Open Source Intelligence: what is it and how does it work?

Richard Canale, faculty member at Global Institute of Cyber, Intelligence & Security (GICIS) and Business Stream Manager at EW Solutions Ltd, asks whether Open Source Intelligence (OSINT) can be used to track the migration of terrorist technology:

We have operated in counter improvised explosive devices (C-IED) and electronic countermeasures (ECM) arenas for the majority of our working lives and have been struck by the lack of usable technical information and global threat trend available at the user level. IED technical data is invariably classified irrespective of the source when fed into the exploitation chain. On the intelligence side of life, analysts are given an area of responsibility and so are very focused in on their own “patch” but are seldom looking across continents.

We have been collecting open source information on radio controlled IED (RCIED) and when its collated in a single repository, the Open Source Threat Database (OSTD), the trends and potential migrations of RCIED know-how are apparent. The question is, can we say that because a device appears elsewhere that there has been conscious decision for that to happen?

Technical criteria

Technically, the choice of device largely comes down to a small number of important but simple and well-established factors:

  • Availability: Generally perpetrators will use what is available locally and what they are familiar with.
  • Cost: With very few exceptions most receivers in RCIED are relatively cheap even if the transmitters might not be.
  • Plug and Play: Operations in areas such as Syria and Iraq has necessitated those without the technical training or backgrounds to use systems that are easy to configure or that work, plug-and-play, out of the box.
  • Repeatability and reliability: Complex systems that require soldering on to boards or configuration via a laptop can introduce margins of error.

Social Media

Social media is a key enabler in the dissemination of threat information; an example is the Nokia 1280. This handset provides some attractive features for wiring that negates external switches, and offers soldering points. But so do many other cell phones and yet (Fig 1), appear all over the place and are nearly always linked with al-Qaeda aligned organisations.

(Fig 1)

This is a small sample, but it demonstrates geographical spread; the configuration of the phones is uncannily similar. This is too much of a coincidence; there are a number of very easy to follow Jihadi videos that show how to configure the Nokia 1280. Almost plug-and-play, evidently reliable and repeatable, and appears to be organisation wide. Social media, word of mouth and training camps will all have something to do with this configuration type.

Organisational Directive

The Norwegian right-wing extremist Anders Breivik bombed Oslo on 22 July 2011 and then went on to a shooting spree. Concurrently, Breivik published his manifesto entitled “2083: A European Declaration of Independence”. This document contains a section on how to make explosives and provides a link to Firework Firing Systems.

(Fig 2)

In subsequent arrests of right-wing sympathisers in Europe in 2012 (Czech Republic and Poland) both the perpetrators had Alpha Fire firework remotes. It is not possible say unequivocally that there is a direct link, but they were reported as being sympathisers and coincidence cannot be overlooked. This system is cheap, plug and play, reliable and infinitely repeatable.

Migrant Jihadist or the “Caucasus Effect”

Although not necessarily peculiar to the Caucasus, the migration of mercenary or transient terrorists between troubled spots is bound to have an affect the types of devices that appear around the world.

(Fig 3)

Appliance controllers appear on a regular basis across a number of countries. Whilst most of the examples in Fig 3 are Islamist inspired, the use of the system by Maoists in India does break the mould somewhat.

Other examples of vehicles alarms and walkie-talkie systems that appear to have crossed borders or continents. Are these just a coincidence or are the perpetrators taking with them methodologies that they are familiar with? Without corroborative evidence or intelligence, at the OSINT level it isn’t easy to prove. But the coincidences, when viewed over time, are undeniable and the roles that the Internet and social media play are equally strong.

(Fig 4)

Does it help?

At the national agency level, where there is a requirement to send operatives overseas or track returning “home-grown” terrorists, this information is invaluable. For those in industry and/or national agencies with a requirement to design, develop and validate equipment capabilities and mission fills these trends can steer capability development.

To the original question, is it possible to spot trends and the movement of technology? The answer, based on the evidence above, is yes. Can it be used in a meaningful way? Yes, but it does not get away from the fundamentals of cost, availability, ease of use and reliability. Being prepared and trained to identify it when it happens is the key to saving lives and property and winning the information dominance battle.

Leave a Comment

You must be logged in to post a comment.