Foreword xix
Preface xxi
Introduction xxv
Part I Foundational OSINT 1
Chapter 1 Open Source Intelligence 3
1.1 What Is OSINT? 3
1.2 A Brief History of OSINT 6
The Past 6
The Present 8
The Future 10
1.3 Critical Thinking 14
1.4 Mental Health 16
1.5 Personal Bias 17
1.6 Ethics 19
Chapter 2 The Intelligence Cycle 23
2.1 What Is the Intelligence Cycle? 23
2.2 Planning and Requirements Phase 24
2.3 Collection Phase 26
The Art of Pivoting 27
Overcoming OSINT Challenges 33
RESET Technique 33
Gap Analysis 34
Why We Have So Much Data 37
2.4 Documentation Methods 39
2.5 Processing and Evaluation Phase 44
Scoping 45
Data Enrichment 45
2.6 Analysis and Production Phase 47
Visualizations 47
2.7 Reporting 50
Report Tone 51
Report Design 51
Example Report 54
2.8 Dissemination and Consumption Phases 54
Tippers 55
Feedback Phase 55
Challenges in the Intelligence Cycle 55
Chapter 3 The Adversarial Mindset 57
3.1 Getting to Know the Adversary 57
3.2 Passive vs. Active Recon 64
Chapter 4 Operational Security 67
4.1 What Is OPSEC? 67
Threat Modeling 68
Persona Non Grata Method 68
Security or "Baseball" Cards 69
Attack Trees 71
4.2 Steps for OPSEC 72
Outlining the Five Steps of OPSEC 72
Step 1: Define Critical Information 72
Step 2: Analyze the Threat 72
Step 3: Determine Vulnerabilities 73
Step 4: Risk Assessment 73
Step 5: Apply Countermeasures 74
4.3 OPSEC Technology 77
Virtual Private Network 77
Why Use a VPN? 77
Choosing a VPN 78
VPN Concerns 78
Privacy Browsers 79
Tor 79
Freenet 80
I2p 82
Virtual Machine 83
Mobile Emulator 85
4.4 Research Accounts 85
4.5 Congratulations! 90
Part II OSINT Touchpoints 91
Chapter 5 Subject Intelligence 97
5.1 Overview 97
What Is Subject Intelligence? 98
Digital Footprint 98
Examining a Subject's Pattern of Life 102
5.2 Names 106
Subject Names 106
Naming Conventions 107
Arabic Naming Conventions 107
Chinese Naming Conventions 109
Russian Naming Conventions 109
Name Searching Techniques 110
5.3 Subject Usernames 110
Username Searching Techniques 111
Correlating Accounts and Subject Information by Username 112
5.4 Subject Emails 116
How to begin connecting accounts 117
Correlating Accounts and Subject Information by Email 117
Google Accounts 119
Correlating an Email with a Domain 120
Email Verification 122
Privacy Emails 124
Data Breaches 125
5.5 Subject Phone Numbers 129
Typing Phone Numbers to additional selectors 129
Correlating a Phone Number with a Subject 129
Phone Number Spoofing 131
5.6 Public Records and Personal Disclosures 132
Methods for incorporating public records searches 132
Collecting Public Records Associated with a Subject 132
U.S. Official Public Record Sources 134
U.S. Unofficial Sources 142
Chapter 6 Social Media Analysis 145
6.1 Social Media 145
Key Parts of Social Media 146
Collecting Social Media Data on a Subject 148
Correlating Subject Social Media Accounts 149
Subject Associations and Interactions on Social Media 151
User Media and Metadata 156
Social Media Pivots at a Glance 159
6.2 Continuous Community Monitoring 160
Methods for the Continuous Monitoring of a Group 160
Facebook Groups 161
Telegram Channels 162
Reddit 164
4chan and 8kun 166
I Joined a Community, Now What? 167
I Am Unable to Join a Community, Can I Still Monitor Them? 168
6.3 Image and Video Analysis 169
How to Look at an Image/Video 169
Reverse Image Searching 172
Image- Based Geolocation 173
Image Analysis 173
Geolocation Steps 175
Image Analysis 177
Geolocation Steps 178
Image Analysis and Geolocation for Real- Time Events 181
6.4 Verification 184
Misinformation, Disinformation, and Malinformation 185
How Do We Verify If Content Is Mis/Dis/Mal? 186
Spotting a Bot Account or Bot Network 187
Visualizing and Analyzing Social Networks 190
Spotting Digitally Altered Content 193
Photo Manipulation 196
Video Manipulation 199
6.5 Putting It All Together 200
Chasing a Puppy Scam 200
Chapter 7 Business and Organizational Intelligence 209
7.1 Overview 209
What Is Organizational Intelligence? 209
7.2 Corporate Organizations 212
Understanding the Basics of Corporate Structure 213
Entity Types 213
7.3 Methods for Analyzing Organizations 215
Government Sources and Official Registers 216
Edgar 218
Annual Reports and Filings 219
Annual Report to Shareholders 220
Forms 10- K, 10- Q, and 8- K 220
Digital Disclosures and Leaks 220
Organizational Websites 221
Social Media for Organizations 225
Business Indiscretions and Lawsuits 226
Contracts 229
Government Contracts 229
Contract Reading 101 231
Power Mapping 239
Tips for Analyzing Organizations Outside the United States 243
Canada 243
United Kingdom 243
China 246
Russia 246
Middle East 249
7.4 Recognizing Organizational Crime 250
Shell Corporations 251
The "Tells" 252
7.5 Sanctions, Blacklists, and Designations 253
Organizations that designate sanctions 254
The United Nations Security Council 254
The Office of Foreign Assets Control 254
Other Blacklists 254
7.6 501(c)(3) Nonprofits 255
Primary Source Documents 256
IRS Form 990 256
IRS Tax Exempt Organization Search 257
Annual Reports 258
Consumer Reports and Reviews 259
Charity Navigator 259
7.7 Domain Registration and IP Analysis 260
An Organization's IPs, Domain Names and Websites 261
What Is an IP address? 261
What Is a Domain Name? 261
What Is a Website, and Why Does All of This Matter? 261
Analyzing Organization Websites 262
Robots.txt 262
Website Design and Content 263
Website Metadata 264
Analyzing WHOIS Record Data 265
Analyzing IP Addresses 267
IP Addresses 101 267
What Can I Do with an IP Address? 269
Words of Caution 270
Chapter 8 Transportation Intelligence 273
8.1 Overview 273
What Is Transportation Intelligence? 273
The Criticality of Transportation Intelligence 274
Visual Intelligence 275
Spotters 275
Social Media Disclosures 276
Webcam 276
Satellite Imagery 278
Signal Detection 281
Understanding Navigational Systems 282
Dark Signals 284
Signal Spoofing 285
Identity Manipulation 287
GNSS Jamming 287
GNSS Meaconing 288
8.2 Vessels 289
Introduction to Maritime Intelligence 289
Types of Maritime Entities 289
Vessel Terminology 290
Maritime Discovery and Analysis Methods 291
Vessel Paths and Locations 292
Vessel Meetings 293
Port Calls 297
Maritime Entity Ownership and Operation 300
Maritime Critical Infrastructure and Entity Vulnerabilities 301
Ship-to-Shore Critical Infrastructure 302
8.3 Railways 305
Introduction to Railway Intelligence 305
Types of Railway Entities 306
Railway Terminology 307
Railway Discovery and Analysis Methods 308
Visual Identification of Rail Lines 308
Railway Routes and Schedules 314
Railway Entity Ownership and Operation 317
Railway Critical Infrastructure and Entity Vulnerabilities 318
8.4 Aircraft 323
Introduction to Aircraft Intelligence 323
Types of Aircraft 324
Parts of a Typical Jet 325
Aircraft and Air Travel Terminology 327
Aircraft Discovery and Analysis Methods 328
Identifying Aircraft 329
Flight Paths and Locations 346
Limiting Aircraft Data Displayed and Private ICAO Addresses Listings 349
Tracking Cargo 350
Notice to Air Missions (NOTAMs) 350
Air Traffic Control Communications 352
Aerodromes 352
Geolocation and Imagery Analysis of Aircraft 355
Aviation Entity Ownership and Operation 358
Aviation Critical Infrastructure and Entity Vulnerabilities 361
8.5 Automobiles 362
Introduction to Automotive Intelligence 362
Types of Automobile Entities 362
Automobile Terminology 363
Automobile Discovery and Analysis Methods 364
Identifying Automobiles 364
Tips for Monitoring and Analyzing Automobile Routes 371
Automobile Entity Ownership and Operation 374
Automobile Security and Technology 375
Chapter 9 Critical Infrastructure and Industrial Intelligence 379
9.1 Overview of Critical Infrastructure and Industrial Intelligence 379
What Is Operational Technology? 384
What Is IoT and IIoT? 385
9.2 Methods for the Analysis of Critical Infrastructure, OT, and IoT Systems 387
Planning the Analysis 388
Five Possible Information Gathering Avenues 388
Visualizations 390
Plotting Locations with Google Earth Pro 391
Using Premade Visualizations 397
Public Disclosures 402
Contracts 402
Social Media 402
Job Advertisements 404
Company Disclosures 404
Infrastructure Search Tools 405
Censys.io 405
Kamerka 406
9.3 Wireless 408
Overview of Wireless Networks 408
Mobile Networks 409
War Driving 410
Low- Power Wide- Area Networks 412
Long Range Radio (LoRa) 412
Wireless SSID, BSSID, MAC 413
Service Set Identifier (SSID) 413
Basic Service Set Identifier (BSSID) 413
Extended Service Set Identifier (ESSID) 413
Media Access Control (MAC) Address 413
9.4 Methods for Analyzing Wireless Networks 415
Information Gathering Techniques 415
Here are some pivots for wireless network information gathering 415
Wi- Fi Searching Techniques 418
WiGLE 418
Plotting Wireless Locations with Google Earth Pro 421
Tower Searching Techniques 423
Chapter 10 Financial Intelligence 425
10.1 Overview 425
Financial Organizations 426
Financial Intelligence Units 426
Financial Crimes Enforcement Network 426
The Financial Action Task Force 426
The Federal Deposit Insurance Corporation 427
International Monetary Fund 427
Federal Financial Institutions Examination Council 427
The Office of Foreign Assets Control 428
10.2 Financial Crime and Organized Crime, Together Forever <3 429
Transnational Criminal Organizations 430
Politically Exposed Person 432
Anti- Money Laundering 433
The Counter Financing of Terrorism 435
Tax Evasion, Tax Fraud, and Embezzlement 437
10.3 Methods for Analysis 438
Financial Identifiers 440
Issuer Identification Number 440
Routing Number (ABA Routing Numbers) 440
Society for Worldwide Interbank Financial Organization 440
Value- Added Tax 441
BIN- Bank Identification Number 441
Location- Based Resources 443
Drug Financing Analysis Resources 446
Organized Crime Analysis Resources 448
Negative News String Searching 449
Chapter 11 Cryptocurrency 451
11.1 Overview of Cryptocurrency 451
The Basics of Cryptocurrency 453
How Is Cryptocurrency Used and Transferred? 453
What Is a Cryptocurrency Wallet? 454
What Is Blockchain? 455
Types of Cryptocurrencies 457
Coin and Token Quick Reference 457
Bitcoin 458
Ether 458
Binance 458
Tether 459
Solana 459
Dogecoin 459
Monero (XMR) 459
What Is Cryptocurrency Mining and Minting? 460
Types of Verification 461
Public Blockchains vs. Private Blockchains 463
Why Tracking Cryptocurrency Matters 463
Money Laundering 464
Fraud, Illegal Sales, and CSAM/CSEM 467
11.2 The Dark Web 471
Overview of the Dark Web 471
Darknet Marketplaces 473
11.3 Methods for Cryptocurrency Analysis 475
Where to Begin? 475
Starting with a Subject of Interest 476
Starting with a Wallet of Interest 478
Tracing Cash- Outs at the Exchange Point 481
Following Cryptocurrency Mining Scripts 483
Starting with a Transaction of Interest 485
Chapter 12 Non-fungible Tokens 489
12.1 Overview of Non-fungible Tokens 489
NFT Crimes 490
Ponzi Schemes and Rug Pulls 490
Fake NFTs 491
Get Rich Quick 491
Phishing 491
12.2 Methods for Analyzing NFTs 491
By Wallet Number or Address 491
By Image 494
What Is ENS? 496
Look for Metadata 497
Chapter 13 What's Next? 499
13.1 Thank You for Diving In with Me 499
Important Reminders 500
Index 503
