Review: Automating Open Source Intelligence
Editors: Robert Layton and Paul Watters
Pages: 222
Publisher: Syngress
ISBN: 0128029161
Introduction
You can discover a lot – too much, some believe – by digging through publicly available data. But, how to go about it, how to make the search as easy and quick as possible, and what are the things you have to be careful about? This book will tell you.
About the editors
Dr. Robert Layton is a Research Fellow at the Internet Commerce Security Laboratory at Federation University Australia.
Paul A. Watters is a Professor of Information Technology at Massey University. He co-founded the Cybercrime Research Laboratory at Macquarie University.
Inside the book
The various chapters in this book are written by a variety of contributors – researchers and scholars affiliated with a number of universities in Australia, New Zealand, and the UK (two chapters are written by the editors).
Also, most of the case studies included in it are also tied to the situation in those geographies. I don’t come often across non-US-centric books about information security topics, so this was a very welcome surprise.
Aside from various algorithms, methods and processes for automating OSINT (and their limitations), the contributors also address the topics of identifying entities with the help of social media, cyberattack attribution, enhancing privacy to defeat OSINT efforts, preventing data exfiltration from corporations, censorship, piracy, relationships between entities (linking actors), geospatial reasoning when it comes to open data, and the ethical considerations when using online datasets for research purposes.
I found the chapters on cyberattack attribution and defeating OSINT efforts the most interesting, and the research ethics one is sure to come in handy to current and future researchers. The topic is thoroughly addressed, many opinions and approaches are noted, and it can function as a start point for much needed discussions.
Each chapter can stand alone, but together they give an accurate view of the current situation – it’s a good mix of theory and practice(s). Despite the different authors of the chapters, the entire book has a great flow and was (for me) a pleasant and captivating read.
Final thoughts
The book gives insight into the challenges and limitations of digging through publicly available data. It should be an interesting read for researchers and digital investigators, but could also be an eye-opening one for Internet users in general, especially if they are interested in privacy.