In The Hidden and Visible Elements of OSINT: Part 2, we covered public conversations and how to identify language patterns to better detect threats. We will now begin to discuss the invisible part of the Internet to help you understand how to legally and safely investigate the Dark Web.
Private information takes many forms on the Internet. This might include a conversation through email, a direct message on social media, or data such as credit card numbers or medical information. It is not legal to conduct OSINT to collect the private information and conversations of others. It is not legal to obtain passwords, pretend to be someone else to get information, or otherwise commit acts of subterfuge to get information. Private information is generally out of bounds for investigators. That does not mean it cannot be obtained through warrants or by some other legal means, but getting access still requires a lot of preliminary investigation.
Make sure your team is up to date on how to perform legal & ethical OSINT investigations.
That being said, nothing is private online anymore. A lot of information gets collected by devices and apps, from the songs someone downloaded to the location on your phone. Even private conversations are captured somewhere. If that information is obtained by malicious parties, private information can end up going public. This information can be damaging and dangerous, it can then be ransomed off, or used to dox or shame someone on the Internet. It is the job of many investigators to locate this type of information in relation to the people and organizations under their care.
Beyond private conversations, which are not legally accessible without warrants if at all, there are hidden data sources that live on what is called the Dark Web. The Dark Web is an unconnected collection of private spaces online where communication, sharing, and transactions can often occur in plain sight.
Google only crawls 4% of the Internet, so we’re talking about 96% of it being out of reach to standard web users. And the Dark Web is growing, the number of hidden spaces created to facilitate private conversations has surged. The TOR network, Openbazaar, Zeronet, I2P, Discord, and Telegram are all considered part of the Dark Web.
The Dark Web is used to sell stolen data, market illegal goods, and support terrorism. The Dark Web also supports free speech in countries where Internet access is throttled. It has been corrupted though, and security professionals and law enforcement are taking great interest in this type of activity.
Understand the risks that Dark Web marketplaces create, and how they endanger public safety and corporate security with our latest whitepaper.
Investigators might not have to dig too deep to discover information about Internet behaviour, but they will have to dig broadly. Behaviour is often obtained through identifying patterns in behaviour, such as the time a person is posting messages online (Are they night owls? Are they weekend warriors?). It might include common reactions and responses, or potential stressors (Does one topic set them off?). OSINT investigators might not construct these patterns alone. Understanding behaviour is a unique skill. However, when conducting any OSINT investigation, behaviour can help provide keys and clues and should never be ignored. Behaviour and language will help provide information that can be used to build profiles for threat actors, to understand why, when, and how they might strike next.
The OSINT Investigator: Consolidating It All
In this series, we’ve covered a number of different topics. It is the job of the OSINT investigator to consolidate it all. Bad actors use the Internet to perpetrate criminal acts and do harm. Through a special lens, it is possible to uncover publicly available intelligence about their activities from the Surface, Deep, and Dark Web. Words, images, and underlying data can be used to piece together the elements of a malicious act, and behaviour can be helpful in identifying the motivation behind it. Not only does this job require technical expertise, but it also relies on a number of soft skills that are hard to replicate. While a growing number of organizations are making use of OSINT skills, it is still a challenge to find the right talent to fill those roles.
The Media Sonar platform helps fill those gaps with a platform that puts visible and hidden data sources at the fingertips of investigators, with time-saving workflows and tools to get the job done. Our platform gives security professionals of all experience levels the ability to proactively detect risks on the Internet, and investigate threats when they occur.
Book a demo to see how Media Sonar can help your team perform OSINT investigations across the hidden and visible elements of the Internet.