Passive and Active Open Source Intelligence

While exploring the online world, you are bound to encounter open source information: data that can be publicly viewed, collected and analyzed. Because of its high accessibility, this type of data may be useful for online researchers or investigators. You can find millions of content-rich resources related to your chosen topic by simply searching the Web for a simple phrase.

However, accessing open source intelligence on certain sites and platforms can become more difficult. While the open web is usually just that - open access to Internet users - modern websites and popular social media platforms now require users to create accounts to gain access. In this new protected online environment, analysts and researchers can no longer passively gather all open source intelligence. Instead, they must create accounts and clear barriers to entry in order to access certain information. As a result of this change in data barriers, online users must adapt their information collection methods in a more secure cyberspace. This represents a key difference between gaining access to passive and active open source intelligence.

Passive Open Source Intelligence:

You can think of a passive open source intelligence collector as someone who quietly absorbs information on the web. Analysts access passive open source intelligence in a simplified way; imagine a fisherman casting a net underwater and letting hundreds of fish swim around in it. Passive information gathered may include headline articles from global online news sources, or popular posts from public social media users. When looking for passive Open Source intelligence, users may also want to avoid drawing attention to their activities. These users prefer to remain invisible to their research subjects to avoid retaliation. They can also skew data results by revealing their intentions.

Passive means that the researcher does not engage with the target. Passive open source collection is defined as the use of publicly available information to gather information about the target. Passive means no online communication or contact with the target, including commenting, private messaging, friending, and/or following.

Active Open Source Intelligence:

On the other side of the open source intelligence spectrum, active open source intelligence implies a dynamic approach to locating public data. With active open source intelligence, researchers need basic credentials (such as email and username) to access sites that hold valuable data in the first place. As an "active open source intelligence analyst," the information you may collect may not be obvious to the typical online user. Although you are still accessing public information, these details may have been hidden or archived. This makes the information slightly more difficult to find.

When performing active open source intelligence, you may also not have to worry about revealing your presence to the subject of your investigation. For example, you may choose to download a PDF file linked to on a research subject's blog. Or, you might ask to become friends with someone on their Facebook page to see their status updates. If we stick to the phishing analogy, active Open Source intelligence drops a net and replaces it with a pole for a more targeted collection approach.

Being proactive means engaging with the target in some way, i.e., friending them on social profiles, liking them, commenting on them, messaging them, etc. Active open source research is considered engagement, and for some organizations it is an undercover operation. For active research, one must be integrated into the group. To engage with a target person, one may have to create several accounts on different platforms to make it look like a real person.



Research organizations have different interpretations of what passive participation and active participation are. For example, joining a private Facebook groups may seem passive to some organizations, while others may see it as engagement and may even imply some kind of undercover operation. Therefore it is extremely important to develop SOPs (Standard Operating Procedures) that outline the organization's position on this type of engagement.

Some researchers consider joining groups to be passive because they are "passively" looking, rather than actually communicating with the target. One thing to consider is that if a Facebook group consists of 500 or more members, it may be easy to blend in, while a small group of 20 people is at increased risk.

The difficulty of gathering intelligence in the public online space varies. If cyber researchers want to collect comprehensive information, they need to acquire different skills and techniques. Understanding the different types of open source intelligence and collection methods can help you decide where to invest your time and resources when building your open source intelligence toolkit.