Posted by Brian Monroe - firstname.lastname@example.org 07/20/2021
Special ACFCS Report: The Front Lines – The Investigations Series: Information Overload – What is OSINT, part 1 of 2
What is Open-Source Intelligence?
According to the OSINT Wikipedia page, it is “a multi-factor methodology for collecting, analyzing and making decisions about data accessible in publicly available sources to be used in an intelligence context.”
In the intelligence community, the term “open” refers to overt, publicly available sources, as opposed to covert or clandestine sources.
For the private sector, such as a financial institution (FI) investigator, it is rare to be in possession of clandestine, or covert sources/information.
That said, where does an FI investigator begin their OSINT research and how much research should be conducted outside of the transaction activity review?
The answer is right at your fingertips: Your computer and whatever web browser you choose to employ is where you should turn for an OSINT review within your investigation.
OSINT also has many dimensions, offensively for the AML professional to better find buried, lesser-known risks about individuals and entities, but also defensively.
The idea: to better understand what criminals, fraudsters and hackers already have at their disposal that could be used to steal someone’s identity, hack their systems or open the door to a devastating ransomware attack – a souring scourge that has hit epidemic proportions in the virtual world as the pandemic has pummeled our shared corporeal reality.
Some examples, according to media reports, include:
Discovering public-facing assets: The depth, breadth of the attack surface
Their most common function for many OSINT investigations is helping IT teams discover public-facing assets — these could be company websites, employee portals and online entryways that allow users to manipulate data from outside a physical premises — and mapping what information each possesses that could contribute to a potential attack surface, according to Chief Security Office (CSO) Online Magazine.
In general, they don’t try to look for things like program vulnerabilities or perform penetration testing, the realm of the cybersecurity officer. Their main job is recording what information someone could publicly find on or about company assets without resorting to hacking.
Though, ironically, in many cases, hackers have already posted some or all of their pilfered information troves as proof of their skills, to build their reputation or even, just to brag.
Discover relevant information outside the organization: Socially acceptable?
A secondary function that some OSINT tools perform is looking for relevant information outside of an organization, such as in social media posts or at domains and locations that might be outside of a tightly defined network, according to CSO.
Organizations that have made a lot of acquisitions, bringing along the IT assets of the company they are merging with, could find this function very useful.
IT assets may not just be the systems used to run a given company, but also detailed lists of names, passwords, intellectual property and other information. In the at-times hasty runup to close a merger, some information might get left behind and not deleted — leaving a residual risk for a breach.
Given the extreme growth and popularity of social media, looking outside the company perimeter for sensitive information is probably helpful for just about any group.
What form that media takes can also play into tools a determined and skillful criminal can use against an individual or organization.
For instance, if a person is prolific in their social media posts, bad guys could cobble those images together into a believable “deepfake” of the individual, something that comes with a higher likelihood the more senior the level of the corporate bigwig.
That can be taken even further with recordings and videos of a person – all items that can give more ammunition for criminals to create seemingly living, breathing digital copies crafted to do their bidding.
Collate discovered information into actionable form: Asset discovery, recovery
Finally, some OSINT tools help to collate and group all the discovered information into useful and actionable intelligence, according to the article.
Running an OSINT scan for a large enterprise can yield hundreds of thousands of results, especially if both internal and external assets are included.
Piecing all that data together and being able to deal with the most serious problems first can be extremely helpful.
At the same time, from the perspective of a fincrime compliance professional, the more outstanding details found during an investigation can both better flesh out the real risk of a customer, it could also preview if that individual or corporate account could be at a higher risk to be compromised.
About the author
Erin O’Loughlin comes to ACFCS with deep-rooted experience gained working inside the financial crimes/compliance industry in a variety of roles, including AML investigations for Bank of America, scouring dark web markets to identify proactive risk on the TOR network for Western Union, and supervising crypto fraud and money laundering investigations for Coinbase.
Prior to entering the private sector, O’Loughlin served as an operations officer in the Central Intelligence Agency for ten years.
She was posted in both overseas and domestic positions, specializing in Counter Terrorism, conflict resolution, mediation, and due diligence.
See What Certified Financial Crime Specialists Are Saying
"The CFCS tests the skills necessary to fight financial crime. It's comprehensive. Passing it should be considered a mark of high achievement, distinguishing qualified experts in this growing specialty area."
KENNETH E. BARDEN
"It's a vigorous exam. Anyone passing it should have a great sense of achievement."
(CFCS, Official Superior
de Cumplimiento Cidel
Bank & Trust Inc. Nueva York)
"The exam tests one's ability to apply concepts in practical scenarios. Passing it can be a great asset for professionals in the converging disciplines of financial crime."
(CFCS, Royal Band of
"The Exam is far-reaching. I love that the questions are scenario based. I recommend it to anyone in the financial crime detection and prevention profession."
(CFCS, CAMS Lead Compliance
Trainer, FINRA, Member Regulation
Training, Washington, DC)
"This certification comes at a very ripe time. Professionals can no longer get away with having siloed knowledge. Compliance is all-encompassing and enterprise-driven."
CFCS, CAMS, CFE, CSAR
Director, Global Risk
& Investigation Practice
FTI Consulting, Los Angeles