A Guide To Open Source Intelligence (OSINT)

The term open-source intelligence (OSINT) can conjure up images of spies in the imagination of those not familiar with the discipline, intelligence gathering is after all traditionally the domain of spies, but the good news is that you don’t have to be a spy to properly leverage OSINT or learn how to gather it effectively. OSINT allows you to see further and this can have huge benefits for your business, it can help protect you from threats, inform you on your competitor’s strategy and help you properly understand partners and people before you invest in them, ultimately OSINT gathering is an investigative tool essential to lawyers, detectives, law enforcement and anyone else who has a need to gather intelligence on and investigate a subject. This article, part one in my series on OSINT, will explain what OSINT really is and how you can leverage OSINT to your advantage in your professional life, because we can all benefit from seeing further and knowing something is better than assuming something.


Over time the internet has made the world into a very small place, unleashing the internet to billions of people worldwide to communicate and exchange digital data has shifted the entire world into the ‘information age’. In the information age, open-source intelligence (OSINT) refers to all of the publicly available information that you can see and lots you cannot see, despite it being publicly available. OSINT has more than likely been used for hundreds of years to describe the act of gathering intelligence through publicly available resources. OSINT was introduced during World War II as an intelligence-gathering tool by nation-state security agencies, but more recently and with the explosive growth of the internet communications and the huge volume of digital data produced by the public worldwide, OSINT gathering has become a necessity for different kinds of organisations. For instance, government departments, non-governmental organisation, (NGO) organisations, and business corporations are starting to rely to a large extent on OSINT in addition to private and classified information. OSINT sources are distinguished from other forms of intelligence because they must be legally accessible by the public without breaching any copyright or privacy laws. This distinction makes the ability to gather OSINT sources applicable to more than just security services.

The Different Types Of OSINT

OSINT includes all publicly accessible sources of information and this information can be found either online or offline, in the airwaves and on paper. You can gather OSINT from: The Internet, including forums, blogs, social networking sites, video-sharing sites like, wikis, Whois records of registered domain names, metadata and digital files, dark web resources, geolocation data, IP addresses, people search engines, and anything that can be found online. Traditional mass media, including television, radio, newspapers, books, magazines, specialised journals, academic publications, dissertations, conference proceedings, company profiles, annual reports, company news, employee profiles, and résumés. Metadata in photos and videos and geospatial information from maps and commercial imagery. OSINT can be gathered from almost anywhere and even the most unlikely of places can provide you with valuable intelligence on the subject of your investigation.

Types Of Specialist OSINT Organisations

A number of specialised organisations provide dedicated OSINT services, some of them are government based and others are private companies that offer their services to their customers, often government agencies and business corporations on a subscription basis. The following are the most publicly well-known OSINT gathering organisations:

Government Organisations - The Open Source Center (https://fas.org/irp/dni/osc/index.html) is one such organisation, one that is controlled and operated by U.S. government. BBC Monitoring (https://monitoring.bbc.co.uk/) is another, a department within the British Broadcasting Corporation (BBC) that monitors foreign media worldwide. They offer their services via subscription to interested parties such as commercial and official bodies.

Private Sector - Jane’s Information Group (https://www.janes.com/) is a British company founded in 1898 and a leading provider of OSINT that specialises in military, terrorism, state stability, serious and organised crime, proliferation and procurement intelligence, aerospace, and transportation subjects. The Economist Intelligence Unit (https://www.eiu.com/home.aspx) is the business intelligence, research, and analysis division of the British Economist Group. Oxford Analytica (http://www.oxan.com) is a relatively small OSINT firm compared with the previous two, it specialises in geopolitics and macroeconomics subjects.

Who Can Leverage OSINT?

OSINT can be hugely valuable to a number of different groups, am going to briefly list them and cover what motivates each one to gather open-source intelligence.

Government - Government bodies, especially military departments, are considered the largest consumers of OSINT. Governments need OSINT for different purposes such as national security, counterterrorism, cybertracking of terrorists, understanding domestic and foreign public views on different subjects, supplying policymakers with required information to influence their internal and external policy, and exploiting foreign media to get translations of different events.

International Organisations - Organisations like the UN use OSINT to support peacekeeping operations around the globe. Humanitarian organisations, like the International Red Cross, use OSINT to aid them in their relief efforts in a time of crisis or disaster. They use OSINT intelligence to protect their supply chain from terrorist groups by analysing social media sites and internet messaging sites to predict future terrorist actions.

Law Enforcement - The police use OSINT to protect citizens from abuse, sexual violence, identity theft, and other crimes, typically by monitoring social media channels for interesting keywords and pictures in order to help prevent crimes before they escalate.

Businesses - Information is power and businesses use OSINT to investigate new markets, monitor their competitors’ activities, plan marketing activities and predict anything that can affect their operations and threaten their future growth. Businesses also use OSINT intelligence for other nonfinancial purposes, typically to fight against data leakage because knowing that the business is exposing confidential information and the security vulnerabilities of their networks before the bad guys do is priceless. Businesses also use OSINT to create their threat intelligence strategies through analysing OSINT sources from both outside and inside the organisation and then combining this information with other information to accomplish an effective cyber-risk management policy that helps them to protect their financial interests, reputation, and customer base.

Cybersecurity and Cybercrime Groups - OSINT is used extensively by hackers and penetration testers to gather intelligence about a specific target online. It is also considered a valuable tool to assist in conducting social engineering attacks. The first phase of any penetration testing methodology begins with reconnaissance (in other words, with OSINT).

The Privacy Conscious - These are ordinary people who might want to check how outsiders can break into their computing devices and what their internet service provider may know about them. They may also want to know their online exposure level to close any security gap and delete any private data that may have been published inadvertently. OSINT is a great tool to see how your digital identity appears to the outside world, allowing you to maintain your privacy. Individuals can also use OSINT to combat identity theft.

Terrorist Groups - Terrorists use OSINT to plan attacks, collect information about targets before attacking them (for example using Google Maps to investigate locations), grooming fighters by analysing social media sites, acquire military information accidentally revealed by governments (like how to construct bombs), and spread their propaganda.

Different Kinds Of OSINT Gathering

OSINT gathering is done by using one of three primary methods, passive, semi-passive, and active. Using one rather than another is dependent on the scenario and the kind of intelligence that you are interested in.

Passive Collection - This is the most used type when collecting OSINT intelligence, by default most OSINT gathering methods should use passive collection because the main aim of OSINT gathering is to collect information about the target via publicly available resources.

Semi-passive - More technical in nature, this type of gathering sends internet traffic to target servers in order to acquire general information about them. This traffic should resemble typical internet traffic to avoid drawing any attention to your reconnaissance activities. In this way, you are not implementing in-depth investigation of the target’s online resources, but only investigating lightly without launching any alarm within the group you are investigating.

Active Collection - In this type, you interact directly with the system to gather intelligence about it, but The target can become aware of the reconnaissance process since the person/entity collecting information will use advanced techniques to harvest technical data about the target IT infrastructure such as accessing open ports, scanning vulnerabilities (unpatched Windows systems), scanning web server applications, and more. This traffic will look like suspicious behaviour and will more than likely leave traces on the target’s intrusion detection system (IDS) or intrusion prevention system (IPS).

How Can You Benefit From Using OSINT?

There are tangible benefits to gathering OSINT, it really does depend on your goals and the kind of intelligence that you want to gather. But here are the general benefits to most:

Less risky - Using publicly available information to collect intelligence has no risk compared to using humans on the ground to collect information, especially in hostile countries.

Cost effective - Collecting OSINT is less expensive to other intelligence sources, like human resources or spy satellites to collect intelligence which can become costly.

Ease of accessibility - OSINT is always available everywhere, no matter who you are.

Legal issues - OSINT can be shared between different parties without worrying about breaching any copyright license as these resources are already published publicly.

Helping in a financial investigation - OSINT allows specialized government agencies to detect tax evaders, monitoring a targets social media accounts, vacations, and lifestyle has a great value for a government inspector who may be chasing them for undeclared income.

Preventing online counterfeiting - OSINT can be used to find counterfeit products and direct police to close sites or send warnings to websites to stop dealing with them.

Maintaining political stability - OSINT helps governments to understand their people’s attitudes and to act promptly to avoid any future clashes with the general public.


In this article, I have tried to shine a light on the essence of OSINT, the different kinds of OSINT, those who use it and how it can be used in different contexts by different groups to gather intelligence. In my next series of articles, I will dig a little deeper into the subject and demonstrate how different OSINT techniques and tools that you can use to locate information online. By the end of this series, it is my goal that you, dear reader, will become competent enough to be a formidable OSINT investigator and learn how to leverage different tools to gather intelligence for your own organization, intelligence which can be leveraged effectively to support your goals.