Deep Dive

Foreword xix Preface xxi Introduction xxv Part I Foundational OSINT 1 Chapter 1 Open Source Intelligence 3 1.1 What Is OSINT? 3 1.2 A Brief History of OSINT 6 The Past 6 The Present 8 The Future 10 1.3 Critical Thinking 14 1.4 Mental Health 16 1.5 Personal Bias 17 1.6 Ethics 19 Chapter 2 The Intelligence Cycle 23 2.1 What Is the Intelligence Cycle? 23 2.2 Planning and Requirements Phase 24 2.3 Collection Phase 26 The Art of Pivoting 27 Overcoming OSINT Challenges 33 RESET Technique 33 Gap Analysis 34 Why We Have So Much Data 37 2.4 Documentation Methods 39 2.5 Processing and Evaluation Phase 44 Scoping 45 Data Enrichment 45 2.6 Analysis and Production Phase 47 Visualizations 47 2.7 Reporting 50 Report Tone 51 Report Design 51 Example Report 54 2.8 Dissemination and Consumption Phases 54 Tippers 55 Feedback Phase 55 Challenges in the Intelligence Cycle 55 Chapter 3 The Adversarial Mindset 57 3.1 Getting to Know the Adversary 57 3.2 Passive vs. Active Recon 64 Chapter 4 Operational Security 67 4.1 What Is OPSEC? 67 Threat Modeling 68 Persona Non Grata Method 68 Security or “Baseball” Cards 69 Attack Trees 71 4.2 Steps for OPSEC 72 Outlining the Five Steps of OPSEC 72 Step 1: Define Critical Information 72 Step 2: Analyze the Threat 72 Step 3: Determine Vulnerabilities 73 Step 4: Risk Assessment 73 Step 5: Apply Countermeasures 74 4.3 OPSEC Technology 77 Virtual Private Network 77 Why Use a VPN? 77 Choosing a VPN 78 VPN Concerns 78 Privacy Browsers 79 Tor 79 Freenet 80 I2p 82 Virtual Machine 83 Mobile Emulator 85 4.4 Research Accounts 85 4.5 Congratulations! 90 Part II OSINT Touchpoints 91 Chapter 5 Subject Intelligence 97 5.1 Overview 97 What Is Subject Intelligence? 98 Digital Footprint 98 Examining a Subject’s Pattern of Life 102 5.2 Names 106 Subject Names 106 Naming Conventions 107 Arabic Naming Conventions 107 Chinese Naming Conventions 109 Russian Naming Conventions 109 Name Searching Techniques 110 5.3 Subject Usernames 110 Username Searching Techniques 111 Correlating Accounts and Subject Information by Username 112 5.4 Subject Emails 116 How to begin connecting accounts 117 Correlating Accounts and Subject Information by Email 117 Google Accounts 119 Correlating an Email with a Domain 120 Email Verification 122 Privacy Emails 124 Data Breaches 125 5.5 Subject Phone Numbers 129 Typing Phone Numbers to additional selectors 129 Correlating a Phone Number with a Subject 129 Phone Number Spoofing 131 5.6 Public Records and Personal Disclosures 132 Methods for incorporating public records searches 132 Collecting Public Records Associated with a Subject 132 U.S. Official Public Record Sources 134 U.S. Unofficial Sources 142 Chapter 6 Social Media Analysis 145 6.1 Social Media 145 Key Parts of Social Media 146 Collecting Social Media Data on a Subject 148 Correlating Subject Social Media Accounts 149 Subject Associations and Interactions on Social Media 151 User Media and Metadata 156 Social Media Pivots at a Glance 159 6.2 Continuous Community Monitoring 160 Methods for the Continuous Monitoring of a Group 160 Facebook Groups 161 Telegram Channels 162 Reddit 164 4chan and 8kun 166 I Joined a Community, Now What? 167 I Am Unable to Join a Community, Can I Still Monitor Them? 168 6.3 Image and Video Analysis 169 How to Look at an Image/Video 169 Reverse Image Searching 172 Image- Based Geolocation 173 Image Analysis 173 Geolocation Steps 175 Image Analysis 177 Geolocation Steps 178 Image Analysis and Geolocation for Real- Time Events 181 6.4 Verification 184 Misinformation, Disinformation, and Malinformation 185 How Do We Verify If Content Is Mis/Dis/Mal? 186 Spotting a Bot Account or Bot Network 187 Visualizing and Analyzing Social Networks 190 Spotting Digitally Altered Content 193 Photo Manipulation 196 Video Manipulation 199 6.5 Putting It All Together 200 Chasing a Puppy Scam 200 Chapter 7 Business and Organizational Intelligence 209 7.1 Overview 209 What Is Organizational Intelligence? 209 7.2 Corporate Organizations 212 Understanding the Basics of Corporate Structure 213 Entity Types 213 7.3 Methods for Analyzing Organizations 215 Government Sources and Official Registers 216 Edgar 218 Annual Reports and Filings 219 Annual Report to Shareholders 220 Forms 10- K, 10- Q, and 8- K 220 Digital Disclosures and Leaks 220 Organizational Websites 221 Social Media for Organizations 225 Business Indiscretions and Lawsuits 226 Contracts 229 Government Contracts 229 Contract Reading 101 231 Power Mapping 239 Tips for Analyzing Organizations Outside the United States 243 Canada 243 United Kingdom 243 China 246 Russia 246 Middle East 249 7.4 Recognizing Organizational Crime 250 Shell Corporations 251 The “Tells” 252 7.5 Sanctions, Blacklists, and Designations 253 Organizations that designate sanctions 254 The United Nations Security Council 254 The Office of Foreign Assets Control 254 Other Blacklists 254 7.6 501(c)(3) Nonprofits 255 Primary Source Documents 256 IRS Form 990 256 IRS Tax Exempt Organization Search 257 Annual Reports 258 Consumer Reports and Reviews 259 Charity Navigator 259 7.7 Domain Registration and IP Analysis 260 An Organization’s IPs, Domain Names and Websites 261 What Is an IP address? 261 What Is a Domain Name? 261 What Is a Website, and Why Does All of This Matter? 261 Analyzing Organization Websites 262 Robots.txt 262 Website Design and Content 263 Website Metadata 264 Analyzing WHOIS Record Data 265 Analyzing IP Addresses 267 IP Addresses 101 267 What Can I Do with an IP Address? 269 Words of Caution 270 Chapter 8 Transportation Intelligence 273 8.1 Overview 273 What Is Transportation Intelligence? 273 The Criticality of Transportation Intelligence 274 Visual Intelligence 275 Spotters 275 Social Media Disclosures 276 Webcam 276 Satellite Imagery 278 Signal Detection 281 Understanding Navigational Systems 282 Dark Signals 284 Signal Spoofing 285 Identity Manipulation 287 GNSS Jamming 287 GNSS Meaconing 288 8.2 Vessels 289 Introduction to Maritime Intelligence 289 Types of Maritime Entities 289 Vessel Terminology 290 Maritime Discovery and Analysis Methods 291 Vessel Paths and Locations 292 Vessel Meetings 293 Port Calls 297 Maritime Entity Ownership and Operation 300 Maritime Critical Infrastructure and Entity Vulnerabilities 301 Ship-to-Shore Critical Infrastructure 302 8.3 Railways 305 Introduction to Railway Intelligence 305 Types of Railway Entities 306 Railway Terminology 307 Railway Discovery and Analysis Methods 308 Visual Identification of Rail Lines 308 Railway Routes and Schedules 314 Railway Entity Ownership and Operation 317 Railway Critical Infrastructure and Entity Vulnerabilities 318 8.4 Aircraft 323 Introduction to Aircraft Intelligence 323 Types of Aircraft 324 Parts of a Typical Jet 325 Aircraft and Air Travel Terminology 327 Aircraft Discovery and Analysis Methods 328 Identifying Aircraft 329 Flight Paths and Locations 346 Limiting Aircraft Data Displayed and Private ICAO Addresses Listings 349 Tracking Cargo 350 Notice to Air Missions (NOTAMs) 350 Air Traffic Control Communications 352 Aerodromes 352 Geolocation and Imagery Analysis of Aircraft 355 Aviation Entity Ownership and Operation 358 Aviation Critical Infrastructure and Entity Vulnerabilities 361 8.5 Automobiles 362 Introduction to Automotive Intelligence 362 Types of Automobile Entities 362 Automobile Terminology 363 Automobile Discovery and Analysis Methods 364 Identifying Automobiles 364 Tips for Monitoring and Analyzing Automobile Routes 371 Automobile Entity Ownership and Operation 374 Automobile Security and Technology 375 Chapter 9 Critical Infrastructure and Industrial Intelligence 379 9.1 Overview of Critical Infrastructure and Industrial Intelligence 379 What Is Operational Technology? 384 What Is IoT and IIoT? 385 9.2 Methods for the Analysis of Critical Infrastructure, OT, and IoT Systems 387 Planning the Analysis 388 Five Possible Information Gathering Avenues 388 Visualizations 390 Plotting Locations with Google Earth Pro 391 Using Premade Visualizations 397 Public Disclosures 402 Contracts 402 Social Media 402 Job Advertisements 404 Company Disclosures 404 Infrastructure Search Tools 405 Censys.io 405 Kamerka 406 9.3 Wireless 408 Overview of Wireless Networks 408 Mobile Networks 409 War Driving 410 Low- Power Wide- Area Networks 412 Long Range Radio (LoRa) 412 Wireless SSID, BSSID, MAC 413 Service Set Identifier (SSID) 413 Basic Service Set Identifier (BSSID) 413 Extended Service Set Identifier (ESSID) 413 Media Access Control (MAC) Address 413 9.4 Methods for Analyzing Wireless Networks 415 Information Gathering Techniques 415 Here are some pivots for wireless network information gathering 415 Wi- Fi Searching Techniques 418 WiGLE 418 Plotting Wireless Locations with Google Earth Pro 421 Tower Searching Techniques 423 Chapter 10 Financial Intelligence 425 10.1 Overview 425 Financial Organizations 426 Financial Intelligence Units 426 Financial Crimes Enforcement Network 426 The Financial Action Task Force 426 The Federal Deposit Insurance Corporation 427 International Monetary Fund 427 Federal Financial Institutions Examination Council 427 The Office of Foreign Assets Control 428 10.2 Financial Crime and Organized Crime, Together Forever <3 429 Transnational Criminal Organizations 430 Politically Exposed Person 432 Anti- Money Laundering 433 The Counter Financing of Terrorism 435 Tax Evasion, Tax Fraud, and Embezzlement 437 10.3 Methods for Analysis 438 Financial Identifiers 440 Issuer Identification Number 440 Routing Number (ABA Routing Numbers) 440 Society for Worldwide Interbank Financial Organization 440 Value- Added Tax 441 BIN- Bank Identification Number 441 Location- Based Resources 443 Drug Financing Analysis Resources 446 Organized Crime Analysis Resources 448 Negative News String Searching 449 Chapter 11 Cryptocurrency 451 11.1 Overview of Cryptocurrency 451 The Basics of Cryptocurrency 453 How Is Cryptocurrency Used and Transferred? 453 What Is a Cryptocurrency Wallet? 454 What Is Blockchain? 455 Types of Cryptocurrencies 457 Coin and Token Quick Reference 457 Bitcoin 458 Ether 458 Binance 458 Tether 459 Solana 459 Dogecoin 459 Monero (XMR) 459 What Is Cryptocurrency Mining and Minting? 460 Types of Verification 461 Public Blockchains vs. Private Blockchains 463 Why Tracking Cryptocurrency Matters 463 Money Laundering 464 Fraud, Illegal Sales, and CSAM/CSEM 467 11.2 The Dark Web 471 Overview of the Dark Web 471 Darknet Marketplaces 473 11.3 Methods for Cryptocurrency Analysis 475 Where to Begin? 475 Starting with a Subject of Interest 476 Starting with a Wallet of Interest 478 Tracing Cash- Outs at the Exchange Point 481 Following Cryptocurrency Mining Scripts 483 Starting with a Transaction of Interest 485 Chapter 12 Non-fungible Tokens 489 12.1 Overview of Non-fungible Tokens 489 NFT Crimes 490 Ponzi Schemes and Rug Pulls 490 Fake NFTs 491 Get Rich Quick 491 Phishing 491 12.2 Methods for Analyzing NFTs 491 By Wallet Number or Address 491 By Image 494 What Is ENS? 496 Look for Metadata 497 Chapter 13 What’s Next? 499 13.1 Thank You for Diving In with Me 499 Important Reminders 500 Index 503