OSINT Trends and Challenges in 2023

By Charles Brown

Blackdot Blog Featured Image (2)

    Get the latest news and insights sent straight to your inbox

    In 2022, Russia’s invasion of Ukraine brought the term ‘OSINT’ – or Open Source Intelligence- sharply into focus. A term describing the process of collating and analysing publicly available data, and transforming it into actionable intelligence, OSINT was used by at-home and professional investigators alike to determine the whereabouts of Russian forces, in many cases disproving Russia’s claims of innocence or victory.

    If 2022 was a big year for OSINT, 2023 promises to hold even more. In this article, we speak to two experts about OSINT trends, challenges and what to expect in the next year.

    Trend 1: Disinformation Campaigns

    Disinformation campaigns aren’t new in 2023, but new ways of tackling them will be, says Andrew R., a Cyber Crime Intelligence Manager. Over recent years, there has been increased focus on disinformation and misinformation campaigns as a major national security and broader societal threat. Such threats have evolved throughout the last few years, with political instability and Covid-19 providing opportunities to those looking to spread false information, and war in Ukraine solidifying the trend.

    All of this has led to the professionalisation of the counter-dis/misinformation ecosystem with the likes of the Stanford Internet Observatory, Bellingcat and others developing “really innovative methods using open-source intelligence to analyse data and identify patterns of activity which appear to map out networks of malicious actors”, notes Andrew. The platforms used to spread disinformation, however, are constantly changing; each iteration potentially restricting functionality and impacting the ability of researchers to access data, and ultimately making life more challenging for investigators. In 2023, investigators must continue to develop innovative OSINT tools and techniques in order to minimise and mitigate the impact of disinformation.

    Trend 2: Data Leaks 

    Increases in data generation – and the technology to exploit it – have led to the rise and development of data-driven journalism. In recent years, we’ve seen increasingly sophisticated publication of whistle-blower claims and data leaks, and Andrew believes this is set to continue in 2023.

    “High-profile investigations by organisations such as ICIJ and OCCRP provide excellent material for journalists to write powerful stories about how the rich and powerful abuse the financial system to hide their assets”. This journalism is a potential treasure trove of information to be processed and used as intelligence by professional investigators focused on issues such as fraud, corruption, money laundering and sanctions violations.

    Recent high profile data leaks are especially useful to financial crime fighters. For example, “commercial data sources won’t always list the true beneficial owners of a particular entity; either because they’re out of date, or because their ownership chain leads to opaque offshore jurisdictions”, says Andrew. “With the ever-increasing need to understand ownership, whether due to AML/CTF obligations or ESG/integrity risk management, it has become essential to leverage leaked information that often draws back this cloak of secrecy of corporate ownerships.” Within the world of banking this information makes it possible to make risk-based decisions on whether to maintain a client relationship. In large corporates, it can help investigators to understand and spot weaknesses in their supply chains. And, in government agencies, it can provide invaluable information on how sanctioned entities are attempting to circumvent the restrictions placed on them.

    Trend 3: Decentralisation and proliferation of online communities

    Social media platforms are a critical source of information for investigations and intelligence professionals. Analysis of posts, images and social networks can help investigators to understand the organised groups behind investment fraud, crypto scams, counterfeit and illicit trade, and political violence.

     However, users are starting to leave mainstream platforms such as Facebook and Twitter in favour of smaller, more ‘authentic’ platforms like Parler, Mastodon and BeReal, explains OSINT and Data Security expert Matthias Wilson. In the year ahead, this trend will impact OSINT analysts’ ability to collect, analyse and assess threats: not only are there more platforms to track, but platforms catering to increasingly privacy-conscious users create additional challenges for investigations professionals. For example, the use of different usernames and handles across different platforms is making it difficult to identify and track malicious actors. Furthermore, Wilson points out that many new platforms do not allow searches to be conducted using the same selectors (such as phone numbers or email addresses) as the more traditional providers.

    Trend 4: Crowdsourced OSINT for good

    A significant outcome of the war in Ukraine, explains Wilson, has been the creation of “armies of armchair OSINTers”; a phenomenon which he believes will have both positive and negative consequences into 2023 and beyond.

    With low barriers to entry, getting into the OSINT game is fairly straightforward, requiring little more than a smart phone, a laptop and an internet connection. Shortly after the invasion of Ukraine, people started posting pictures of tank and troop locations, the transportation of weapons and ordnance, and the after-effects of artillery strikes on buildings. The data created by the legions of OSINT amateurs adds to the data already available to intelligence professionals. Furthermore, Wilson believes that so-called ‘crowdsourced OSINT’ is helping to create novel techniques, especially in the area of GEOINT (geographical intelligence) where, for example, tools are being used to analyse shadows on buildings for the purposes of working out location, time of day etc and assisting in proving or disproving certain theories.

    On the other hand, amateur OSINT investigators often lack the skills and techniques required to create a high quality OSINT product. “Just because you’ve pulled info from a few sources that seem to corroborate a particular theory, doesn’t mean the final analysis is accurate or reliable” asserts Wilson. Armchair enthusiasts often don’t have a solid grounding in the structured analytical techniques required to extract meaning from data that’s been properly collected and accurately processed. Nor, adds Wilson, do they have a grounding in the ethics of proper OSINT. Publishing information that exposes individuals’ personal details or locations – regardless of whether they might be enemy combatants or criminals – can pose challenges for professionals that might want to use it for evidential purposes.

    Despite its challenges, Andrew and Wilson both agree that the surge of interest in OSINT has had a net positive impact on intelligence and investigations operations. Overall, Andrew says, “I think the biggest trend will be the continued use and growth of crowdsourced OSINT for good. The conflict in Ukraine has drawn so many people into the space wanting to contribute in any way possible. For those who want to get involved, a lot of learning can be done at little or no cost”. 

    In 2023, we hope to see OSINT continue to play a crucial role in fighting crimes of all types.  

    More insights