Open-source intelligence is insight gleaned from publicly available and commercially available information (PAI/CAI). OSINT solutions are now gaining widespread acceptance among Federal investigative agencies. In fact, the 2021 Intelligence Authorization Act requested that the Director of National Intelligence assess the intelligence community’s plans and strategies for OSINT use.[1]
To comply with this request, many Federal agencies now strive to collect PAI and CAI. But collection itself is insufficient. PAI and CAI aren’t intelligence. They’re datasets. Turning PAI and CAI into intelligence requires technology that processes and analyzes vast amounts of data for true insight.
Here’s a look at the value of OSINT tools for a sampling of Federal investigations.
The investigative landscape
Do you want to know which Federal agencies investigate people, businesses, and situations? Federal investigations are undertaken by a huge number of professionals working at a broad array of agencies. There’s the Secret Service scrutinizing threats against the President, FEMA determining where to deploy resources after a hurricane, and every law enforcement and counterterrorism organization in between. These include the Department of Homeland Security, the Department of Defense, the Drug Enforcement Agency (DEA), the FBI, CIA, U.S. Customs and Border Protection, the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), and the U.S. Marshals Service.
Across the board, the near-real time situational awareness, threat awareness, and targeted investigative capabilities provided by OSINT solutions help Federal investigators disrupt criminal activities, apprehend offenders, and protect the public.
What is PAI/CAI?
PAI and CAI are information sets accessible by the public, either for free or for purchase. The amount of PAI and CAI available for study is almost unimaginably vast. Here’s a sampling of what it includes:
- Articles, images, and videos appearing on both established news sites and blog sites
- Social media posts
- Consumer information
- Crime and court records
- Satellite imagery
- Web-cam feeds and traffic-cam imagery
- Top-web and dark-web sites and chat rooms
- Top-web and dark-web marketplaces
- Business incorporation information
- Vehicle records
Improving situational awareness for counterterrorism and other investigations
In many instances, investigators and analysts begin their work by enhancing their understanding of a situation. Consider troubled conditions in the Mideast as an example.
Hezbollah is a Lebanese Shi'ite Muslim organization, unfriendly to Israel, with close religious and strategic ties to Iran. The U.S. State Department has designated Hezbollah a terrorist organization.[2] The Israel-Hamas war has led Hezbollah and Israel to engage in strikes and counterstrikes.
Understanding this, DoD and intelligence investigators trying to predict likely future events in the Mideast may choose to start by studying recent events. They can begin with a document-based keyword search — using terms such as “Hezbollah,” “Nasrallah” (the last name of Hezbollah’s secretary-general), and “Israel.” Hundreds of thousands of documents posted over the last 30 days may be returned by open-source intelligence tools, from sites ranging from X (formerly Twitter) and Facebook to MSN and manartv.com — a Hezbollah-linked Arabic satellite station.
Flooded by results, investigators may choose to limit what’s returned by data source, author, or other parameters.
For example, if analysts want a deeper, objective dive into Hezbollah’s role in the Mideast, they may decide to filter returns by mainstream news sources. From there, analysts will learn that news sites have reported Hezbollah and Hamas meeting to discuss “intensified” action against Israel as part of the ongoing Israel-Hamas war.[3] Counterterrorism professionals may also learn more about Hezbollah’s relationship with anti-Israeli forces, particularly the Houthi movement in Yemen.
Conversely, if investigators want insight into what Hezbollah members themselves think, they may choose to search social media posts for keywords aligning with that organization.
Counterterrorism is one use case for situational awareness. This capability is valuable to an array of investigative agencies. Here are a few scenarios.
- Striving to curb illegal immigration, an Immigration and Customs Enforcement officer can use these search techniques to better understand the gang violence in countries such as El Salvador, Honduras, and Guatemala that now propels many to migrate to the United States.[4]
- DEA officials can use OSINT situational awareness capabilities to learn more about the conditions in China, Mexico, and other countries that engender the manufacture of illegal drugs and drug precursors that are fueling the United States’ fentanyl epidemic.[5]
- The rise in organized retail theft, particularly theft that targets retailers’ claims and appeasement policies, now costs stores between $21 billion and $35 billion annually.[6] FBI agents charged with investigating this type of crime may choose to start their work by learning more about which retailers are most vulnerable, which criminal organizations are most active, and where in the country organized retail theft is most prevalent.
Spotting red-flag keywords to curb crime
A Customs and Border Protection agent wants to catch human traffickers transporting victims to the United States. She knows that traffickers often lure victims through deceptive advertising. Online, traffickers target people living in underdeveloped regions with ads for suspiciously well-paying jobs, often in other countries.
These ads appear on surface web social media sites, message boards, and in online comments. Traffickers also communicate on similar but harder-to-reach deep web forums, discussion groups, and marketplaces.
Of course, no ad reads “Human trafficker seeks victims.” So how do investigators separate legitimate recruitment efforts from potential trafficking attempts? Increasingly, they use OSINT solutions to search for words known to be associated with fake recruitment ads. The promise of “daily payments” for example, is often used by traffickers to lure job seekers. Daily payouts run counter to typical business practices, but the promise of fast pay may tempt people living in poverty.[7]
In their quest to curb human trafficking, investigators may also choose to examine the businesses that enslave trafficking victims. These businesses also advertise. OSINT solutions can spot the use of overly sexualized language in ads for “day spas” or “massage therapy” businesses that indicate that the institution acts as a front for a prostitution ring that ensnares female trafficking victims.
Similar investigations can be undertaken in a variety of scenarios. Here are a few of them.
- Illicit international trade is now estimated to cost legitimate businesses trillions annually.[8] Legitimate corporations are harmed when knockoffs flood the market. The rise in black-market trade also deprives governments of tax revenue; supports the exploitation of children and other vulnerable people employed to manufacture illicit goods; and endangers buyers who purchase defective products. To combat illicit trade, investigators may search for phrases such as “discount gift cards” which may indicate someone is trying to unload cards that have been stolen.
- Weapons trafficking brings military-grade firearms, explosive, landmines, grenades, and other weapons into the United States. ATF agents can find traffickers using advertising keywords known to be associated with arms dealing. “Big fireworks,” and “high yield” for example, may be used by individuals or organizations trafficking bombs.
Uncovering terrorist chatter
Terrorist and other criminals communicate on mainstream social media sites, such as Telegram. Hamas used the popular messaging app as one of its primary communications platforms. Some Hamas-dedicated channels had hundreds of thousands of users and contained calls to action for Hamas members.[9]
More often, terrorists choose to communicate via harder-to-reach message boards, forums, and marketplaces on the dark web. Because the nature of tools used to access the dark web ensure anonymity, these sites are a hotbed of illegal activity. Still, they are accessible via the right OSINT solutions. Counterterrorism professionals can use OSINT tool capabilities — including AI, natural language processing, and semantic understanding — to monitor dark web sites, uncovering terrorist chatter and detecting early signs of terrorist threats. Investigators may also be able to access videos or other media that contain geolocation information in their metadata, providing insight into a group’s physical location.
Similar capabilities can be used to find chatter among:
- Organized retail theft ring members seeking to offload stolen goods
- Arms dealers trying to sell weapons
- Drug dealers
- Human traffickers
- Purveyors of counterfeit goods
Connecting online identities to real people
Finding a potential criminal online is one thing. Tying an online identity to an actual person is another. Here too, OSINT solutions can help.
A DEA agent concerned with the sale of methamphetamine may start his investigation by searching social media for red-flag keywords. These may include “ice,” “cotton candy,” or “rocket fuel.”[10] On X, he finds someone with the screen name BestPurity1990 using these key words in his posts.
Interested in this social media user, the analyst accesses his X profile. There, he finds that the poster lists Cleveland as his hometown. Under “likes,” he lists “Cranking with my boys at Big Mel’s.” With a quick search, the analyst learns that Big Mel’s is a biker bar in Cleveland. The analyst then searches Facebook, Instagram, and other social media sites for the name “Big Mel’s.” The search returns a lot of posts — Big Mel’s is a popular hangout. Narrowing the search with the words “cranking,” and “tweaking,” they find a handful of photographs tagging different social media users. One, John Smith of Cleveland, lists his email address as BestPurity1990@AmericasISP.com.
From the social media user’s profiles, the analyst learns that this John Smith is a white male in his mid-30s. He lists his occupation as “Sales rep at the best online pharmacy. Discreet, guaranteed shipping.” These are known code words used in drug sales. “Discreet shipping” is code for shipping methods that evade prying governmental eyes. And many illegal drugs are sold through “online pharmacies.” This information, combined with the “purity” brag in Smith’s screen name, indicates to the analyst that Smith may be a meth dealer. The DEA agent decides to investigate John Smith more closely.
Knowing that Smith uses the same screen name for a variety of accounts, he decides to search some dark web marketplaces for “BestPurity1990.” On one of them, the agent finds someone using that screen name communicating with a poster who advertises bulk sales of acetone and pseudoephedrine. Both are methamphetamine precursors. The analyst determines that John Smith is likely a meth dealer and takes appropriate next steps.
Similar searches can be undertaken in a variety of scenarios, including among investigators seeking to:
- Stem the flow of counterfeit goods into the United States
- Limit arms trafficking
- Reduce human trafficking
- Curb organized theft rings
Improve public health and welfare with social media monitoring
Agents from FEMA, the CDC, and other organizations can use OSINT solutions to track the course of epidemics, better deploy relief in times of disaster, and otherwise improve public health and welfare.
Social media monitoring capabilities help FEMA officials better understand natural disasters, such as flash floods, hurricanes, and wildfires. People often post about these events before calling emergency services. The best OSINT solutions monitor social media in near-real time. Analysts can quickly learn of these disasters, determine where need is greatest, and respond accordingly. Social media monitoring can merge with searches of data from the National Weather Service, the National Oceanic and Atmospheric Administration, and other organizations to deepen analysts’ understanding of the event.
Additional use cases include public health. Investigators can use social media monitoring capabilities to chart the rise of epidemics and pandemics. Monitoring social media platforms can unveil early indicators of a potential outbreak — especially when OSINT solutions collate illness-related hashtags and keywords.
Piercing criminal networks
Criminals — from terrorist cells to organized theft rings — often work in tandem. Piercing criminal networks is therefore an important component of many investigations.
OSINT solutions can help map relationships among criminals. They can chart key connections among people, locations, and events. To do so, they examine hundreds or thousands of associations within a specific social network or discussion group, uncovering previously unknown or hidden relationships, and identifying those participants who wield the most influence. Once influencers are identified, OSINT solutions empower users to delve deeper into those influencers’ online profiles, activities, and associates.
A valuable but underutilized tool
With the value of an OSINT framework so clear, why haven’t OSINT solutions been fully embraced as investigative tools by all Federal agencies? There are a few reasons.
First, obtaining OSINT virtually always requires specialized solutions. The amount of PAI and CAI available for research is unimaginably vast, arising from a massive array of diverse and diffuse sources. It is impossible for investigators to make sense of it all relying solely on manual techniques, or on a patchwork of OSINT tools. Instead, investigators need purpose-built OSINT solutions. Obtaining approval for the purchase and deployment of these solutions is subject to budgets and approval from a variety of bureaucracies.
Second, some investigative agencies ponder how to balance competing needs: their need to improve investigative capabilities versus Americans’ Fourth Amendment right to protection against unreasonable searches. Improved investigative capabilities may count for more in the case of dismantling terror plots. But not all scenarios are so clear cut.
The need for agency privacy while conducting OSINT research is a third concern. Most browsers are built to retain digital fingerprints of websites visited. Many investigative agencies consider this a security risk. Analysts need tools to obfuscate their identity — to keep other parties from tracking their online activities and whereabouts.
Why Babel Street?
Babel Street Insights is an OSINT solution providing persistent searches of a vast array of PAI and CAI sources. These include more than a billion top-level domains, along with real-world interactions generated on chats, social media posts, online comments, and message boards. Insights understands more than 200 languages (including Arabic, Chinese, Russian, and other languages rendered in non-Latin scripts), and translates information found into the user’s language of choice.
These capabilities help federal investigators:
Detect chatter and activity indicative of terrorism, trafficking, and other crimes
Babel Street Insights continuously monitors social media sites and the dark web for signs of terrorists, traffickers, manufacturers of counterfeit goods, and other criminals at work. It rapidly detects evidence of criminal activity appearing in written materials, videos, chat communities, and technical forums – even when this information is presented in coded language, regional dialects, and slang.
These same capabilities can scan surface web social media sites for the type of insight needed to support the public in times of disaster: for posts indicating severe flooding, for example, or for posts that may indicate someone planning a mass shooting.
Analyze crime networks
Babel Street technology can also help pierce criminal and terrorist networks. Babel Street Insights Synthesis maps relationships among social media users. Synthesis charts key connections among people, locations, and events. Visualizations of these relationships are also provided.
Dismantle criminal plots
Babel Street Insights can also empower analysts to find and dismantle criminal plots. Babel Street Insights’ search capabilities help analysts infiltrate dark web forums, chatrooms, and other sites where criminals gather. There, they can uncover coalescing threats — pinpointing, for example, terrorists discussing potential targets, weapons sourcing, or maneuvers. They can find human trafficking rings discussing the transport of victims or arms dealers talking about the delivery of weapons. Using this insight, investigators can counter or halt these activities.
Safeguard anonymity
Searches conducted via Babel Street Insights do not occur directly from investigators’ computers, but from within the Babel Street application. Insights returns entire documents to the Babel Street app. This empowers users to read information without ever visiting the source site, helping to safeguard user anonymity and prevent tracking. A second product, Babel Street Secure Access, is a managed-attribution solution that uses a virtual environment to completely shield users and their searches.
How will you use Babel Street Insights?
Let’s talk about how your organization can benefit from AI-powered data to mitigate risk and maximize your efficiency and decision-making.
Endnotes
1. United States Congress, “H.R. 133 – Consolidated Appropriations Act, 2021,” accessed September 2024, https://www.congress.gov/bill/116th-congress/house-bill/133/text/enr
2. National Counterterrorism Center, “Lebanese Hizballah,” September 2022, https://www.dni.gov/nctc/ftos/lebanese_hizballah_fto.html#:~:text=The%20US%20State%20Department%20designated,entirety%E2%80%94as%20a%20terrorist%20group.
3. Times of Israel, “Terror chiefs Nasrallah, Haniyeh meet in Beirut, vow ‘intensified’ anti-Israel action,” April 2023, https://www.timesofisrael.com/terror-chiefs-nasrallah-haniyeh-meet-in-beirut-to-discuss-cooperation-amid-violence/
4. Bermeo, Sarah, “Violence drives immigration from Central America,” The Brookings Institution, June 26 2018, https://www.brookings.edu/articles/violence-drives-immigration-from-central-america/
5. CDC, “US Overdose Death Decrease in 2023, First Time Since 2018,” May 2024, https://www.cdc.gov/nchs/pressroom/nchs_press_releases/2024/20240515.htm
6. National Retail Federation and Appriss Retail, “2023 Consumer Returns in the Retail Industry,” December 2023, https://nrf.com/research/2023-consumer-returns-retail-industry
7. Argrigento, Lauren Ann, and Taylor, William Paul Jr., “Stuck in Traffick, A Contextual Analysis of Human Trafficking Advertisements,” accessed September 2024, https://www.acf.hhs.gov/sites/default/files/documents/otip/public_comment_from_researchers_from_louisiana_state_university_0.pdf
8. Global Initiative Against Transnational Organized Crime, “The Global Illicit Economy: Trajectories of Transnational Organized Crime,” March 2021, https://globalinitiative.net/wp-content/uploads/2021/03/The-Global-Illicit-Economy-GITOC-Low.pdf
9. Allyn, Bobby, “The Telegram app has been a key platform for Hamas. Now it's being restricted there,” NPR, October 2023, https://www.npr.org/2023/10/31/1208800238/the-telegram-app-has-been-a-key-platform-for-hamas-now-its-being-restricted-ther#:~:text=Now%20it's%20being%20restricted%20there,-October%2031%2C%202023&text=Matt%20Slocum%2FAP-,Telegram%20has%20removed%20popular%20Hamas%2Dlinked%20accounts%20from%20the%20messaging,to%20take%20down%20the%20channels.
10. American Addiction Centers, “Meth Street Names, Nicknames and Slang Terms,” accessed September 2024, https://americanaddictioncenters.org/blog/meth-slang-terms
Disclaimer:
All names, companies, and incidents portrayed in this document are fictitious. No identification with actual persons (living or deceased), places, companies, and products are intended or should be inferred.
