Amaury Fierro
CEO
OSINT Latinoamérica
/
View from the Top

Providing Intelligence to Company Decision-makers

By Jan Hogewoning | Tue, 02/02/2021 - 09:13

Q: What added value do you provide to clients?

A: We have two businesses. The first is training: we train both company and government employees on how they can improve their research processes using mainly open sources. We take methodologies from the open-source intelligence field and transform them so they can be applied in different contexts. This ranges from the most basic academic fields to the more complex. For example, we are developing a methodology for doing due diligence on people who want to work at a security company.

Our second line of business is providing our own intelligence to clients. We provide intelligence-related products that are also based primarily on open-source materials. These include things like risk assessment, due diligence, criminal background checks and more.

 

Q: How do you define open-source intelligence?

A: Intelligence is a series of activities that can be applied within any organization to collect and process information to deliver something that is useful for the decision-maker. There is a myth that intelligence is like espionage. However, it simply means the process of collecting and transforming information. Within the intelligence process, there are different sources and perhaps the most important are open-source. Open-source materials are available to any person. This does not mean that they are necessarily free or in our language but they are legally available. It does not require hacking or anything else that could be considered illegal in some countries. Open source represents between 80 to 85 percent of all the information available globally.

 

Q: Is most open-source information on the internet?

A: Around 90 percent of open-source info is available online. However, there is still a great deal of information that is only available in the physical world. For example, in Mexico there is a public registry for properties. You can only access this by going to the registry and providing a copy of your ID. There are other sources that are only available physically, like many archives in libraries. We use any open-source, which means we also send teams to those physical locations.

 

Q: Your use Boolean operators, fractional and block searches and metasearch engines. How advanced are these tools?

A: We use hundreds of techniques and tools. Some are very basic. Boolean operators, for example, are when you apply quotation marks to a search input to make it more exact. Google has several search operators. Some are more complex for building complex searches. There are many metasearch or specialized search engines that can be used in specific scenarios for particular information. For example, there are engines specialized in social media or the news, as well as the deep and dark web.

Our training focuses on three levels: associate, specialist and expert. Experts can build their own scripts using a programming language like Python to develop scrapers that travel across the internet looking for information. The key to using these techniques is to integrate them into methodologies. These methodologies can be applied regardless of the topic.

 

Q: What are some examples of intelligence products you provide to clients?

A: We have 25 different products. They are documents that the decision-maker can use in several scenarios. Some examples include stakeholder analysis, risk assessment, due diligence, graphical monography or a risk map. A key product that we offer is a nontechnical risk assessment. This looks at everything that you cannot necessarily quantify; it is not financial or technical. However, a company that is looking to invest in a particular area still needs this information. The six risk categories we look at are: social, safety, political, health, cyber and climate. Knowing the conditions of these risks can greatly help in decision-making. For example, if you want to enter a particular municipality in Mexico, we can tell you how much corruption there is, how criminality works there and more. We summarize it all in one report.

Stakeholder analysis is another in-demand product. For example, we did one for a mining company entering a municipality in Mexico. We created a full profile on social leaders and the mayor in that municipality. This contained everything about them, mainly from open-source materials. We presented an assessment of how likely it was that these actors would pose a risk to the company’s investment. In this particular case, there were signs of local corruption.

 

Q: Do you provide one-time products or also periodical services?

A: We have both. Some clients hire us for only one specific report. For example, some companies hire us recently to do reports on  very specific topics. We have other clients for whom we create a tailored monthly report related to their particular needs. Some information is recurrent. For example, we are providing a monthly report on the spread of COVID-19 to all of our clients. In the end, we can adopt our methodologies to basically any topic. We just need to understand what kind of decisions our client wants to make. Then we apply a methodology, reorient the tools and change the search terms. This is relatively easy.

 

Q: How do you determine the credibility of sources?

A: We have our own scales. We rate the source and the data. A source with a low credibility rate sometimes does provide a clue that turns out to be true. We present our rating of the source and the data to the client. We always tell them the reliability of the information. If something is simply a rumor but it requires attention, we present it like that. We then continue looking for more clues on that issue.

 

 

OSINT Latinoamérica bases its intelligence mainly on open-source information. It also provides training in open-source intelligence research.

Photo by:   OSINT Latinoamérica
Jan Hogewoning Jan Hogewoning Journalist and Industry Analyst