OSINT / SA

OSINT / SA

Let’s start with some definitions here…

Wikipedia says,

Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (covert and publicly available sources) to produce actionable intelligence. (https://en.wikipedia.org/wiki/Open-source_intelligence)

And

Situational awareness or situation awareness (SA) is the perception of environmental elements and events with respect to time or space, the comprehension of their meaning, and the projection of their future status. (https://en.wikipedia.org/wiki/Situation_awareness)_

So far so good, but what does that mean? An easy example would be e.g. following the Twitter account of your local fire department. If there is anything big going on, they will probably tweet it and maybe even some recommendations like “keep your windows closed”. That would be already OSINT because you gather information (“intelligence”) from an open source (FD Twitter account) and you produce actionable intelligence (“something bad is going on”). It’s also SA because you’re perceiving an environmental event (“the bad thing”) and you comprehend the meaning (air is gonna be bad) and project the future status (bad air is moving your way).

This example also illustrates the point of OSINT/SA for a private individual: Know when bad things happen to be able to react accordingly (close the windows in this case).

Listening to radio and following Twitter accounts are very basic forms of OSINT gathering, though.

Huginn

For most of my OSINT gathering, I use huginn - a piece of open-source software which was specifically designed to gather and aggregate information from a variety of sources. My huginn instance e.g. pulls the RSS feeds from pretty much all Finnish news outlets, select international ones as well as various Finnish authorities - police, rescue services, etc. - and filters them for keywords. Whenever the right keywords are matched, it notifies me, depending on the SA value and urgency of the information. Routine information is just added to a list which provides date, time, headline and a link. More urgent information, say, police or rescue service warnings, are forwarded to my Matrix account and pop up on my phone. Critical information will pop up on all my mobile devices as well as be spoken by my Alexa speakers and pop up as toast on my TV.

ATAK

ATAK

In Fall of 2020, the US government made a civilian version of the ATAK military SA software available to the public. Through my work as a defence systems consultant I was already aware of the military version and for all SA geeks, the public release was a big deal. I started experimenting with ATAK right away. ATAK is very useful in its own right, offering the capability to work with maps and transfer information from one device to another through multicast. However, only together with a TAK server, it becomes really powerful. The official TAK server wasn’t released yet but thankfully, there were a few open source projects. My decision was for Taky because it’s super lightweight, fast and easy to administrate for console junkies and very docker-friendly.

Then I very quickly started to create feeders to feed data into my TAK server. ADSB data from adsbexchange.com, traffic information from digitraffic.fi, GDACS, tactical situation data from Ukraine, … ATAK has become my go-to-tool for everyday situational awareness and I share my TAK server with a small number of select friends.

But ATAK cannot only display data. One of its biggest powers is the creation of data. On the most basic level, it transmits its own location to the server. But one can also create all kinds of geospatial information and share it through the server. Points, geometric shapes, etc. ATAK also comes with a number of fantastic plugins, such as TAK Geocam, which allows to take georeferenced photos and send them via the TAK server or multicast, an XMPP client, which is awesome because I’m running an XMPP server for the better part of 20 years and many more. Found a cool new shop? Take a photo and share it through the server. It pops up on my friends’ ATAK on the map, with photo. And because the protocol is open and fairly easy, it’s not only very easy to feed data into a TAK server - it’s also very easy to pull data from a TAK server, e.g. into a home automation system, and react to it.