Open Source Intelligence (OSINT) is the process of gathering information that is readily obtainable through free access to public resources, and it has particular value currently as technological advances have increased the amount and accessibility of publicly available material. OSINT can be used offensively or defensively, such as by malicious actors or law enforcement; in fact, government agencies can, and do, use OSINT in both ways. Because of the importance of OSINT in offensive and defensive maneuvers in both the public and private spheres, there is utility in teaching students who could work in a variety of fields about the advantages and dangers of OSINT. This paper shares one educator’s experience creating and implementing an OSINT-inspired undergraduate classroom activity.
The following case study includes a detailed undergraduate course project description, with the logistics and scope for both technical OSINT and physical OSINT components. In the first part, student teams were given eight clues, which they could solve using any basic internet search engines. Each clue’s answer was a two-digit code; the clues were then assembled sequentially to reveal the latitude and longitude of a building on campus. In the second part, teams had to visit the identified building and complete physical observations, including typical clothing worn by occupants, ingress and egress points, entry requirements, and security protocols. They also had to locate a specific target within the building using a unique image as a clue that was provided by the educator. The goal for this project was for students to understand how information publicly available online could be harvested and pieced together to create individual profiles, identify schedules, and even design spear (targeted) phishing attacks. The course project was conducted in the Spring 2019 semester, with multidisciplinary undergraduate students. Both of the technical and physical OSINT projects were allotted 80 minutes. Student teams provided an in-class presentation and a final report about their experiences, and also completed an online evaluation survey asking them to rate the OSINT projects. This project was approved by the university’s ethics board.
Overall, students thought the project was fun and interesting, with many students enjoying the “scavenger hunt” aspect of the activity the best. Most students felt that the project went well, and they had few failures or challenges. Interestingly, most students recommended increasing the project difficulty. A key survey finding was that students indicated an increased awareness of the accessibility of public information, and some students mentioned that they could see how this information could be utilized for malicious or positive purposes, such as in the course of cybercrime or law enforcement. Finally, this paper summarizes lessons that were learned by the educator, including those related to ethical considerations, project design, and modifications for future implementations. The authors hope that this case study encourages educators across multiple disciplines to include OSINT-related activities within their curriculum to not only raise awareness about the many uses of OSINT, but also better prepare students for future employment across a variety of important fields.
Are you a researcher? Would you like to cite this paper? Visit the ASEE document repository at peer.asee.org for more tools and easy citations.