Does Valuable Intelligence Have To Be Classified?

SCIF

Intelligence agencies and commercial companies have long struggled with the concept and inception of adopting open-source intelligence (OSINT) into their range of capabilities. Open-source intelligence is a way of collecting and analyzing publicly available information. In today’s world, there is no shortage of content. The data is overwhelming and is outpacing the available resources of skilled open-source analysts who are trained on the methodology to apply critical thinking skills.

Traditionally, government agencies have gathered intelligence in a sensitive compartmented information facility often referred to as a SCIF. The purpose of a SCIF is to safeguard and store classified information. This practice is now being challenged by intelligence professionals who recognize the value behind publicly available information (PAI) and the advancements of OSINT.

Active collection of intelligence to answer requirements has been a constant. However, today intelligence and research professionals can take a more passive role in the collection process. This is due to the overwhelming number of social networks and content creators, who intentionally engage with digital content at an average rate of  3 hours per day, according to Hootsuite Social Analytics.

Nefarious actors, organizations, and entities are sharing and making their presence known at an alarming rate, and they are doing it on public channels. The speed at which this valuable information gets to the collector can now be instant. A recent example is the Ukraine/Russia conflict.

Even though OSINT and its methods have technically been around for almost a century and the term was not coined by the US Military until the 1980s, the conflict in Ukraine, civil unrest, and the crippling economic effects of COVID shined a brighter light on the need to timely and accurately collect public information.

To know a populace you must engage them, and what better way to know a distant populace than to ingest their by-the-minute sentiment and first-hand reports of an ongoing situation?

The conflict in Ukraine alone showed the value of publicly available satellite imagery to depict Russian military movements and posts from actual military members on the ground illustrating the disinformation and misinformation being spread.

OSINT in Ukraine

OSINT, being comprised of rapidly growing amounts of cell phone videos, online information, social media, and commercial images, has enabled intelligence professionals and at-home analysts to collect information around the globe, with no need for classified capabilities.

There is a vast amount of PAI which grows worldwide by the second. The intelligence community can no longer ignore the wealth of that information and its place in answering real-world requirements.

What currently lacks in the commercial space and government abroad is the training to enable analysts and researchers to harness this trove of information, but most importantly do it accurately and timely with the depth it requires. The military is now taking notice of commercial OSINT training for its own analysts to fully capture the common operating picture of any situation.

With the major disruption to international economies by COVID, having by-the-moment information was key to being proactive to ensure corporations large and small could have enough reaction time to redirect logistic lines, prepare for shortages, and handle appropriate customer needs. Many companies tapped into social media to uncover supply chain insights of panic buying during the pandemic. When researchers looked at sentiment across 200k social media posts to observe influence of individuals’ perception of threat to the supply chain and scarcity of products, it ultimately led to panic buying and creating a strain on the supply chain.

This critical need for OSINT and the collection of PAI was captured by Harvard Business Journal in an article titled “OSINT – The untapped treasure trove of United Nations Organizations,” where it outlined the catastrophic loss to international agendas and economies was due to a lacking ability to collect the raw social data and interpret it into global business decisions.

There are over 500 million tweets worldwide that are published each day. Facebook adds 350 million photos daily. YouTube adds 720,000 hours of video and Reddit has 500,000 comments every 24 hours. With that sheer amount of public data each day, the ability to harness that and ingest it into answering real-world problems is of extreme value and importance to any commercial and government industry.

Content Infographic

Image Source: Domo

There still is an immense value and always will be to having classified means of collecting information and data to enable decision-makers to affect ongoing problem sets. The sensitive data that is collected by classified means is a key to ensuring those decisions are accurate and proportionate. On the other hand, not all issues need large-scale solutions. Insight and analysis of current local and international issues can be and are derived from much cheaper and easily accessible sources.

The need for an OSINT capability, no matter the industry or requirements, is growing exponentially. Companies large and small have taken notice and begun filling OSINT analyst positions within their ranks to increase proactive decision-making that keeps their interests, brand, personnel, and property safe.

Our Assessment

Commercial industries will lead the OSINT training venture and increase their abilities with technology backed by methodology. As common, the government will take the ability to a new level to answer real-world requirements which will feed the commercial technology and training environment. Industries that currently lack a capable OSINT function within will struggle to stay ahead of quickly changing situations and information. Forward-leaning organizations will quickly train and enable their own analysts to collect and analyze PAI. The landscape of social analytics will continue to increase but so will privacy restrictions, changing with the adaptation of collection abilities. Businesses and organizations that fail to see the immediate need for OSINT capabilities will continue to struggle with ongoing economic, cultural, and social changes, ultimately affecting their brand and public standing.

 

 

The Growing Demand for Open-Source Intelligence (OSINT)

In the last 17 months, open-source intelligence (OSINT) has become a more widely recognized intelligence discipline. Trends suggest that the need for OSINT, which is data derived from publicly available information (PAI), will grow in the future for government agencies and private companies.

For this Overwatch brief, analysts identified key events where OSINT gained more mainstream attention and how private and public sectors are beginning to recognize the criticality of OSINT.

Key Events

Capitol Riots

Since the Capitol Riots that occurred on January 6, 2021, the FBI has used OSINT to identify individuals involved in criminal activity during this event. Using social media, the FBI continues to ask for the public’s help identifying participants in the riot. Volunteer sleuths have created OSINT-based movements to investigate Capitol Rioters independently. One such group, which calls themselves the Sedition Hunters, has successfully identified many Capitol Rioters and provided that information to the FBI.

In addition, the Department of Justice’s Capitol Breach Investigation Resource Page has a list of every defendant charged in federal court in relation to the Capitol Riot. News media organizations, investigators, and researchers use this data set to conduct further OSINT on Capitol Rioters.

In a previous briefOverwatch used OSINT to identify information about Capitol Rioter Evan Neumann, who fled to Belarus and was granted asylum there. Our open-source research confirmed Neumann’s extensive history in Eastern Europe, interest in “bomb-making,” and business ties to Russia.

Russia-Ukraine War

Before Russia invaded Ukraine on February 24, 2022, many researchers used OSINT to identify Russian troop movements by reviewing videos posted to TikTok, VK (Russia’s version of Facebook), and Telegram. Overwatch found multiple TikTok videos that showed Russian troop movement close to the Ukrainian border or in Belarus’s Gomel Region, where there were no planned military exercises.

While the Russian officials continuously denied plans to invade Ukraine, TikTok videos showed military vehicles and aircraft, weapons systems, and mobile medical units moving closer to the Ukrainian border. Additionally, OSINT was used through satellite imagery to locate field hospitals in Belarus and pontoon bridges.

After Russia invaded, Ukrainians constantly uploaded videos of airstrikes against civilian infrastructure and the Russian military in Ukraine. Analysts used the publicly available data to geolocate where airstrikes took place in Ukraine and identify what Russian military units were in the country.

Private and Public Sector

In 2020, activity from each person online generated 1.7 megabytes of data per second. A significant amount of that data came from social media, with 4.62 billion users globally. Social media by itself is forecasted to be a 939-billion-dollar industry by 2026. Every day, analysts, investigators, and researchers are on social media collecting open-source information to fulfill information requirements for clients in the private and public sectors.

OSINT in the Job Market

quick job search on LinkedIn for OSINT suggests that more private sector companies outside human resources, PI firms, law firms, or security and investigations, some of the industries with the highest OSINT demand, see the need for the intelligence discipline. For example, Live Nation Entertainment, which manages ticket sales for live entertainment in the U.S. and internationally, put up a job posting for a Threat Analyst. One of the primary duties is to “conduct public records and social media searches.”

Another OSINT job in the private sector listed on LinkedIn was for a Crypto Enhanced Due Diligence Analyst, posted by the company Brex. In the ad for the job, one of the responsibilities is to conduct “open-source intelligence to mitigate money laundering and regulatory risks.”

The need for due diligence and compliance also continues to increase; a market expected to grow by roughly 12 billion dollars from its current 16.82 billion dollars by 2026.

Government

Additionally, before the Russian invasion of Ukraine, the U.S. government began to see more value in OSINT. In the Intelligence Authorization Act for the Fiscal Year of 2022, the report suggests using OSINT to counter China’s malign influence. “The Intelligence Community must reorient to engage in a strategic competition with the PRC while countering China’s malign activities globally. To do so, it must continue to build open-source intelligence capabilities and augment capacity; enhance sharing of intelligence capabilities; and strengthen the analytical and collection capabilities relating to non-military threats including technology competition.”

Further, according to Fed Scoop, the U.S. Army is creating a new unit that will use PAI to defend against foreign influence. Fed Scoop reported in March 2022, “By blending military intel with commercial data, publicly available information on foreign adversaries and certain national intelligence systems, it will provide insight necessary for Army Cyber Command to operate and defend networks and influence foreign audiences, the spokesperson added. The team brings together personnel from a wide variety of disciplines across the intelligence and non-intelligence communities.”

Analysts note that creating the new unit will likely prove beneficial. We used OSINT to identify foreign influence from the Chinese state in our first Overwatch brief: Quantum Technology, the People’s Republic of China, and Tsinghua University.

Emerging Technology and OSINT

In a March 2022 interview with Mckinsey and Company, Amy Zegart, a Senior Fellow at the Hoover Institution and Professor of Political Science at Stanford, explained how emerging technologies like AI are challenging intelligence agencies today. These challenges, according to Zegart, all happen in the open-source space.

Zegart said, “They’re doing it in five ways. I call them the five “mores.” The convergence of technology is creating, number one, more threats for the United States—more threats through cyberspace, in particular, that our intelligence agencies need to understand. The second more is more speed: the acceleration of decision-making time means that intelligence has to operate at the speed of networks, not the speed of bureaucracy.”

“The third more is more data; intelligence analysts, like the rest of us, are drowning in data. The fourth more is more consumers—more decision makers outside the government who need intelligence. Think about voters who need intelligence about foreign election interference or tech leaders who need intelligence about cyberthreats.”

“Then there’s the fifth more: more intelligence competitors. I devoted two years and a whole chapter to ‘nuclear citizen detectives’ who are tracking the most secretive nuclear threats around the globe using only unclassified and publicly available information like commercial satellite imagery.”

OUR ASSESSMENT

With the current global conflict and mass adoption of social media, OSINT will become a more mainstream intelligence discipline, helping to dispel misinformation and provide accurate reporting on events. Should the Chinese state invade Taiwan in the future, we assess that analysts will use OSINT to dispel Chinese Communist Party and Chinese State media propaganda, as has been done with the Russia-Ukraine War.

The domestic use of OSINT will grow as private sector companies see a higher demand for due diligence and deep-dive research that alleviates risk for their clients or business. Further, while OSINT has been a part of U.S. government operations since World War II, the success of the usage of OSINT to monitor the Russia-Ukraine War provides a strong use case for the government to put more resources into open-source intelligence.

With internet users creating a massive data trail daily, the need to collect, protect, and analyze that information will only increase. As a result, we assess that both private and public sectors will seek out OSINT subject matter experts to learn more about how their personal data becomes disseminated or compromised and how to limit their digital footprint.

The Chinese Communist Party is the Most Significant Threat to America

While the global focus remains on the Russia-Ukraine War, the Chinese Communist Party (CCP) undermines regional security in the Indo-Pacific. On March 25, 2022, the Solomon Islands, which are northeast of Australia, confirmed drafting a security agreement with the People’s Republic of China (PRC). According to leaked documents, the deal gives the PRC the right to deploy forces on the island to protect its workers and projects. Australia said it has “great concerns” over the agreement between the Solomon Islands and the Chinese State.

However, the Solomon Islands and the PRC’s agreement is only one of many concerns about China’s goals for absolute power on the global stage. Overwatch analyzed the CCP’s capability to threaten the United States for this brief. We determined that the Chinese Communist Party is the most significant national security threat to the U.S. because of its data theft, espionage activities, targeting of dissidents, advances in the global tech race, and its majority control of the rare earths market.

Massive Cyber Theft

In a March 2022 speech to the Detroit Economic Club, FBI Director Christopher Wray said that China has stolen more data from the United States than all other countries combined. Wray said, “To pick just one example, a year ago, hackers with China’s Ministry of State Security targeted a vulnerability in the Microsoft Exchange Server software widely used in corporate e-mail systems. They compromised tens of thousands of computers worldwide and left back doors so they could return whenever they wanted. And to give you a sense of how common that kind of theft is, just using cyber means, Chinese government hackers have stolen more of our personal and corporate data than all other countries combined.”

According to William Evanina, the former Director of the U.S. Counterintelligence and Security Center, the PRC has the Personally Identifiable Information (PII) of 80% of Americans. PII can include a person’s first and last name, phone number, address, Social Security Number, medical records, financial records, criminal history, or driver’s license number.

In 2015, a state-sponsored hacking group working for the Chinese government breached 20 million U.S. government records from the Office of Personnel and Budget Management. These records also included information from peoples’ SF-86 form, which is required to get a security clearance. SF-86 forms have a significant amount of highly personal information about the person applying for a clearance.

Per cybersecurity firm Mandiant, in the last six months, the Chinese-state-sponsored hacking group, APT41 (Advanced Persistent Threat) compromised “at least six U.S. state government networks” through the exploitation of livestock app USAHerds.

China is also developing more sophisticated malware that can be used against “hardened targets.” CyberScoop reports, “A backdoor in use as recently as November 2021 is the ‘most advanced piece of malware’ ever seen from China-linked spies, according to researchers at Symantec.”

Espionage

In February 2022, Wray explained that the FBI pours most of its resources and time into the Chinese threat. Wray said, “When we tally up what we see in our investigations—over 2,000 of which are focused on the Chinese government trying to steal our information or technology—there is just no country that presents a broader threat to our ideas, our innovation, and our economic security than China.”

Convictions in espionage cases in the United States show that China has successfully recruited former Central Intelligence Agency (CIA) Case Officers and former Defense Intelligence Agency (DIA) Case Officers.

In May 2019, Jerry Chun Shing Lee, a former CIA Case Officer plead guilty to “conspiring to communicate, deliver and transmit national defense information to the People’s Republic of China.” Lee, who was recruited in Hong Kong, provided his handlers with classified information, including the identities of CIA operatives and sensitive CIA locations.

In September 2019, Ron Rockwell Hansen, a former DIA Case Officer, was sentenced to ten years in federal prison. According to a Department of Justice press release, Hansen provided national security information to Chinese agents about U.S. military readiness in a particular region — “information closely held by the federal government.”

Targeting Chinese Dissidents

In March 2022, the Department of Justice (DOJ) charged five individuals with spying on U.S. residents on behalf of the PRC’s Ministry of State Security. The DOJ press release, reads, in part, “Two complaints were unsealed, and one amended complaint was authorized today in federal court charging five defendants with various crimes related to efforts by the secret police of the People’s Republic of China (PRC) to stalk, harass, and spy on Chinese nationals residing in Queens, New York, and elsewhere in the United States.” The U.S. residents included a Chinese national and military veteran, who is openly critical of China’s government.

Overwatch spoke to an anti-CCP activist about how China harasses and threatens dissidents in the states. The activist spoke to us on a condition of anonymity. The activist said, “They do target high-profile people. Most Chinese speakers in the U.S. have WeChat on their phones. So, they use that to try and harass or exploit them. They usually use phrases like ‘be careful.’ They will use your family WeChat to deliver the message. Sometimes they will detain your family and talk to you in front of them.”

The activist continued, “In extreme cases, they will freeze your family members’ credit card. Or they might try and trick you that someone is sick at home, and you must go back and see them. We’ve seen this work before.”

The Global Tech Race and Rare Earths

The Chinese state aims to be the global leader in artificial intelligence by 2030. Currently, China produces more scholarly AI research than the United States.

A December 2021 report from the Belfer Center for Science and International Affairs says that China “displaced the U.S. as the world’s top high-tech manufacturer, producing 250 million computers, 25 million automobiles, and 1.5 billion smartphones in 2020.”

However, the Chinese government has been cracking down on the tech sector in the country. As a result, there are reports of significant layoffs in the industry inside of China. The South China Morning Post reports, “The destruction of tech-related jobs from content creation to private tutoring is translating into fears of a jobless wave that could rival the time when millions of rural migrant workers were turfed out of jobs amid the 2008 global financial crisis or when millions of state sector positions were lost amid the reforms of the late 1990s.”

One area where China has the upper hand over the United States in the global tech race is the rare earths market. Rare earths are essential in developing smartphones, flatscreen TVs, electric vehicle batteries, catalytic converters, for some industrial applications, defense systems, lasers, and even used for screening some genetic diseases. The PRC is currently responsible for 60-70% of rare earth production globally. Apple and defense contractors Raytheon and Lockheed Martin rely on rare earth minerals to develop their products.

OUR ASSESSMENT

We assess that China aims to surpass the United States economically, technologically, and militarily, willing to use any resources, tactics, or manpower to meet its objective of becoming the primary global superpower. The PRC will continue to target U.S. government and private sector systems, stealing sensitive data that will likely be used for further offensive cyber operations against the United States. With 80% of Americans’ PII collected, China has the capability to launch social engineering attacks on over two hundred million Americans. No country other than China can launch such a massive attack from its data theft.

The Chinese State will continue to recruit former intelligence community members, compromising classified information and state secrets. Further, as anti-CCP sentiment grows in the United States, the Ministry of State Security could potentially increase its efforts to harass, threaten, and intimidate Chinese government dissidents in the U.S.

As tensions continue to escalate between the U.S. and China, the CCP could use its majority control over rare earth production to further impact U.S. supply chains from companies that rely on rare earth materials for their products. Such a move would likely lead to a significant increase in the price of these products on the U.S. market. Additionally, if China can surpass the U.S. in the field of artificial intelligence, it would displace the U.S. as the global leader in the field and require many more U.S. government and private sector resources to compete with the Chinese state.