WHY AN OSINT TEAM IS IMPORTANT FOR EXECUTIVE PROTECTION

Deb Kirby

Share this post

Nov 23, 2022

Over the past 10 years, open-source intelligence (OSINT) has advanced considerably. What is open-source intelligence? OSINT is the analysis of information about people or organizations from publicly available sources. While this type of analysis is widely recognized as a corporate security operations best practice, we still encounter executive protection (EP) agencies that have not yet hardwired this capability into their protective operations.

OSINT is a crucial element of an integrated approach to threat monitoring for protective operations. OSINT services can provide precious and timely insights into the habits, lifestyle, and mindset of a particular subject, including information that can range from their address, vehicle, and identities of friends and associates to interests, plans, and posts related to weapons, extremist causes, and troubling sources of inspiration. Combined with threat monitoring, OSINT services help to identify actors within groups that may pose a direct risk of violence.

The following are some reasons why OSINT strategy is an important part of an executive protection client’s prevention-oriented security approach:

Threat Actors are Rarely Obvious

Individuals who target a company or its executives aren’t always known ahead of time. Individuals may privately exhibit risk factors but often do not publicly display this behavior. They operate online “in the dark” by using anonymous profiles, not engaging with branded content and remaining as private as possible.

The conscious decision to physically harm or even kill an individual is often referred to as targeted violence. Targeted violence is usually planned, emotionless and predatory, whereas impulsive violence is reactionary with minimal advance planning. A grievance that goes unrecognized or resolved can escalate to an ideation that is researched and planned, prepared for, tested and finally acted upon with tragic results.

The 2018 real-crime series, The Assassination of Gianni Versace: American Crime Story, recaps the actual murder of the fashion powerhouse by Andrew Cunanan. In addition to depicting Cunanan’s childhood influences and history of violent behavior, it also notes his escalation from obsession and irrational thoughts about Versace to eventual stalking and pre-attack preparation. While Versace’s murder occurred before the advent of social media, this same behavior is exhibited by some attackers today who are technology-savvy and is evidence of the “pathway to violence.”

How our OSINT Team Uncovers Intelligence

Our OSINT team knows how threat actors evolve. We look at the same openly available, public information about our clients but do so through an investigative lens. We search websites to identify phone numbers and addresses, which can lead to information via public records. We search profiles on social media that provide additional information to search or verify information found elsewhere. We examine cached data and run multiple searches through an extensive portfolio of sophisticated OSINT technology tools and open- source databases, including the dark web.

We seek to capture information before bad actors do. Like cybersecurity defenders, we roam, sweep and linger in the same places frequented by individuals with malicious intent, using investigative processes to uncover compromising data. For example, an aggrieved individual with a grudge against a CEO or other executive could easily glean enough information from social media postings to show up at the school of the executive’s children or their sporting match during an away game. They could break into the family’s home and steal valuables, tail family vehicles on shopping trips or stalk the executive when the family is on vacation.

Six OSINT-Related Security Actions to Reduce the Risk of Targeted Violence

  1. Enable privacy settings on social media accounts. These are getting harder and more confusing to find and activate. It’s worth having your in-house team or experts periodically assess whether any changes have been made to social media accounts or user data-sharing policies that expose your protectee to risk.
  2. Avoid posting content that might increase risk if posted in the public domain. It’s safe to assume that whatever is on a social media profile can be viewed or shared by individuals with harmful intent. Effective protective operations include educating the protectee and their family and staff on the risks associated with allowing posts and other online content to include personal information, such as birthdates, cities of residence, schools, and planned dates for travel or social events.
  3. Use a password management program. With software such as NordPass, RoboForm and Keeper – supported by two-factor authentication – the protectee only needs to remember one password, which helps avoid the reuse of passwords across websites. Ensure that passwords do not contain any personal information, such as middle name, birthdate, child’s name, pet’s name, part of a phone number or home address.
  4. Close unused accounts. This is particularly important with financial accounts.
  5. Conduct or authorize a baseline, open-source intelligence assessment. Use the results of OSINT team's analysis to educate the protectee on the risks and proactive steps they can take to limit their risk by closing, shutting down, removing or changing any sensitive information in the public domain.
  6. Review OSINT reports regularly and be prepared to escalate to formal behavioral threat assessments at any time. Maintain regular, periodic OSINT sweeps. Change or update keyword search terms to broaden or narrow the scope of review based on the risk, threat and vulnerability environment confronting the protectee as the OSINT program evolves.

Strategic Advantages of OSINT for EP programs

In short, an OSINT strategy’s three most powerful features for any protective mission include: (1) the ability to detect, remove or neutralize a wide range of hostile penetration technologies; (2) flexibility in sweeping facilities in advance of key meetings or conducting “live monitoring”; and (3) greater assurance among senior leaders and attorneys that critical discussions and information are confidential and protected.

Jensen Hughes specializes in behavioral case management services and threat assessments for companies across all industries as well as U.S. federal agencies, other government employers and non-profit organizations. Learn more about how we leverage our open-source monitoring specialists, intelligence analysts and researchers to help you discover information on threats to your executives, employees, or organization and track issues of concern that require intervention.

Headshot of Debra K. Kirby

About the author

Debra K. Kirby
Debra brings command experience in patrol operations, investigations, organized crime, law enforcement training, policy development, data-led policing and internal affairs with an acute focus on integrity systems, covert operations and the need for strong accountability practices in support of operational priorities.