OSINT – Identifying Persons of Interest

On September 6th news broke regarding the release of Islamic States new magazine entitled Rumiyah…
 
While early detection is key such events also present additional opportunities to identify persons of interest (POIs) that may not have previously been known. OSINT solutions provide that ability.
 
In this Providence use case scenario, we will look at how Providence can be used to quickly identify POIs and other sources of intelligence such as propaganda and news repositories used by Islamic State supporters.
 
It should be noted that before we proceed that throughout this use case we have redacted the usernames and links for security purposes.Our first step in this use case was to limit our timeframe to the last seven days of collection and processing done by Providence.


 
We narrowed our collection results by selecting the Activity Timeline between the 4th through to the 6th of September with the 6th of September being when news broke of the new IS threat to Australia.
 
 
Conducting an ad-hoc search on “Rumiyah” within our Islamic State entity narrows the data set further, this includes narrowing the number of possible supporters talking about Islamic State and Rumiyah. You can see in the Activity Timeline in the below screenshot that chatter about the topic begins at 0600 on the 6th of September.
 
 
The first account that is identified as being of interest has already had its account suspended.
 

 
 
However, because Providence still captures and retains all data, whether a POI deletes a post or the profile is suspended, using a particular type of search technique allows a user to quickly identify whether that profile was of any real interest. This is of importance to law enforcement and intelligence community members as not only does Providence collect and process data but stores the results independent of social media platforms, meaning historical post data is retained in-house.
 
Or alternatively law enforcement and intelligence agencies can use the data captured as evidence to request data from the social media platform owner, which would contain data such as IP addresses associated with the profile involved.
 
 
Further searching identifies numerous other accounts of interest that are supportive of Islamic State and spreading propaganda. Another POIs profile is quickly identified.
 

 

 
This particular POI which has been identified is then posting links to further propaganda repositories using free ‘paste’ sites to promote the Islamic States message.
 
 
The Arabic text at the top reads:
 
 
In our previous use case we demonstrated how Providence can be used to monitor known threats at the individual level.
 
In this scenario we have seen how Providence can be used as an investigation tool with regards to Islamic State supporters active in social media, identifying new leads for follow up investigation or monitoring with Providence.

2018-08-30T13:36:43+00:00

About the Author:

Eric Flis is a Founder and the COO of WorldStack. He's an SME in open source intelligence and a cyber security consultant with government, private sector and international experience.

ENJOYING THE ARTICLES?

Your pulse for what's happening with Worldstack and across OSINT.