17 November 2017

Wrapping Intelligence Around the Open Source Whirlwind


In the internet age, the digital breadcrumbs humans leave in their wake can be harnessed – the geotag on a tweeted photo, or the time stamps on a YouTube video upload. This open source, publicly available material, once scorned by the secret-stealers of the intelligence community, is rising in value as it is in volume. Open source intelligence (OSINT) is increasingly leveraged by intelligence agencies around the world to quantify, contextualize and even predict international events. 

Open source intelligence draws from publically available material, including traditional mass media – television, radio, magazines and newspapers – academic journals; books; conference proceedings; reports from think tanks, industry, civil society, and government; social media; and geospatial information such as maps and commercial satellite imagery. 
In the United States, the CIA collects, produces and distributes open source intelligence through the Open Source Enterprise (OSE), established in 2015 under of the Directorate of Digital Innovation. 

While the practice of open source intelligence collection has changed significantly since the advent of the internet and real-time, user-generated content, its roots in the U.S. intelligence community go back to World War II, to the Office of Strategic Services’ Research and Analysis Branch and Foreign Broadcast Monitoring Service, which monitored the Axis’ state-run radio channels, analyzing tone, syntax and other linguistic and cultural tells. 

Open source intelligence is a tested means of contextualizing events – such as public opinion during elections, social unrest, disease outbreak and economic markets. Over 3.8 billion people have access to the internet today, and 2.7 billion of them use social media on their mobile devices. The convergence of smartphones and a social networking culture has set the stage for what is quickly becoming a key element of modern intelligence analysis. 
During the 2009 “Green Revolution” in Iran, dissidents took to blogs and Twitter to coordinate activities and share content – much of which was geolocated, time stamped and verifiable. 

In Tunisia, Egypt and other nations, individual citizens sharing content on social applications about political events and collective action during the Arab Spring provided enormous amounts of data to be mined for intelligence purposes. 

Open source intelligence can also alert analysts to trends that trigger deeper investigation. Indirect variables can often imply larger conclusions in bulk datasets. Through the cross-referencing of different digital instruments, such as commercial satellite imagery like Google Earth, reverse image search tools, network-mapping software and machine learning programs – combined with cultural and linguistic expertise – open source analysis can target further investigation through traditional clandestine means.

Terrorists use social media platforms to recruit members, coordinate operations and distribute vivid battlefield videos edited to resemble popular Western, first-person shooter video games posted on YouTube. This material delivers clues as to the tactics and locations of militant groups. 

In 2015, the U.S. military destroyed an ISIS bomb factory only 23 hours after a jihadi posted a selfie revealing the roof structure of the building, which was apparently then cross-referenced with satellite imagery. 

Social media analysis of individuals is also used in counterintelligence operations. A foreign intelligence officer operating undercover, for example, can be spotted based on discrepancies between his or her real and online lives – or merely due to an inconsistent or lack of presence on social media. 

Open source intelligence may be easier to collect than clandestine intelligence – but the sheer volume of information is a major challenge. Not only has the amount of rich public information expanded, the live-stream nature of this content means broader access – as well as an avenue to plant falsehoods amongst truth. 

Social media now includes billions of hours of YouTube videos – not to mention tweets, Facebook posts and other user-generated data. Tools like machine learning can help automatically flag videos, images and content of interest to analysts. 

But digital tools cannot solve the problem alone. Open source practitioners must creatively verify content through reverse image searching and cross-referencing of content using commercial platforms coupled with deep linguistic, cultural and subject matter expertise. 

There is a fundamental tension between an ethos of classically defined espionage and open source intelligence – and resourcing and culture at intelligence agencies often reflect this. While clandestinely collected intelligence is needed to solve national security problems, it is also estimated to cost upwards of 10 times as much as OSINT – let alone the political and human risk involved. 

Spy organizations, as prized targets of foreign cyber espionage, are often “air gapped,” and intelligence officers are often discouraged from having social media accounts themselves for operation security reasons. But insulating analysts from the most prominent source of modern open source intelligence hampers their effectiveness. 

Despite potential changes in attitude toward open source intelligence, foreign policy decision makers often lend – whether misguided or not – more credence to classified intelligence than intelligence gleaned from open source platforms – a phenomenon known as the “secrecy heuristic.” But agents can feed intelligence officers disinformation – wittingly or not – through covert channels as well. 

Levi Maxey is a cyber and technology analyst at The Cipher Brief. Follow him on Twitter @lemax13.

No comments: