A year ago, Jester (th3j35t3r) discussed his 'warbag' of OSINT tools used for data 'collection and collation,' and mentioned products such as Maltego, Creepy and Spokeo. Now, writing in yesterday's Police Oracle in the UK, former policeman and now private investigator Neil Smith gave his own tips and tricks for OSINT. "Police officers and staff often think I want access to police systems to find out information on people but I do not.
"The Police National Computer (PNC) would give me conviction details but most convictions are reported in the press, so searching a few key resources properly often recovers this type of data."
For almost all other requirements there seems to be an OSINT product that not merely provides the necessary information, but keeps him on the legal side of the Data Protection Act. He mentions TraceIQ & GB Accelerator, similar products that are "so much more than just paid for electoral roll sites and unlike some of the Credit References Agencies - you do not need a Consumer Credit Licence or a Data Protection Licence to access their data as it is all opted in."
It is possible, however, that not everybody included in these databases realizes that at some point, by omission or commission, they did that: "They have something like 12 million mobile numbers and 15 million landlines, including ex-directories." And, he adds, if you search for a mobile phone, it will also say if the phone is on, which mobile phone provider it’s registered through and which country in the world the phone is currently in."
The reality is that there are now so many databases containing so much information about everybody that all that is needed is access to the database and deep mining software. Consider social networks. Security professionals have been warning for years that most people are too free with their personal information; and police forces and marketing companies have looked eagerly at the amount of data contained.
Back in April this year, the UK think tank Demos published a report on what it termed SOCMINT – social media intelligence. “‘Listening’ to social media using powerful ‘big data’ acquisition and analytics tools can help the police spot emerging events, piece together networks and groups, discern public attitudes and improve situational awareness,” it suggests. But it adds that large-scale automated open SOCMINT analysis “might not command public confidence”, and should therefore be conducted “according to good ethical and professional research standards.”
Demos recommended that the police establish a central hub for SOCMINT. That may no longer be necessary given the rise of BlueJay from BrightPlanet, a Twitter mining tool that gets its power from access to the full Twitter firehose (ie, everything in real-time). BlueJay is advertised as 'invisible and covert,' capturing tweets 'from the entire Twitter firehose.' It enables the police to "Monitor large public events, social unrest, gang communications, and criminally predicated individuals," and requires only the internet and a browser. In other words, although for Twitter only, it provides a decentralized SOCMINT capability.
Commenting on BlueJay on Sunday, ArsTechnica concluded, "Used well, such tools should make police departments more aware of both local problems and complaints about their own work. Used less than well, it can be a bit creepy, sort of on par with having a kid's uncle listen outside her bedroom during a slumber party. And used badly, it can make a nice tool for keeping an eye on critics/dissenters."
But whether OSINT is used well or badly, by good guys or bad guys, it is here to stay.