So, You Want to Do That OSINT Thing

Is Three Better Than Two – Or Do You Know I Was On a Podcast?

Hierarchies of Data; Dun & Bradstreet; A Guy

Accurate, Authoritative, Legitimate

Years ago, I did some coursework in Grenoble, France. About the only thing I remember from it was that French students are taught to divide everything in two. From math to fine arts, the answer always came from breaking the problem into two parts. I must have internalized this lesson well.

I recently had the honor of being interviewed by Kelly Paxton for her Fraudish podcast. She managed to get a lot into a succinct interview. I never felt rushed, or that I could not say what I wanted. When I listened to the interview, a couple of other things stood out to me. First, I have more of a Chicago accent than I thought I did. I’ve been spending a lot of time in New York of late, and perhaps that is drawing out my Chicago-ese? Second – and it’s funny that I got two here – because if anything else struck me from the interview, it was me breaking everything in half as if I were back in Grenoble.

In my Fraudish interview, I was Mr. Two-Parts. Two reasons I went to law school; my two pet peeves that fueled my article on global database reports; In my work, I provide vital information that is either enough, or it allows you to decide whether you need more information; my secret sauce was that I can be replicated, but do you want to do what I do, and finally on international research, there was more data and less data. Did this tick get annoying Kelly?  It may be natural to divide our world in two, yin and yang, stop and go, but there’s also a school of thought that says we collect by three’s.

Three blind mice; Larry, Moe, and Curly. At various times I’ve tried to follow this “agile” productivity methodology that follows the rule of three: three wins a day, three wins a week, etc. It was because I used so many twos on the podcast that my mind drifted to threes. I read about data hierarchies and Dun & Bradstreet and making legal claims from a screen shot of a Discord chat. It got me thinking about accurate vs. authoritative vs. legitimate. Or as I originally conceived this post: a meandering intro, then certain things I’ve come across, and leading to lessons for budding OSINT practitioners.

 

Information vs. Intelligence

The spark for this post came via ace investigator and colleague of mine, Steven Mason. His post. He wrote about data hierarchy—go read it, there’s some really good points. What makes the post even more valuable was that it drew in some disagreement. A commentator wrote, “I respectfully disagree with your take on OSINT. Data and intelligence are not synonymous, nor are credibility, authenticity, and value.” My initial thought was this is gobbledygook. What is data. What is intelligence. It is an interesting and confounding rabbit-hole.

I have given up and use the term OSINT these days. I willingly describe my work as OSINT although I do not like saying it that way. And it mostly comes from the ‘I’ in OSINT, intelligence. I understand open-sources or what I used to call, public records, but open-source, [pause], intelligence. When does it become intelligence?

Are we doing “intelligence.” It helps to know what intelligence is. The dictionary is both helpful and obtuse. Merriam Webster notes that intelligence is “the ability to learn or understand/ the ability to apply knowledge to manipulate one's environment” OR “information concerning an enemy or possible enemy or an area.” The Cambridge dictionary even better combines the two-for-one nature of the word: “the ability to learn, understand, and make judgments or have opinions that are based on reason” OR “secret information about the governments of other countries, especially enemy governments.” In the context of OSINT, the I is primarily standing for “the ability to learn, understand…,” but the “secret information” aspect is very much also in play. Thus, I get caught in knots while trying to provide guidance. Are we revealing or identifying or uncovering secrets as we peruse open-sources? I demur. I do think, however, that we can use open-sources to identify issues, situations, events, and facts that manage risk and react to unforeseen events. To do this, we must use open-sources wisely.

My Data is Better Than Yours

Steve Mason is an expert on public records and using them in legal environments. When he wrote about data hierarchies, he was referring to when a public record could be used in a legal environment, or more plainly, when could a public record be most relied on.  His point was just because you know something doesn’t mean you can run with it. You may learn about a criminal case via a newspaper article, but if you want to enter it in evidence, you had better get that court document. In this context the official record was the “best” record. Mason spoke to a hierarchy of believability – that what was reported could be true but what came with the court’s seal had to be true.  Your role in OSINT is to know which piece of data fits best.

A few days later, there was another post on LinkedIn. This one trashing Dun & Bradstreet, a/k/a “D&B” or Duns.  D&B is a very old company. Perhaps not as vital as before. We OSINTers live in a world where most companies have a website, and most individuals have LinkedIn profiles. These are open to just about anyone via a company’s “about us” section on its website, or a person’s history and credentials on their LinkedIn profile. D&B used to be nearly the only way to get this information. We used to cut and paste D&B information into memos and note it as “sources report.” I have a soft spot for Duns.

Can you take to the bank the sales number reported in Duns? I wouldn’t. But I would take, and still do take, a lot of other things from Duns. Like a company’s executives. Its address. Its phone number. I use that information as search parameters in other databases. What other online services list companies’ executives? What else is at that address. Who else answers that phone number. Those are the easy things. There’s more to use in Duns. Believe me, you can trust D&B.

Would you trust this:

A federal court motion puts forth a screenshot from a Discord chat, reported as “a compelling piece of evidence”. It features an individual using an alias claiming to have had a conversation with Citadel CEO Ken Griffin, where they discussed plans to short the UST stablecoin.

Griffin allegedly said, “They were going to Soros the f*** out of Luna UST” – a nod to the notorious trading strategies employed by George Soros, involving highly leveraged one-way bets.

According to the article I came across on this, it was put forth in a, “motion with the U.S. District Court for the Southern District of Florida, alleging that Citadel Securities launched a calculated and deliberate campaign to short-sell UST, resulting in its detachment from its dollar-pegged value.”

This is a double whammy of work for you OSINTers. For one thing, did someone really file this motion in a federal lawsuit—head to PACER to verify. For another thing, would YOU put this forth as compelling evidence?

Just When It’s Getting Fun

Like I said above, when I read the Steve Mason article and the related comments, I resolved to create a blog post with helpful tips. I find myself, instead, too long-winded, and needing to continue in a second post. The lesson for now is this: to get to intelligence, you need to assess three questions about the things you find:

·        Is it accurate

·        Is it authoritative

·        Is it legitimate

How do you do that?  Come back.

Robert Gardner