Stay up to date with the latest OSINT news around the world.

This week in open-source intelligence (OSINT) news: OSINT enthusiasts in Portland help reunite stolen cars with their owners; the intelligence community has high hopes for generative AI; and uncovering the tricks behind the hard-to-track Chinese spy networks.

This is the OSINT news of the week: 

Citizen OSINT – amateur Portland sleuths help recover stolen vehicles

Just two years ago, the Portland metro area had the fifth highest auto theft rate in the country. And while nationwide the number of stolen cars continues to rise, the state of Oregon has reported a 27% decrease, the second biggest drop behind Utah. In Portland, car thefts were down 40% in March of 2024 from the same month last year, at 442.
 
A story in the Wall Street Journal looks into a group of Portland volunteers who are helping reunite cars with their rightful owners by running a Facebook group, called PDX Stolen Cars, where people post descriptions of their stolen vehicles, while others upload the details of out-of-place cars, trucks and motorcycles that they have spotted in their neighborhoods. The amateur researchers try to stay away from occupied vehicles, leaving high-speed chases and confrontations with suspected thieves to the police. With thousands of members and growing, the Facebook group has become the first place where people in Portland look for their stolen cars – after they file a police report. The group has earned enough respect in the city that it has collaborated with the law enforcement on operations to locate large numbers of stolen vehicles – proving that amateur researchers can help fight crimes and make their cities safer.

“PDX Stolen Cars receives nearly 30 posts a day. Some are photos of stolen vehicles along with information like vehicle identification numbers and license-plate numbers, while others are pictures of suspicious vehicles people think may be stolen.”

Talal Ansari, Reporter, The Wall Street Journal

State Department releases OSINT strategy

The Federal News Network reports that the State’s Bureau of Intelligence and Research (INR) has released a new “Open Source Intelligence Strategy” document to guide its OSINT efforts over the next two years. The new directive shows that the State Department’s intelligence arm is planning to take better advantage of publicly available information and commercial data to give more timely information to U.S. diplomats and our partners around the world.
 
The Bureau’s new strategy also calls for investing in new tools, including generative AI to help make sense of OSINT data – from analyzing large volumes of commercially available satellite imagery to helping translate foreign language reports, transcribe speeches, and sift through panel discussions and conference materials. The OSINT strategy document highlights the need for coordinating open-source data acquisition and expanding the sharing of such data across the intelligence community.

“Like many intelligence agencies, INR has taken advantage of a recent increase in commercially available satellite imagery. The intelligence community famously used such imagery to issue public warnings about Russia’s impending invasion of Ukraine in 2022.”

Justin Doubleday, Reporter, Federal News Network

Chinese spies getting harder to track

Successfully tracking Chinese-linked cyber espionage operations is becoming increasingly difficult as Beijing’s hackers shift toward using networks of virtual private servers and compromised smart devices to conceal their campaigns. The Cyberscoop’s Cybersecurity article references recent research by Mandiant Intelligence that shows why the new tactic, used by many state-aligned actors, is so hard to detect.

The obfuscation networks — known as “operational relay box networks,” or ORBs — are controlled by administrators within China and are frequently used by multiple government-linked hacking campaigns as part of espionage or reconnaissance efforts. The ORB networks are composed of “nodes” – individual physical or virtual devices that are distributed across the world in a way that reduces exposure and limits any one country’s ability to shut them down. ORB network-hosted infrastructure, such as domains or IP addresses, have a short lifespan, meaning that traditional Indicators of Compromise used by defenders to spot and remedy adversarial operations are becoming less relevant.

“It used to be that a defender could block one known bad IP address targeting their network. Now you’re protected against that one IP, but what if you also knew that this ORB network consisted of somewhere between 200,000- 300,000 IPs, and they cycle out those IP addresses between 60 and 90 days?”

Michael Raggi, Principal Analyst at Mandiant, in an email to Cyberscoop

North Korean missile debris found in Ukraine

Through careful analysis of open-source imagery, the Defense Intelligence Agency (DIA) analysts identified the debris found in Kharkiv, Ukraine in early January 2024, as the fragments from a DPRK short range missile. The unclassified report highlights the evolving and strengthening relationship between North Korea and Russia.
 
DIA has released the report as part of ongoing transparency efforts to enhance public understanding of the Defense Intelligence Agency’s mission and to provide insights on Department of Defense and national security issues.

“The report shows that the missile debris in Ukraine is almost certainly of a North Korean ballistic missile.”

Defense Intelligence Agency

Every other week, we collect OSINT news from around the world. We’re also gathering information on cyberthreats, federal intelligence strategies and much more. Follow us on X and share the OSINT news you’re keeping up with.

To keep up to date on the latest OSINT and cybersecurity news, join our newsletter below.

Subscribe on LinkedIn

Tags
OSINT news