Open Source Intelligence and brand protection: application and best practices
Open source intelligence (OSINT) refers to data that can be legally obtained from open, public sources about an individual or organization, and you’ve probably used it countless times without even realizing it. When planning a dinner with friends, geo-location tools can help you choose a neighborhood that’s convenient for everyone. Next, you might want to check available bookings, or compare menu options and prices. Images of the dining room or reviews about the food might also color your opinion. Once all of the information has been gathered, you’ll have enough data to make an informed decision regarding your time and your money.
OSINT is no different in the world of brand protection. When applied to investigations, OSINT adds rich insight to the well of information we collect from consumers, private investigators, seizure notices, marketplace enforcement and customer tip lines. With OSINT, we are given the means we need to gain context and clarity in moving forward strategically.
Applying OSINT tools to Brand Protection
In order for a brand protection program to have impact, it’s important to clear out the “low-hanging fruit” and scale the supply chain to attack the problem at its source. For this approach to work, the data needs to be processed and analyzed using valuable OSINT tools.
When analyzing a target, there are several questions to consider:
Who is behind this?
There are many OSINT tools that can be utilized to determine your target’s name, address, phone number, email, VAT number, business records and several other pieces of identifying information. This is valuable intel for any investigator. Without it, determining which strategy to employ and what type of action is necessary becomes far more difficult.
What are they doing?
Are they selling counterfeits or grey market goods? Are they operating solely online or do they have a brick and mortar location as well? Are they selling on one marketplace or several? The breadcrumbs we collect both online and off could be the difference between submitting a takedown, sending a cease and desist letter with the potential to develop into a civil suit, or organizing a criminal raid. It’s important to understand the scope of an operation before taking action as the strategy for a “mom and pop” shop will differ to that of an organized crime ring.
What’s their intent?
How are they positioning the products they’re selling? By observing a target’s sales tactics, OSINT can help provide insight into the seller’s mind. Are they referencing a brand name, or using incriminating keywords to try to drive up sales, or are they oblivious to your brand and simply making an honest mistake? This intel can facilitate proving willfulness in a court of law and further inform your approach.
What else are they doing?
Typically a brand will search for their own relevant keywords, such as their best-selling products in primary marketplaces, and may miss other OSINT-based clues that would aid an investigation. A target may be counterfeiting another brand, providing the opportunity to team up and share information, costs, and other resources. A simple search to see other domain names an individual has registered might give insight into other aspects of their lives. Perhaps they are running the website for a well-documented organization (a religious group, their local PTA, an athletic team, a legitimate business), or helping a less tech-savvy friend or family member to register a domain. These seemingly unrelated elements of our targets’ lives may be the way in which we find and identify them. Our lesson here? Leave no stone unturned.
What aren’t they doing?
Some targets are perceived as larger threats, but, after deeper excavation, are found to have negligible activity. Uncovering the scope of an organization might reveal that their impact isn’t as great as initially suspected and certainly not worth the time or budget to enforce against. Learning these details can help a business make smart and strategic decisions and provide reassurance.
What are their assets?
If you’re looking into an organization, take note of their business registrations, their board of trustees, how many offices they operate and how many workers they employ. If it’s an individual, what is their house worth? What model car are they driving? Do they wear designer brands or budget? How great is their influence? How many reviews did their online shop garner and how many people follow their channel? How do they spend their money? If your target is going on elaborate vacations, it’s likely they’re turning a tidy profit from their illegal operation. Although not definitive data, intel of this nature can create a good baseline if you’re requesting damages and can help attract the attention of an executive board in order to secure necessary funding.
Individualizing your targets
What’s their legal name or alias? What do they look like? Knowing this can aid your investigation, and aren’t you more likely to remember someone once you’ve put a face to a name? When talking to any brand protection professional, it’s likely that they can remember a handful of high value targets they’ve enforced against as if they were old friends. Further, sharing information about these targets creates a vested interest for executive appeal.
Connecting your targets
There are many valuable OSINT tools that will map visual connections of your data, illuminating links that might have otherwise been missed. Clustering your intel may reveal that a small fish is actually a big one or link dormant data with current data. Uncovering these links can help to identify crime rings where enforcement may have a real impact on your issue.
Cross check your intelligence
OSINT can also be useful as a means of fact checking. You can’t believe everything you read on the internet and if you’ve ever conducted an internet search on yourself, it’s likely you’ve found a mixture of true and misleading information. Your current address may be listed alongside several previous addresses as well as a list of family members you may or may not be related to. Cross checking information might help you confirm data you were previously uncertain about. Maybe you know which car someone drives and can use it to confirm their house number by employing a satellite imagery and photography tool like Google maps.
Be mindful of your source
When collecting and utilizing data obtained through OSINT, be mindful of how accurate that information may be, how reliable your source is, and the potential margin for error. There are tools that scrape the internet for data, but be sure to question how often they scrape and how current the data stored for reference is. Ideally, a source should be established and trusted, but in the world of OSINT, there is value in exploring some of the less authoritative sources. Social networks are rife with subjective opinions and misinformation. An entire industry has risen out of social media where influencers paint a picture of a rosy life sharing just the highlights. Not all sources are created equally.
Merging online and offline investigations
A pitfall of brand protection programs can be that there are many moving pieces and players and often the work can get segmented. OSINT is relevant whether you’re working online or offline, investigating or enforcing, and it’s critical to align process and goals and embed your investigators into your work to achieve big picture success. For best results, it helps to remember that data isn’t simply for collecting. It needs to be analyzed so that knowledge may be extracted in order to prove useful.
Be mindful of bias
It’s impossible to be free of cognitive bias. We are all predisposed to have certain attitudes towards race, gender, ethnicity, etc. When conducting investigations, do your best to leave these impressions at the door and be as objective as possible to ensure your bias doesn’t color your intelligence efforts.
Invest in the tools
There are a number of tools you can invest in to harness the power of OSINT. Talk to colleagues and investigators to learn what they are utilizing and why, and be sure to stay current as new tools are constantly being introduced in this emerging and dynamic landscape.
Document your findings
When working on any investigation, it’s important to document your findings. Be meticulous and preserve the evidence uncovered to ensure its irrefutability. Many would argue that screenshots aren’t sufficient. A number of investigators these days rely on technology that records them as they work, robustly documenting as they navigate online and offline intelligence-seeking ventures, recording their every move.
Ethics of OSINT
Just because you can hack a website doesn’t mean you should. It can be tempting to take shortcuts if you have the skillset but ignore the pull and stay above board. Evidence that is illegally obtained won’t hold up in a court of law and may damage your reputation for future proceedings. Additionally, not all information uncovered is relevant for inclusion. While investigating, you may learn details of a target’s marriage or family that isn’t connected to their illegal ventures. The objective is not to harm or blackmail the target but rather to gather intelligence to enforce their activity effectively and strategically.
Similarly, it is best to refrain from using information illegally obtained by third parties. There are several websites that leak confidential information to the public gained illegally or unethically, sometimes lacking government clearance.
General Data Protection Regulations limit the processing of personal data and must be taken into account and followed, which is why it’s imperative to stick to open sources of data.
It’s of utmost importance that investigators protect themselves and preserve their anonymity. Good covers must be established on a frequent basis and different covers should be employed for different investigations to avoid cross contamination. A profile used for pharmaceuticals would not also be interested in pirated content. Do not use your own photo or someone else’s likeness. AI services can create images of a person who doesn’t exist. Further, VPNs can be used to hide an IP address and make it appear that you are based in a different country. The goal is to create realistic aliases while staying safe and anonymous.
Know the limits
Sometimes the data just isn’t there. Know when it’s time to take a step back or to pivot and try something else. Blending OSINT with human intelligence can be a great method for delving deeper and learning more about the inner workings of a high value target by engaging directly with the seller.
The world of OSINT is young and formalizing quickly with new tools being introduced all the time. It’s impossible to subscribe to everything, but stay current about new advances in technology and know what tools are available.
Our evolving digital world presents a treasure trove of information waiting to be mined. Although the application of OSINT presents some challenges discussed above (misinformation, privacy, and legality), ultimately, it provides a wealth of data and it would be detrimental for any investigator or brand protection professional to ignore it. Explore the tools and techniques, set a clear strategy, and harness the power of OSINT to further your success.
With thanks to Joshua Hopping, Senior Customer Success Manager and Gerald Jenkins, Director of Intelligence, both at Corsearch, interviewed March 2022.