By Sheldon Greaves

Some of you may have see my earlier post on how intelligence professionals deal with deception (See “Dodging Deception: Tips From the Pros“), or perused my resource page detailing the craft of gathering and evaluating intelligence (“The Spook’s Home Companion“). Most of the heavy lifting in intelligence is done via publicly available information; open-source intelligence or OSINT in spook-speak.

Your Tax Dollars at Work

Besides the formal government agencies that are part of the U.S. Intelligence Community, the craft of intelligence is also the stock-in-trade at many think tanks and research institutions, such as the RAND Corporation. RAND recently unveiled their 2019 OSINT Guide and oh, what a treasure trove it is! Trust me, this thing is jammed. It is an amazing array of hints, tricks, tips, techniques, and fiendishly clever ways to suss out all kinds of public, but hard-to-find information.

Finding reliable information is becoming harder , partly because there’s just so much of it, but also because so much of it is unreliable. RAND’s OSINT guide has some excellent tools for winnowing facts from fiction, but also some great ways to speed up your research.

Rather than try to explain, I’m just going to give some examples. I may even put more examples in another post.

OSINT Tricks from RAND

Chrome and Plugins

I use Chrome as my investigation browser, mostly because Hunchly is only available for Chrome (see after). I add to it some helpful plugins:

• archive.is Button allows to quickly save a webpage in archive.is (more about this later)
• Wayback Machine to search for archived page in the archive.org Wayback machine
• OpenSource Intelligence gives a quick access to many OSINT tools
• EXIF Viewer allows to quickly view EXIF data in images
• FireShot to take screenshot quickly

Search Engines

Depending on the context, you may want to use a different search engine during an investigation. I mostly rely on Google and Bing (for Europe or North America), Baidu (for Asia) and Yandex (for Russia and Eastern Europe).

Of course, the first investigation tool is search operators. You will find a complete list of these operators for Google here, here is an extract of the most interesting one:

• You can use the following boolean logical operators to combine queries: AND, OR, + and -
• filetype: allows to search for specific file extensions
• site: will filter on a specific website
• intitle: and inurl: will filter on the title or the url
• link:: find webpages having a link to a specific url (deprecated in 2017, but still partially work)

Some examples:

• NAME + CV + filetype:pdf can help you find someone CV
• DOMAIN - site:DOMAIN may help you find subdomains of a website
• SENTENCE - site:ORIGINDOMAIN may help you find website that plagiarized or copied an article

A lot of this stuff is definitely on the techy side, but it’s worth knowing about if only to give you an idea of what’s possible. And, some of this might be worth taking the time to learn and master. As I’ve said before, in the post-truth era, we’re all intelligence analysts now.

Good hunting!