OSINT-Disinformation-Grocery Store

Disinformation - the lie


Times, they are changing. A very good example is when a candidate for the next presidential election in the USA describes nuclear warfare as “‘Ding, Ding, Ding, Boom, Whoosh!’” I am thinking the elimination of civilizations, and others are thinking of a computer game – “Boom, Whoosh”.

Roles are a changing. For years, there have been computer hackers – the attackers, and there has been the public and private sector – the defenders. Those roles are changing. Just as in kinetic warfare, cyber warfare, is no longer one side being the attacker, and the other side being the defender. A good example of this is the application of Open-Source Intelligence (OSINT). OSINT has been described as the collection of raw data and transforming the raw data into intelligence. With the ever-increasing successful application of disinformation, targeted disinformation, OSINT is adding the application of disinformation to it collection and forming of intelligence. The OSINT framework becomes ineffective if it cannot survive the collection.


From Wikipedia:

Disinformation is false information deliberately spread to deceive people.[1][2][3] Disinformation is an orchestrated adversarial activity in which actors employ strategic deceptions and media manipulation tactics to advance political, military, or commercial goals.[4] Disinformation is implemented through attacks that weaponize multiple rhetorical strategies and forms of knowing—including not only falsehoods but also truthshalf-truths, and value judgements—to exploit and amplify culture wars and other identity-driven controversies.”[5]

In contrast, misinformation refers to inaccuracies that stem from inadvertent error.[6] Misinformation can be used to create disinformation when known misinformation is purposefully and intentionally disseminated.[7] “Fake news” has sometimes been categorized as a type of disinformation, but scholars have advised not using these two terms interchangeably or using “fake news” altogether in academic writing since politicians have weaponized it to describe any unfavorable news coverage or information.[8]

Disinformation campaigns by cyber criminals and nation states have been and continue to be extremely successful. The collection of data to build psychological profiles of intended targets, the application of Generative AI models to build image, voice, text based, and video streams designed to shape responses, have proven to be very successful for the attackers.

However, the same strategies and tactics applied by attackers have equal value for those collecting and formulating intelligence using OSINT Frameworks.

Protecting the Collector

“Passive vs. Active OSINT

Passive and active OSINT are both viable open source intelligence collection methods with different amounts of hands-on activity and in-depth research required.

With passive OSINT, users most often complete a simple search engine, social media, or file search or look at a website’s or news site’s homepage through a broad lens. They aren’t actively trying to collect highly specific information but rather are unobtrusively looking at the easiest-to-find, top-of-the-stack intelligence available. With this intelligence collection method, the goal is often to collect useful information without alerting targets or data sources to your intelligence collection activities.

When practicing active OSINT, the methods tend to be more intrusive and involved. Users may complete more complex queries to collect obscure intelligence and metadata from databases and network infrastructure, for example. They also might fill out a form or pay to get through a paywall for more information.

In some cases, active OSINT may even involve reaching out directly to sources for more information that is not publicly available or visible. While active OSINT is more likely to give users real-time, in-depth information than passive OSINT, it is much more difficult to do covertly and may lead you to legal troubles if your data collection methods aren’t careful.”

Active collections, while more likely to provide data that reflects the true context, the active collection of information increases the probability of the identity of the collector being exposed. Not good, because the collector of information now becomes a target.

Protecting the Collector

Role reversal, when the OSINT collector applies Generative AI and disinformation to make it more difficult for the target to identify the collector. The higher the bar, the cost, to identify, the less likely the target will identify the collector.

I owe the simple but effective technique of using a grocery store to distribute disinformation to Intelligence Techniques.

If a collection is active, then the target can collect information to identify the collector. The obvious is for the collector to sandbox with a virtual machine, mask the collection Ip address with a VPN, Tor, Brave browser, vary the pattern of collection, etc.

Layers are important. If the target is able to identify any piece of data that can be used to identify the collector, the goal is to make it as costly as possible for the target to establish attribution.

The collector leverages disinformation to raise the cost of attribution. Doesn’t matter whether it is a grocery store, a gas station, a warehouse club, etc., they all have programs, where, if information is provided, the shopper will get a discount on future purchases. If a collector wants to up the cost of attribution, the collector joins as many programs as possible. For each program, addresses are changed to some public address not too far away, the birth date is varied, the phone number is varied, and the name is slightly varied. These programs are collecting your personal information and selling the information to those that will make the information available on the Internet. Caveat don’t do this on forms provided by any government agency.


There is a war. It may not be a kinetic war; it may be cyber/psychological/cognitive. The goals are the same – to ultimately dominate. As in any war, it is about most effectively applying resources.

Discover more from Threat Detection

Subscribe to get the latest posts to your email.

Leave a Reply

Discover more from Threat Detection

Subscribe now to keep reading and get access to the full archive.

Continue reading