Book Review: A How-To Clinic on Gathering Open-Source Intelligence

The rate of technological change in information-gathering activities is accelerating, where innovations in data collection appear to be advancing faster than innovations in data security. In the ninth edition of his book, Open Source Intelligence Techniques, Michael Bazzell (2022) goes beyond descriptive analysis and delivers a methods-rich, technical manual for efficiently collecting open source intelligence (OSINT). Unlike many intelligence books, the author’s aim is not to address what type of intelligence is collected or why they are collected. Nor does he spend much time debating the ethics around the use of open source intelligence or the impact of their use on citizen rights. Instead, Bazzell stays laser focused on the technical aspects of collecting information from the mass of data openly available on the Internet today, using recently innovated but readily available software to retrieve mostly freely available data sources from the web. 

Bazzell organizes the book into three sections. Section one introduces the basic aspects of OSINT operations, where OSINT is defined as information from publicly available sources that are analyzed in a timely manner, disseminated to an appropriate audience, and satisfy a specified intelligence requirement. Common OSINT data sources include news media content, transcripts of open hearings or public events, and data made available by public request (like census data). Open source intelligence are not limited to the product of popular search engines like Google because they can be contained in files that regular web browsers simply cannot discover, like information made available by subscription or purchase (such as industry journals). Importantly, according to Bazzell, the mere collection of data does not make the information valuable. Rather, the value lies in the careful collation and interpretation of such data and applying these insights to resolve the issues justifying the OSINT process.

Section two presents the real value of this book by exploring OSINT sources and techniques in depth. Four key discussions emerge: 1) Investigators can obscure their identities by using secret accounts and e-mail addresses—commonly referred to as “sock puppets”—to protect their real identities and minimize the risk of exposing both the investigative process and the gathered information to competitors and adversaries alike. 2) Highly personalized information can be efficiently gathered and collated from freely available sources such as social media, government or business records, and search engines (such as email addresses, phone numbers and home addresses). Using OSINT techniques, seemingly innocuous information can be collated to develop highly convincing social engineering campaigns that fool users into compromising company networks and personal assets. 3) Information overload is a significant challenge for OSINT efforts, which is why security officials focus their efforts on very narrow and specific areas of interest. Some of these efforts include attacking and penetration testing and intensively searching for accidental data leaks, unsecured Internet connections, or unpatched software that can leak sensitive data or expose valuable assets. But readers should be aware of the double-edge sword presented by the symmetry of information available to both good and bad actors: Threat actors use these same processes to update phishing (email), vishing (voicemail or phone), and SMiShing (SMS) efforts. 

OSINT methods can employ either passive or active data collection techniques. Passive techniques combine a variety of threat feeds into a single, easily accessible platform. Advanced intelligence platforms use machine learning, scaled analytics, and natural language processing (NLP) tools to prioritize and dismiss alerts (like botnets that use traffic sniffing and keylogging techniques to collect vital information.) Active techniques search for specific insights or information, usually within two contexts: a) when a potential threat is highlighted in a passively collected alert, or b) when the focus of an intelligence collecting exercise is very specific, like penetration testing exercises.

The final section of the book focuses on effective OSINT processes, which require efficient and repeatable workflows where careful and deliberate planning are more important than the technology that facilitates them. An example of a sound methodology begins with an accurate threat assessment, followed by a process of triage on the day-to-day OSINT efforts, including creating clear objectives for performing OSINT. This is followed by verifying all origins of information to procure true identities of the parties of interest. Additionally, after the collection and analyses are completed, the intelligence report should state the findings in the proper context.

Bazzell’s book puts on a how-to clinic on effective OSINT operations using high-technology tools and methods. The author presents each element of a voluminous amount of technical information as an interlocking puzzle piece that creates a broader picture of a robust OSINT methodology. The result is a satisfying effort to provide technical know-howto those engaged in nearly every element of the OSINT collection process. This methods-heavy book compliments the existing body of intelligence literature but also stands uniquely in contrast to them. For example, while Lowenthal (2019), Fingar (2020), and Miller et al. (2022) all touch on the technological dimensions of intelligence gathering, Lowenthal (2019) primarily analyzes such efforts from the perspective of the consumers of intelligence information. Like Bazzell, Fingar (2020) also describes how technology can assist in the collection process. But he emphasizes how the collation and interpretation of data is influenced by the political context surrounding the impetus of the intelligence gathering effort, which can reflect a bias toward validating negative threats rather than exploiting positive opportunities. Also like Bazzell, Miller et al. (2022) explore in detail the powerful technologies that drive information gathering at scale. Unlike Bazzell, this effort focuses on the ethical issues impacting national security intelligence gathering, such as the tensions between preserving individual privacy on the one hand, and timely discovery of national security threats on the other. 

Fans of all three books would appreciate how Bazzell smartly keeps the focus on methods and techniques, achieving both differentiation and complementarity while filling an important gap in the intelligence literature. To this point, this book is “not a debate of the various opinions about online reconnaissance for personal information. It is not a historical look at OSINT or a discussion of [your] administrative policy.” Instead, it focuses on revealing the evolving capabilities of publicly available OSINT platforms, software tools, and techniques that can be employed to legally collect information and protect private and public organizations from the intrusive actions of malefactors. In an era of increasingly common information security intrusions, this is welcome information. 

While the book can benefit from a richer discussion about how mountains of data can be most effectively transformed into useful information (analysis and interpretation processes), it satisfies a need for those readers who need technical and skills-based training. In addition to helping professionals in the public sector, it can also help private sector technology managers who seek to optimize legal and inexpensive intelligence collection efforts to support their existing competitive strategies, or to test the vulnerability of their sensitive information to even the most skillful external threat actors. As well, academic researchers can use the recommended techniques to build new data sets with which to support their studies. As AI capabilities grow, data search scale and precision are constantly improving, benefiting both good and bad actors.    Now in its ninth edition, Bazzell’s book provides timely updates to the latest in software applications and technology platforms to facilitate the most robust OSINT procedures available.