Steven Harris

🔗 Twitter | Blog

What was your OSINT highlight of 2020?

I think the way that OSINT continued to become more mainstream in 2020. For years it has been a very niche interest but more people and organizations across a huge number of sectors are starting to recognize the value of being able to create and use open-source intelligence.

I like the way in which breaking news events are increasingly accompanied by almost real-time verification and assessment of sources. The journalists and outlets who master these skills are becoming the most important and often leave traditional outlets far behind.

It isn’t all positive though. We have seen examples of where so-called “OSINT” can be used for misinformation. The attempt to show how Dominion Voting Systems were supposedly linked to China was one such example. Data can be easily misrepresented and used to mislead if it is not accompanied by sound analysis.

Gathering data is easy enough, but being able to critically evaluate it and turn it into useful, truthful, and actionable intelligence is still the most important skill for OSINT analysts to possess.

Any favorite tool or technique that you tried in 2020?

Spiderfoot HX remains my favorite tool for most OSINT work. It means a lot of the information gathering and discovery for a particular project is done very quickly. It means I have a lot more time to focus on analysis and reporting.

How do you see the OSINT landscape changing in 2021?

I think we will see an increased need for OSINT researchers to work with large volumes of raw data. The world is producing more data all the time and there are a lot of stories to be mined from it. Some data science skills will become more valuable for OSINT analysts.

I think that more organizations will start to realize the benefits of OSINT when assessing their security risk. High-profile ransomware attacks or supply chain compromises like SolarWinds are devastating but long before the attacks took place the bad guys will have been doing OSINT to find the weaknesses that they went on to exploit. Good OSINT analysis helps organizations to look in the mirror and see how they really appear to threat actors. It can be uncomfortable but it is better to be truthful from the outset.

Anything else you’d like to add about The State of OSINT?

Keep being curious!