Intelligence gathering usually starts with scraping information from public sources, collectively known as open source intelligence or OSINT. There is such a wealth of legally collectible OSINT available now thanks to social media and the prevalence of online activities that this may be all that is required to give an attacker everything they need to successfully profile an organization or individual.
If you’ve heard the name but are wondering what it means, OSINT stands for open source intelligence, which refers to any information that can legally be gathered from free, public sources about an individual or organization. In practice, that tends to mean information found on the internet, but technically any public information falls into the category of OSINT whether it’s books or reports in a public library, articles in a newspaper or statements in a press release.
Here is a classic use of OSINT – Warning that the below contains some stressing scenes.
On 6 March, huge anti war demonstrations across Russia saw more than 5,000 protesters arrested. 29 were taken to Moscow’s Brateyevo Police Station for questioning. There, an unnamed police officer wearing black subjected at least 11 young women to verbal and physical abuse, often amounting to torture. This included suffocation. Two of the detainees recorded their ordeals and on release leaked the audio to the press.
Despite international outrage and multiple calls for an investigation by a Russian politician, the authorities did not open a criminal case. In place of one, the victims set out to find the ‘man in black’ themselves. Using a leaked database from a Russian food delivery company called Yandex, archived social media accounts, and old dating profiles.
Finding My Torturer tells the story of how these young women came together to expose the identity of their torturer and his commanding officer using classic OSINT techniques.