skip to top

10 Tips for Doing OSINT Legally

Many cybersecurity organizations consider gathering cyber threat intelligence to be among the most fruitful of cybersecurity activities. Corporate rules of engagement can help organizations avoid being subjected to unnecessary risks when gathering OSINT online.

The United States Department of Justice recently released guidelines for gathering online intelligence and purchasing data from illicit sources, responding to the growing importance of OSINT research within the private sector. The guidelines narrowly apply to cyber threat intelligence gathering on Dark Web forums and markets and to the purchase of data illicit sources by cybersecurity professionals. 

The report, “Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources” is directly relevant to cybersecurity professionals in the United States, but the concerns raised are universal. Though not a legally binding document, even in the United States, it does point to specific legal guidelines to weigh against current cybersecurity intelligence-gathering methods, as well as some grey areas that warrant further consideration.

The ultimate goal of such an exercise for a business: avoid becoming a victim or, worse yet, a perpetrator of a crime. That’s why, when private organizations are determined to engage in OSINT threat intelligence gathering, developing corporate rules of engagement can help mitigate trouble down the way.

OSINT Guidelines from the Department of Justice

  1. It is not illegal to access the Dark Web for passive research, even illicit forums and markets where criminal activity is discussed or undertaken if there is no criminal intent.
  2. Do review the terms of service of the site and consider your legal obligations therein.
  3. Do create fake identities, but do not claim that your fake identity has a special status (such as a government official).
  4. Don’t impersonate someone else or use someone else’s credentials without their consent.
  5. Don’t exploit a vulnerability or “hack” to access the data. If your organization does something illegal, your good intentions might not be enough to shield you from prosecution.
  6. Don’t communicate with other persons on the Dark Web unless your organization has seriously considered how the risks might outweigh the outcome. This will open you up to serious dangers from malicious intent. Don’t be a victim.
  7. Don’t share information that could be used to commit a crime. Security professionals ought to be very careful when communicating with people on the Dark Web. 
  8. Don’t purchase stolen data that does not belong to you, or tools you know to be illegal. Do not transact with Dark Web cybercriminals, unless your organization has seriously considered the legal implications.
  9. Do keep a record, such as screen captures, to use as an audit trail in case you end up being investigated for your cybersecurity team’s activity on illicit forums. 
  10. Do create detailed organizational guidelines for cybersecurity intelligence gathering. Take into consideration your own corporate interests, legal obligations, and the terms of service of the sites you are using. Especially for certain types of organizations, it is important to weigh this all against public opinion.

Read the full DOJ report “Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources

Protecting Your Corporate Interests

“Using cyber threat intelligence to prepare for or respond to cyber incidents can mitigate the impact of malicious cyber incidents, or in some cases even prevent them altogether. Timely, accurate threat intelligence can protect an organization and its customers from known cybersecurity threats and vulnerabilities… [and] many cybersecurity organizations consider gathering cyber threat intelligence to be among the most fruitful of cybersecurity activities.” – Cybersecurity Unit, Department of Justice

It is possible to gather cyber intelligence from forums and markets without directly accessing the Dark Web. Many organizations are opting to use OSINT threat intelligence platforms to conduct cybersecurity intelligence gathering. Media Sonar delivers advanced OSINT solutions that keep organizations safe from harm. Our platform lets you search and investigate Dark Web forums and markets where cybercriminals are prone to communicate, plan, and execute crimes. To avoid becoming a victim or a perpetrator, OSINT threat intelligence platforms help to make a big difference in mitigating risks to your organization. 

Get free access to one of our most popular reports written by our OSINT researchers – OSINT Best Practices: Legal & Ethical Considerations to understand the laws and warrants that apply to Law Enforcement and Corporate Security Teams

Get Started with Media Sonar