Open Sources and Operations Security:
The Dark Side
Robert D. Steele, President
OPEN SOURCE SOLUTIONS, Inc.
There is a "dark side" to open source intelligence (OSINT), and it is important that we illuminate this "dark side" lest we find ourselves defeated by enemies who are quicker than we are at exploiting open sources.
The dark side is really of two parts. The first part is that comprised of open sources available to our enemies, including criminals and terrorists, which give them capabilities which we do not recognize and against which we do not properly protect ourselves. This is an area of immediate concern to operations security professionals. The second part is internal, a failing which compounds our vulnerability. It is our persistence in ignoring the full range of open sources, and shackling ourselves with old restraints, including old forms of security and procurement practices which combine to blind our analysts.
Recently one of our associates, Mr. Richard Horowitz, completed a training module for the Defense Intelligence Agency which outlined in stark and dramatic terms just how extensive are the open sources available to criminals, terrorists, and other enemies--this apart from organized state-sponsored elements. Below is a brief summary of some of the findings:
-- Radio Interception. Our enemies can benefit from the devoted efforts of thousands of hobbyists and exploit such excellent publications as Monitoring Air Force One, and Guide to Embassy and Espionage Communications. The latter lists thousands of frequencies from fifty-five countries and many international organizations including INTERPOL. U.S. Federal Agency communications are routinely covered and reported on by hobbyists. Commercially available radio scanners cover the full range of frequencies.
-- Telephone Interception. The increased use of cellular telephones has given rise to greater interest in interceptions. At the same time, major criminal organizations have discovered that digital telephone systems lend themselves to manipulation--hackers have been hired in Europe (and perhaps in the USA?) to remotely install third-line sound-activated interceptions against law enforcement telephones. One popular guide in this area is Tune In on Telephone Calls: Scanner & Shortwave Frequency Directory.
-- Eavesdropping. Among many references available through open sources are a manual originally developed by the Department of Justice, Electronic Eavesdropping Techniques and Equipment. Within the United States alone, a wide range of surreptitious eavesdropping devices are available, from ball-point pen transmitters with a range of 200 meters, to telephone transmitters with a range of 400 meters, to bugging transmitters with a range of 1,000 meters.
-- Undercover Operations. All of the standard methods used by law enforcement are well documented in open source literature, affording those that wish to develop undercover skills ample opportunity to learn from experts. Lockpicking, surveillance techniques, elicitation and pretext calls--these are all detailed in open sources.
-- Direct Research. It merits comment that today's online databases, including many public record databases, and the powerful search & retrieval tools offered by different vendors, can significantly aid criminal and terrorist organizations, as well as state-sponsored intelligence organizations, in doing their homework on weapons systems, financial systems, and law enforcement organizations, to name just three obvious targets.
-- Explosives. In the aftermath of the Oklahoma City bombing, it bears repeating that the open source literature on how to create C4 and Semtex from scratch, how to mix readily available chemicals into explosives, how to add soap flakes to gasoline to improve its adherence--these are all easily available to anyone with cash and the sense to look.
-- Radio Detonation of Bombs. Open sources offer very sophisticated guidance to those who would do harm to others. A book, Improvised Radio Detonation Techniques, is quite explicit on how to modify cordless telephones, cellular phones, walkman radios, a child's toy walkie-talkies, radio paging systems, and other devices for use as remote detonators.
-- Vehicular Enhancements. Those responsible for defending against suicide bombers as well as for ensuring that thieves of classified materials do not escape may wish to focus on the ease with which normal vehicles can be armored and equipped with a variety of evasion devices including oil, smoke, and teargas emission systems.
-- Tactical Communications Jamming. The book Improvised Radio Jamming Techniques, is one of many that can assist criminals and terrorists in frustrating tactical law enforcement and tactical military operations.
The above are simply representative. Literature and expertise abounds in the open source world on bank card forgery, how to obtain legal offshore passports and create legal offshore companies, and--perhaps not surprisingly--how to choose and excel at a particular criminal specialty.
The second part of the "dark side" is internal, of our own doing. It is unfortunate that institutions are so very rigid and slow to change. It is well-established in the literature of political science that normal organizations take at least six years to understand and fully integrate a major cultural or "paradigm" shift. Unfortunately, in the closed world of intelligence, with its classified collection, security, and procurement procedures, my personal estimate is that twelve years is close to the mark. If we take the open source revolution as having begun in 1992, in the aftermath of the report mandated by Congress from the Open Source Task Force (and the public discussion of open sources led by Admiral William Studeman at OSS '92), then--sadly--we must conclude that we will not see ourselves fully exploiting open sources until 2004.
Although the US intelligence community has made modest progress in open source exploitation in the past few years, the reality is that we are--as with most countries where the words "intelligence" and "classified" are synonymous--really only paying lip service to the concept. The current standard of open source exploitation consists largely of providing on demand access to commercial online news and research services, and daily electronic feeds of Foreign Broadcast Information Service reports to individual analysts. In one major organization, the Defense Intelligence Agency, where there is a strong commitment to open sources by the Program Manager but a marginal commitment to open sources by the most senior functional managers, a Post-Graduate Intelligence Program thesis by LtCol Bob Simmons, USA, clearly established the unsatisfactory nature of our military intelligence community's access to open sources. Sadly, I hear from managers of Open Source Collection Facilities that they exist in name only, with no funding for LEXIS-NEXIS or DIALOG access, no funding for foreign language subscriptions, and--perhaps of greatest concern--no leadership from the Foreign Broadcast Information Service, which has failed to recognize and integrate the robust capabilities of military linguists and military intelligence professionals into a larger distributed network.
The reality is that the U.S. intelligence community exploits less than 20% of what is available through open sources, perhaps even as little as 5% or 10%. Until individual intelligence analysts are able to identify and communicate directly with leading academic, media, and business experts world-wide, and to do so within a supportive security and procurement environment, our policy-makers and commanders will continue to receive classified intelligence products that are severely deficient due to the lack of context, detail, and timeliness such as can be provided by the open source environment.
There are two aspects to the "dark side" of open sources--one is under the control of our enemies and threatens our operations security; the other is under the control of ourselves and threatens our intelligence competence.