Listen to this episode:
In this episode of From the Source, host Matthew Stibbe speaks with Brett Redman, Head of Intelligence at Blackdot, about the evolving landscape of open source intelligence (OSINT). They discuss the importance of community, ethical considerations, and the role of technology in OSINT. Brett shares his journey into the field, the capabilities of the Vidaris tool, and offers insights on how organisations can effectively adopt OSINT practices. The conversation emphasises the balance between human curiosity and technological tools, highlighting the need for ethical guidelines and community engagement in the OSINT space.
AI-generated transcript
Matthew Stibbe (00:01) Hello and welcome to another episode of From the Source, the Blackdot podcast. I'm your host Matthew Stibbe and today I'm talking to Brett Redman. He's Head of Intelligence at Blackdot itself. Great to have you on the show, Brett.
Brett (00:16) Good afternoon Matt, thank you ever so much for having me.
Matthew Stibbe (00:19) So, I always like to start these conversations with a dive right in question. In the world of OSINT right now, what are you geeking out about? What's capturing your interest?
Brett (00:31) I think that's quite an interesting question I suppose when you pose and open that and I think one of the things that we focus on so much within this industry in particular is technology. You know we always go to the first point of the tech stack what are we getting, what are we using and I've put various articles out about various investigations or technology that's been used but one of the things I'm really big on at the minute is community, the OSINT community, and I think that's quite crucial and key and I think that's pivotal in everything that we try and do particularly from an industry standpoint. And, one of the reasons behind that is this is about human beings first and foremost, this isn't about technology, and I think that for all of the noise and all of the competition and the buzzwords that often are floating around the industry there are incredibly sharp, ethical, grounded people that are doing real work every single day and often that gets missed.
And, when I think about about it even more and especially with how fast potentially the field is growing, it's the sense of community that's always going to matter because it's the individuals and the human beings that are driving it. And I think, here's the thing, right, OSINT is continually, and when we look at technology, it's still an emerging discipline. And we haven't had formal... we haven't had decades, sorry, of like formal doctrines, like traditional agencies. But what we do have is a shared trade craft, particularly around values and that willingness to want to learn from each other and community.
And I think that's what builds credibility. And that's what shapes the standards of the individuals that work particularly within this industry itself. And this is why one of the things that I'm really proud at the minute of the collaboration that we particularly built with the team over at Osmosis. And if you look at what Osmosis has created, it's not just a conference, right? It's a hub. It's a space where anybody from any walk of life, particularly using open source intelligence, all the way from junior analysts or... or internet sleuths as we hear all the way up to law enforcement and policymakers can come together but have real conversations particularly about what's happening in this space. And I think one of the things that's key about this is it's not sales, it's not about performances, it's real life conversations that people are bringing to this community. What does good OSINT look like? How do we build training and what actually reflects the complexity of the real investigations that we undertake? How do we as a community preserve the ethical core of the field as this tech landscape is just exploding around us? And for me, it's all about building bridges, particularly where the UK needs to adopt some of these frameworks and not more so policies. That's a word that I'm not keen to use too much because as a community, we solve these situations, often in parallel, whether it's... whether we're talking about counter fraud, financial due diligence, sanctions evasions, insider threat, and so on.
But we have common language, common values, but there's always shared lessons that come off the back of that. And I think particularly what I'm trying to do, and then you look at organisations like Osmosis, what they're trying to do is bring to the table structure, you know, to ensure that that reach is out there. But there's a strong element of shared collective responsibility that we understand actually what it is that we're trying to achieve in this space. And the key takeaway from this, and I always come back to it, is that, you know, we can go around and around and I can keep sort of... preaching about this community ethos, but this isn't just about intelligence. One of the most important things is that it's about integrity. And if we don't get this right collectively as a community, no one's going to get it right as an individual. And it's crucial and key that we understand the responsibility from a community aspect that we have, particularly within this space.
Matthew Stibbe (04:10) In our conversation earlier, you talked a little bit and you used the word pledge. Can you tell me a little bit about what that is?
Brett (04:19) So when I think of pledge and I think of something that... I had a conversation funnily enough last week and we were talking about something. When I think about pledge I immediately think of ethics and how we adopt certain responsibilities that we undertake within this industry and I've just touched on that quite a bit within the community space but with ethics what I suppose I probably mean by that and a pledge is that we talk about trust.
And it's not just trust to us as an individual, but it's everybody else that works at... but also to the industry itself. Because when I particularly think this worked for me, it's never just been about what I can find. It's about how I do it, why I do it, and whether I can stand behind it once I've completed it. So ensuring that I've been ethical in how I've procured that data. Open source intelligence is extremely powerful. We all know that.
I think we can expose proxy networks, trace hidden assets, identify enablers as I've just touched on again with sanction evasions, but then there's also massive supply chains that we can map out that have been ⁓ used and abused by threat actors. We have to ensure that we're aware of the responsibility that we undertake, particularly when we operate in this industry, because we deal often with real people, real names, which often lead on to real consequences.
And too often I see people chasing the finds, really digging deep to be able to find this information without really asking the question of why? Is it relevant? Or, if I went to a court of law, would I be able to, I suppose, safely share this information and how I've managed to procure it. Has it come from ethical sources? So I always think that when I'm conducting an investigation, if I had to defend this investigation in court or in front of the regulator or somebody from the public domain, would I be comfortable in terms of the process but also how and where I've managed to procure that data from? And if the answer's no, when I look at that from the outset, I won't do it, I don't take that step. It's not just about protecting the subject. For me, it's about protecting the profession, right? Because more so often than not, and I think one of the main currencies that we look for in open source intelligence, it's trust, right? We're aware that we use software and intelligence to be able to adopt it within the industry, but this isn't about flashy tools, it's about the human beings that represent that and those pledge that we discussed earlier that you agree to adopt of a particular mindset when you undertake this... investigations within this industry.
In the work that we do and in the process, but also the people that we are going when we find it, how can we ensure that we don't overstep the mark? What's overstepping the barrier? What does that look like? And I think we, as individuals, take a pledge within open source intelligence to ensure that the work we are doing is ethical.
It is scalable, but we're also able to verify where and how we've sourced that information.
Matthew Stibbe (07:12) So there's a part of this that's about the proportionality or the appropriateness of doing that kind of work, but there's also part of it, from what I'm hearing, about the provenance of the data and the authority or the credibility of the data. Have I understood that right?
Brett (07:28) Yeah, yeah, no, definitely. It's, you know, how have we sourced that data? Where have we got that data from? Is it inherently, I suppose, important to the investigation that we have that data? There's an element or a misunderstanding sometimes that we collect too much and we think that, you know, effectively we've hit the nail on the head because we've got this... masses of data. But if the data isn't relevant, but also if it hasn't been procured, as you've just touched on there, in a right, scalable manner, then the investigation is compromised. And I think that's a key takeaway that... from this. So a pledge, more so, it's about who we are. And I think I can only touch on that so many times. It's why we work in this industry and that's what sets good and bad apart, unfortunately.
Matthew Stibbe (08:14) Are there sort of guidelines or best practices for data... information provenance?
Brett (08:20) Yes and no. I think something that more organisations are becoming aware of or adopting particularly is the Berkeley Protocol. Is that something that you've heard of? previously?
Matthew Stibbe (08:31) Not until today. Tell me more.
Brett (08:33) Okay, interesting. I think something
Something certainly that more people need to be aware of in this space is the Berkeley Protocol. And what it is, is essentially a gold standard if we look at it in that way of how to ethically and legally use open source content, especially when your findings, particularly, could end up ⁓ in a courtroom or a human rights setting in particular. It pushes us just to go beyond the quick screenshot from a social media grab. It asks the question, know, can you prove where that came from? Did you preserve it properly? Could your process stand up under legal scrutiny?
But it also reminds us, as well, to protect the people we're investigating because often that isn't abstract. These are real names, faces and risks tied to the work that we do. And I think when OSINT is done properly with protocols like this in mind, it becomes not just powerful, it becomes admissible and it becomes meaningful. So it's certainly something that we should be adopting or understanding actually how can we ensure that this is woven into the particular frameworks of open source intelligence.
Matthew Stibbe (09:30) This is a really interesting conversation. I'm going to move on now because I'd love to know a little bit about you and Blackdot. Tell me a little bit about what brought you to Blackdot and what brought you to open source intelligence.
Brett (09:45) So, where did I get started in open source intelligence? So I grew up in an area that wasn't incredibly diverse. There was a lot of diversity at the time. know, the majority of people dressed the same, looked the same, act the same, spoke the same. And it was almost sort of like... middle England, reflectively. There wasn't much difference or change going on. And I was incredibly drawn to, funnily enough, hip hop and rap music.
In sort of the early 2000s and I would find myself often sat for hours and hours and days in front of YouTube, you know, understanding and tracing the origins of American street gangs. You know, my dad's family are originally from sort of working class London and London at the time when I was looking at this was having massive issues with particular gangs around Brixton and Peckham and there was just this, there was this appetite to continually learn so much more and suck up as much data as I could but there wasn't a... there wasn't really a centralised hub because obviously the digital space hadn't exploded back then like it has now. And I think in the early 2000s that YouTube was my real pivotal focus for understanding that. I became, I learned very quickly that I could get lots of information online, use it to my knowledge and advantage, but it would also help me in my later life. I ended up, in the end, working in the criminal justice system. So I started out, quite a few years ago now, as a prison officer. And one of the things that I'd identified very quickly when I got into that space was that there was a huge intelligence and knowledge gap, particularly on how street gangs were adopting UK custodial environments within establishments, but that was turning them into particular no-go zones, depending on what part of the country you were from. And when we think about London in particular, postcode wars, and you used to hear these references all the time. So my adoption... to answer your question of open source intelligence was more born out of curiosity and an appetite to continually learn more and gain as much information as I could online effectively.
Matthew Stibbe (12:04) Straight out of Compton into the criminal justice system, but not the usual way.
Brett (12:07) No, no, it certainly wasn't. And when you talk about Straight out of Compton, California was the area where they exploded that interest. I really grew into the Bloods and Crips and understanding Compton in the sort of 1930s and 40s from working class America as to where it is now, interestingly.
Matthew Stibbe (12:27) It has a, I didn't know it had a historical dimension. That's really interesting. Perhaps a conversation for another day. Yes. Okay. So, you're at Blackdot now where you're Head of Intelligence and they have Vidaris, this open source intelligence tool. Can you, can you in a nutshell describe for people who aren't familiar with it, what are the capabilities of Vidaris?
Brett (12:31) Yes, yeah, yeah, that's fine.
So Vidares is a SaaS web-based application. And when I think of Vidaris, and one of the main things we often think of that sales pitch that you give to people in an elevator, Vidaris is extremely powerful when it comes to EDD. And when we look at things like vetting, in particular, we ask the question as to why vetting? Why EDD? Well, actually, everything that we undertake in open source intelligence is often due diligence of some perspective, whether we're dentifying social media trends, whether we're looking into individuals and their digital footprint, whether we're looking into corporate registrations. Videris is extremely powerful at providing data, what I like to reference, at the speed of need. The information that you need, you can go out, collect it, and you'll be able to find it within Videris. And when I think of some of the complex investigations that I've undertaken, particularly around financial intelligence, Videris is a significant player. And I think certainly using some technology and advanced filtering that other organizations aren't able to certainly emulate.
Matthew Stibbe (13:57) In your role you're obviously helping clients use it to innovate and try to develop new use cases. Can you share some examples without perhaps naming names of some innovative ways that people are using Videris?
Brett (14:12) I think, you know, even Videris... and when I think, particularly, what comes to mind is a financial investigation that we undertook and the majority of public sector organisations that use this, you think that they have the, they've got that golden ticket which is often closed source intelligence. You know, they're not just relying on the public domain being able to provide them with information that's not sensitive, they hold sensitive data.
And I think some of the work particularly that we've done where we've looked into individuals that are tied to sanctioned entities, that it's been extremely powerful and it's provided some fascinating outcomes and insights, which I can't really intrinsically go into, but it's certainly proved its value, I think is the fairest way of discussing that.
Matthew Stibbe (14:57) When people are thinking about learning about OSINT, or maybe they're taking their first step as an organisation into deploying it, what resources or what advice would you give them about going from OSINT curious to OSINT activated?
Brett (15:15) I would certainly suggest to people that you need to adopt within the community. I... 100 % community is the big player in this because this is where, you know, and I sound like I'm boiling the ocean on it.
But I think that speaking to other like-minded individuals is always going to be the key when you're looking for good, investigative tradecraft and methodology. And that message will resonate again that this is what this is about. This isn't about tools alone first. This is about how we become or how humans enable technology to be able to support them better in open source intelligence adoption. There's... you've got Osmosis, know, the UK OSINT community, particularly this side of the world is growing and they've got continual events going over.
I would suggest to people to immerse themselves. If you are OSINT curious, get involved in some of these communities. We're incredibly open, honest people. We like to have discussions and we will talk about this subject, I think, till we're red or blue in the face. So certainly people first and understanding how and where good investigative tradecraft and methodology is born from and what it looks like.
Matthew Stibbe (16:23) How, ⁓ we've sort of talked about the trade-off of, or not trade-off that's the wrong word. The balance between people and technology. So if you're an organisation that's interested in exploring OSINT, using it more and better, how do you start thinking about that? Is it a case of going out and recruiting people who've got OSINT experience? Is it about finding the right technology? What's the path to
OSINT success for an organisation?
Brett (16:57) That's a really interesting question and I think that...
It's not particularly just OSINT. The majority of people that have ended up within open source intelligence do so because they're extremely curious people. They like to ask lots of questions or... nosy for a better word. We like to dig and dig and dig, but that often comes from something that's embedded in us as human beings first. And I think that's what makes a good analyst. Whilst this is a profession, I thoroughly enjoy my job. And for the fact that I'm paid every single day to do something that I love is something I don't take for granted.
From organisations, they need to have a look holistically in terms of how they procure data, why they procure data, but what it is particularly around technology that they're looking to achieve with that data. I think there is a misunderstanding of that this big red button will flash up and show us where all of the risks are or where all of these 'gotchas' are, particularly for organisations, and I don't think there's a
huge understanding, particularly of open source intelligence and what it can produce with good human beings as opposed to just what technology can produce. So when I look at organisations and how they procure technology, but also what they expect it to achieve, I would expect that that has to come from an individual that's got a good understanding of the community itself, but also the industry as a whole. This isn't... covert operations, I mean it still is to a particular extent because you're often operating behind proxies and you're doing this from behind the screen. But I think organisations need to understand actually what tech can and can't produce based alongside the power of a curious human being as well.
Matthew Stibbe (18:37) It's more than the technology, isn't it?
Brett (18:39) Yes, yeah, 100%. I keep preaching that message, but certainly, yes it is.
Matthew Stibbe (18:44) I mean, in my world, one of the things that we do with CRMs and marketing automation, we collect huge amounts of data about people visiting websites and opening emails and things like that. And a lot of our clients think that out of that data, somehow they could just get a little email that says this person's ready to buy. And part of my job is going, we haven't got a big red button either. There isn't a thing that will tell you who's going to place an order this month.
So there is a process of turning that data into actionable intelligence or sort of in our case prioritising warmer leads rather than cooler leads, for example. What is the biggest challenge with translating OSINT into actionable intelligence? How do you communicate what it can and can't do to stakeholders?
Brett (19:40) I think one of things that we need to adopt is that when we utilise an open source intelligence and particularly technology, we need to go back to the core foundations of when we talk about frameworks. And I think of things like the intelligence cycle. The intelligence cycle should be the gold standard, as I've just touched on there with the Berkeley Protocol for collecting digital intelligence or information... is that the intelligence cycle should be our go-to for
how and why we conduct investigations, because it's born out of everything from start from a hypothesis. How do we collect that information? How do we analyse it? How do we process it? But also, how do we share it? And I think that for organisations,
how they conduct intelligence-led investigations should be born out of a knowledge, and I think I've just touched on this previously, of a knowledge of understanding how to operate within the space. So when I think of things like the intelligence cycle, we don't discuss it anywhere near enough. And again, this sounds like I'm boiling the ocean, but we're solely reliant on tech solving problems based on questions that come from often individuals in senior roles that I don't think quite have a... sense sometimes of understanding what it is that we can collect and when I think of the intelligence cycle I think that that should be the adoption that we take for frameworks in terms of how we collect and drive open source intelligence investigations.
Matthew Stibbe (21:03) And
If you had one message for ⁓ people who are not in the profession but who are consumers or managers or business decision-makers around it, what would you like them to know about open source intelligence and the intelligence cycle?
Brett (21:19) It's certainly not magic. You can't just push a button and it will solve all your problems in one, but what it will do is it will illuminate a lot of those hidden risks that are often hiding in plain sight that you're unable to identify. It will solve problems. It doesn't always answer questions, but it's certainly going to give you... a clearer vision of what it is that you're looking or what it is that you're certainly trying to achieve with the use of publicly available and publicly accessible information. I think a key takeaway for anybody that is quite curious of the space is you need to enable humans first before you enable the tech. The human will always drive the tech. We're not going to be able to be replaced by robots, particularly within this industry. I think even though AI is having a massive boom, I think that good investigative tradecraft and methodology comes from human beings with the right tooling. And I would certainly say that it's going to enable you to perform your actions clearer. It also will support things
such as mental health because your staff aren't going to get so tired and drained conducting online investigations every day. Use it to your advantage, not to your disadvantage. Know what it's capable of, know what it's not capable of, but just ensure that you've got the right adoption methods in place before you utilise it.
Matthew Stibbe (22:39) It's like Formula One cars, right? If you put me behind one, I'm gonna go around the track really slowly. Put Ayrton Senna in... It's the driver as much as the car, I guess.
Brett (22:49) Yeah, yeah, yeah, 100%. And I think I touched on that earlier, the more curious, often the better find. But sometimes what that leads into is something that we like to call investigative drag, which often means, you you've got hundreds of tabs open at the same time, you're clicking here, you're taking screenshots there. You have to adopt that with the right frameworks and principles.
Matthew Stibbe (23:13) Good, this has been fascinating for me on my personal journey and, Brett, it's been a delight talking to you. And I think that brings this episode to a close. Thank you very much for joining us today.
Brett (23:24) Thank you ever so much Matthew and it's been a pleasure.
Matthew Stibbe (23:27) And if you're listening to this and you'd like more insights about OSINT, Blackdot, or Videris, please visit blackdotsolutions.com. And until the next episode, thank you and goodbye.
