Because of a bizarre holiday in Asia, I found myself in the curious and unenviable position of head of an operations centre located on another continent that relies on me for intelligence. I got to this position through a mix of luck, hard work and an understanding of open source intelligence practises due to a misspent youth.
Open source intelligence (OSINT) is intelligence collected through publicly available information such as photos, articles, videos and everything in between. And there’s more of it than you can possibly believe.
OSINT is at once immediately accessible and magical in its complexity; it covers every intelligence discipline, can be accessed with a smart phone in its base form but, depending on specialisation, can require an incredible amount of skill and experience.
It’s a discipline that takes all sorts:
While unemployed, Eliot Higgins AKA Brown Moses, managed to correctly I.D chemical weapons used in Ghoutta, Syria while intelligence agencies and journalists throughout the world were barely keeping pace. He did this from a couch, posting to Blogger, and has gone on to found an organisation called Bellingcat, which assists journalists do the same thing. One of Bellingcat’s writers, Christiaan Triebert, went on to win the European Press Prize 2017 Innovation Award for reconstructing the recent Turkish coup attempt using Telegram and WhatsApp messages.
Mark Fahey is a biomedical engineer who loves both radios and North Korea. He has travelled to the Hermit Kingdom four times, he said in a talk at Hope X, and managed to find the frequencies of both North and South Korean numbers stations for signalling to spies, hidden tunnels and a floor of his hotel filled with anti-western propaganda.
Hugo Kaaman AKA PurpleOlive, is a 23 year old Swedish man who effectively wrote the book on SVBIED (Suicide Vehicle Borne Improvised Explosive Device) deployment. His recent report on the typical yields, blast radius, vehicle types and methods of employment are deemed ground breaking. Pundits and military members alike lauded it.
Elements of 4chan’s /pol/ board managed to locate and disrupt Shia LeBeouf’s anti-Trump civil disobedience livestreams a number of times. They did this by watching jet streams, listening to cars honking and a constant, never ceasing analysis of information that Shia LeBeouf unwittingly provided.
That’s just four examples of people hustling every day to find that next DIY rocket launcher, another suspicious field in North Korea or finding obscure numbers for a report. But, they do it. They do it all with the thing you are reading this article on.
My own experience in OSINT started after reading about the 2008 attack on the Taj Mahal.
The Mumbai Terror Attack in 2008 was a horrible thing to happen to India, but it was also particularly amazing in that the attackers from Lashkar-e-Taiba had a tactical operations centre directing them.
Their TOC used Twitter and news services to locate victims within the Taj Mahal and a Jewish community centre before relaying instructions via Skype, phone and text message.
My focus, however, entirely rests on northern Iraq, mainly Kurdistan and the governates near it. Most of my reading on this region comes from Twitter. Due to being time poor these days, I work as mainly an aggregator for other people’s work and what primary sources I can find.
Media in Kurdistan has great access but is limited by its editors and sometimes government, so I find myself looking for staffers from the PUK or KDP Kurd political parties, press releases from NGOs, aid agencies, academics, expats and weapons I.D accounts on Twitter. These social media accounts can yield information that someone wouldn’t normally post while representing their company.
It comes as a surprise to a lot of people that I find myself searching as much for things like refugee and internally displaced people (IDP) movements and wellbeing, regional political machinations, oil data and economics situations as much as I look for what ISIS is doing. This is because I’m not trying to find out about offensives and defensives. I want to know whether northern Iraq will survive itself post-ISIS, and that doesn’t just mean military things.
I’m thus gifted with readymade and available reports, graphics and videos. All I have to do is turn on my phone.
There’s a lot of Twitter to filter out, even if people seem genuine. Twitter is a magical place where everyone looks like an expert, and most people aren’t. People also have their own biases and prejudices that affect how they post. Some people are just lying sacks of shit.
One example is an account I follow of a Shia militia active in northern Iraq. They post 720p minimum videos and photos of them firing missiles, giving out aid and multiple views inside captured vehicles.
They strangely forget to post the videos of them launching IRAMs in to civilian populated areas and dragging bodies through streets. I know that they do that because sometimes, yes, they do post Hector.avi, but I also search around them for people who found material not disseminated from their actual media team but by their members.
To get around biases, I try and vet material I find or receive. I sometimes don’t and pay the price of possibly passing on inaccurate or useless information that could’ve been made by a crack pot.
For this, the Motive, Opportunity, and Means (MOM); Past Opposition Practices (POP); Manipulability of Sources (MOSES) and Evaluation of Evidence (EVE) framework. MOM POP MOSES EVE is the checklist for “is this person deliberately deceiving me?”. It’s a valuable tool to keep in mind no matter whether you operate at state level or mum’s basement level, even if you can’t remember the acronym but know the reason behind it.
I also use LiveUAMap to visualise what a given AO looks like. It’s a map that is connected to Twitter and shows live front lines and held territories/ influence areas with interactive symbols that show you what type of event occurred where.
Even if intelligence analysis and collection doesn’t interest you, it’s still good to know a bit about what intelligence you give to people without knowing. Thinking before you post a photo of you surrounded by 50 radios and a mortar tube on Tinder could be the difference between your holiday to Bali being a great week or a honeypot. Because it’s so easy, you should be thinking “who could use what I write or post against me or my unit?” It’s the stuff they tell you about during safety briefs that you think will never happen to you.
For digs on deployment, when you can spare a minute online, you could be checking up to see what’s going on in your AO. Not everyone gets to sit in on intel briefings, so be your own intel briefing.
Our enemies talk frequently and in detail about what they’re doing. They want to scare you and they want you to think they’re bigger than they are. They aren’t big and scary, they’re just desperate and that makes them do more with less. Knowing what they do more with less of is half the battle.
Hannibal Presley is an ex infantryman who currently writes and works as a PI and has experience working on humanitarian jobs with HASF in Iraq.
Eliot Higgins’ investigation in to the 2013 Ghoutta chemical weapon attack
The Bellingcat website
The Turkish Coup through the Eyes of its Plotters by Christiaan Triebert
The History and Adaptability of the Islamic State Car Bomb by Hugo Kaaman
North Korea – Gathering Information in the World's Most Restrictive Nation by Mark Fahey
Capture The Flag by Internet Historian
Out of the Mountains by David Kilcullen
OSINT image https://andreafortuna.org/my-personal-list-of-osint-sources-the-search-tools-a9097f4b2539