Intelligence Collection on the Train

Sometimes I miss my SIGINT days: Listening into my target’s phone calls and getting juicy intelligence out of this. However, you don’t always need SIGINT to eavesdrop on interesting conversations.

The company that I work for offers a broad variety of security products. When it comes to securing valuable data and information, most of our customers rely on technical solutions. However, the best firewalls and security suites will not help, if information is continuously disclosed outside of hardened IT-environments by careless employees. As a former SIGINTer I was always astonished about how much information my intelligence targets would openly share over non-secure lines. Now that I left SIGINT behind, I still have the chance to eavesdrop on conversations every once in a while.

I have a one-hour commute to work each day and the time I am on the train has proven to be a valuable social engineering and OSINT training ground. Two weeks ago, I was sitting on the train when a gentleman sat down next to me and immediately started making phone calls.

1https://unsplash.com/@jcgellidon

The second phone call went to a woman named Kelly Adams. I know this because I could see her name on the screen of his phone. I could hear everything he said and since his volume was cranked up, I could also hear parts of what Kelly had said. Curious as I am, I immediately googled Kelly. Based on what I had heard, I could narrow it down to three individuals. One woman working for a large German defense company and two others in IT firms. The topic of the conversation was a pretty significant retention bonus that Kelly would receive, if she decided to stay with the company and move to Munich. It turns out the company was currently relocating its headquarters to Munich.

As soon as the gentleman ended this conversation, he started writing emails on his phone. Again in plain sight and did I mention that I am very curious? It turned out his name is Andreas Müller. Searching for the combination “Kelly Adams” and “Andreas Müller” led to the exact company. Dr. Andreas Müller was the head of the research and development department of a large German defense company and Kelly was one of the leading project managers for a specific branch. I did not need any sophisticated OSINT skills here, a simple Google query and LinkedIn search was enough. Dr. Müller then sent the details of the retention bonus to someone named Alfred, whom I assume was in HR. If I would have been working for an opposing company, I could have easily used this information to counter the offer Kelly received. But wait, it gets even better!

Next up, Dr. Müller opened spreadsheets depicting the budget of certain projects. Dr. Müller was sitting on my right and I held my phone to my right ear, simulated a conversation and managed to get a couple pictures of his screen. As of now, I had seen enough and it was time to approach him.

“Excuse me, Dr. Müller. May I ask you a question?”

You should have seen the look on his face. Surprised and shocked, as he was clearly not expecting this. I asked him if the conversations and the emails he had looked at were sensitive. I told him what I had picked up from his conversation with Kelly and showed him a picture of the spreadsheet. Still shocked, he did not really know how to react. I explained my line of work and handed him a business card. Dr. Müller can consider himself lucky, usually I charge customers for this kind of consulting and I think he learned a valuable lesson.

Remember: No matter how good your cyber security measures are, the most important aspect is minimizing human error and taking security serious at all times. I have often read that there is no patch for human stupidity. I do not agree and I am sure that Dr. Müller has been “patched” after our train ride.

I guess I never will be able to let the SIGINT side of me go. I just love eavesdropping in on people, so be careful what you say in public or on your phone, you never know if someone is  listening!

Matthias Wilson / 26.03.2019

The Golden Age of OSINT is over

Change is coming and it will greatly affect the way OSINT investigations are conducted in the future. Who knows, in a couple of years completely different skill sets might be needed to handle online investigations. Are we prepared?

In the OSINT community we constantly have to deal with changes. New tools and new platforms are always on the rise, just as old platforms and tools become obsolete in an instant. Staying updated is a continuous challenge, much more than just one person can handle. Luckily, most members of the OSINT community are willing to share any new discoveries, especially on Twitter. Therefore, following the hashtag #OSINT on Twitter, as well as numerous OSINT-related accounts, is the first and most important step when working in any area that requires OSINT skills.

There is always a lot of chatter on the future of OSINT and unlike many others, I do not think that Python is the future of OSINT. Does OSINT even have a future? Let us fast forward to the year 2022 and have a look at online investigations then.

roads ends2

January 2022:

Over the past years, more and more people have been made aware of their own data privacy and this has massively changed the way they use online services. What started with the release of the ‘Snowden documents’ in 2013 and continued with massive data breaches, such as the Cambridge Analytica case made public in 2018, has led to the desire to share less information publicly. This development basically made Facebook obsolete and new platforms have arisen in its place. Although Facebook still exists, the data it contains only has historic value and cannot be used for current investigations, much like Google+ or MySpace a couple of years back. Even though Facebook tried to turn the tide by changing privacy settings, the damage done by many the data breaches was too much to convince users to maintain a presence on the platform. Nowadays, social media is more anonymous than before, modern platforms do not require or request real names and information shared is not automatically distributed publicly. For OSINT investigations, this means that a real name might not provide a starting point to search for someone online. The main starting point is now an obscured username, which is hopefully unique enough to be used in investigations. How can we identify a username, if we just have a real name to start with?

In modern social media this is almost impossible. Unlike the old Facebook, which gave us a display name and an account name (mostly based on the real name), today’s social media does not reveal the real name. So, either you know the username to start with or you are pretty much screwed. Of course, another possibility is searching ‘historic’ sites that have linked usernames to real names, such as Facebook or maybe even Twitter. There are also commercial databases and people search engines that offer these services for a small fee. However, if someone was OPSEC-savvy before 2019, he or she most likely will not be found online easily in 2022. Even with a unique username, the information that can be obtained from social networks is marginal, since everyone is well aware of their own data privacy. If you are not a part of your targets network, you will not see anything. No updates, no pictures. Even likes and other forms of indirect communication between accounts will not be publicly disclosed. This rendered many of the Python tools developed over the past years obsolete, as the data that can be scraped is mostly useless.

With that said, how does OSINT look today? In general, we have shifted from the passive gathering of information to more active means of collecting data. I call it virtual HUMINT (VUMINT). The objective of VUMINT is to infiltrate target networks during investigations in order to see information that is not openly available and possibly even interact with the target on a ‘personal’ level. Whereas sock puppets in 2019 where mainly used to gain access to social networks in general, sock pockets nowadays are needed to gain access to specific profiles of our targets and their closed networks. Now, more than ever, it is important to have lifelike and tailor-made sock puppets to achieve this objective. A blog post from 2019 is still useful and gives a good description of sock puppets and how they should be setup: The OSINT Puppeteer. Building a sock puppet for a specific account is not something that is done in a short period time, so receiving results through VUMINT takes much longer than information gathering through passive OSINT. Naturally, there is no guarantee that a target will add you to his or her network, no matter how good the sock puppet is. This means you might invest a lot of time in the creation of a sock puppet without achieving any notable results. In certain ways, it is very similar to a target-centric phishing campaign.

Another challenge in modern OSINT is the vast dissemination of unverified or untrue information on the internet. Everyone can post everything online in an instant and everyone wants to have news in a heartbeat, making it harder for press and media to thoroughly research events before releasing information. Media and press institutes that fact-check and verify first are losing the battle against quick-releasing competitors. The customer’s demand for instant information over reliable information has flooded the internet with rumors and ‘fake news’. During investigations, more and more time is spent conducting OSINT research on the credibility of data found on specific targets. Finding the original source of the information, the so-called Patient Zero, assessing its trustworthiness and then determining how and if the information can be used in our investigations. Today, it is not the actual collection of open source data that is the key, but the actual evaluation of this material.

One thing that has not changed, is the fact that the global corporations behind online platforms, and thus intelligence services, still have the possibility to use all the personal data on users however they desire. While OSINT collection and intelligence has become more challenging for everyone outside of these corporations and intelligence services, it is easier than ever for them to make use of personal data. Whether it is tailor-made advertising or extensive profiling through intelligence services, our data and of course ourselves are now more transparent than ever. There is no hiding from global corporations or intelligence services anymore if we want to use online services. Luckily (or unfortunately), the personal data is not sold or leaked as much as it was a couple years ago, limiting the benefit of commercial databases.

In 2022, the Golden Age of OSINT in investigations is over. The trends that started around 2015, e.g. automating OSINT, do not work anymore. Instead of learning how to code, maybe we should focus on social engineering a bit more. A good OSINT investigator in 2022, first and foremost, needs to be a good intelligence analyst and have some strong Human Intelligence skills.

Thank goodness it’s still 2019!

Matthias Wilson / 04.01.2019

The Nexus Analyst: Understanding your Customer’s Requirements

Nexus is ‘an important connection between the parts of a system’, according to the dictionary. In an intelligence environment, OSINT has the same function. Another example of how OSINT can provide important leads for HUMINT and SIGINT in Afghanistan.

Open Source Intelligence (OSINT) is all about perseverance and following bread crumbs that lead to key findings. To be honest, you won’t always find the smoking gun and in some cases you might miss it. That’s one thing I have learned: No matter how hard you look, you are always likely to miss out on something. That is why the OSINT community on Twitter is so important. New tools and techniques are shared there and help broaden your own set of skills on a daily basis. Another important lesson, is to always have clearly defined objectives, the so-called Key Intelligence Questions (KIQ), when conducting OSINT research. What specifically is your intelligence customer asking for? This means you have to understand the ultimate goal and your customer’s mindset to a certain extent.

My concept called Interdisciplinary Intelligence Preparation of Operations (I2PO) relies on OSINT to support other intelligence collection types (ICT), such as Signals Intelligence (SIGINT) or Human Intelligence (HUMINT), and vice versa. Therefore, the OSINT analyst must understand the specific requirements for each ICT. If you deliver a phone number or email address to a HUMINTer, he might give you puzzled looks. Again, I would like to demonstrate my point with an OSINT case that might easily happen this way in military intelligence and intelligence services. In a previous blog post, we had HUMINT information as a starting point for OSINT. This time, we have a couple of Key Intelligence Questions.

Imagine we are forward deployed OSINT analysts in Afghanistan. We not only provide information on the general situation in our area of operations, but also support the adjacent HUMINT and SIGINT teams. Our HUMINTers want to know a little more about the family ties of their intelligence targets and the networks surrounding these people (KIQ 1). The SIGINTer just needs some selectors such as phone number and email addresses, which he could task in his SIGINT systems (KIQ 2). One of the intelligence targets happens to be Mohammad Atta Noor, a key power broker in Northern Afghanistan.

We start out with a simple Google search and we soon find an interesting site containing bios of Afghan VIPs: afghan.bios.info. The entry on Mohammad Atta Noor is quite detailed and also reveals the name of one his sons, Tariq Noor.

Next up we conduct a Google search on Tariq Noor in combination with the name of his father. This leads us to Tariq’s Twitter account, where he is pictured together with his father.

1.png

Twitter also suggests further accounts to follow, one of them being Khalid Noor. It turns out that this is another son of Mohammad Atta Noor.

2.png

So far, we have names and pictures of two sons. Knowing that Mohammad Atta Noor has even more children, we could continue our search and identify the other children, while trying to obtain pictures and more data on them. However, let us focus on Tariq and Khalid first. As their father is a successful businessman, it is likely that his sons have businesses of their own, or are maybe even connected to their father’s companies.

To check this, we again have a look at the Afghan company register (www.acbrip.gov.af). Since we cannot search for individuals here, we assume that Tariq and Khalid have companies named after themselves. This search within the Afghan company register produces good results. The first result when looking for Khalid Noor even gives us the phone number of Mohammad Atta Noor and a bit of his family history with the names of Mohammad Atta Noor’s father and grandfather.

3

Mohammad Atta Noor is the president of the Khalid Noor LTD and states his father’s name is Haji Noor Mohammad and his grandfather’s name is Mirza Mohammad Gul. In Arabic and Central Asian countries, this information is valuable when distinguishing same-named persons. A look into the shareholders of this company reveal not only that Khalid is a shareholder, but also mentions other business partners (and their family history, as well as phone numbers). All this information helps build a network chart including the relevant family ties. This is the information our HUMINT team was looking for (KIQ 1). Of course, the phone numbers answer the Key Intelligence Question our SIGINT Team had (KIQ 2). A query for Tariq Noor produces similar results, including phone numbers of Tariq and his business partners.

4

All in all, following OSINT bread crumbs led to amazing key findings. Now this information can be used for HUMINT operations, when trying to infiltrate the networks around Mohammad Atta Noor and, as mentioned, also to task SIGINT operations. A perfect example of I2PO!

In conclusion, this way to work makes me refer to an OSINT analyst within military and intelligence services as a ‘Nexus Analyst’, an analyst in between ICTs. Someone that knows what HUMINT or SIGINT really need to conduct their missions successfully and who takes this into account when browsing the web.

Matthias Wilson / 28.11.2018

I2PO – From HUMINT to OSINT to SIGINT

Sometimes even seemingly irrelevant information leads to key findings. In this case, the mere existence of a company led to unraveling the phone number of the son of Afghan Vice President Abdul Rashid Dostum.

Interdisciplinary Intelligence Preparation of Operations, I2PO, is a concept on combining the different types of intelligence collection to achieve the best results. In the following example, I will demonstrate a perfect case of an intelligence workflow that starts with Human Intelligence (HUMINT), utilizes Open Source Intelligence (OSINT) and lastly provides leads for Signals Intelligence (SIGINT).

Imagine you are part of a SIGINT team, dedicated to Afghan politics. While reading some HUMINT reporting, you come across a report regarding Batur Dostum, the son of the Vice President of Afghanistan, Abdul Rashid Dostum. The report informs about Batur’s businesses in Northern Afghanistan. One of the businesses mentioned is Batur Mustafa LTD.

This provides a starting point for OSINT research. While googling this company will not produce any notable results, a query within in the Afghan Central Business Registry (ACBR) might lead to some useful information. Luckily, the database in is English, so we will not have to use any translation tools. The ACBR database does not enable you to search for individuals, but we have the company name.

1

The result of this query gives us plenty of relevant data. Not only do we receive information on the company itself, but also on its shareholders and their personal data. This includes names, father names, phone numbers and residencies.

2

This is our target! Batur Dostum, the son of Abdul Rashid Dostum. He owns 50% of the company shares and his phone number is listed. The next step would be to task his phone number in our SIGINT collection. While we are at it, we should also task the phone number of the other shareholder and vice president of the company.

3

It is highly likely that this phone number might also produce decent SIGINT results.

As you can see, a piece of information that might seem irrelevant to start with led to a key finding and the possibility to enable further intelligence operations.

Matthias Wilson / 19.11.2018

Covert Operations in a Digital World

Even spies leave behind a digital footprint. Through social media profiles and various leaks they can be identified and their clandestine activities exposed. In the digital age it takes more time and effort to conceal covert operations, requiring new approaches as early as during their recruiting.

Covert Ops in a Digital World2.jpg

The recent uncovering of Russian GRU agents accused with the attempt to poison former Russian spy Sergei Skripal, as well as the exposure of Saudi Arabian spies in the murder of Jamal Khashoggi clearly show the problems intelligence services are facing when conducting covert operations.

Investigate journalists, such as the Bellingcat team, were able to identify the suspected culprits, often using crowdsourcing to do so. These two examples have proven how effective and timely the wisdom of the crowd can be. Another reason for the great results achieved in these online investigations, is the fact that the contributors to each investigation were highly motivated: they did not make these findings because they had to; they wanted to unravel the mysteries surrounding aforementioned cases.

Both times, blatant mistakes made by the operatives left a paper trail to follow, ultimately leading to the identification of several members of Russian and Saudi intelligence services. Not accounting for the various slipups, the main problem is that all culprits do work for their nation’s government and/or intelligence services and this was too transparent. The GRU operatives had addresses registered to known GRU locations, one of the Saudi operatives is seen in pictures where he appears to belong to the close protection team accompanying Saudi crown prince Mohammad Bin Salman on travels. These are just two examples showing links between the individuals and their governments.

The question remains, how an intelligence service can conduct covert operations that actually remain covert. One of the most obvious solutions to counter this problem is minimizing an operatives’ digital presence. This can be achieved fairly easy. Covert operatives should stay away from social media and press coverage. However, an old IT-saying states: “There is no patch for human stupidity.” Due to this, there will always be a margin of error, undisciplined individuals making exactly the mistakes leading to their public exposure. Massive CCTV coverage is causing another problem. It is impossible to travel nowadays without being filmed or photographed. As soon as these pictures of individuals are published in news and on social media, crowdsourcing kicks in. Maybe this individual was seen entering  a government building, maybe a former government co-worker recognizes him. Although the former co-worker should probably keep this information to himself rather than risking legal consequences (many have signed some form of non-disclosure agreement), this does not stop it from happening. Again, human error stands in the way.  In conclusion, intelligence services should try to rule out human error as much as possible. Regular screenings on intelligence employees aimed at searching for compromising information online could help counter these exposure threats in a timely manner. Another approach would be to decrease the amount of people who actually know of the covert operative. One radical, yet most likely successful approach could be keeping covert operatives away from government entities.

Let me elaborate on this. As soon as an individual enlists within a government entity and becomes part of this system, bureaucracy takes its toll and the individual is listed in numerous databases for mainly administrative reasons, also increasing the number of people who know of his existence. Travel expenses, payment processes and even journeys to known government sites leave plenty of breadcrumbs to follow and to identify someone as a government employee. In many countries, once you are on the government’s payroll, it is highly unlikely you will ever leave the comfort of having this government job and the benefits that come with it.

What if a covert operative never actually worked for the government?

The scenario I am about to explain might sound like it is from a Hollywood movie script, but it might be the only feasible way to conduct future covert operations. It all starts with proper recruiting. Identifying suitable candidates will be challenging and I will not discuss what traits are essential to become a perfect spy. Although former military members might be the first choice, their military service might be what uncovers them in the future. Let us look at the following fictional career:

A young, fit 18-year-old named James appears at a police or military recruiting office and expresses interest in an intelligence, investigation and/or special forces career. He achieves outstanding results in the following assessment center. These results are noted by the intelligence service, upon which they approach the potential recruit. Of course, intensive screenings are conducted beforehand and at no point is he invited to official government sites. All contacts are conducted by a dedicated handler. The used modus operandi is basically the same one used when acquiring HUMINT sources.

James receives an offer to work for the intelligence service but not in the intelligence service. He receives a scholarship to study political science at a renowned university, earning a degree which will provide the basis for his future civilian career. The scholarship is payed for by a complex system of front companies, eventually ending in some sort of charity. During his studies, James uses the semester breaks or long weekends to train the many skills needed for his covert intelligence service job. Officially, he is on long backpack tours around the world or other types of vacations. This training method takes much longer and is conducted individually at inconspicuous sites. However, after 3-4 years of part-time training and smaller operations during his university sojourn, James should be able to conduct covert operations.

After his studies, James receives a job in a worldwide consulting company. Of course, some strings were pulled in the background to enable and promote his civilian career. From time to time, James has to oversee projects in other cities or countries. This is the cover needed to enable worldwide travel to conduct covert intelligence operations. These projects could actually originate from government entities and thus fit to the intelligence operation.

After a certain time as a covert operative, James is removed from the operational line of duty. The compensation for his intelligence work could then be a non-covert job within the intelligence service (or another related government entity) or a severance pay.

This description is very short and is lacking many of the challenging details. I would like to point out a couple of interesting aspects to why this concept might actually be worth the effort:

  • The recruit could be dismissed at any time during the training program without major consequences. Other than his handlers, he does not have deep insight into the intelligence service, its locations or operations.
  • Providing a college education and kickstarting a promising civilian career, as well as offering an interesting field of work in the intelligence sector should prove extremely motivational.
  • The civilian career, when guided by the intelligence service, would deliver the best cover story for operations.
  • Failed operations could be denied easier by government entities. In this case, a statement like the recent Saudi “rogue operative theory”would pass easier.

Even though the ratio of supporting intelligence personnel assigned exclusively to such an external covert operative is higher than compared to the amount of supporting staff for regular intelligence employees, the external covert operative in total has less exposure to intelligence personnel. Regarding training, financial and operational planning, everything could be kept in a smaller yet highly professional scale.

Who knows, maybe these techniques are already in use by some intelligence services worldwide. That is probably the reason we never hear about it. Maybe the person sitting next to you on the plane is not just the business traveler he pretends to be.

Matthias Wilson / 24.10.2018

I2PO: OSINT in Support of HUMINT Operations

In a previous post I explained a concept I named ‘Interdisciplinary Intelligence Preparation of Operations’ and how this could be used to support military operations.

This post will concentrate on the use of OSINT to prepare and monitor HUMINT operations. I will not distinguish between military intelligence HUMINT and sources used by law enforcement agencies or journalists. In both cases, getting access to a source and the preparatory work needed for this are quite similar. Each HUMINT operation starts with the identification and selection of a potential source, thus finding someone in vicinity of our actual intelligence target, who is able to consistently report key intelligence. In the past, even the acquisition of a source was accomplished by HUMINT means. A case officer heard or knew of someone who might have access to specific information and he then talked his way around to finally approach the potential source.

With more and more information being available online, especially through social networks, this approach can be done virtually in some cases. Scavenging Facebook, VKontakte, Instagram, but also LinkedIn and Xing can prove very valuable when searching for potential sources. Of course, this always depends on how outgoing a potential source is on the internet. Sometimes an approach solely through social media could be sufficient, at other times this will not produce any results at all.

The following diagram in theory depicts the steps for OSINT support to a HUMINT case. This scheme is roughly based on the general intelligence cycle with its different stages. We have planning & preparation, collection, processing and evaluation and lastly dissemination covered. In our case the information will be disseminated to the HUMINT operation, which itself will start the whole intelligence cycle over again.

HUMINT-OSINT-Intel-Cycle

For a better understanding, I have created a fictive case (well, some of it is true…). Let us assume we are part of police special commission in Hamburg focused on the Albanian mafia. The recent shooting of an Albanian national and member of the local Hells Angels, with ties to the Albanian mafia, caused an upstir among different mafia groups operating in the area. So far, no information has emerged on the background of the shooting and existing police sources struggle to provide any intelligence on this topic. The Key Intelligence Questions (KIQ) are ‘What are the current activities of the Albanian mafia in Hamburg?’ and ‘Are there signs of an uprising conflict between different mafia groups?’

Therefore, our special commission has decided to attempt to win additional sources within this network of mafia groups. The higher leadership in a mafia network will not easily cooperate, so someone on the perimeter, with insight into the core, has to be found. Instead of the traditional approach on the streets, we will use OSINT to pave the way ahead of any physical approach.

This leaves us with our initial intelligence objective: Recruiting a HUMINT source within this network to answer the KIQs. Before we start our hunt for sources there are a couple of things we need to know. Who are the key players, do they have nicknames? We should have in-depth knowledge about our targets, e.g. is there target-specific behavior or a specific language used? Having this information gives us a baseline, which we can use to start our OSINT research. Our first step is to identify the known key players and their online profiles. Luckily, most of them are active on Facebook and Instagram and they like showing off their flamboyant life style. Clubbing, exotic cars, girls and champagne seem to be a vital part of the thug life in Hamburg.

Hamburg-Network

This chart depicts the results of the OSINT research on the core network of Albanian mafia in Hamburg, as it is visible on Facebook and Instagram. Now that we have found our potential intelligence targets online, we can survey their activities and figure out who is linked to them. There are many people surrounding this core network, so how can we identify someone who might be worth recruiting as a HUMINT source?

While reading comments to the pictures that these guys post, we stumble upon an individual who constantly idolizes the mafia leadership and their henchman und who frequently asks when he will be a part of ‘the inner circle’. ‘Soon’ is the most common reply and over the course of time he seems to get annoyed. Furthermore, a quick check in police databases reveals that he was registered  on minor crimes and was not yet linked to the Albanian mafia. Let us draw a quick conclusion: We have a person with a criminal record, who has contact to senior leadership of the Albanian mafia and is increasingly aggravated on the fact that he is not fully accepted in the organization yet. That sounds like a promising HUMINT source to me!

Keep in mind that this whole procedure, especially the actual HUMINT work done afterwards, takes time. No quick success will come from this. Once we have acquired the source and he is reporting from within the network, our OSINT work does not stop. Now is the time to evaluate the HUMINT information with OSINT. As we have already seen, our targets are very active on social media and this also applies to our source. If our source tells us he had met with one of the bosses on a specific date or time, it could be validated through a Facebook or Instagram post.

One day our source tells us, that in the aftermath of the shooting, the Albanian mafia leadership had met with Chechen mafia leadership the previous evening. At first, this seems unbelievable, as we had assumed that these two groups were currently opposed to each other. One of the Albanian leaders posted about this the following day on Facebook:

Hamburg-Meeting

This picture not only shows the Captains of the Albanian mafia, but also senior leadership of the Chechen mafia and our HUMINT source. We now know the meeting took place and we have the statement of our source on the topics of the meeting. It is vital that the source does not know we are tracking him and others on social media. We would not want any of this to be staged to back his statements and purposely give us false leads.

This short and fictive case shows how to use OSINT to enable HUMINT and to support HUMINT while an operation is ongoing. Of course, these techniques could also be applied by military HUMINT as well as journalists, as long as the targets and the potential sources are able to be located online.

OSINT supporting HUMINT: Another example of ‘Interdisciplinary Intelligence Preparation of Operations’, I2PO in short.

Matthias Wilson / 03.09.2018