Recent conflicts around the world – in particular the ongoing conflict in Ukraine, and collateral events such as the sabotage of the Nord Stream pipelines – have reaffirmed how OSINT, or open-source intelligence, has become a mature and valuable investigations tool. While OSINT is widely known as a methodology used by citizen journalists exposing human rights abuses and disinformation by autocratic states, it is now increasingly being deployed to gain the upper hand in commercial dispute resolution.
Prior to Russia’s invasion of Ukraine, citizen journalists and media outlets were leveraging powerful commercial satellite imagery to expose the Russian military’s build-up of forces on the Ukrainian border, and to monitor troop movements. These amateur investigators played a vital role in undermining Russian attempts to justify the invasion and cemented OSINT as a beacon of light in an age of disinformation.
A defining feature of modern warfare is the vast amount of information available from conflict zones, including high resolution satellite imagery, data leaks and social media, with video evidence often live-streamed to a global audience. However, much of the information disseminated is contradictory or misleading – the results of a collapsing public administration, disruption in communication channels, and disinformation tactics by the belligerents. Through experienced and considered analysis, it is possible to reconstruct a reliable version of events using only open-source methods. This has particular value in a chaotic environment where on-the-ground enquiries become impossible.
An evolving discipline that has gone mainstream
The main driver behind the emergence of OSINT as a mature discipline in the last decade has been citizen journalism collectives, such as Bellingcat, publishing crowd-sourced investigations on matters of public interest. In contrast to mainstream reporting, in which unverifiable claims on national security matters are often attributed to anonymous intelligence sources, these citizen journalists derive almost all their findings from publicly available data feeds. Bellingcat’s hallmark investigations – the attribution of responsibility for the downing of Malaysia Airlines Flight MH17 to Russia-backed separatists in the Donbas in 2014, and the identification of the GRU agents responsible for the poisoning of Sergei Skripal in Salisbury in 2018 – embarrassed the Russian government, which had hoped to cover its tracks through disinformation.
The ability of OSINT to expose autocratic states’ covert operations and debunk their cover-ups did not go unnoticed. The discipline has now gone mainstream. It is commonplace to see OSINT underpinning major headlines by publications like the New York Times, for example in its use of commercial satellite imagery, mapping platforms and leaked document caches to expose the destruction of ethnic minorities’ religious sites in western China. High profile media investigations in turn encourage the leaking of sensitive, confidential data by whistleblowers, which percolates into the public domain but often remains unstructured and hard to find.
Even the most sophisticated and security-conscious adversary has weaknesses that can be laid bare by creative OSINT research."
In the public consciousness, OSINT is associated with exposés of human rights abuses and state aggression. But the implications of this trend for commercial disputes are clear. Even the most sophisticated and security-conscious adversary has weaknesses that can be laid bare by creative OSINT research. In contentious contexts, determined investigators can exploit crucial information which an adversary – or their family or associates – has allowed to slip into the public domain, like a long-forgotten financial disclosure, evidence of an offshore interest, or an incriminating digital artefact on an archived website. Such accidental disclosures need to be identified and collected promptly, as information is often removed from social media and other online sources without warning. The strategic use of such evidence in court can destabilise an adversary’s position and shift the balance of the argument decisively.
The increase in digitally available data
Before the internet became a ubiquitous part of daily life, OSINT, an acronym of military origin referring to intelligence gathering from publicly available sources, was viewed as less effective than other approaches to intelligence-gathering. Human-source intelligence, or ‘HUMINT’, involving the cultivation and handling of human sources who could offer confidential insights into sensitive topics, was of greater value. Both open-source and human-source work remain critical to investigations today, and human sources will always be able to provide information which simply doesn’t exist elsewhere.
However, as the quantity and quality of public data sources have evolved in the digital era, so have the applications of OSINT. Some data sources, such as vessel and aircraft tracking, or web domain information, cut across borders. But usually, the types of public record material available to an OSINT investigator depend primarily on the jurisdiction in question. Countries differ radically in terms of the information they allow to be published. The information environment depends on a given government’s stance on transparency, which affects its willingness to develop public databases online or enact effective Freedom of Information Access (‘FOIA’) legislation. It also depends on internet penetration and online habits, which will affect the popularity of different social media platforms as well as how they are used.
In countries with data-rich public records, such as the UK and the US, an OSINT investigator can be spoilt for choice with resources to answer a question. Beyond corporate records, we would typically expect to have remote access to government data including regulatory information, public procurement data, land and mortgage records, court dockets, insolvency filings, voter records, genealogy documents and more, alongside a wide range of commercial and user-generated data.
The art of the search
However, complex investigations almost never remain siloed in these convenient jurisdictions. The true test comes when information is needed from a country where the public record is considered to be a ‘black box’. The best investigators will stay closely attuned to the latest developments in these countries, and will know exactly what can be obtained and how.
For example, the poor online availability of official records and highly restricted media environment in regions such as the Arabian Gulf might discourage an inexperienced investigator hunting down assets. In fact, through methodical analysis of data from numerous sources the investigator can still build a detailed understanding of a company’s assets. These sources might include archived versions of the company website containing long-deleted information, investor presentations posted by careless employees to social media, subscription databases of construction and engineering project tenders, government land records and satellite imagery of real estate developments. The sources used will be tailored to the specific characteristics of the opponent.
OSINT practitioners typically rely on text searches to lead them to key documentary evidence. Despite the advances of machine translation, the identification and interpretation of documents normally requires a level of fluency in multiple languages during cross-border investigations. But in a recent OSINT investigation conducted by S-RM into Environmental, Social and Governance (‘ESG’) concerns relating to labour abuses at a factory in Asia, the key resources were in a language which was spoken by just a few hundred thousand people and had never been made machine translatable. Even conducting our searches posed a profound investigative challenge. We therefore leveraged non-textual artefacts, such as images of the factory, to identify the local script versions of certain key words, which in term led to a series of relevant documents in the local language, primarily court filings and social media posts. We could then have these professionally translated and begin building our dossier of the abuses.
OSINT in insurance claims
In recent years, S-RM has found OSINT to be a vital tool in contentious insurance disputes, particularly those involving political violence, terrorism, expropriation, business interruption and war. Insurers are incentivised to pay out promptly on legitimate claims, but rightly fear their susceptibility to fraud or misrepresentation, especially in the chaotic aftermath of a violent event. Ongoing political violence often rules out on-the-ground research as a means to understand the circumstances of a loss.
S-RM undertakes intensive OSINT investigations in these situations, building a granular timeline from official statements, media reporting, social media posts from locals, citizen journalists and other witnesses, and satellite imagery. This allows insurers to receive a blow-by-blow account of the loss event, supported by the evidence we collate and preserve. S-RM has provided this intelligence to insurance markets relating to the political protests in Hong Kong, the military coup and its aftermath in Myanmar, and the conflict in Ukraine. In the latter case, we have been able to investigate claims relating to vessels and cargos blockaded in Ukrainian sea ports following the Russian invasion, drawing on the same resources and methods as the journalists and activists debunking Russian propaganda.
OSINT’s value in gathering evidence
OSINT expertise hinges on up-to-date knowledge of specific research tools, and the contexts in which to apply them. But these tools come and go as technology and privacy laws evolve. Beyond knowledge of the information environment, an OSINT practitioner must have a deductive research mindset. This allows an investigator to synthesise data from disparate public sources to develop a bespoke intelligence assessment, underpinned by clearly sourced and admissible evidence. OSINT’s emergence as a mature discipline has up-ended the public understanding of intelligence gathering. For anyone engaged in a commercial dispute, its appeal is clear. Intelligence has very limited value if it is not admissible. The best way of producing this kind of court-ready documentary or digital evidence is through OSINT techniques. In addition, intelligence from open sources is almost always quicker, cheaper, more discreet and less risky to obtain than HUMINT. For these reasons savvy litigators are increasingly teaming up with skilled investigators and using OSINT to underpin their arguments.