“U.S. Army Open-Source Intelligence (OSINT)” – with Dennis Eger & Shawn Nilius
Andrew Hammond: Welcome to "SpyCast," the official podcast of the International Spy Museum. I'm your host, Dr. Andrew Hammond, the museum's historian and curator. Every week, we explore some aspect of the past, present or future of intelligence and espionage. If you enjoy the show, please consider leaving us a five-star review and telling a friend. Coming up next on "SpyCast."
Shawn Nilius: Really because there's so much technology out there, and everybody having a phone, again, somebody's collecting information for OSINT. We're going to take that information and turn it into intelligence. [ Music ]
Andrew Hammond: This week, we're joined in the studio by Dennis Eger and Shawn Nilius. Combined Dennis and Shawn have over six decades of service through the United States Army under their belt. Dennis is the Senior Open-Source Intelligence Advisor, and Shawn is the Director of the Army's OSINT, or Open-Source Intelligence Office. In our modern age of technology and information overload, open-source intelligence has emerged as one of the fastest growing and most important INTs in the intelligence field. In this episode, we discuss what is open-source intelligence or OSINT, examples of OSINT from the war in Ukraine, how the army utilizes and collects OSINT, and OSINT across the U.S. intelligence community. The original podcast on intelligence since 2006, we are "SpyCast." Now, sit back, relax and enjoy the show. Well, I think this is the first podcast I've done on OSINT, and I want to do many more.
Dennis Eger: Hey, it's great to -- great to be here. And thanks for the invite. A topic that is increasingly important, not just to the intelligence community, but to the army, particularly.
Shawn Nilius: Yes, thanks for having us. We're excited to be here to -- to talk about where the army is and where we're going with OSINT.
Andrew Hammond: I think for people out there that don't know what that is, could you just tell them what open-source intelligence is?
Dennis Eger: Well, yes, I'll start. We usually plan this back and forth. So, really the way we define it, because you have publicly available information. And so, that's accessible by anybody, right? And you know, Shawn always talks about it in a way of when we look at the, you know, an iceberg and what's above the water and what's below the water. And so, what's above the water is you know, a very small piece is what you see, and that's about 3% of the internet. And that's probably the Google searches and the publicly available information that you get every day. Underneath the water, that other 97% is stuff that you don't necessarily see every day, still publicly available but folks with particularly trade craft and training, are able to kind of weed through that other 97% to find what they need. So, you have that publicly available piece, but OSINT itself is -- we define it as based off of you know, a collection, based off of a commander's intelligence requirement. So, if a commander or someone on the ground says, "I need you to look at this specifically as a collection requirement holistically set against the rest of the collection requirements we have," that becomes open-source intelligence. And that requires training and trade craft and authorities, a lot of different things. And it's different from just saying, "Hey, I'm going to go on to the internet and I'm going to research something." So, that's kind of -- we define it based off of an intelligence requirement for collection purposes.
Shawn Nilius: Yes, and then I think for the execution, what we're looking at is first you have to be an intelligence professional. Okay? So, an intelligence professional properly trained and certified to actually go and do collection under approved authorities and mission to actually do the collection, and then as Dennis mentioned, going after a specific intelligence requirement that a commander has stated that they need to have an answer to.
Andrew Hammond: Okay.
Dennis Eger: And I'll steal Shawn's example, I think. He was at the -- especially when Ukraine--
Shawn Nilius: Ukraine.
Dennis Eger: -kicked off and it was the--
Shawn Nilius: BTG.
Dennis Eger: -BTG, right? The Russian BTG's. And so, if you get up in the morning and on CNN you hear there are Russian BTG's in the Ukraine. That's publicly available. And you go on and you say, "Well, I don't really know what a BTG is. Let me search the internet. "Oh, this is what it is," right? That's publicly available. But when someone in your organization comes and they say, "I need to know where those BTG's are in the country. What do they consist of, you know, equipment wise and everything. But where are they at? That's a targeted collection effort against a requirement. That becomes open-source intelligence. So, that's kind of how we differentiate it.
Andrew Hammond: And BTG is bat for you tactical group?
Shawn Nilius: Dennis Eger: Yes, yes.
Andrew Hammond: Okay.
Shawn Nilius: And so, when you look it up, if you Google it, because I did. It'll tell you that it's the smallest combined arms element of the Russian forces. But when you start, as Dennis said, when you start digging into, "Well, how many of them are there?" and then, "How many of them are actually in Ukraine? And then where are they located?" you're -- you're getting into collection requirements to answer specific questions for commanders, now you're doing collection. And to do that, that's open-source intelligence.
Andrew Hammond: So, I have a couple of follow up questions. So, one of them, when you say "professionals -- intelligence professionals," I'm guessing you're getting at the idea that I can do some things that Gordon Ramsey does on TV with the -- so, I can do for example, some open-source techniques, but because I do what Gordon Ramsey does, doesn't mean that I'm a chef. That takes professional training and so forth. So, this is the idea behind what you mean. Is that correct?
Shawn Nilius: Yes, I think the other part of it is to know that you know, there are certain laws, regulations and rules that if you're a trained intelligence professional, within for us the army, but within DOD and the intelligence community, there are rules you have to follow. So, yes, right up front, there for us, you know, as professionals we have to follow those rules and laws that are set. But you're right, yes. I mean, for others, yes, you're right -- I think I would go back to what Dennis said though, without training and expertise and capabilities to support you, you'll probably only get to that 3 or 4% that's out there. And most bad guys or bad actors, don't operate in that 3 to 4%.
Andrew Hammond: Okay. And that goes to my other follow up question. So, you mentioned the part of the iceberg you see above the surface, and the part you see below the surface. So, as OSINT, does it mirror the part that's below the surface? So, you mentioned like 95% below the surface with 95% of OSINT come from the bottom part of the iceberg, or would it be 50% from the open web and 50% from the deep web, or it -- is there some kind of breakdown that you could give us? Not really?
Dennis Eger: No, I mean, I think it's a good question, right, from a percentage perspective. But I -- no, I don't think there's really an answer. I would say that what that -- you know, you can get a lot from the 3% that's above, and it'd still be considered OSINT. Just because it's above doesn't mean that it's not, right? Because if you're -- you could be collecting against a specific intelligence requirement and get it, what you need from that Top 3%, but you're doing it in a way where you don't want the enemy to discover that you're looking at those specific things, right? And that's why folks are trained, and they're trained to even know how to look into that 3% for stuff that most people wouldn't in that 3%. But what the other 97% gives you is it gives you areas where there's a lot of illicit activity going on that folks generally wouldn't even think about going. So, like when you talk to most folks and you talk about the dark web or the deep web, folks are like, "Well, I heard the term but -- okay, great. I don't know what that means." And you know, if you were to show them something from there, they would -- most folks would say, "I don't want to see anything from there again." Right? There's a lot of things that happen in there that you can gain a lot of deeper intelligence for, but yes, there's no percentage either way. You can get a lot of information from either. It really just depends on what you're looking for.
Andrew Hammond: And I suppose it depends who's looking, right? The army may look in different places compared to a business looking for some competitive intelligence or something?
Dennis Eger: Yes, and law enforcement, right, might spend more time in the deep web or dark web area looking for those activities that are going on, right? Whereas maybe some of my collectors don't need to know that, right?
Andrew Hammond: And a lot of the prominent examples that we've heard about with the war in Ukraine, they're more on the 3%, right? The Strava heat map of the Russian submarine hunter who disappears off the face of the earth, the man with his speedos in the Crimea giving away the [inaudible 00:09:50] or Russian artillery and so forth, that -- so there is useful information you can glean from that and--?
Dennis Eger: Yes, and I mean, that's the 3%, right? There is a lot. So, I give the example of so when Ukraine started, right, online there was a -- you know, there was a video, right, that had surfaced, you know, really in that 3%, right, from social media perspective. And it was a video of you know, an airborne operation taking place in Ukraine. And folks were like, the Russians, you know, started the war, the Russians are jumping into Ukraine, right? And so, of course, everybody's like, "Wait, what's going on here? Really? Is that -- you know, is that -- that's what's happening?" And so, that was surface level. But then as they started to really you know, look at it and peel it back and look at the video and all this, what they, you know, what an experienced open-source collector realized pretty quickly was that's a video from a joint exercise in 2014 that was specifically placed from a misinformation or a disinformation perspective to get a reaction or get, you know, maybe it was intended to get Ukraine to move forces toward the airfield. You know, I don't know. But you know, that's kind of one of those examples of those you know, it's out there and then you kind of got to peel it back and you have an experienced you know, collector that is able to look at those things. But Ukraine gives us a lot of you know, a lot of great examples of thing -- I mean, if you look at general social media, right? TikTok or otherwise, or Twitter that everybody that has a phone wants to take a video of something. And when you're taking a video of, you know, and you're narrating and saying, "I don't understand this train is going -- is going through my town and has all this strange equipment on it. Like, I don't know what this is," right? That's a video and that's out there and that's in that 3%. So, when you get that, a collector then can really take it and start to dissect it and say things like, "Well, there's a lot of snow on the flatbed." How much snow? Well maybe six inches or so. Okay, where did it come from? What region snowed recently? How long do we think the snow was there? How long's that snow been on -- like, to kind of give you an idea of maybe where that it -- where it came from. And then you can -- and then folks will, the whole way along the line, will be videoing this thing. And so, you can see where it started and where it ended, just from that 3% of someone taking a video inquisitive about why is this train with this equipment going through my backyard?
Andrew Hammond: And just very briefly, because I don't want to get too sucked into the internet because I want to get back to OSINT, but just so that our listeners understand it a little bit more, can you just give them a brief overview of the iceberg? So, we spoke about the part above the surface, the deep web, the dark web. You say there's a lot of things that go on there that people are like, "Whoa, that's not really for me." Like, just help our listeners understand what that is. Who's on there? Like why is that way more than the 3% and just a very, very brief overview.
Shawn Nilius: Yes, well I would start with, again, the above the water, we like to describe it again, that's the web. That's where most people are going to go on a daily basis for--
Andrew Hammond: This is Safari, Brave--
Shawn Nilius: Like Google--
Andrew Hammond: -Firefox.
Shawn Nilius: -right, that you're, you know, just looking for general information, or you're -- you saw something, and you want to follow up on it to do that. But when you get into the deep and dark web, again I go back to bad things are typically happening there, right? Elicit activity, places you don't want people to know, so you take it a step further you know, of hiding where you are or attempting to hide where you are, to do that. And so, again, as an intelligence professional, we're typically looking for bad things that are happening. And so, that's kind of the place that you've got to go to really find it.
Dennis Eger: And when you look at that you say, it's -- there are particular browsers, accounts, you know, VPN type services that are built around getting you into the, you know, the deep web or the dark web.
Andrew Hammond: Tor?
Dennis Eger: Yes, like Tor. That's a perfect example. Tor is one that will get you -- will get you in there, right? And so, when we talk about activity that you, you know, that you might see that you can't -- you know, there's things in there like trafficking, right? You might run into a site where there's trafficking going on. You might, you know, you might run into a site where there's, you know, pornography, child pornography, like really those things that people don't want to be discovered of what they're doing, and they can go there. So, from an intelligence -- there's people that in law enforcement, there are people in there that you know, buy and sell weapons or trade or drugs or -- right, like there's a lot of stuff that goes on. And it's just knowing how to work your way in there, and that comes from a very experienced -- because sometimes you might have to spend a very, very, very long time in there to gain any kind of credibility in any site that would allow you in to really see what's going on.
Andrew Hammond: Okay.
Dennis Eger: Yes.
Andrew Hammond: Okay. And the part that people normally use when they get onto Chrome or Safari, this is the stuff that's indexed so that people can find it, right?
Shawn Nilius: Correct.
Dennis Eger: Yes.
Andrew Hammond: Not everything that's below the surface is nefarious. Some of it's just architecture and other things that are not necessarily of interest to the average person on the street?
Dennis Eger: Yes, or it could be -- or it could be research. Somebody may be doing research in something that they really don't want out there, above in that 3% where someone can find the research. So, let me kind of hide it in the noise, so to speak, and so it's harder to discover my research. And so, if we're trying to figure out what research folks are doing on what topics on what -- you know, you name it, chemical weapons, you know, whatever it is, on vehicles or even trying to find out, you know, what our enemies are looking at with us and the research that we're doing, or are they doing research on -- we can find research that they're doing on maybe building equipment that maybe they stole plans from us to do it, right? So, yes, it's not that it's all nefarious. It just could be -- you just don't want to be seen and you don't want your stuff to be seen or found for what you're doing.
Andrew Hammond: Okay. So, that said, dig a little bit more into the U.S. army and OSINT. So, this is something that the army's done before but what's different about open-source intelligence now? Like the OSINT acronym compared to open-source intelligence reading newspapers, periodicals, etcetera? Like this is it different?
Shawn Nilius: Yes, so I'll start. So, for us, when you're reading newspapers or those you know, again, open media outlets, we call that publicly available information research, okay?
Andrew Hammond: PAI?
Shawn Nilius: You just -- PAI. And we add the R for research. You're just looking at PAI for research just for general knowledge that you want to do. But if you're going to, and this is what has changed in the army, if you're going to collect again, as we talked about, you have to have an actual intelligence requirement. You've got to be properly trained and certified. You have to have the omission and authorities, and then ultimately, commanders, you know, request for intelligence for you to actually do collection for you to then go out and collect. So, we're building actual collectors. Okay? So, we're building those collectors again to go and specifically do that, just like we have collectors for other intelligence disciplines. For open-source intelligence, that's what we're doing across the army.
Andrew Hammond: Okay.
Dennis Eger: Yes, I'd say what has changed? Technology. That's what makes it different now from what it was before. When you talk about OSINT before, it was periodicals. It was newspapers. It was radio. It was television like that was what it was. I don't think anyone really imagined back then, you know, the internet or how big the internet would be, or the amount of information on the internet. So, technology has really changed, right, because that's generally where everyone lives. And whatever device we have is connected and it's all data and it's all out there. And so, how do you -- and it is all publicly available. So, how do you harness all of that data, how do you take technology to help you harness that, because there's so much of it? I liken it to when I was -- I was working at an organization, and part of my job was like kind of reading reporting and trying to discern what was going on in, you know, Iraq based off of the reporting. And I would have, when I would go in in the morning, I would have thousands of reports. Paper, printed out, in stacks around my desk. And the notion was that I was going to read every day two, three, 4,000 pages and try to discern what was going on, when the reality is you're never going to read. You just can't. You don't have enough time in a day or enough brainpower to read that much every single day. So, the stack continues to get higher. It's not going down. What technology has allowed folks to do, and you know, everyone puts all that information out there online now. So, now you can quickly, with technology, get through that much information and with AI and machine learning and you know, everything's that going on now and into the future, you can -- you can make a collector's or an analyst's job much, much quicker and much, much easier as they can get through thousands and thousands and thousands of pieces of information very, very quickly. So, that -- so, it's the internet and technology I think that has changed -- that has changed the landscape of open source considerably, because everybody uses a phone or a computer. And I think that's what I try to drive home every time I go to one of these colleges or universities and I talk to folks. What I try to drive home to them is everything that you do on your phone or your computer, none of it is hidden. Every bit of it, whether you believe it or not, is publicly available. And somebody can get it and find out a lot of information about you. And that's kind -- that's what's changed. That's what has made it so important. You don't want to have to -- I would say -- I tell folks that we might -- you might be able to win the next war without firing a shot, because you can -- you can use -- you can use the internet and the amount of information's that out there to sway a population, to sway a narrative, to change the way people think about things. If you want to destroy a -- you know, if you want to destroy a country, destroy it from the inside. How do I destroy it from the inside? Well, I can do that just using its own internet against them. [ Music ]
Andrew Hammond: And just for the people that are listening that are struggling maybe to understand like why the U.S. army does OSINT. So, I know it probably seems very straightforward for you guys, but the people that listen to the podcast vary from people like you guys in the business to the average person on the street that just loves a good spy story. So, for them, like help them understand, okay, when they think of the army, there's platoons, battalions, you know, divisions, corps, like why do they need open-source intelligence? Why is the, you know, the military intelligence people not just giving them secret stuff or whatever? I'm drastically simplifying and being a little playful, but just help them understand. The U.S. army, why does it do -- why does it need open-source intelligence?
Shawn Nilius: Yes, I think the first thing I'd start with is we were just talking about, we call it the information environment out there, right, with the internet and technology. I think the last assessment I've seen is about 85% of all information is now publicly available. And the amount of information, the amount of data that's out there continues to grow and grow every day, and that percentage that's publicly available, continues to grow as well. So, now to get after that sheer amount of data and that information that's out there, we need again trained collectors that can go and actually get that information and actually make something out of it and get it back, you know, to commanders for them to make decisions. So, the reason for the army, I'll use the example with Ukraine. The first actual intelligence report on the invasion in Ukraine, was from a Ukrainian holding a phone, videotaping as the Russians crossed the border, okay? And so, that publicly available information was immediately grabbed, because that's one of the things about OSINT, the speed of it. To be able to take it, verify it, against all you know, verifying that the airborne drop was not real. That's the reason that we need OSINT in the army and for the tactical force, because you know -- you know, fighting had -- you know, the battles happen fast. Information is moving much faster, and there's so much information out there. We need properly trained and certified folks to be able to actually go out there and get it, get it fast, get it to commander so they can make decisions on the battlefields.
Andrew Hammond: Tell me if I'm getting this right, but the data points are spread much more broadly. So, say in the heyday of the Cold War, the data points would be a satellite in the sky, right? Not everybody can do that. That's a -- used to be the prerogative of a nation state. It would be a U2 bomber flying over the Soviet Union. It would be these things that would largely be controlled by the government, but now the datapoint could be average Ukrainians with what by Cold War standards is a very powerful computer, i.e., your iPhone or your Android. So, a lot of the action is now taking place in different places, so the intelligence has to follow where the action goes. Is that -- is that a fair way to describe it, do you think?
Dennis Eger: Yes, I think so. So, you know, why the army and look, our job as any other service is to protect the nation, right? And then to fight and win wars. And so, if the intelligence and the data is moving to a particular place that is going to be beneficial to you to be able to do that, to fight and win wars, then you need to move -- you need to move where that is at, right? And so, yes, the datapoints are different, right? The datapoints now are everybody that has a phone is -- as potential intelligence, where 50 years ago, clearly not -- clearly not the case. And so, the way we have to view these things is different. And so, you know, if you think about it from an army perspective, right, there are with any war or any scenario you could think of, like there are strategic tactical and strategical implications to everything, right? If you look at, you know, you take Ukraine or you take Israel, and you see that even though you're not directly involved in the fight, you see what's going on, right? There are strategic implications across the world. And there are organizations in the army that are responsible for those parts of the world. So, they've got to be able to have the best intelligence capability to answer those. So, that's why OSINT for the army. Like, we have people in very specific areas for threats that we believe are future threats. And so, it's important to have them, you know, having the best capability intelligence. So, that's why.
Andrew Hammond: So, let's just say CENTCOM.
Dennis Eger: Yes.
Andrew Hammond: So, could you flesh that example out for us?
Dennis Eger: Well, I'll use -- I'll use USARPAC. Right? So, U.S. Army Pacific. And it is responsible for you know, the Pacific in its entirety, in particular, right? We all -- there are a lot of concerns over China, right -- you know, what is the future of China or what would that look like? What is the threat? We all read the newspapers. We see what is going on and the concerns over Taiwan. And what would that mean? What are the strategic implications if China moves into Taiwan? Now, you look at it broadly and you say, "Well, there's not a war going on." Right? However, there might be a war going on in the information space, in the data space, that you've got to be able to tap into to inform you and inform the decisions that you're making. So, if I'm able to open-source intelligence and data on something that outwardly you would not understand that China is exploring, say, in Taiwan. But we might be able to find some stuff, open-source wise that says, "Wait? Why is China building something here?" that anybody on the outside wouldn't even know. That would be an article that they see, but as we're digging and we look and we say, "Why -- why are they building here? What are the implications of them building here? What is it they're trying to do?" And then you start to say, "Are they bringing people in? Are they bringing equipment in?" right? And then you just start to spiral and say, "What is it?" And so, you know, that's the importance of it, and we have an army unit that's responsible for all that. And so, not having that unit use open source would be a potential detriment.
Andrew Hammond: I think it may be useful briefly just to touch on the -- the graze on hybrid war, information operations that -- of that whole kind of space there, no matter what you want to call it. So, we used to have this idea of peace and of war, and war meant when the bullets were flying, the artillery shells were flying. And then peace was when, you know, we turn the swords into plow shears and there's a peace dividend and so forth, but it's a lot more complicated than that now. So, if you could just tell us a little bit more? Is this something that is going on all the time now? And this is something that you know, the army's not at war in the sense that they're firing bullets and -- but we're not kind of at peace completely either? So, just help our listeners understand like what's going on in the modern world?
Dennis Eger: Yes, I'm really fascinated by that as well, the gray space thing, and Georgetown's Strategic Institute, they did a very good paper on the gray space, maybe a year or so ago. Really, really great paper in explaining that gray space, right? And it's you're not -- yes, you're not fully at peace, but you're not fully at war. It's where, you know, nation states can, through the information environment, which is really what they're taking advantage of now, walk right up to that line of right before firing bullets, right, and try to impact without having to -- without having to fire anything.
Andrew Hammond: And just to change tact a little bit, how has the army adjusted to open-source intelligence to OSINT. So, I know that you guys pride yourselves in being you know, at the forefront of embracing OSINT and so forth, but just tell us about some of the ways in which the army has leaned into OSINT. So, how has it embedded as a separate you know, you have the artillery, the infantry, OSINT, or is it embedded into regiment, divisions, corps? You had mentioned CENTCOM earlier. There's a whole bunch of things we can explore here, even training, recruitment and culture. But let's just focus more on the institutional level, like how -- how does OSINT bite into the U.S. army? Where is it -- where is it grafted on? Where is it embedded? How does it -- how is it structured?
Shawn Nilius: Yes, so the army made the decision, as I mentioned, to build OSINT collectors for the force, to do that. So, that was a commitment to do that. Therefore, OSINT is now an intelligence discipline. So, when you think of all the other intelligence disciplines that are out there, this is the newest one, okay, out there, or at least newest one to be formalized. So, that's what we've done. We've formalized it. The Army G2 has made that decision and then based on that decision, we have created OSINT teams. We've placed them in the army across the army force within intelligence organizations out there. And then what we've done is we have now set up formalized training. We now have training in our schoolhouse. So, our intel schoolhouse. We're the first service to do that across DOD, to do that. We now, like I said, have that formal training. We have additional training. We've also in our training, while we're specifically focusing on collectors, we also have training available for those that are non-collectors. So, they know what they can and can't do, or where things are located that they can get to some of that easier information to get to, and they're not actually doing the collection mission to have that. So, and then again, just from a program side, just -- and that's our role, and myself as the Director to manage that intelligence program, on behalf of the army G2.
Dennis Eger: Yes, I think that's -- I think that's the important thing here is when you talk about leaning in and leaning forward what the army did. And that's building out a true open-source intelligence force structure, right? So, building teams -- teams that are specific to open source only. They're not doing other jobs. They're not doing -- like they are open-source collectors and building those teams out and putting them at all of the major organizations throughout the army. And you know, we never talk specific numbers, right, for a lot of reasons. But you know, we've really had a very dedicated effort towards building those out and have been very, very successful. And so, in all major organizations in the army we have a collection team. It is specific to OSINT. That's how important it is to us.
Andrew Hammond: So, just for an example. Many of our listeners will know of the 101st Airborne. So, there would be an OSINT--
Dennis Eger: Yes.
Andrew Hammond: -and they've got an OSINT capability?
Dennis Eger: Yes. All the majors would have an OSINT capability of some sort. And you know, that's -- clearly that's very important but it's -- but I think what we all really recognize is in that information space and in that publicly available information space, that you've got to have folks dedicated to that mission and so, you know, for us, thankfully, you know, our senior most leaders in the army are you know, on board with moving folks. They see the importance and they see where we're at in this space.
Andrew Hammond: So, what you're saying is the argument's over now. It's just a case of--
Dennis Eger: Yes.
Andrew Hammond: -onboarding and acclimating and so forth?
Dennis Eger: Yes.
Shawn Nilius: Yes, for us, and I think we -- you know, I used I think when we you know, met originally and stuff and I'd, you know, I made the comment, "There are no cloudy days in OSINT." Right? I stole that from -- I stole that from one of our collectors in Europe, and you know, I told him I'd give him credit for it the first three times I use it. Anything after that, it's mine. I own it, right? But I will give him credit for it. But -- and I think that is pretty accurate, right? Like when you talk about traditional collection platforms, and let's just say aircraft, right? You know, aircraft can't fly in all weather conditions, right? If you're not in -- in the fight in Ukraine, you're not, you know, you might not be flying your aircraft, or right like, there's crew arrests. There are a bunch of things that happen, which just say aircraft, right? That in OSINT, open source, I don't -- I don't have to worry about. I don't got to worry about clouds. I don't got to worry about overcast. I don't got to worry about -- like people are always on the internet. They're always posting things. There's always information out there and data out there. So, we view it now as the INT of first resort. Like if we can go to open source first, what can we glean from that and then use it to tip and cue other intelligence disciplines, right? Because we can look -- I like to think of it if we can look -- we can look everywhere, where a satellite might be tasked to look somewhere, right? Specifically in a collection, but I can look everywhere. And if I see something, then I can tip and cue for a satellite or for a plane or for something else to look specifically at it. So, yes, I like to say I can look everywhere, and a lot of those other capabilities look somewhere.
Andrew Hammond: So, it's ubiquitous, omnipresent and it's unconstrainted by geographic or meteorological factors?
Dennis Eger: Yes, unconstrained. You know, and some folks would argue, "Well, you know, what if the, you know, what if the internet is taken down, right?" Then you don't. And I would say, the internet's not taken down everywhere. Right? And there are capabilities that can quickly establish an internet within a country, right? But it's not down everywhere. There are countries surrounding it where the internet isn't down that you can glean information, right? So, again, you know, I understand the argument about how like, you know, I can still get a lot of information. [ Music ]
Andrew Hammond: And tell us a little bit more about some of the tools then. Let our listeners understand how does one do this, other than going on Chrome and putting on some search terms or using Boolean logic. Like what are we using? What are we using? What are the interfaces? What are the platforms?
Shawn Nilius: Well, I mean the short answer, because that's what I'll start with, is we're providing capabilities for collectors to get to places in the internet, like we said, deep and dark web, that just make getting that access a little easier. Clearly, I don't want to give away our trade craft of how we do that-
Andrew Hammond: I don't either.
Shawn Nilius: -to do that, but we look across the spectrum for what we need access to, where we need to get to, and then we go and search for that capability out there in industry. And then we bring that back, test it, and then try it out, and then if it works, we go after that. And again, I just go back to -- for me, I'm -- we call them tools. I'm tool agnostic, okay? There is no one tool that will get you everything you need to have. And so, those tools that we use, we change those and have to be very adaptable to bring in new tools, drop out old tools, again as the environment changes and where the -- and again, from a regional perspective, you know, the army is global. Certain regions you need access to certain things or certain areas within the internet that -- so, tools specific to that area would be used for that. So, there's no -- we have what we call a standard set of tools that we give to everybody that's kind of the baseline, but then depending on where you're operating or what your specific mission is, we'll give you tools that allow you to do that even better.
Andrew Hammond: That's interesting. And I think it would be interesting to also speak about some of the lessons that have come out of the Ukraine war or the -- what's been happening in Gaza.
Shawn Nilius: I mean, I think for Ukraine, I think the big thing was just that the speed in which OSINT can move, all the way from you know, the indications like you said, trains moving toward the border, snow out -- where are they coming from, all that. I mean, all of that can lead into intelligence, right? It's information, but ultimately you want to get that information to answer specific requirements and turn it into intelligence. So, all the way to again, as I mentioned, the example of coming across the border. You know, really because there's so much technology out there, and everybody having a phone. Again, somebody's collecting information for OSINT. We're going to take that information and turn it into intelligence. And so, I think the speed -- I think we've learned the ability to tip and cue other INTs or even to help follow up with things that are going on. I would say battle damage assessment is something, right? You know, somebody out there, they see a destroyed tank and they take a picture, okay, we'll let's look at it and find out what kind of tank was it? Where was it destroyed? Can we tell how it was destroyed? There's all kinds of things that OSINT can do for you. Again, it goes back to what's your mission and exactly what intelligence requirement are you looking or trying to answer to do that? That goes back to the capability side. Do you want the capability to get to the data, or the datasets, that are going to get you the information that you need to have. You don't need everything. That's one thing. Everybody's like, "Go scrape the internet." You know? Or "take the internet." Just too big, too much going on, right? So, you try to narrow, you know, getting to the data that you need.
Dennis Eger: I think the biggest thing that OSINT taught us or that Ukraine taught us about OSINT was that maybe we had forgotten about it. We didn't pay attention to the importance of it. And we quickly realized the amount of intelligence and the amount of information that open source could provide, especially when you are not directly in the fight, but you're trying to find out and figure out exactly what's going on. And I think people quickly realized that wow, there is a lot of information out there, and a lot of valuable information that we need to be -- we need to be taking advantage of, right? Because OSINT was always there. You know, we've been doing it for 50 years. Like I said, periodicals and those kinds of things. And but I don't think it -- it started to come to the forefront with the election, 2016, folks started to see that. And then I think it really, really hit home for folks with Ukraine, at least from an army perspective, at least -- you know, speaking for us from an OSINT perspective and the phone calls we got and things -- like it really -- it really took hold like, "Wow, okay, yes, maybe we'd been missing something here?" And so then when Israel and Hamas started, it was like -- you know, we didn't miss a beat. People didn't miss a beat. They knew exactly, "Okay, we're going -- we're going to OSINT. We know what OSINT can provide." But that had to be a lesson learned for us out of Ukraine. And it was a big lesson learned for us.
Andrew Hammond: That's quite an interesting inflection point to me, because it seems like you've got civilians who are now in the information chain or the intelligence chain and also in the [inaudible 00:42:20] in there and [inaudible 00:42:22] on themselves into sometimes helpfully, obviously sometimes unhelpfully, but it's a new kind of dynamic, which is quite interesting.
Dennis Eger: Yes, it is, I mean but I would go a step further and say not just that civilians are in that cycle, because they are, right? Like if they're taking a video and they're posting it, they become in the cycle. But I would say, you know, the amount of things that people do on the internet that leaves their data or their information out there, their data becomes a big part of the intelligence cycle. And they probably don't even know that they're doing it, right? Like, you know, I travelled here. I shopped there. I did -- you know, whatever. And that information is all there and all that information can be gathered. And so, and it can be used. And to Shawn's point, right, like it's very important that we stress that you know, our stuff is foreign data, foreign data, foreign data. There's no U.S. persons. We don't collect on U.S. persons. That's very, very important.
Andrew Hammond: Can we just talk about that briefly posse comitatus?
Dennis Eger: Yes, I mean we have laws in place that intelligence professionals, right, cannot -- you know, we cannot collect on U.S. persons unless you're in a career field that has specific authorities from a law enforcement perspective or others that allows you to do that. But from, you know, merely speaking from an OSINT perspective, we do not have those authorities and we cannot, and we don't. And so, when we talk about the data as tolls or services that we access, we are very, very clear to folks that we do business with that the data must be foreign data and it must be cleaned to ensure there are no U.S. persons, because we're just -- because we can't. And we have a very, very robust oversight and auditing capability in place as well, as kind of like a second and third guardrail to make sure that folks are not doing that. That's how seriously we take it. Because some folks will always get to that, like privacy, privacy, privacy. And I understand that and that's been a big discussion on the Hill. Privacy, privacy, privacy. I'm with you. I get it. But, yes, we don't.
Shawn Nilius: Yes, and it's the first thing that we train.
Dennis Eger: Yes.
Shawn Nilius: When we train our collectors, the very first week is all focused on the rules, the regulations, the laws, the authorities, the missions, all of that, that has to take place before you can actually do collection. We cover that and then as Dennis mentioned, from an -- we call it from an oversight and compliance perspective, we monitor the activity of all army OSINT collectors on what they're doing to make sure that they're not doing something that again, violates any law, rules, regulations, or anything.
Andrew Hammond: And when you mentioned Americans there, Dennis, is this permanent residents as well, or is it citizens only?
Dennis Eger: It's all the same. It's nothing that touches for us, nothing that touches U.S. soil--
Andrew Hammond: Okay.
Dennis Eger: -in essence. Like we don't. Everything has got to be overseas. So, we're not -- permanent residents, you name it. If you're here, I don't -- I do know -- I don't -- any data that is U.S. based in a sense, like whether it's the businesses, whether it's people, whether it's whatever, we don't touch it at all. Completely foreign. Every bit of it.
Andrew Hammond: Okay. And I think, just as we get towards the end of the interview, I think it would be good to talk about how this is cascading out. So, the navy, the air force, the rest of the IC, DIA, even allies, are they all following -- like what's going on with the OSINT ecosystem?
Dennis Eger: Let me hit big picture--
Shawn Nilius: Yes.
Dennis Eger: -then let you go down, dig down into the other. So, big picture, ICYs, yes, you know, released a couple of weeks ago was CIA's or the open-source enterprise's open-source strategy. They're public facing, you know, where they are going with open-source intelligence, it's out there. It's been out there. It was on LinkedIn and very clearly shows their strategy for where they want to go in the future. So, yes, they're following suit. DIA, this is DIA the same way. And most of the IC in general. Same way. You know, even at Director of National Intelligence level, there are, you know, they're building out a team, and have built out a team specifically centered on open-source intelligence and what does policy and resourcing and those things need to look like? So, everybody is following suit and coming along, and it's very synchronized. As far as the foreign partners goes, it's the same thing. Our allies and partners are very concerned about, you know, the open-source space and we collaborate with them a lot, and synchronize efforts every place that we can, knowing -- you know, we each know that every country has different roles on what they can and can't collect in the sense of publicly available information. So, keeping that in mind, there are certain things we can do together. Certain things we can't do together. But you know, to that end, too, you know, there are some great efforts going on in U.S. army Europe with allies and partners centered on open-source intelligence. So, yes, everybody is following suit. Everybody understands. And I think just -- just the fact that the open-source enterprise published a public-facing strategy is something that you never would have -- you just would not have seen five -- even three years ago. Four years, you just wouldn't -- you just wouldn't see it. And so, I think that really is a tell-tale sign of where we are going and how important it is to everybody.
Andrew Hammond: Okay.
Shawn Nilius: Yes, and I would just add, you know, for me, most of my engagement I spend some -- across the intelligence community, but with the other services, a lot of work that we do collectively together, whether it's training, you know, equipping, those things that we do. And so, pretty much everybody's moved out on it. I think all the programs are different because all the services are different, right? We all have different roles and responsibilities out there, but yes, we collaborate quite a bit on, pretty much everything that we do out there so we can share lessons learned, what's working for you, what's not, what are you looking for versus what we're looking for? Again -- again, you know, back on the training as well. We do a lot of that together. And again, I would just echo the same thing with our allies and partners. We do a lot of training with them as well.
Andrew Hammond: And just so our listeners can understand this episode in a little bit deeper context, could you just tell them a little bit more about each of your own careers? Like what brought you to this point? Are you's army, military intelligence professionals? Are you's [inaudible 00:49:18] who the army's drafted in there? Just give us a flavor of your backgrounds, so listeners can understand.
Sandy Hirsh: You go first?
Dennis Eger: Yes, sure. Yes, so I'm -- yes, 33 years. Well, now almost 37, but 33 in the army. Intelligent professional the entire time, and all source background. Spent about you know, 15 of those years in kind of a senior advisory role in this profession. You know, organization levels from you know, 70 people to when I retired, you know, overseeing stuff with the G2 and the Pentagon, you know, 60,000, intelligence stuff that could affect you know, some 60,000 people, roughly, right? So, you know, serving at all levels, but 33 years and then you know, me, I retired and then I pulled back into this for the last three and a half years. So, you know, I'm going on 37 years in this intelligence business. You know, I was working this portfolio before I retired. My boss said, "Hey, I need you to start working this and fixing it." And I retired. And then they kind of offered me the opportunity to come back to this. And I couldn't pass it up because when I left, I had far too much in my mind, work that was unfinished. I was very passionate about open-source intelligence needing to be a discipline and where it needed to go in the future, and the importance of it that I thought that we just didn't get as an army. And so, I kind of put a mark on the wall and said, you know, "I'll come back, and I'll give myself you know, five years to help turn this around and move it forward." And I think we've done a lot. But that's what brought me -- that's what brought me back to this. I just -- I felt like this was and is an intelligence discipline, and we needed to move it forward that way.
Shawn Nilius: Yes, so for me I spent 37 years in the army in uniform, but 30 of that was doing intelligence. For me, really I got exposed -- so I was an all source intelligence analyst. And so, I got to work with all the INTs, but it was probably about 15 years ago that I really got the opportunity to work OSINT, and I was really fascinated by it. I was probably shocked at how much information, or you know, intelligence you could gather from publicly available information. And to me, that's just continued to grow. And that was kind of my thought at the time. This isn't going to stop. This is only going to get bigger or there's going to be more information out there to do that. So, like Dennis, I became very passionate about it. It was, you know, after I retired, interested in the same thing that Dennis said. Hey, we haven't moved forward as fast as I think we should. And I try to hold myself that if you ever complain about something, you should volunteer to fix it. And they hired me to do that. And so, that's been really, I think for both of us, we're both passionate about it. We both see the benefits of it, and that's really what's been our driving force to get after it, and great support from our leadership that understands it as well, to go get this done, and then that's what we've been doing.
Andrew Hammond: Wow. And just to finish off, listeners out there, they're interested in OSINT, they want to learn more, are there sources they should go to? Books they should look at? Websites they can check out, etcetera?
Shawn Nilius: What I would say to folks that are interested in open source is there -- all of the agencies within the IC, do career fairs. And I would encourage folks to go to those career fairs, and have conversations with those individuals about it, because you're not going to see a lot of that advertised. And not everybody does, you know., OSCINT careers like we do. And so, if you want to really learn about them and what it does and it's important I think to talk to those folks and get a sense of what each of those agencies does in that field to say, "Where do I think I -- I might fit in?" I would look at Georgetown CCS [assumed spelling], for some of the work, some of the research that they have done in the field of OSINT to really expose, because they've done some really incredible work and wrote some incredible articles and research on it. So, yes, I would definitely, check out anything that they have done. And there are a few others around.
Dennis Eger: And there are a few others around, but yes, CCS has done some incredible work, and you can find out a lot of information from that.
Shawn Nilius: I think the one that I typically bring up if people really want to see some really good OSINT done and that is, I -- really, it's on 60 Minutes. You can see it on 60 Minutes but Bellingcat [phonetic].
Dennis Eger: Bellingcat [phonetic].
Shawn Nilius: Okay, and the shoot down when the Russians shot down the Dutch airliner, if you really watch what they did, that's some incredible work done. That's what it can do for you.
Andrew Hammond: Wow.
Dennis Eger: Yes, that's also another, and I won't you know, I won't curse on here, but there was a show that was on Netflix. It was Don't F with Cats, right? Not a military OSINT perspective, but a civilian perspective just to show you know, how you can harness the power of open source, of what that very, very small group of people did to track down somebody that they ended up suspecting of murdering somebody and posting it online. Right? But they spent years, you know, really using open source to gather information. And so, to see the power of it from some passionate civilians and what can be done, and think about that, that's the same thing that we do in the military side and that same kind of passion. But yes, Bellingcat was a very good one that was out. I think they've actually -- Netflix is on--
Shawn Nilius: They've got several.
Dennis Eger: -- out there, too. Yes.
Shawn Nilius: Yes.
Andrew Hammond: And just to clarify, before we close out, OSINT's not just for tech people. It's not just for coders and so forth.
Shawn Nilius: No, no.
Dennis Eger: No, in fact, I don't know of any of our collectors are coders or IT or tech folks.
Shawn Nilius: Yes.
Dennis Eger: They're of all different intelligence career fields and backgrounds, and yes, it is -- yes, you don't -- you don't need to know anything about coding or tech to really do OSINT.
Shawn Nilius: I think if you know how to maneuver the internet, I mean that's -- that's probably the best skill or one of the best skills you can bring in. We'll teach you everything else.
Andrew Hammond: Okay. Well, it's a pleasure to speak to you both. Thanks so much. It's been a fascinating conversation.
Dennis Eger: Thanks to you. Appreciate it. Appreciate you having us.
Shawn Nilius: Thanks for having us. [ Music ]
Andrew Hammond: Thanks for listening to this episode of "SpyCast." Please follow us on Apple, Spotify, or wherever you get your podcasts. If you enjoy the show, please tell your friends and loved ones. Please also consider leaving us a five-star review. If you have feedback, you can reach us by email at SpyCast@SpyMuseum.org or on Twitter @INTLSpyCast. If you go to our page at the CyberWire.com/podcasts/spycast you can find links to further resources, detailed show notes and full transcripts. I'm your host Andrew Hammond and my podcast content partner is Erin Dietrick. The rest of the team involved in the show is Mike Mincey, Memphis Vaughn III, Emily Coletta, Emily Rens, Afua Anokwam, Ariel Samuel, Elliott Peltzman, Tre Hester and Jen Eiben. This show is brought to you from the home of the world's preeminent collection of intelligence and espionage related artifacts, The International Spy Museum. [ Music ]