformation ecosystem, with the likes of the Stanford Internet Observatory, Bellingcat, and others developing “really innovative methods using open-source intelligence to analyse data and identify patterns of activity which appear to map out networks of malicious actors,” notes Andrew. 

    The platforms used to spread disinformation, however, are constantly changing, with each iteration potentially restricting functionality and impacting the ability of researchers to access data: ultimately making life more challenging for investigators. 

    A notable example is the rise of generative artificial intelligence (AI) platforms like ChatGPT. Reports have called out that its ability to create content that appears genuine can be used to quickly and easily spread propaganda to unsuspecting individuals.2 While investigators have devised methods of detecting this spread of disinformation through OSINT, there is still more that should be done.3

    Investigators must continue to make use of innovative OSINT tools and develop techniques in order to minimise the impact of disinformation as it evolves.
    Suggested reading: For a thorough explanation of OSINT and its practical uses, check out our article What is OSINT?

    Trend 2: Data Leaks 

    Increases in data generation — and the technology to exploit it — have led to the development of data-driven journalism. In recent years, we’ve seen increasingly sophisticated publication of whistle-blower claims and data leaks.

    Andrew believes this is set to continue. “High-profile investigations by organisations such as ICIJ and OCCRP provide excellent material for journalists to write about how the rich and powerful abuse the financial system to hide their assets,” he shares. 

    This journalism is a potential treasure trove for collecting information that can be processed and used as intelligence by professional investigators focused on issues such as fraud, corruption, money laundering and sanctions violations.

    Recent high profile data leaks are especially useful to financial crime fighters. For example, “commercial data sources won’t always list the true beneficial owners of a particular entity; either because they’re out of date, or because their ownership chain leads to opaque offshore jurisdictions,” says Andrew. 

    “With the ever-increasing need to understand ownership, whether due to AML/CTF obligations or ESG/integrity risk management, it has become essential to leverage leaked information that often draws back this cloak of secrecy of corporate ownerships,” he adds.

    Let’s look at more examples of how this information can be used within different industries.

    • Banking: This information makes it possible to make risk-based decisions on whether to maintain a client relationship.
    • Large corporates: Investigators can understand and spot weaknesses in their supply chains.
    • Government agencies: Investigators can gain and apply insights on how sanctioned entities are attempting to circumvent restrictions placed on them.

    Suggested reading: To find out more about the deep connection between OSINT and investigative journalism, read our coverage of a recent panel of noted experts in the fincrime space: The Impact of Investigative Journalism on OSINT and Financial Crime

    New call-to-action

    Trend 3: Decentralisation and proliferation of online communities

    Social media platforms are a critical source of information for investigations and intelligence professionals. Analysis of posts, images, and social networks can help investigators understand the organised groups behind investment fraud, crypto scams, counterfeit and illicit trade, and political violence.

    However, users are starting to leave mainstream platforms such as Facebook and Twitter in favour of smaller, more ‘authentic’ platforms like Parler, Mastodon and BeReal, explains OSINT and Data Security expert Matthias Wilson. 

    Wilson expects that this trend will impact OSINT analysts’ ability to collect, analyse and assess threats: not only are there more platforms to track, but platforms catering to increasingly privacy-conscious users create additional challenges for investigations professionals. 

    For example, the use of different usernames and handles across different platforms is making it difficult to identify and track malicious actors. 

    Furthermore, Wilson points out that many new platforms do not allow searches to be conducted using the same selectors (such as phone numbers or email addresses) as the more traditional providers.

    Trend 4: Crowdsourced OSINT for good

    A significant outcome of the war in Ukraine, explains Wilson, has been the creation of “armies of armchair OSINTers”; a phenomenon which he believes will have both positive and negative consequences for the future.

    With low barriers to entry, getting into the OSINT game is fairly straightforward, requiring little more than a smartphone, a laptop and an internet connection. 

    Shortly after the invasion of Ukraine, people started posting pictures of tank and troop locations, the transportation of weapons and ordnance, and the after-effects of artillery strikes on buildings.4 The data created by the legions of OSINT amateurs adds to the data already available to intelligence professionals. 

    Furthermore, Wilson believes that so-called ‘crowdsourced OSINT’ is helping to create novel techniques, especially in the area of GEOINT (geographical intelligence). For example, tools are being used to analyse shadows on buildings to work out location or time of day and to assist in proving or disproving certain theories.

    On the other hand, amateur OSINT investigators often lack the skills and techniques required to create a high quality OSINT product. 

    “Just because you’ve pulled info from a few sources that seem to corroborate a particular theory, doesn’t mean the final analysis is accurate or reliable,” asserts Wilson. 

    Armchair enthusiasts often don’t have a solid grounding in the structured analytical techniques required to extract meaning from data that’s been properly collected and accurately processed. Nor, adds Wilson, do they have a grounding in the ethics of proper OSINT. 

    Publishing information that exposes individuals’ personal details or locations — regardless of whether they might be enemy combatants or criminals — can pose challenges for professionals that might want to use it for evidential purposes.

    Despite its challenges, Andrew and Wilson both agree that the surge of interest in OSINT has had a net positive impact on intelligence and investigations operations. 

    Overall, Andrew says, “I think the biggest trend will be the continued use and growth of crowdsourced OSINT for good. The conflict in Ukraine has drawn so many people into the space wanting to contribute in any way possible. For those who want to get involved, a lot of learning can be done at little or no cost”. 

    The future of OSINT

    Andrew and Wilson both hope to see OSINT continue to play a crucial role in fighting crimes of all types. 

    That can only happen when organisations use more advanced OSINT-backed tools and techniques in order to better combat crime and reduce risk.

    That’s why Blackdot developed our investigations software solution: Videris. Videris helps investigators and analysts use OSINT to:

    • Analyse vast datasets that they have limited resources to address manually and identify the most valuable information at speed
    • Automatically map connections and identify risks that  could otherwise be missed.
    • Conduct deeper investigations quickly and more efficiently.

    For more insight into how Videris can help you, book a demo and we’ll be in touch. 

    New call-to-action

    More insights