People can learn a lot from the press or the Internet. Today, however, the problem is not how to access information, but how to interpret it correctly. Therefore, analyzing open sources of information may be crucial for state security.
On the early morning of September 14, Ukrainian forces launched a spectacular attack: a group of assault drones destroyed the radar and the antennas of the Russian S-400 Triumf air and missile defense system in the western part of the Crimean Peninsula. Soon after that, the job was finished by two R-360 Neptune missiles, which hit the launchers, making up the second element of the system. The blow was severe: according to media estimates, the destroyed equipment might have been worth as much as 1.2 billion dollars. Material losses, however, were one thing, but image-related issues were even more painful for the Russians, who claim that the S-400s are one of the world’s best air defense missile systems, with capabilities superior to the American Patriots.
It took long and careful preparations to get ready for striking the S-400. It is no secret that the Ukrainians, wanting to weaken Russia’s defensive capabilities in Crimea, have been hunting the S-400s and effectively eliminating them one by one. It all began almost a year earlier, with two seemingly innocent photographs: in the summer of 2022, some Russian tourists vacationing on a Crimean beach near Lake Terekly, west of Yevpatoria, took photos of themselves, accidentally capturing the Russian armament in the process. The Ukrainian intelligence experts managed to determine that the visible weapons were S-400 systems. Further work was facilitated by the fact the photos were taken by means of a camera with enabled geolocation. Satellite images taken at the end of August 2023 helped to establish that a year later the systems were still at the same location – near Yevpatoria. Conducting the attack and destroying the launchers merely topped off many weeks of preparations. This is just one of the many examples of how important a seemingly insignificant, publicly available information might turn out to be.
White, not Black
Today, the possibilities of acquiring information from the so-called open sources, available to the general public, are enormous. This method of obtaining knowledge used to be called white intelligence (as opposed to black intelligence, where information is acquired illegally), but today it is more often referred to as OSINT (Open Source Intelligence). “Conducting information activities in the public domain is one of the six types of intelligence activities,” points out Józef Kozłowski, PhD, director of the Military History Institute at the War Studies University (WSU). In addition to OSINT, there are also HUMINT (Human Intelligence), IMINT (Imagery Intelligence), or SIGINT (Signals Intelligence). The WSU expert emphasizes that the analysis of the open sources of information gets particular attention from the security sector and intelligence institutions. “We are talking about data and information accessible on the Internet, in various types of media and mass media – also on a commercial basis. These also include materials that are unclassified, but have limited access. They are collected, processed and analyzed in response to presented needs for information.”
It is not only materials and posts on social networking sites or the Internet as such, points out Kamil Basaj, expert of the Cyberspace Defense Forces Component Command: “The OSINT is primarily interested in analyzing data which is publicly available – in the media (also traditional), archives, databases, various collections, which do not have historical value, but have, for example, archival value in relation to events, incidents, investigations that are of interest to us.” He emphasizes that declassified court case files or business records can also be a source of knowledge.
Together with the dynamic development of digital technologies, the Internet has greatly gained in importance. “OSINT is now becoming the key method of intelligence, permeating and incorporating the more traditional methods, such as HUMINT, IMINT or SIGINT,” explains Bartosz Saramak, an information protection expert, the author of a study awarded by the Head of the Internal Security Agency entitled “The Use of Open Sources in the Intelligence Activities.” “The reason is the increasing digitalization. The Internet has become a metasource of information. It aggregates not only traditional sources, such as books and newspapers, but also creates new ones, such as social media and instant messaging. This, in turn, facilitates the process of obtaining information, making it possible to precede operational and reconnaissance activities with preliminary analysis of open-source data,” he adds.
There definitely is something to it. According to the assessments prepared by the US Defense Intelligence Agency, up to even 80% of the materials and data it uses comes from open sources. The Chief of British Defense Intelligence, Gen James Hockenhull, stated in December 2022 that the conclusions drawn from the war in Ukraine make it possible to consider OSINT a factor that greatly influences the quality and speed of combat operations. He also noted that it provides an opportunity to engage people from outside intelligence institutions or reconnaissance structures in collecting and analyzing information. “Using open sources of information is part of a broader spectrum of changes regarding intelligence analysis. Declassifying information and data, as well as making it accessible to the public results from the transformations taking place in the sphere of intelligence,” states Hockenhull. The conclusion is based on the fact that many activities which used to be associated solely with security structures are no longer exclusive to them. “New technologies, primarily the Internet, have opened up a lot of opportunities for ordinary citizens to collect and process data and information,” points out Józef Kozłowski. The access to such information, but also appropriate tools, are thus in the hands of not only specialists but also common people. There are now groups engaging in investigative journalism, whose main method of operation is the analysis of materials obtained from open sources. Such groups include Bellingcat, Forensic Architecture and Oryx.
In the digital era, also social networks provide enormous opportunities. Julian Assange, the founder of WikiLeaks, a service which publishes secret documents of governments and global companies submitted by whistle-blowers, stated, not without reason, that Facebook is a detailed and easily-accessible database for US intelligence. This is because information about people, their social and family contacts, names, addresses, connections, current whereabouts and all correspondence can be found there without much difficulty. Social media are also an excellent source of information for various organizations and services, governments, businesses and journalists. Similar solutions are used by officials, checking, for instance, if a given employee, who should be on sick leave, is not sharing holiday photos with friends.
Asking the Right Questions
The main problem of white intelligence is not lack of information, but its excess. Every day a vast amount of photos, videos, conversations, texts, graphics is posted on the Internet. In order for them to have value, it is necessary to collect materials that are of interest to us, and then to analyze them correctly. It is therefore necessary to use appropriate methods and tools. “We often associate OSINT with tools that enable us to quickly collect a large amount of information. However, its effectiveness always relies on the skills of the analyst,” points out Kamil Basaj. According to the specialist, the most crucial issue is defining the intelligence question in a way that helps to use the available tools effectively and efficiently. “Information must lead to some conclusion, to a precise thesis, concerning, for instance, a threat that is to be identified by means of OSINT. Coming up with a well-constructed intelligence question, determining the methodology and defining the underlying need are all very complex processes that require knowledge. And this is only the first phase of work. It is also crucial to conduct a critical analysis of obtained information and to draw conclusions. That’s why I call OSINT the art of inference,” emphasizes Basaj. He considers that last element of OSINT to be the key one. “Even if OSINT has very good tools and manages to collect a vast amount of information, it won’t be able to create an operationally effective product without appropriate methodology for drawing conclusions.”
In some cases, the search conducted through open sources can be truly spectacular. The most well-known operations of this type include the investigations conducted by the Anti-Corruption Foundation of the Russian opposition leader Alexei Navalny. Its employees, operating under an oppressive state system, out of concern for their own safety, were forced to navigate only within the constraints of the law, so as not to give the services an argument against themselves. Therefore, when looking for information, they used almost exclusively websites of government offices, registries, tax returns or photos published on social networks. They looked for information using search engines, image identification tools or services like Google Street View. Some results of those journalistic investigations include describing the hidden assets of ex-president Dmitry Medvedev, or revealing that Vladimir Putin owns a palace near Sochi.
Tracking Down a Criminal
Implementing a variety of tools, it is possible to obtain and analyze information without even moving from behind a desk. That is how Bellingcat, an investigative journalism service, came to life. It was reportedly founded by an unemployed Briton, Eliot Higgins, who began analyzing data on the ongoing war in Syria out of boredom. He reviewed materials from places where fighting was taking place, checked details, and compared them with publicly available information, concerning, for example, the characteristics of weapons. With the help of photographs and maps published on the Internet, he also located combat sites. He proved, among other things, that cluster munitions and chemical weapons were used in Syria.
This method of operation is widely used today in various circles. It is enough to have some basic knowledge and the ability to use the tools offered by the digital world to be able to conduct extensive investigations. One of the rather illustrative examples is that of the Oryx service, which became famous for keeping accurate statistics on the military equipment destroyed during the war in Ukraine. Its activities were based solely on graphic materials published online by Russian soldiers, Ukrainian soldiers, local residents or journalists. Therefore, it became possible to estimate the actual losses suffered by the two sides of the conflict in a situation of practical information blockade, since neither the Russians nor the Ukrainians publish data on their own losses, and the estimates they provide on enemy losses are not always reliable. There were instances during the conflict that when the Ukrainians announced success, the Russians immediately denied it. That was the case, for example, with strikes against Black Sea Fleet ships. However, the Russian information blockade often proved to be leaky, as videos and photos taken by random soldiers, sailors or laborers working in the ports appeared on social networks. The content they published gave the lie to official propaganda and showed the scale of the destruction. This, in turn, served the Ukrainian army as feedback indicating the effectiveness of the attack or its failure, making it possible to modify the methods of operation.
Open sources of information are also used by journalists who are trying to determine the scale of Russian casualties. The basis for such research are the obituaries published in regional Russian media. Although the Kremlin authorities are trying to hide the actual extent of the losses, it has been possible to obtain the precise number of people killed on the territory of the Russian Federation and in the two people's republics in eastern Ukraine – Luhansk and Donetsk. These figures might still be underestimated, as many people are still considered missing, but due to such initiatives, it is possible to gain at least a rough insight into how bloody the war in Ukraine is for the Russian society.
In the context of OSINT, this conflict has another hugely important aspect – identification of the identities of particular individuals responsible for war crimes committed during the hostilities. Some time ago, a shocking incident was made public due to videos published online, documenting how Russian soldiers torture a Ukrainian prisoner of war, castrate him and then kill him. Due to careful analysis, it was possible to determine not only the place where the crime occurred, but also the identity of the soldier who committed it. The quality of the video was poor, but on the basis of details, such as distinctive elements of clothing, combined with information obtained from other sources, it was possible to identify the perpetrator.
Currently, OSINT is also used in Ukraine to compile evidence and trial material on war crimes committed by the Russians. Owing to available photos, including satellite images, it has been established that the blame for the atrocities committed in Bucha or Irpin lies not with the Ukrainians, as the Kremlin has been trying to convey, but with the Russians.
The analysis of open sources of information allows for obtaining a broad spectrum of knowledge of high intelligence value, also in the context of state defense. “Reconnaissance is an ongoing, continuous process. The reason for that is simple: threats are evolutionary in character, with changing actors, tactics, operating techniques, with evolving and changing ways in which adversaries – state and non-state – are functioning and operating,” points out Kamil Basaj. As an example, he indicates the activities of the Russian Federation, which has been conducting numerous operations aimed to destabilize the region, gain influence. It also undertakes psychological operations, which are executed according to specific models. “In such a situation, OSINT analysis has to be continuous. It is impossible to focus on one, two selected threads, it is necessary to follow all the activities of the adversary,” says Basaj. He also adds that when conducting this kind of reconnaissance, we need to check very meticulously if the adversary’s trace that we come across informs us about their actual mistakes or is of misleading character. “OSINT is used today also for deceptive and apparent operations,” emphasizes Kamil Basaj. Józef Kozłowski also points to the risks associated with the wide accessibility of various types of data and information. “It is important to keep in mind that we are not the only ones undertaking white intelligence activities. Our armed forces must realize that data and information acquired in the public domain can also be used by a potential adversary.” The example given by the lecturer is the campaign organized by the MoND, aimed at persuading people not to publish on the Internet photos of own and allied troops moving across the country. “This information is crucial to state security. The example of the war in Ukraine shows how the content shared online can be used in combat operations. Data that helps, for instance, locate objects, detect and pinpoint targets, identify individuals, and even assess the mood and morale of the military, can be of key value,” admits the WSU expert.
Reconnaissance on Missions
OSINT proves effective not only at the strategic or operational level. Open sources of information are also used at the tactical level. OSINT was used, among others, by special forces subunits during the mission in Afghanistan. According to an officer who served during six rotations of the Polish Military Contingent under the Hindu Kush, open sources of information were used, among other things, for analysis and reconnaissance of the terrain in which operations were conducted. The operators also verified social media, various online forums or local media publications. “Thanks to that, we were able to assess such things as the mood and attitude of the locals. We also learned about protests or insurgent activity,” comments the special operations officer.
Experts unanimously admit that OSINT should not be feared. On the contrary – white intelligence capabilities need to be developed in Poland as soon as possible. First of all, we should train analysts not only for the military, but also for the public sector. The war in Ukraine proves that specializing in this field is of utmost importance.
autor zdjęć: US Army, Oryx, AdobeStock