See how OSINT tools are used in corporate security.
What does OSINT stand for? Open-source intelligence (OSINT) is data collected from publicly available sources in an intelligence context. In the intelligence community, the term ‘open’ refers to overt, publicly available sources. Search and investigations through open data are applied in many areas where links between people, events, organizations, or facts need to be made.
Imagine practical intelligence in OSINT sources — Social media — without applying modern tools, since data volume is too immense to cover otherwise. Facebook users upload approximately 300 million photos each day and post about 510 million comments every 60 seconds.
More than 2 billion people use Facebook, Instagram, Messenger daily. Twitter users post approximately 500 million tweets per day — 200 billion tweets per year, while Instagram users create another 95 million posts per day. And according to the Pew Research Group, nearly 75% of the public maintains a presence on multiple social media sites, including Facebook, Twitter, Instagram, Snapchat, YouTube, Pinterest, and LinkedIn.
Examples of OSINT in different fields
The law enforcement OSINT community applies open-source intelligence to crime prediction, prevention, investigation, and prosecution, including terrorism. Search through social media and Darknet plays a significant role in their work, and so does connection analysis. With the sheer volume of content traffic transiting across the internet through social media platforms, law enforcement would be remiss to ignore social media accounts as a resource for discovering evidence potentially relevant to various criminal investigations.
Private corporate security services are also eager to apply OSINT tools. They conduct individual checks: their employees, top management, employees, executive officers, and contractors’ shareholders. 'Know Your Customer' (KYC) mode is on here. Is this an off-shore company or not? Who is the real owner? Hasn't it been into any dark business? Knowing this is crucial before the execution of any major deal.
To check affiliation of individuals or entities is the main goal, as expressed usually. Economic security services monitor internal deals for hidden interests. For instance, if a procurement manager enters into transactions with entities belonging to their family members. Transaction services department runs check-ups before each merger or acquisition: whether a firm acquired is run by criminals. Thus, significant companies endeavor to minimize reputational risks for the company as for the shareholders. Each serious firm usually has its list of reliable and non-advisable counter agents. In any case, management always has to know who stands behind this or that entity.
Interesting cases of application of OSINT in the insurance business have already come into our knowledge. They correlate to a company's data analysis as to business analytics. A vast federal company notices that payments for one particular insurance product have increased significantly in one separate region.
Affiliation checks through social media of the company's region branch employees have shown that one of the managers had been insuring their friends and family to register insured accidents and payments afterward. Such knowledge is still no evidence of the person's guilt, but it sure is a matter for an internal investigation.
HR departments employ OSINT for running check-ups of actual or possible employees of their companies. Do they post any harmful data on the company on their social media? Or maybe they disclose confidential information? Sometimes it happens not out of malice but accidentally.
Some public organizations perform constant monitoring of threats, including terrorist threats. For example, one Jewish studies organization from the USA uses Social Links for this exact purpose. They fear attacks or incidents during their events, so they perform such monitoring to prevent them.
A whole other group of goals is reached through OSINT: risk assessment, when information is collected to decide. Due diligence procedure can be performed by a bank or a consulting company when the main goal is to run a complex assessment of the asset value. In such cases, reputation, connections, and beneficiaries' financial position matter.
Such check-ups and affiliation search between employees and contractors have been performed as far as business goes. The matter is - how fast and how efficient, and how precise they may be. Internet, especially social media, gives us a massive volume of data for analysis, but collecting data by hand would be too tricky, too long, and too inefficient.
The main bonus of the OSINT tools is the possibility to find and check all the necessary information with software. For example, a Social Links product requires one hour to gather such an amount of data from open sources, which a skilled worker would collect by hand in a week.
With Social Links, you can mine data from 50+ socials, databases and use 700+ search methods empowered with Face Recognition and search by Geo-coordinates. You will get unique searches in 30+ DarkNet forums and marketplaces without authorization by Phrase, PGP Key, Alias.