[Back]

[Index]

[Next]

Operations Security
INTELLIGENCE THREAT HANDBOOK


Section 6

OPEN SOURCE COLLECTION

Introduction

This section examines the threat posed by the growing availability of information to U. S. adversaries through open sources. Open source information is publicly available information appearing in print or electronic form. It may be transmitted by radio, television, and newspapers, or it may be distributed through commercial databases, images, and drawings.[1] U. S. adversaries have always used open source collection to some degree. The openness of U.S. society and the wealth of technical, scientific, political, and economic information available through the media provides U.S. adversaries with a windfall of intelligence. Information has traditionally been extracted from technical journals, trade magazines, congressional documents, government reports, periodicals, newspapers, and legal documents. These traditional sources of information remain available to adversaries and cannot be ignored. However, in the past 10 years the amount of detailed, accurate, and timely information available to the public and U.S. adversaries has expanded dramatically.[2]

Benefits of Open Source Information Collection

Using open source information as an intelligence source has a number of benefits for adversary intelligence services. The information is relatively cheap to obtain and makes up the greatest volume of information accessible to an intelligence collector. Collecting open source materials is legal in the majority of instances, and the collector is not subject to the danger of prosecution for espionage. Frequently, it is possible to derive sensitive information by aggregating and comparing data concerning a particular activity or facility. The types of information that are useful in such instances include technical journals, newspaper articles, maps, photographs, budgetary documents, environmental declarations, lawsuits, and advertisements requesting services or offering employment. A distinct advantage of open source information is that it may be the most timely and accurate information available. Finally, the combination of open source data and classified material often provides a more complete picture of a targeted activity than classified information would alone. However, open source materials also have some disadvantages. For example, an adversary may intentionally plant information in the media as part of a deception program. Further, censorship in many countries may result in the information of greatest interest not being released through open sources. In the case of the United States these disadvantages do not apply, and as a result open source is extremely valuable to U.S. adversaries.[3]

The Changing Nature of Open Source Information

The advent of Cable News Network (CNN) and other near real-time information services has increased the quantity, quality, and timeliness of information available from open sources. Detailed information on the activities of the United States Government, the military services, and private sector can be obtained from news services, television, online databases, electronic bulletin board systems (BBS), and a wide range of specialized publications available in full text from on-line services. The ubiquity of this effort and the value that adversaries place on this type of information is illustrated by the Persian Gulf War. Television crews covered every aspect of the ground and air war in the Persian Gulf region. After the war, it was revealed that the Iraqis used CAN coverage as a near real-time intelligence system, which they used to obtain political and military information. Since that time, it has been alleged that Iraq has begun a program to train intelligence officers to gather information through the Internet.[4]

Not only is desired information readily available, it is relatively inexpensive to access, and in many cases has already had some level of analysis performed by a news agency, bulletin board operator, government body, or university. Issue-oriented groups on the Internet, hackers, students, and hobbyists have taken an increased interest in many classified or sensitive programs. In some cases, these groups have performed fairly sophisticated analysis of these activities. Intelligence can also be derived from the commercial imagery products. Currently, the Russian government is selling imagery with a ground resolution of two meters. With the advent of a new generation of commercial imaging satellites that will become operational within the next two years, imagery products with one meter in resolution will become available. Foreign intelligence services, terrorist groups, news services, and economic competitors will all be able to gain access to this information.[5]

The threat posed by the growing availability of information is increased by the availability of improved analytical work stations and software tools on the commercial market. Expert systems are able to quickly examine raw computerized data and extract information pertinent to established search parameters. On-line search engines, and other Internet tools allow intelligence collectors and analysts to rapidly sort through massive quantities of information and extract information pertinent to their area of interest. In the area of imagery analysis, commercially available programs provide national and subnational elements with the means to conduct detailed analysis of digitized imagery. These capabilities will grow as better technologies become available to the public.[6]

Traditional Open Source Assets

As discussed earlier in this section, open source information has been exploited by many of the foreign intelligence agencies that have targeted the United States. The former Soviet Union found open source intelligence to be so lucrative that it established organizations within its intelligence services and academic institutes dedicated to analyzing open source data. The Soviet intelligence services used open source information as a means to determine targets for clandestine intelligence operations. For example, it is believed that the Soviets first became aware of the Stealth fighter program and the signals intelligence satellite program by exploiting open source information. They used the data derived through this activity to target clandestine HUMINT and technical intelligence collectors against these activities. The Soviets also saw open sources as valuable for gather information on political, military, scientific and technical, and economic matters. Soviet collectors attended Congressional hearings, examined major newspapers on a daily basis, extracted data from the publications of academic and research organizations, and obtained information from technical journals. The FBI estimated that up to 90 percent of the information obtained by the Soviets came from open sources.[7] There are no indications that the Russian intelligence services have changed the Soviet pattern of using open source information for the production of intelligence.

Many other nations have dedicated significant efforts to collecting and analyzing open source information. The Chinese have a large, dedicated open source collection and analysis capability that operates under the auspices of the New China News Agency (NCNA). The NCNA monitors over 40 foreign news agencies and 30 foreign broadcast facilities to provide China's leaders with information on world political, economic, and military trends. The Chinese government also uses six research institutes to gather and analyze open source information and provide Chinese leaders with assessments of areas of interest.[8] The German Federal Intelligence Service (BND) also uses open source collection to gather information on the United States. The BND is particularly active in collecting open source information concerning economic, scientific, and technical subject areas.[9] Another example of open source collection activities is provided by Iraq. It is believed that most of the information required for the development of the Iraqi weapons of mass destruction program was gathered by exploiting open source materials. In particular, literature on nuclear science and engineering, and information on chemical and biological warfare agent production was collected.[10]

The Freedom of Information Act provides another important method for collecting open source material. U.S. adversaries have used FOIA requests to obtain information from government agencies that has provided valuable intelligence on economic policy, insights into proprietary technologies, and information concerning intelligence and military operations. This information has also been used to identify classified activities.[11]

Electronic Databases

The number of electronic databases available to the public has grown dramatically in the past few years and will likely continue to expand. The information available through them has also expanded and includes a vast quantity of data on political, technical, economic, and military topics that would be valuable to an adversary. Foreign intelligence services have realized the value of the databases and are exploiting them for intelligence collection. There are substantial incentives to do so. For example, the Soviet Union has long targeted the Department of Energy's national laboratories because of their emphasis on the development of advanced technologies, many of which have military applications. Virtually all of these laboratories have Internet access, and many provide for public access to research data. It is possible for an intelligence collector to derive information from these laboratories, and associated private and academic facilities that would permit significant insight into U.S. technological efforts. It is interesting to note that the largest users of these databases have been foreign corporations and governments.[12]

A number of nations have engaged in gathering open source information through electronic databases. The Russian Institute of Automated Systems at Moscow State University hosts the National Center for Automated Date Exchanges with Foreign Computer Networks and Data Banks (NCADE). NCADE was subordinate to the KGB and is now believed to play a central role in SVR computer intelligence collection activities. NCADE has direct access to data networks in the United States, Canada, Germany, the United Kingdom, and France, and is a client of several on-line databases. These databases include: the U.S. Library of Congress; the LEXIS/NEXIS data service; the U.S. National Technical Information Service; the British Library; and the International Atomic Energy Agency. The Russians have also established direct connection with Internet service providers such as COMPUSERVE, TYMNET, and the European Union's EUNET.[13] During the Cold War, the Bulgarian Security Service (DS) was a major client of Lockheed's Dialog on-line database service. Dialog information was available to all hosts connected to the Bulgarian packet switch network, BULPAC. These connected hosts included DS computers, the computers of the Bulgarian military intelligence organization, and the Bulgarian research and development institutions.[14] The Chinese, Japanese, and South Koreans have been particularly active in collecting open source economic and technical data by exploiting electronic databases. The primary collectors of this information has been commercial interests located in the United States, and students attending universities in the U.S.[15]

Another threat that has grown in importance is electronic bulletin board systems (BBS). Bulletin board systems, some of which track sensitive U.S. Government activities or provide information on proprietary activities performed by Government contractors, have grown rapidly on the Internet. These systems consist of a host computer with one or more modem lines for remote access. Most BBSs have two main areas: the remote file transfer section and the message base. Traditionally these systems have been used by hobbyists and hackers as a means of distributing information on topics of interest to a particular group.[16] Many of the hobbyist BBSs have engaged in the sophisticated analysis of classified U.S. Government programs. Bulletins boards track space launches and speculate on the capability of U.S. reconnaissance satellites. Other bulletin boards track classified programs through the Congressional budget process and attempt to publicize programs that are being managed under special access provisions. Hacker bulletin board systems provide detailed information on the Vulnerability of telecommunications and computer systems. They also often display data that has been stolen from computer systems that have been compromised by the hacker group. It is believed that many of these bulletin boards are actively monitored by intelligence activities who are using these systems to gather sensitive information concerning U.S. capabilities.[17]

Commercial Imagery

Another area of growing importance to OPSEC managers related to open source collection is the increasing availability of imagery products to anyone who has the money to pay for them. The U.S. Department of Commerce estimates that the remote imaging market will exceed $2 billion by the year 2000.[18] Available imagery products will include synthetic aperture radar (SAR) images, electro-optical (EO) images, and multispectral imagery (MSI) products. Each of these imagery product types provides information that can be used for intelligence exploitation. Radar imagery applications provide a day/night, all weather imagery capability, and they can potentially be used for detection of submerged vessels or underground facilities. Electro-optic imagery provides a digitized panchromatic product that offers visible information at high spatial resolutions. Essentially, EO imagery provides a black and white picture of the targeted facility or area. Finally, MSI provides spectral range coverage, recording energy visible, near infrared, short-wave infrared, and medium infrared wavelengths of the spectrum of light. These systems have medium resolution and wide area coverage capabilities. Their utility for targeting, mapping, and regional monitoring was demonstrated by military intelligence applications during the Persian Gulf War.[19] Proposed commercial EO systems will have ground resolutions of approximately 1 meter. This is sufficient in most cases for the precise identification of most types of facilities and will provide significant detail for technical analysis. Currently, ten commercial imaging satellites are being developed, and five of these will provide 1-meter resolution imagery. The use of multiple sensor systems, such as the use of EO, SM and MSI imagery to cross reference a particular feature or facility, will allow change detection analysis, layover analysis, and other sophisticated imagery assessments to be performed by nations and groups that previously had no access to these types of products.[20] This will present a significant threat to OPSEC programs for sensitive activities.

Implications for OPSEC Managers

OPSEC was originally intended to manage indicators, many of which were unclassified, that could allow an adversary to derive classified or critical information. As a result, there is nothing particularly new in considering open source information as a potential threat. Nor is there any doubt that intelligence organizations have previously targeted open source data for collection. What has changed is the amount of data that can be accessed, and the ease with which it can be gathered and categorized. As a result, small, relatively unsophisticated organizations can develop a significant analysis capability for the price of a couple of personal computers and Internet access. The ubiquity of information will allow greater access to information by the entire range of U.S. adversaries and will greatly increase the difficulty for OPSEC managers in protecting critical information.

Sources

1 - Director of Central Intelligence, A Consumer's Guide to Intelligence, PAS 95-00010, Washington, DC: Central Intelligence Agengy, 1995, p. 3.

2 - L. Dain Gary, "Hacking Through the Cyberspace Jungle," contained in Linnea P. Raine and Frank J. Cilluffo, eds., Global Organized Crime, Washington, DC: Center for Strategic and International Studies, 1994, pp. 51-54.

3 - Headquarters, U.S. Air Force, Target Intelligence Handbook: Unclassified Targeting Principles, Washington, DC: Deparunent of the Air Force, October 1, 199o. pp. 18-19.

4 - U.S. Army Training and Doctrine Command, Concept for Information Operations, (Final Draft), TRADoC Pamphlet 525-XX May 5, 1994, pp. 3-5 to 3-15; and Wayne Madsen, "Intelligence Agency Threats to Computer Security," International Journal of Intelligence and Counterintelligence, 6:4, Winter 1993, p. 437.

5 - Randy Barrett' "Spy-grade Satellite Pix, Anyone?" Washington Technology, March 24, 1994, p. 4.

6 - U.S. Arrny Training and Doctrine Command, Concept for Information Operations, (Final Draft), TRADOC Pamphlet 525-XX May 5, 1994, pp. 2-5-to 2-7.

7 - Jeffrey T. Richelson, Sword and Shield: Soviet Intelligence and Security Apparatus, Cambridge, MA: Ballinger Publishing, 1986,pp. 120-121.

8 - Jeffrey T. Richelson, Foreign Intelligence Organizations, Cambridge, MA: Ballinger Publishing, 1988, pp. 293-294.

9 - ibid., pp. 137-138.

10 - Glenn Zorpette, "Seeking Nuclear Safeguards, Part 1: How Iraq Reverse-Engineered the Bomb," IEEE Spectrum, 29:4, April 1992, pp. 20-22.

11 - United States Senate, S. 2726 to Amend the National Security Act of 1947 to improve U.S. Counterintelligence Measures. Hearings Before the Select Committee on Intelligence, Senate Hearing 101-1293 Washington, D.C., USGPO, 1991, p. 176; and President's Annual Report to Congress on Foreign Economic Collection and Industrial Espionage, Washington, D.C., USGPO, July 1995, p. 18; and Jeffrey T. Richelson, Sword and Shield: Soviet Intelligence and Security Apparatus, Cambridge, MA: Ballinger, 1986,p.122.

12 - Wayne Madsen, "Intelligence Agency Threats to Computer Security," International Journal of Intelligence and Counterintelligence, 6:4, Winter 1993, p. 417.

13 - ibid.,pp.419-420.

14 - ibid.,pp.426-427.

15 - William DeGenaro, "How Foreign Spies Are Destroying U.S. Jobs," Presentation to the Fifth National OPSEC Conference, McLean, VA, May 1995.

16 - Offlce of the Manager, National Communications System, The Electronic Intrusion Threat to National Security/Emergency Preparedness (NS/EP) Telecommunications, Arlington, VA: OMNCS, December 1994, E-1.

17 - Jim Christy, Special Agent, Air Force Office of Special Investigations, Briefing on Countering the Computer Intrusion Threat, September 26, 1994.

18 - Randy Barrett, "Spy-grade Satellite Pix, Anyone?" Washington Technology, March 24, 1994, p. 4.

19 - Robin Armani, Testimony on Commercial Remote Sensing before the Senate Select Committee on Intelligence November 17, 1993.

20 - Vipin Gupta, "New Satellite Images for Sale: The Opportunities and Risks Ahead," International Sec#rity, 20:1, Spring 1995, pp. 102-109.