30 December 2020

THE TACTICAL APPLICATION OF OPEN SOURCE INTELLIGENCE (OSINT)

By PTE E

In the rapidly evolving digital age, the organisations responsible for the defence and security of the western world face growing and ever changing threats. Our likely adversaries have mastered the use of social media and its wider platforms to advance their goals.[1] In contemporary warfare, actors carry out significant actions in the information domain. ISIL in Iraq and Syria used social media to recruit, target, finance and even orchestrate attacks with deadly effect. [2] In the Ukrainian conflict, Russian operatives took advantage of operational security breaches to exploit and target Ukrainian military personnel.[3] Our threat grows in size and sophistication across cyber space. This once linear threat has become more fluid, with the ability to move through physical barriers, across borders and influence any target with relative ease and little cost.

Opportunities

We live in a fast moving, highly connected, digitised world, where almost everyone has access to endless amounts of information accessible from anywhere as long as there is an internet connection. Smartphones are one the biggest contributors to data collection and dissemination on social media through the upload and sharing of images, video, opinions and personal content. 41% percent of the world’s population have access to smart phones[4], with a new generation of young people now reliant on technology more than ever there were more than 3.1 billion social media users recorded in 2018 able to log and update their lives instantaneously. In the Middle East eight in ten (79%) people check in to social media at least once per day and seven in ten (69%) use social media more frequently - checking in multiple times per day, sharing media and making public comments. [5]

We often share more publicly through social media than we would be comfortable sharing with a colleague in conversation. As the percentage of people using smartphones and social media increases so does the information base, potentially allowing immediate access to photographs, video or comments in areas of interest around the globe. Although the intent is benign, this now public information can be used for security and intelligence purposes. For example, an image posted publicly of a city street, provides a date stamped snapshot of road conditions, pattern of life, urban density, infrastructure, stakeholder activity, specific environmental factors and even insight into threat groups. This raw data can then be reviewed, analysed and distilled into intelligence products for use by the tactical commander.

Vulnerabilities

This paradigm presents challenges to maintaining operational security. A soldier can carelessly transmit sensitive operational information at the speed of light across the internet, inadvertently disclosing Essential Elements of Friendly Information (EEFI) endangering lives and affecting current and future mission success. This transfer often occurs third hand and unintentionally when a military member divulges sensitive information to loved ones. Once shared publicly on social media, the risk to friendly forces increase through threat group exploitation.

The use of social media in combat intelligence

Many collection methods previously only available to military or government agencies can now be employed by almost anyone through open access internet search engines. A single search focused on geographic coordinates combined with social media exploitation can now yield high definition imagery of major ground lines of communication and critical infrastructure across the globe. Social media analysis can provide insight into often complex and multi layered human terrain issues unique to any country, as well as the ability to research threat tactics, techniques and procedures through analysis of uploaded media and comments. Arthur Hulnick a former CIA officer, wrote on the importance of open sourced intelligence (OSINT); "Neither glamorous nor adventurous, open sources are nonetheless the basic building block for secret intelligence." Hulnick estimated that as much as 80% of the Intelligence Database is derived from OSINT sources and therefore it is applied in tandem with classified intelligence to become even more robust. [6]

The type of information available through open source exploitation not only opens borders, it provides actors; threat or other, the ability to research and gather information in the form of;
Traditional mass media (e.g. television, radio, newspapers, magazines)

Specialised journals, conference proceedings, and think tank studies
Photos
Geospatial information (e.g. maps and commercial imagery products)
Biographic information
Trends in analytics
Meta Data

In the tactical intelligence context, information derived from open source exploitation assists to fill intelligence gaps, and used correctly, allows for rapid acquisition and wider dissemination of operational product to our soldiers and allies with reduced classification. Using open source research techniques can provide more timely situational awareness to tactical commanders by watching an event unfold in real time. Additionally, information requirements can be satisfied with greater ease than deploying a collection asset or requesting inter-agency support. Analysts using open source exploitation techniques have access to an extensive amount of information at their fingertips, which can be fused with other collection product to fuel the intelligence cycle.

Government, military and law enforcement agencies have identified the importance of exploiting open source and in particular social media. These agencies do not often disseminate analysed social media product to tactical military elements. There is a requirement for combat intelligence operators to conduct social media exploitation as part of a wider collection plan.

At the Battle Group level, OSINT derived from social media can be a key input to the Intelligence Preparation of the Battle Space, to inform force protection and counter intelligence measures and to support threat warnings. Some of the ways information from social media can be used to support tactical commanders are:

Enhance the understanding of the threat and the operating environment
collect information about threat characteristics, terrain, weather and civil considerations
rapidly satisfy information requirements
support tracking of indicators and threat warnings as a situation develops
produce intelligence product to support the military appreciation process [7]

The following fictitious scenario demonstrates a possible tactical application of social media derived intelligence:

Scenario

1100H: A video of an improvised explosive device blast hitting a small security force convoy is uploaded to social media

1105H: Combat team elements nearby hear the blast but do not have eyes-on.

1110H: A Battle Group Intelligence Analyst identifies an increase in social media activity in the area and finds the video uploaded on a known insurgent account. Further analysis of the video in conjunction with mapping and imagery of the location, results in the rapid dissemination of an intelligence report and provides commanders in the area of operations an understanding of the nature of the incident, including number of vehicles involved, if civilians are present, number of casualties, size of the blast and further immediate threats.

1110H: Combat teams are quickly informed that the route is no longer passable after footage shows the road where the blast occurred is in canalising terrain and the wreckage may potentially channel friendly forces into an ambush.

1120H: The nearby combat team conducts a cordon and search and captures two suspected members of the threat group.

1130H Combat team send imagery of captured personnel through to the Battle Group HQ.

1130H Intelligence staff receive imagery, review social media and target files on known insurgents in the area.

1135H: Intelligence staff are able to confirm the identity of the captured personnel who are backloaded for further exploitation.

Two months later further exploitation of social media pertaining to the detainees allows for the successful conviction of the insurgents, and the continued targeting of larger cells in the area by other tactical elements.

Conclusion

Social media exploitation has proven to be a potent intelligence tool to support tactical action and to inform force protection. This type of exploitation provides insight into an area of operations without a boot on the ground and enables Intelligence Analysts to augment conventional collection methods with contextual information. The increase and reliance in technology means that a deliberate focus on social media exploitation may prove decisive and must be incorporated in the greater collection plan to ensure an edge over our adversaries.

No comments: