Today we’re going to quickly cover Open Source Intelligence (OSINT) collection for our NBPP exercise. But before we do that, I need to cover something I’ve been meaning to write about.
When we talk about the different disciplines of intelligence collection, I need to point something out as it pertains to security. With Signals Intelligence (SIGINT), what we get is what we get… and we get nearly everythingavailable. Not only does NSA scarf up a lot of data, but foreign intelligence agencies are also likely capable of collecting signals and electronic data (on you). And what they get is what they get; whatever you make available. No SIGINT asset can “task” you to say something. They can’t cue you to talk about specific information they want to know. They can’t ask you questions as you’re writing an email or talking on the phone. Whatever you say is what they get, so don’t give up the ship.
The same maxim applies for OSINT collection operations. We can only collect what our adversary makes available online or in print. Keep in mind when collecting OSINT, that there’s so much misinformation and disinformation on the internet that we really have to scrutinize critical information that’s been made so easily available or accessible. Sure, sometime we stumble upon a golden nugget; other times what we think is gold turns out to be pyrite. Something to think about…