OSINT training: today and tomorrow
The Social Links team spoke with OSINT and SOCMINT technology trainers and educators and found out why digital investigations are in great demand
How many software products does a qualified OSINT expert use? Maltego, Social Links and other transforms, Paliscope, Hunchly, Vortimo, InfoZoom, Analyst's Notebook (ANB), i2 Ibase, Mindmanager, Insomnia, Amped Authenticate, Screaming Frog, Snagit, Camtasia, Website Watcher. There are 15 different packages from Jörn Weber, investigator and OSINT trainer from Corma.de, Germany.
Social Links partners with many OSINT and SOCMINT technology trainers and educators. We spoke with Jörn Weber, Leonida Reitano, Dario Beniamini and Bruno Mortier about OSINT training's features, and some shared their thoughts on the matter.
Who turns to OSINT training courses?
Can one learn to use all this software without special training? Sure. How long it will take and when there will any appear is another question. Still, some OSINT experts owe their achievements only to themselves. However, some people even turn to trainers and pay for training courses on OSINT products and techniques. Who are these people?
The training is for professionals for whom OSINT technology is the right tool for the job right now. They are state law enforcement agencies, police officers, employees of corporate security services, private detectives and journalists, intelligence agents, human resources specialists, and others.
University students during post-graduation programs also study OSINT. Cybersecurity professionals, including cyber threat intelligence and anti-fraud specialists, are also among the students. For example, the public sector clients of Leonida Reitano, an expert, and trainer from Italy, include the Italian police force, the Italian Ministry of Finance, Milan University, and the defense industry. Some of his private sector clients include the US media outlets, private investigators, insurance companies, and banks.
Is the number of people willing to study growing? Yes, all the interviewed trainers noted this trend. "I think more people want to know about OSINT, but for very different reasons. Think about Pentester vs. Police Investigator vs. OSINT-Analysts from EU," says Jörn Weber.
OSINT is one of the most researched subjects to be studied due to its versatility, as stated by expert and trainer Dario Beniamini, a Co-Founder and CEO of INTELLEXIA and Cybera Srl: "It can be applied in multiple scenarios, from penetration testing to due diligence, digital forensics, malware analysis, cyber attacks."
Who are OSINT trainers, what and how do they teach?
All four trainers, whose comments are used in this review, work in Europe and teach OSINT for more than eight years. All of them are 'playing trainers.' None of them devotes all of their time only to training students. Each continually works as an investigator in real investigations, and they analyze examples from these working cases in their classrooms. Full-time and online, they teach a variety of technologies and products. The most popular are face-to-face courses lasting several days. Video conferencing has become popular during a pandemic, but this is still an exception rather than a rule.
There is both specialization and cooperation: "I use a broad range of software products, depending on the nature of the assignment. I do not provide dedicated software training for one specific product. For instance, I show some of the Maltego capabilities in my training, but refer clients to Jörn Weber for an in-depth Maltego and Social Links training," states Bruno Mortier, a Forensic, Risk & Compliance Manager at BDO Germany.
Audit & Assurance, Tax & Legal and Advisory Services
In addition to Maltego, Social Links, PIPL, Skopenow, Domaintools, and many others, Leonida Reitano also teaches 'manual' tricks that fill the gaps of automated OSINT platforms. Dario Beniamini mentions TOR Browser, Web Browsers with dedicated extensions, python scripts, and VMs among the tools he teaches FOCA students.
OSINT experts carry out extensive educational and organizational work. Leonida Reitano, for example, spoke at several international cybersecurity conferences on the topic of OSINT and conducting safe, efficient, and effective online investigations. His book, "Esplorare Internet," has been a top seller in Italy and has been used as a handbook by several public and private organizations.
What types of OSINT investigations are in great demand?
Bruno Mortier notes the demand for investigations relating to financial crime, vendor due diligence, integrity due to diligence investigations in the framework of mergers and acquisitions, and value recovery. Furthermore, studies to complement Anti-Money Laundering efforts, for instance, to investigate in-depth entities that Artificial Intelligence Systems have flagged as suspicious. Currently, vendor diligence peaks because, since COVID-19, one can end up with no product, a defective product, or a fake product from a new or existing vendor, as Bruno Mortier emphasizes.
Leonida Reitano has noted a severe increase in investigations related to social networks. Dario Beniamini considers IP thefts, counterfeit investigations, anti-fraud, and tailored OSINT investigation as the most popular.
The critical questions of the investigations are very often the same, as Jörn Weber is confident. Who is this person behind an alias, email, website, profile, etc.? What are the links/connections of this person? Are these persons linked? The same question relates to companies: who are they, who is behind them, how are they connected? And no, the problems do not change, Jörn Weber says: "Only the way to get the info changes daily."
The variability of the environment in which investigations are conducted is one of the fundamental difficulties. You can master the methods of access and analysis that are possible 'today,' but 'tomorrow' the situation can change dramatically, and what you just learned cannot be done already. But something else will appear, another way to solve the problem and find what you want. Professional trainers continuously monitor these changes, explore new products and new features of old packages. "Many of my students are experienced investigators and want to upgrade their knowledge, learn new workflows," says Jörn Weber. The courses' content can be modified to meet the needs of a group of students or an order from a company.
The trickiest part of a course
Trainers deal with people of different backgrounds and levels of expertise. The hardest part is language and IT skills, says Dario Beniamini: "Explaining how to install a web browser and desire to be an OSINT expert requires a commitment from the student and a lot of patience from the teacher."
Another problem is that there are a lot of software products. 'To keep up with all the info I 'unload' - that is tricky. My objective is to make it as easy as possible for them to use the tools. I provide them with many checklists in case they need to remember it... instead of a 350 pages manual they never read," notes Jörn Weber. For Leonida Reitano's students, the most difficult thing is to solve problems. "I ask my students to solve several OSINT challenges during my course, and some of them are quite hard. Not everybody can solve it."
Most likely, the most challenging thing is to think things over first calmly. "Not to rush in and start searching, but spend time understanding the stakeholders, formulating goals, and drafting a collection plan. Equally important is to have the eyes on the prize, namely a finished OSINT product, which is actionable intelligence. Information as such has no value; that's just data. Every piece of information that provides an advantage or enables a decision is intelligence", as Bruno Mortier underlines.
The future of OSINT investigations
The OSINT world is changing before our eyes, and now it makes sense to study what will be in demand in the future. "No structure, no success," says Jörn Weber and explains: "People will see more and more challenges in an overflow on tools, possible solutions and suddenly restricted solutions. This means there is a great future for well trained and smart investigators that now (...) their playground."
More online and standardized services for essential investigation and more tailored and skilled research for specific and detailed inquiries, as Dario Beniamini predicts the future of OSINT.
As OSINT gets more automated, the ability to filter relevant information from the deluge of data will remain a very highly demanded skill, Bruno Mortier thinks. He notes other trends as well: "I also see that people start to question the private information they make available. Governments, especially the military, try to minimize the availability of OSINT information. OSINT will evolve but remain a critical part of investigations. Fraud and financial crime will always be around. A key development is that crowdsourcing has become a valuable and reliable technique. What excites me most is that the OSINT community continues to grow, share knowledge and work in unison," he underlines.
The broader and more profound the internet and social networks penetrate people's lives, the more OSINT's role becomes crucial. Studying OSINT technologies, strategies and practices provide an advantage in many professions, and the faster you get this advantage, the greater your gain will be.