How to Stay Secure During Your OSINT Investigation: Security, Privacy and OSINT in 2022
By Charles Brown
Get the latest news and insights sent straight to your inbox
Since its inception, the world wide web has undergone significant changes, and is now home to over 1,200 petabytes of data.1 Much of the data stored on the internet — including the deep and dark web — is open source data (OSD). This means that it is publicly accessible or intended for public consumption, making it useful for open source intelligence (OSINT) investigations.
OSD is an inherently vast and potent resource for intelligence-gathering operations and investigations. With the help of OSD, investigators can form an overarching understanding of subjects, networks and organisations, and drill down into micro-level events and individual connections.
However, as the internet has grown in both depth and complexity, cybersecurity risks and tracking technologies have become increasingly sophisticated. This, combined with the pervasive risk of human error, means OSINT investigators must remain extra-vigilant during their investigations.
Today, we’re going to be looking at why maintaining security during your OSINT investigations is crucial, before examining the steps investigators can take to make this a reality. Let’s get started.
Suggested reading: To learn more about how you can use open-source data to transform investigatory outcomes, check out our free eBook — The OSINT Handbook
The importance of remaining anonymous in OSINT investigations
Anonymity and security are central in OSINT, just as they are in any intelligence-gathering paradigm. However, the digital medium of the internet presents its own set of distinct challenges for conducting effective and secure investigations.
Failure to address security, anonymity and traceability in OSINT investigations can result in:
- Compromised operations: If a subject becomes aware of an investigation, they may attempt to prevent the capture of evidence by deleting and removing content. Furthermore, networks or threat actors may cease their actions before the investigators are able to gather conclusive evidence.
- Tipping off subjects: Accidentally “tipping off” the subject of an investigation is a criminal offence in some jurisdictions, including the UK, where assisting a money launderer can result in fines and prosecution.
- Failure to identify and stop criminal activity: Failed investigations allow subjects to continue their illicit activities, whether that be money laundering, trafficking or something else. Furthermore, OSINT requires significant time and resources, and security breaches that damage investigations result in wasted time and investment.
How anonymity can be breached
Cookies were initially developed in the late 1990s to verify whether a user had visited a site previously, and soon became the quintessential tracking technology. Things have changed a lot since, and there are now numerous ways for actors to track user movement on the internet.
The first step for retaining anonymity is being aware of the methods deployed to track users and the actions or behaviours that result in exposure. Identifying technical and behavioural risks that threaten the integrity of an OSINT investigation allows investigators to engineer solutions that mitigate risk.
1: Failing to take precautions
From a technical perspective, there are a variety of different threats that investigators need to be sure to guard themselves against during an investigation. Failure to take the necessary precautions will likely result in identity being exposed through:
- IP address tracking: Whilst IP addresses have become increasingly easy to hide through proxies, VPNs and browsers like TOR, there are still situations in which an investigator might accidentally leak their IP, even if just for a few seconds.
- Digital fingerprinting: This is a tracking technique where a remote service collects data from a browser. This data is used to formulate a fingerprint that may be unique amongst other digital fingerprints, rendering the browser trackable. Sophisticated fingerprint techniques can even read information about the state of a device’s processor, screen, graphics, audio and other hardware, making results significantly more accurate.
- Tracking pixels: Tracking pixels are used to deliver information to a server about a user who triggers a specific event, e.g. opening an email.
- Social media and other algorithms: Using social profiles or surface web search techniques can expose investigators through predictive algorithms. One example is the ‘suggested friends’ that pop up when someone views a social media profile.
The threats to anonymity identified above are avoidable when precautions are taken, although this requires investigators to implement certain measures. This means that human error can still be a factor in anonymity breaches — if an investigator forgets to do something, they run the risk of compromising an investigation, which takes us onto the behavioural risks that threaten anonymity.
2: Information leakage
On the behavioural side, investigators may compromise their own investigations through a combination of data leaks, breaches and poor security habits. These can be accidental, for example, leaving a session logged in or sending sensitive information through unsafe channels.
In some instances, however, it might be deliberate. This is known as an insider threat, which can come in the form of:
- State-sponsored espionage
- The theft and sale of company data
Staying secure during an investigation
Modern OSINT must operate within a low-risk framework that maintains anonymity and security from both external and internal threats. It is only then that the full potential of OSD can be realised without fear of exposure. Fortunately, there are steps that investigators can take to maximise security.
1: Deploy appropriate security measures
Many of the technological threats that can expose investigations, such as IP tracking, are relatively straightforward to remedy with appropriate security measures. One of the main considerations here, however, is that security measures should be maintained from end to end and used consistently throughout the OSINT gathering operation.
Beyond rudimentary protection, investigators must take advantage of cutting-edge tools that protect against advanced security risks. The central tool when using the internet for OSINT is the browser.
Once correctly configured by investigators at the outset of an investigation, the browser will do much of the legwork to protect them from fingerprinting, cookie tracking, tracking pixels, entity-tag tracking and exposure via social media or search algorithms.
In order to accomplish this, investigators need access to the best OSINT tools, which provide a secure, self-contained ecosystem and offer a range of other functionality, including:
- Deploying tools to combat the risk of rudimental tracking, e.g. cookie tracking and tracking pixels.
- Training individuals appropriately, making sure that common cybersecurity threats can be identified and interrogated in case they are encountered in an OSINT investigation.
- Using a single platform to avoid the security issues introduced by transitioning between different tools.
2: Record findings in a centralised location
To tackle the issue of data breaches and leaks, OSINT findings need to be recorded in a centralised location in accordance with strict protocols. Once sensitive data becomes spread across disparate locations, data breach or loss becomes much more likely.
Combating this with a secure, centralised recording and storage solution ensures that OSINT data stays in a secure location, and remains under the control of the intended individuals or departments. It’s crucial to remember that:
- Findings are often sensitive, and should be stored with attention to individuals or organisations who might be implicated.
- Recording findings in a secure central environment means that access to classified data can be closely monitored.
- Secure OSINT ecosystems allow organisations to maintain small trusted circles of accountability and control over findings.
3: Deploy a cutting-edge intelligence platform
Whilst some of the more basic tracking technologies, such as IP tracking, are easily remedied via commercial privacy-oriented browser extensions, others, such as browser fingerprinting, are notoriously hard to combat. The demand for all-encompassing advanced solutions has never been higher.
That’s why here at Blackdot, we developed the Videris platform, which now represents the frontline of secure OSINT intelligence gathering. Videris helps to ensure both anonymity and untraceability, whilst allowing investigators to access OSD across the dark web, deep web, and surface web.
Videris can be deployed in a private dedicated cloud or on-premises, depending on business needs. It serves as a ‘single source of truth’ for all OSINT investigations and operations, amalgamating the processes of gathering, visualising and mapping OSD with a secure reporting system for logging findings.
This all-inclusive, holistic approach to OSINT eliminates reliance on disparate systems, closing the circle of accountability and placing total control in the hands of those best-placed to safeguard sensitive investigations. By deploying Videris, you can also:
- Simplify the process of social media intelligence (SOCMINT) gathering, by extracting insights from publicly accessible social media without tipping off subjects or compromising the ethical principles of your investigation.
- Gain seamless access across the surface, deep, and dark web, and make the most of all available OSD. This includes corporate and public records, leaked data from reputable organisations (e.g.OCCRP, the Organized Crime and Corruption Reporting Project), premium database material.
- Access data hosted on darknet sites without needing to download alternative browsers or risk accessing upsetting materials. Videris provides access to dark web data within the same platform and automatically hides images that investigators may not wish to see.
- Acquire the ability to map and visualise findings in a secure ecosystem, creating summaries and reports without exiting the workflow.
- Single point of access to the open internet reduces security risks by controlling and recording who can access data and what has been accessed.
Videris is both technologically robust and intuitive to use — it provides the peace of mind required for investigators to undertake their inquiries without fear of being compromised.
Book a demo today to see what Videris can do for your OSINT investigations.