Introduction to OSINT

What is OSINT?

OSINT stands for Open Source Intelligence. It refers to the collection, processing and analysis of publicly available data that has been deteremined to be of intelligence value.

The U.S. Department of Defense defines OSINT as:

[Information] produced from publicly available information that is collected, exploited, and disseminated1 in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.

Sources of OSINT include surface, deep and dark web, social media, news media, academic sources, and government records.

Contrary to other forms of intelligence, OSINT uses legally accessible information, without breaching copyright and or privacy laws. Open refers to overt, publicly available sources, as opposed to covert sources which are hidden and confidential.

This distinction makes OSINT accessible to people outside law enforcment.

Difference Between Information and Data

OSINT interests itself in information in contrast with just data. The difference is best explained with an illustration.

Let’s take some random numbers: 6 - 9 - 13 - 24 - 41

Out of context, they mean absolutely nothing. These numbers are just data: numbers in that case but it could have been random values like words and characters.

Let’s add some context: this are actually the winning lottery numbers of December 11th, 2020 (France).

Now, this data becomes information and it has much bigger value (it would have even more value if it was the winning numbers for the next lottery).

The main difference is: the context.

When you put data in the right context, it automatically becomes information.

See also Relationship of Data, Information, and Intelligence#.

Types of OSINT

OSINT can be divided in two big categories: offenseive and defensive.

Offensive

Gather information before an attack.

Defensive

Learn about possible attacks (vector) against yourself, your company, your client etc.

The OSINT Cycle

See The OSINT Cycle#.

  1. In this context it means “reported”, which is one of the hardest part of OSINT.

    ↩︎