Season 11 - Or So You Want to Be an Open Source Researcher

smallville2.jpg

Geolocate Shmeolocate

My wife loves movies. She treats the Oscars the way others might the Super Bowl, although she prepares much harder than most football fans would. I need to see less movies, so when I’m gonna see one, I try to do it on Tuesday’s, when it’s only $5 at our local theater. What’s playing, my wife asked yesterday. I went through the options. “Something called Zombieland Double Tap,” I said. It turns out, she explained to me, I had seen it. I mean that this was a sequel. Because nothing ever ends in Hollywood. We need to know what happens after happily ever after. Always. I watched ten seasons of Smallville, It ended in a two part finale with Clark finally launching into flights in his classic red cape. But for real diehards, the same people who needed Harry Potter and the Cursed Child, nothing ever ends (in fact it appears the Potter story is still not ending), there is always a Season 11. Would I end blogging after 10 posts in 10 days? No. We are on to Season 11.

You’re stuck with me. And I’m a bit feisty this morning. If it’s not open source this, open source that, that’s making me puke, it’s the very core of OSINT that drives me nuts, geolocation. In the real world of spies, from James Bond to James Clapper, there are various forms of intelligence, although what is meant is less intelligence and more information gathering. That is, there is HUMINT, information gathered from human sources; SIGINT, information gathered from satellites and other electronic devices, and that bugaboo, OSINT, information gathered from publicly available sources. It’s a real thing.

Not a shabby thing either. In the world of spies and military operatives, it has been revealed that “open sources”, a local newspaper or entry’s in Jane’s had better intelligence than the fancier and way more expensive sources. Which has boomeranged back to the private sector. With spies awash in OSINT, why not be a spy too. There are all sorts of books and courses on open sources. It seems there are a lot of people who want to be OSISNT experts. And if open source is means satellite maps social network diagrams, than screw basic research.

To be an open source expert, I have seen told often, one must geolocate. Listen, I’m not against geolocatng, and I understand fully when it can be of value. I understand the idea of tracking down sources or such by following social networks. What bothers me is two thing. First, the whole point of open source intelligence, well maybe not the whole point, but a huge point is that we’re using it because we do not have HUMINT or SIGINT. Sure, a good human source can answer a lot of questions, but we go to open sources often (mostly) when a human source will not be of use. For instance, we look at Jane’s to find out about military hardware because we cannot cold call the Pentagon. Your open source training is not helping if it keeps on taking you off the open source trail. The other thing that bothers me is that people tend to get way more hepped up by what may be possible to find vs what they will be finding. In other words, why get good at something you will barely use, like geolocation, when you should get good at something you will often use, like court records and company filings.

Here’s my prescription for how to get started in online investigations. Look at litigation records and go through SEC filings. In fact, in someways you can combine them, by looking at the litigation disclosures in a 10-K. Pick a case (let’s assume you’ve sighed up for a PACER account, which is pretty easy), something high profile and in the news, such as the criminal matter filed in Dmitry Firtash in the United States District Court for the Northern District of Illinois. Just look it up and go through the files. Figure out what happened and what will happen. What has been disclosed and what will be disclosed. How much information can you extract from the filings in this lawsuit. To be able to find lawsuits and then grab as much information as possible from those lawsuits will make you a great open source researcher.

Then find a company that sells stock to the public. Pick any company that you know or intrigues you. Go to their last filed 10-K report and maybe also their last proxy filing. This is not about financial analysis. You do no need to do any math, for instance by creating ratios. Nor is it about accounting. You do not need to understand if their revenue recognition makes sense or their reserves are being calculated properly. No, just look for background stuff, reputational stuff. They make it easy for you by including a whole section on risk factors. Other areas to look, the sections on internal controls, related party transactions, and the aforementioned litigation disclosures. What can you learn. I know in the real world of open source investigations, your target companies will seldom have SEC filings. Still, if you do understand how to read the files you will be ready when they do, but what you will really be ready for is any company, because all those risk factors and internal controls and litigation and related party transactions, they will be the same things you will be looking at whether they make it easy or not.

I challenged myself to write ten posts in ten days. Once that ended, I could have wrapped up the blog for a bit. I thought some of you might be interested, though, in Season 11. In this sequel you get my advice on two things to do if you want to become an ace open source researcher.

Robert Gardner