Lessons from Open-Source Intelligence Tools and Techniques

Cynthia Hetherington talks about OSINT research methods and what that means for privacy.

Open-source intelligence (OSINT) isn’t as fancy or complicated as it sounds. But it does reveal a surprising amount of information most of us would rather keep private. Whether you’re looking to use OSINT research techniques to find information about something or to figure out how to secure your own information against prying eyes, understanding how it works reveals a lot about digital privacy.

See You’re Traceable with OSINT with Cynthia Hetherington for a complete transcript of the Easy Prey podcast episode.

Cynthia Hetherington started her career as a librarian. She learned to get information from books on shelves, and quickly saw the internet’s potential for research and sharing information. At that time, cyber cops were just becoming a thing, and as a librarian who loved to share information, she realized the internet was going to be huge in that space – and she saw an opportunity. She got a license to be a private investigator and founded Hetherington Information Services. Now known as Hetherington Group, the company provides services to Fortune 50 companies. Their biggest product is digital vulnerability, which helps clients understand how the internet influences their privacy and safety.

What is OSINT?

OSINT stands for Open Source INTelligence. It refers to all information that is publicly available about a certain person, place, event, or anything else. This can include generally public information, commercially accessible information like the deed to your house, and all kinds of various bits of information about you. Info available for a fee through something like a data broker also counts as open-source and available because anyone can get at it if they pay the fee.

It’s often easier to define what information is private than what information is public. Things like your social security number are obviously private. And some kinds of information are protected by laws or regulations – though that varies depending on your country and jurisdiction. The simplest way to think about OSINT is as all the information you can get your hands on through various types of research.

OSINT Research Methods with Photos

A photo is a piece of information that can be searched against. This wasn’t the case even five years ago. But anything could be used as a starting point for OSINT research to locate more details. It’s the “INT” part of OSINT that makes a big difference. Using it for intelligence means it matters for something, it has a purpose. You could post a photo of a garbage bin in a parking lot and ask the internet to identify the location, and somebody probably could. But it doesn’t become intelligence until there’s a purpose for it. Maybe a group of criminals meet there, or evidence was left in that bin. Whatever the reason, it has to have a purpose.

Anything could be used as a start point to locating more detail or specificity about a product, a person, a location, or an event.
Cynthia Hetherington

For example, say you have a photo of a woman who was a victim of a crime. Maybe her face is blurry and the background is generic, but her sweatshirt says Belvedere High on it. Common sense says to start there. You don’t need to geolocate the image – there are only three Belvedere Highs in the country, so it has to be one of them. Probably this woman was there, is currently near there, or knew someone from there. That’s a data point. And that can be useful in an investigation.

Using AI in OSINT Research

If you’re the person doing OSINT research, you don’t have to spend much money. Information is readily available, even without money or passwords. Google is still your best resource, not just because it’s a great search engine but because it’s capturing info from the largest data repositories out there. It’s always going to be bigger than even the biggest individual website out there. Social media is almost always the first link when you’re searching for someone. And our social media is where we’re letting our guard down and talking about our abilities, lives, and everything else. So you can start there, then take that data over to an AI tool for more analysis.

Back in 1990, a man came into Cynthia’s public library. His client thought she was being poisoned by her husband and he didn’t know what to test her for. Cynthia didn’t know what book would help, either. So she went to the internet and found a forensics listserv. She explained the scenario and what she’d already looked at. Almost immediately, a medical examiner from Florida emailed her back, saying it was complicated and giving his number for the man to call. She recalls being dumbfounded. In that moment, the internet had blown up her world. (Incidentally, the man’s client was being poisoned.)

AI today feels as impactful as the internet did back then. No other technology since has felt this big. It was only a matter of minutes to answer that man’s question back then. AI could probably answer it in microseconds. She’d prompt it exactly the same way she had as a librarian in 1990 – explaining the situation, saying what she’d looked at, clarifying what types of authorities she’d expect to have credible answers. It’s a matter of asking the right questions.

Asking Questions and Analyzing OSINT Data

Cynthia is a private eye. She developed a methodology called CRAWL, which stands for Communicate, Research, Analyze, Write, Listen, and one investigator does all the work. But when you go to larger institutions like intelligence communities and the military, people have to be specialized because they’re huge organizations with large amounts of data. Now, AI could do the data collection.

The data is out there. If you go to any conferences or talk to specialists, they’ll tell you they want more data. Cynthia says the opposite. You don’t want more data, you want answers. To get answers, you need to start asking smarter questions of the data that you do have. Then you have to verify for veracity. Any field using technology has to ask smart questions, then interrogate the answers and make sure they meet a repeatable process.

You do not want more data. You want answers. … You have enough data. Now you have to start asking smarter questions.
Cynthia Hetherington

Cynthia’s CRAWL methodology is similar to the intelligence lifecycle. It’s based on the scientific method. Librarians are scientists, and they follow a methodology. When we talk about large language models (LLMs), if you could query the system in the same way twice, you could build an automation. We just happen to call that AI.

Using AI for data collection can make OSINT research much easier and faster.

Avoiding AI Hallucinations

When Cynthia talks about using AI in OSINT research, people ask her about hallucinations. If you’re doing OSINT research, you don’t want your AI to make things up. There is merit in the standard for investigations and intelligence work of reaching a standard that you would use to brief your commanding officer, a lawyer, or a judge. That’s why it’s so crucial to check veracity.

Using AI is like working with an overeager intern. They’ll produce stuff all day long, but that doesn’t mean it’s good. It may even look good but be thin once you look closer. People getting called out, fined, or fired for letting hallucinations slip through is lazy, sloppy work. You always have to check.

OSINT and Privacy

Fortunately and unfortunately, you have no right to privacy in the United States. It’s not in our constitution or our laws. Some countries do have that protection, but not in the U.S. We as citizens have an expectation of privacy, and Cynthia will leave it to the legal minds to argue about what that should look like. But we have no legal right to it. And technology is always ahead of the law.

In the United States, there is no privacy. There’s nothing in the Constitution that says you have a right to privacy.
Cynthia Hetherington

Cynthia got into the privacy business in 1996. She got a call from a prosecutor’s office in Manhattan. They handled a special narcotics team. They told her that a judge wanted all narcotics investigators to come to court and testify. These investigators were undercover and needed to maintain that. The judge didn’t understand why testifying would be a problem. The prosecutor asked what OSINT research methods could come up with using just a name. So Cynthia spent a weekend and created a 30-page report on all the plainclothes and undercover cops she could find on the internet, plus an appendix on the judge. She used the same OSINT research tactics she used to hunt people. It wasn’t a lot, but it was enough for the judge to realize how exposed these investigators would be if they had to testify.

From this, Cynthia ended up creating the oldest product in the digital vulnerability space. The whitepaper, Information Exposed, is still available online. You can even still find the 1998 version if you want. She’s been erasing people from the internet for decades. It’s not as hard as many think. Mostly, you just have to stop promoting your life everywhere all the time.

So You Want to Disappear from the Internet

Every website that has your information should have an opt-out button. A lot of customers end up coming to Cynthia because they googled themselves and suddenly see information they think should be private was publicly available. Any site that has your name, address, phone number, relatives, and such should have an option to opt yourself out. You just have to do the legwork on it, which is daunting. But if you check that information, you can get a lot of low-hanging fruit down.

Where are these sites that have your data getting it from? Likely from your own property record. Your assets expose you. The more stuff you own that is taxed, governed by oversight groups, licensed for it, or similar, the more times you’re put in databases. All of that data is for sale.

The more times your name gets said because you have to pay taxes or get licensed for it, the more times you’ll be put in a database. All that data is for sale.
Cynthia Hetherington

The final piece is social media. Stop updating social media all the time. Cynthia had a high net worth client come to her company years ago concerned about a violent ex-employee. He went to extreme measures to remove himself, but his family were the points of exposure. This guy was very on board with drastic measures, but his fiancée opened a new social media account promoting her business and the violent employee showed up there. Thankfully, nothing happened, but it’s a risk. You want to be in front of the problem, not behind it. Take steps before you need your information hidden. Because once that angry person walks up your driveway, there’s no hiding your address from them anymore.

The Uses of OSINT

There is an entire community of people who love OSINT research. It’s used in all sorts of applications, from the military to law enforcement to just observing what’s changing in your community. And anyone can use OSINT. It’s just a fancy term for collecting existing data with a purpose. Whether you’re an environmentalist trying to understand the new tech company in your area or a community member looking at the effects of gentrification in your neighborhood, you can use it. The limits are your creativity.

As far as keeping your information private and off the radar, think about surveillance like gravity. Gravity is a constant in our life. If it didn’t exist, we’d be floating around in space like astronauts. It’s pervasive. Surveillance is like that. If you want true privacy, you need a room with no windows, no doors, and lots of metal, like a giant Faraday bag. You’re always going to be a little exposed. If you want to keep a secret, the best thing you can do is not say anything about it.

The best secrets are the ones that just aren’t spoken.
Cynthia Hetherington

Learn more about OSINT at osintacademy.com. They offer classes and webinars available to anyone, both online and in person. You can get Cynthia Hetherington’s whitepaper about how your public records get out there at hetheringtongroup.com. And if you are an OSINT professional, Cynthia encourages you to join OSMOSIS, the association for OSINT pros.