How to quickly identify a good OSINT report
In the legal sector, open source intelligence (OSINT) and intelligence in the broader sense are increasingly being discussed. For many, OSINT is an unfamiliar term. OSINT generally refers to intelligence produced by collecting, analysing and exploiting open source information to answer a specific question. Examples of open sources include newspapers, Youtube videos, academic research, and search engine results - essentially any source of information legally accessible to the public.
Most people are not familiar with intelligence reporting. Intelligence is often associated with somber-looking old men in military uniforms, pouring over maps and files labelled with ‘TOP SECRET’ in bright red letters, or it is conflated with the high-stakes drama of spycraft films like the James Bond series. It can seem distant and untouchable, and almost fictional. Yet, in reality, intelligence is simply about enabling informed-decision making. Its value to businesses is increasingly appreciated.
This article stemmed from our current research at Tyburn St. Raphael into OSINT’s use in the civil legal sector. OSINT is a valuable asset within this sector, and consequently, more people are encountering intelligence for the first time. For instance, a fresh graduate with a paralegal role or a legal administrator moving into a Junior Intelligence Analyst role will have likely had no prior experience with intelligence and could be surprised to see intelligence used in their role.
This article will help those new people receiving an intelligence report identify a good one. Known bad habits like obscurantism and jargon can undermine a report’s value. Avoiding these shortcomings maximises the value of OSINT. A good way to conceptualise an OSINT report is to compare it to a pie. Just as there are ways to quickly identify a delicious pie, there are things we can look for to spot a useful OSINT report.
Thinking about pie - Is there a clear intelligence request?
A good OSINT report has a clear purpose that aligns with and meets the user’s requirement. When a customer orders an apple pie, it should be immediately clear that the pie they receive is an apple pie. Likewise, when a user of intelligence orders an intelligence report, it should be instantly apparent to them that it answers their intelligence request. To quickly assess whether this is the case, there should be a clear ‘bottom line up front' summarising the report and answering the original question. If you cannot find the answer to the question of the report within 30 seconds, the report has failed the sniff test.
It can be tempting to simply request intelligence on ‘John Smith’, however this is unhelpful. Our research into the legal sector shows that intelligence reports are often too broad and are often made simply because a law firm has the capacity to do so. Perhaps, this is done to impress clients by boasting about having a commissioned intelligence report - regardless of the quality. A broad request like this often comes back with a subpar intelligence report, which fails to contextualise the intelligence. A typical example that we have found from the legal sector is a screenshot of a target’s private social media account without any contextualisation of its significance. What can you expect to do with that information?
Instead, the report should answer a clear request about ‘John Smith’, such as a subject profile which sets out their network, financial assets, or criminal history in relation to the case. The report should concisely contextualise why the information matters. For example, linking two individuals in a network could suggest that what appeared to be an accident was rather fraud. If you are left thinking ‘so what?’ after reading the report summary, then the report has failed. The purpose of intelligence is to provide actionable insight, allowing the user to make informed decisions confidently. A good OSINT report answers the original intelligence question quickly and answers the ‘so what?’ question.
Selecting the ingredients - Has the information been collected ethically and legally?
If you were suspicious about the contents of a pie or the person selling it, you might avoid it. The same can apply to an intelligence report. Do the findings and information in a report appear unsavoury and suspicious? Strict laws and regulations govern the type and how intelligence can be collected in the UK, EU and other regions, protecting privacy and abuses of power. All OSINT needs to be collected ethically and legally.
A baker might be tempted to steal high-quality ingredients. However, they know this could result in the closing down of their business. Similarly, intelligence practitioners are often tempted to use a range of legally and ethically dubious sources, such as leaked online databases. While such data can offer unique and potentially game changing insights, employing it can cause significant harm, including criminal offences and fines.
Important pieces of legislation to bear in mind are the General Data Protection Regulation (GDPR), which governs what data may be collected and how it is stored, and the Human Rights Act which protects the right to privacy. The Regulation of Investigatory Powers Act (RIPA) is also significant; it governs the use of surveillance and information gathering methods by public authorities in the UK. Adherence to GDPR is a massive issue and it could have implications for your business in the EU. Within a good OSINT report, the methodology outlines how the information was collected and which regulations it adheres to. This transparency is like buying a pie from a reputable baker. Conversely, an OSINT report without a methodology section or regard to key legislation is like eating an expired pie - it is liable to poisoning you and the entire business. If you think that the information collected in the report appears suspicious, it is an indication that it is not a good OSINT report.
Handling the ingredients - Has the information been tested and verified?
Do the ingredients of your pie and OSINT report look like they have been handled carefully? Relying on information that has not had its reliability and veracity validated to make a decision is obviously bad practice. In the legal context, using faulty information encourages a misinformed legal strategy that is ultimately ineffective while providing unverified information in litigation could result in it being determined inadmissible in court. Both circumstances result in financial losses.
Social media’s ubiquity has turned the internet into a breeding ground for misinformation and junk. What initially appears to be a reliable source can quickly turn out to be a piece of unsubstantiated information or produced with a dishonest intention. To the untrained eye, a toxic nightshade berry pie could appear to be a blackberry pie. Similarly, two images may appear to be identical on the surface. However, in a good OSINT report you should expect to see analysis of an image’s metadata to determine whether it has been manipulated - an increasingly important verification process in an age of photoshop and deep fakes.
Moreover, if a target provides a video claiming that an accident took place at a certain time and location, the report should verify its time and location using chronolocation and geolocation. You should also expect to see analytical procedures such as that the sources in a report have been corroborated and cross referenced. This ensures that facts have been validated, misinformation detected, and the overall strength of an argument improved. These verification and analytical techniques facilitate informed decision-making, and are much like the 5 star hygiene rating at a bakery that allows you to eat your pie with peace of mind.
The baking stage - Is the report clear and concise?
Overcomplication often ruins a pie. Simple is often best and this is certainly applicable to OSINT reports. Intelligence carries the stigma that it is inaccessible, clouded by secrecy and jargon. A good OSINT report is one that anyone can understand. Complex military language, often used to impress the consumer with the practitioner's expertise, only inhibits clarity. Our research indicates that some private sector intelligence reports exploit intelligence’s mystique to impress clients and justify higher fees.
Presentation is important, both for pies and OSINT reports.Placing the key findings at the top of the OSINT report is mandatory. If the key conclusions are unclear after 30 seconds, the report fails the ‘smell test’. Frequently, intelligence customers do not want to or simply do not have the time to read the full report. For them, quickly digesting the key findings in bullet point format is critical instead of wading through 10 or more pages of methodology to find the conclusion.
An appendix with the carefully collected intelligence is always useful and is good practice, especially in the legal sector if the evidence should be presented in court. However, it should be attached to the end of an intelligence report rather than at the beginning. The ‘flavours’ of the report - its insights and findings - should be clear, ideally found at the first taste of the report, and concise.
Conclusion
Hopefully, this article provides a set of guidelines- a ‘smell test' - for OSINT reports and does not just make you hungry for pie. While it is based on our research in the legal sector, these principles are applicable broadly to OSINT.
An ideal intelligence report is subjective and depends on the customer, but these general rules of thumb can help you evaluate its quality. Start by asking yourself: Is the intelligence request clear? Was the information collected ethically and legally? Has it been tested and verified? Is the report clear and concise? With experience, you’ll refine your understanding of what works best for you - just as you might adjust the sugar or baking time in a pie recipe.
The allure of intelligence can be dazzling, but remember to always trust your instincts. Your nose is your best friend for intelligence reports - it sniffs out the good from the ugly.
Tyburn Associates is a security boutique specialising in incident response and digital operational resilience. Our experts come exclusively from UK government, military, and academic backgrounds and have decades of experience in delivering intelligence-led investigations and solutions. We support organisations through digital crises that go beyond in-house capabilities, including ransomware, fraud, and online threats.
If you have any questions, or wish to get in touch regarding further information, please contact info@tyburn-str.com. If you are experiencing an incident, our emergency contact number is +44 2045 722 332.
