Many companies are beginning to figure out how OSINT can benefit them which means lots of opportunities for newcomers.
What was your OSINT highlight of 2021?
When it comes to OSINT, I will always remember 2021 as the year of the US Capitol riot, and the role OSINT played in the aftermath.(Please curb your political enthusiasm here for just a moment) Following the incident in Washington DC on January 6th, the FBI launched an unprecedented effort to crowd-source support for identifying those involved, and web sleuths from every corner of the earth got right to work.
As information poured in, and charging papers were obtained by the media, OSINT became front page news worldwide. Images, videos, social media content, online forum posts, even dating app location data was shared with and leveraged by Law Enforcement to help solidify the probable cause necessary to charge individuals for their actions.
In my mind, this is a testament not only to how much the overall understanding of OSINT has grown to this point, but more importantly, it shines an even brighter spotlight on the value of open source information in criminal investigations.
What emerging (good or bad) trends did you notice over the past year?
The other side of the double-edged OSINT popularity sword in this case is mis-identification (and in worse cases, doxing). With just a simple Google search, one can easily read dozens of stories of lives unfairly destroyed when individuals misuse the tremendous power of OSINT.
Included in these stories is the mistaken identification of a retired firefighter from Chicago as someone believed to have participated in the January 6th attack. A man who, after spending his entire career helping save the lives of so many strangers, received death threats in his home and harassment of all types, simply due to his unfortunate resemblance to one suspect wearing a CFD branded stocking hat. (CFD in this case stood for Chester Fire Department by the way, not Chicago) Even well-intentioned OSINT researchers can provide the spark for this type of catastrophe, when they aren’t aware of or don’t follow basic ethical and procedural guidelines.
Any favorite tool or technique that you tried in 2021?
I’d be hard pressed to find a tool I’ve used more in 2021 than the Epieos email tool, hats off to Sylvain Hajri for developing this web-based tool inspired by Sector035’s research into Google IDs.
Nowadays, the chances of someone not having a Google account seem so much lower than the chances they do, so I’m constantly running every email address I’m researching through this tool.
It has paid off for me time and time again when looking for new leads and pivot points during my investigations. Combining it with @palenath’s Holehe tool in one UI makes it even more powerful and necessary when it comes to email research.
I owe everyone mentioned in this answer a beer, probably more than one!
How do you see the OSINT landscape changing in 2022?
Digital privacy has become a mainstream topic at this point in history. It’s no secret that big data is big money, and when it comes to everything from that picture you posted of the steak you grilled for dinner, to the IoT connected meat thermometer you stuck in it to make sure it was a perfect medium rare… you’re providing data to some type of big brother that’s being harvested, packaged, and sold.
As society demands more privacy and better visibility to these practices, companies respond by tightening down in ways that can make gathering open source information even harder.
If you’re conducting social media research on a platform that defaults to profiles being public for example, but suddenly places them behind a log-in wall, your approach to research has to change. Collection tools suffer and break at those moments of change as well, so if you’re a tool-reliant researcher, this can be devastating.
I can definitely see more and more of these kinds of adjustments being made by apps, platforms, and services in the upcoming year. Some adjustments will be genuinely geared towards privacy protection, while others will simply be for the optics.
Do you have a blog / Twitter account / Company that you’d like to share with the community?
I proudly write the worst OSINT blog on the internet, filled with at least 40% memes & obscure pop culture nonsense at www.hatless1der.com! I’m kidding of course, it’s really more like 50% nonsense.
I try to write about OSINT-y things in a way that people might find entertaining and understandable, because the blog is more of a creative outlet for me than anything else.
You can find me on Twitter @hatless1der where I mostly stick to OSINT, cyber, digital research, geolocation, and things of that nature.
I also maintain a start.me page that’s pretty popular with the OSINT crowd, feel free to check that out at https://start.me/p/DPYPMz/the-ultimate-osint-collection.
Finally, and most importantly, I am the Deputy Director of Investigations for The National Child Protection Task Force, a volunteer group of international Law Enforcement and investigative professionals who work tirelessly on cases of missing, exploited, and trafficked children. Some incredible people doing incredible work! I sleep about 15 minutes a week.
Anything else you’d like to add about The State of OSINT?
The OSINT community is something truly remarkable. Folks sharing decades of their knowledge and experience freely, people supporting and lifting each other up, and complete strangers working together to do incredible things.
Nothing says more about the state of OSINT in my mind than the state of the people who live it day in and day out. If that’s you, I hope we cross paths.
Good people doing great things for selfless reasons is the kind of community I’m proud to be a part of, and I hope you feel the same! Never doubt that you have something to offer, especially if your heart is in the right place!