Open Source Intelligence Lifecycle

For novice or intelligence analysts looking to improve their open source intelligence skills, there is a need to focus on the theoretical foundations, particularly the intelligence lifecycle.

Open Source Intelligence Lifecycle: Planning and Guidance

The planning and guidance phase of the open source intelligence (OSINT) intelligence lifecycle is the phase where the analyst identifies intelligence needs, outlines intelligence issues, and sorts out any special circumstances that may arise about the target, the environment.

If this phase is not set, then the more optimistic scenario results in a long investigation time for the intelligence analyst. The worse case scenario is that it is discovered by the target.

At this stage, the following steps are recommended:

1. Define intelligence needs:

Clarify the need for intelligence and objectives, sort out the logical relationship between the core issues and sub-issues, and as the investigation proceeds, add, delete or modify these issues.

For example, the core question is "Who is behind this account?" and the sub-questions are: "What is his name?" , "What country is he in?" , "How old is he?" and "Is he active on any other platform?"

This step is to determine what intelligence the team or department needs to obtain, including the type of intelligence, sources, quality requirements, etc. This step is critical because it directly affects the value and usefulness of the intelligence.

2. Identify key sources of information:

Before starting an investigation, identify key sources of information that can provide the required intelligence, while ensuring that the necessary identity (not necessarily authentic), software and hardware environment is set up.

When first starting an investigation, the intelligence analyst may not know all the platforms the target regularly uses. However, based on what is currently known about the target, try to identify potential platforms and and prepare the conditions for accessing them.

With most social media, a fake account is usually required, as well as an email or phone number for verification.

However, if the platform being investigated is a smaller, more cohesive group that may seem suspicious to outsiders, they may have higher requirements for new members. Some groups may require new users to be vetted and invited by other members before they can join, which requires additional upfront preparation.

This step is necessary in order to determine which sources can provide the team or department with the intelligence it needs, including relevant vendors, other companies in the industry, the Internet, databases, etc. Depending on the needs, it may be necessary to use multiple sources to cover different aspects of intelligence.

3. Collect and analyze intelligence tasks:

Develop relevant intelligence tasks and assess the relevance and priority of these tasks, and assess the technical capabilities of the target.

Intelligence tasks should be listed in some order of priority so that when intelligence collection and analysis is conducted, the most valuable intelligence data can be obtained in the shortest time possible. If the target has a high level of technical capability and protection, the chances of the intelligence analyst being detected by the target during the course of the investigation are increased.

It should be clear: not every intelligence analyst can take national-level precautions for the target's investigation.

In principle, ensure that the value generated by intelligence is higher than the cost of collecting and processing intelligence.

This step in order to define the tasks of intelligence collection and analysis to ensure that the output of intelligence will meet the needs of the team or department. Tasks should be assessed for their relevance and priority so that more important tasks are performed first.

4. Identify information users:

Identify the organizations or individuals who need to use the intelligence.

This ensures that intelligence data is delivered to the people who need to use it to make strategies and decisions. Since different personnel have different needs and uses for intelligence, intelligence tasks and collection plans need to be developed accordingly in order to provide appropriate intelligence support to different users.

This step is necessary to identify the people who need to use intelligence, including their roles and responsibilities. This step helps the team or department develop more specific intelligence needs, tasks, and plans, and facilitates the logical sharing and use of information.

5. Develop an intelligence collection plan:

Based on a list of tasks and key information sources, develop a specific collection plan that includes collection methods, timing of collection, and prioritization of collection tasks, among others.

The intelligence collection plan is developed to ensure that the required intelligence data is collected and processed according to the plan and to prioritize and schedule the collection tasks based on the intelligence task list and key information sources. The acquisition plan should be viewed as a practical operational guide that includes the acquisition tools, the timing of the acquisition, and the actual operational steps required, etc.

This step is necessary to clarify how, when, and what the intelligence will be collected and prioritized. The acquisition plan should be based on a task list and corresponding key sources of information to ensure that the required intelligence is obtained on time and with high quality. It should be a hands-on guide to ensure efficiency and accuracy in collecting and processing intelligence data.

Conclusion

The planning and guidance phase of an open source intelligence investigation helps intelligence analysts to properly conduct the investigation process.

This phase can directly reduce the time spent on extraneous issues or time spent setting up accounts during the investigation process.

When the intelligence analyst has completed the planning and guidance phase, he or she can move on to the next phase of the intelligence lifecycle: collection.

Open Source Intelligence Lifecycle: Collection

In this phase, the intelligence analyst needs to collect relevant information and data from a variety of sources in order to obtain the intelligence needed. Typically, this phase includes the following steps:

1. Define intelligence requirements

The intelligence analyst needs to understand the needs of the intelligence consumer, determine what kind of intelligence they need and for what purpose, and plan the collection plan based on this information.

2. Retrieve information

Intelligence analysts need to search and assemble relevant information, including open data, academic publications, news reports, social media information, data on the Web, specialized databases, etc.

3. Collect and acquire data

The relevant data for the target may be time-sensitive. Remember, the collection phase is not the time to stop and think about the content of the data, and a good set of relevance algorithms is worth having.

The quality and credibility of the intelligence depends heavily on the accuracy and timeliness of the information sources.

In the process of collecting and acquiring data, intelligence analysts need to understand and apply a variety of collection techniques and methods to ensure that the data acquired is sufficiently credible and informative. These techniques and methods include:

a. Interviews: Intelligence practitioners need to conduct interviews and interviews with relevant personnel to understand the information and views they have.

b. Investigation: By collecting and integrating various intelligence information from the surrounding area, in-depth investigation and research on the target.

c. Reconnaissance: Special reconnaissance techniques are used to collect intelligence, such as drones and satellite technology.

d. Open data: Intelligence workers need to collect and access existing open data, such as images, videos, text, etc.

e. Social media: Obtain and collect key information through social media and other online channels.

f. Databases: Obtain information data from various specialized databases.

In the process of collecting and acquiring data, intelligence analysts need to carefully screen and filter the data to ensure its credibility and value, and store the data in the appropriate information database for subsequent analysis and utilization.

4. Data pre-processing

Consolidate and organize data for better analysis and exploitation. Intelligence analysts need to filter, sort, classify, code, and tag data to make it more readable and analyzable.

5. Validate data

Data is validated through comparison, repetition, cross-checking, and confirmation to ensure accuracy and credibility.

In summary, the collection phase of the intelligence life cycle is one of the most critical steps in the intelligence life cycle, as it is the basis for conducting the analysis and production steps. In this phase, intelligence practitioners need to carefully analyze and process a variety of information and data to obtain the required intelligence.

Never use a personal account for open source intelligence investigations.

Remember to use a separate Internet identity and disassociate from personal accounts.

In addition, applications and social media platforms collect large amounts of data that can be used to fingerprint and associate users with different accounts. Therefore, the following actions are expected to be observed:

1. Use VPN services

2. Use an anti-association browser, or a privacy browser.

3. Use virtual machines or even dedicated hardware

4. Do not interact with any real accounts in any way.