Reuser's Information Services

Open Source Intelligence Overview

arno reuser — Wed, 11 Feb 2026 09:20:05 +0000

Blush. The video is a TEDx talk I did for TEDxTwenteU in 2025 about open source intelligence that designed and managed since 1990 for the Dutch Defence Intelligence Service for about 23 years.

May be have a look? Let me know your thoughts or questions.

More on OSINT training: https://www.opensourceintelligence.biz

CIA World Fact Book postponed

arno reuser — Fri, 06 Feb 2026 09:09:31 +0000

The World Factbook (WFB) was a popular reference tool for country studies. First launched in 1962 as a printed, classified reference manual, it described in numbers and short texts, the economies, military, geography, agriculture, industries, society, government, people, memberships, energy, health and much more of all the countries in the world, as well as areas recognised by the USA.

The WFB became a very popular source not just by intelligence officers but by many all over the world. In the seventies an unclassified version was published and in 1997 the WFB was published as an online reference source, downloadable and all.

Unfortunately, the CIA has decided to shut it down, maybe for budget reasons, although the real reason is unclear.

The WFB app for Android is still available. Both in free and professional versions.

Alternatives

Use the Internet Archive to find older copies. Use The Internet Resource Discovery Toolkit to find alternative country information.

The 3rd prompt principle

arno reuser — Fri, 06 Feb 2026 08:09:31 +0000

In the meantime, AI agents behaviour is remarkbly similar. I use ChatGPT, Perplexity, Copilot and Gemini hoping that the answers from one will augment the answers from the others.

Unfortunately, in my personal experience, that is not the case. Not only the answers are often identical, even the syntax grammar and writing style are identical .

Much worse is the increasing tendency to not answer the original question, but make up something that the AI assistent thinks is relevant.

It will give either vague answers, or alternatives that I did not ask for, gives long lists of viewpoints that I did not want, and then comes with follow up questions like “would you like me to…”?” or “another possibility is… Shall I do…?”. And always errors.

Thus my 3rd prompt usually is something along the following lines:

“do exactly what i ask. Only answer the question. Do not hallucinate, do not make up answers. Do not give answers to questions I did not ask. Do not give alternatives or ask follow up questions. Give exact answers only, admit if you do not know the exact answer.”

Used in conjunction with the second prompt principle it usually results in more useful material. All four still quit often give nonsense answers or facts that simply do not exist.

See my earlier posts on LinkedIn.

Essential is the formulation of the starting prompt. Just apply the lessons from Requirement Analysis and Problem Deconstruction and you are good to go.

Good luck! Let me know your thoughts.

The 2nd Prompt Principle

arno reuser — Mon, 22 Dec 2025 14:26:27 +0000

AI chatbots and LLM’s are an amazingly impressive development that will have a great impact on OSINT and intelligence analysis. Many of you use chatbots may be even on a daily basis for a variety of tasks and assignments, from simple ones to more complex things. And results can be surprising.

That is, surprisingly good but also surprisingly bad. ChatGPT, Gemini and Copilot alike, sometimes simply do not do what they were asked to do, leave out things, add things I did not ask for, or make errors. The first two can be solved by asking very specific questions and make clear exactly what you want. Explicitly mentions sources to be used and the required output can help a lot.

Unfortunately, the bots return many errors in their answers. Sometimes so obvious that it becomes a little annoying. Especially when asking for factual data, or solutions to problems, the bots in my experience return many errors. I have therefore developed the habit of always do the following.

The second prompt I enter is by definition: correct the errors.

Regardless what the first answer was, the second prompt is always the same: ‘correct the errors’. In all cases so far, the bot apologises, admits the errors and mistakes in the first answer, explains that it should have done a better job, promises it will not happen again (blabla) and produces a new answer. The result is really remarkable.

I call this procedure: The 2nd Prompt Principle.

As a habit, always apply this principle with more complex questions. Also for the 3rd and maybe 4th prompt. Very curious how long this will last. For now, I am still very cautious in using AI generated answers. I am sure I am not the only one.

Intelligence analysis training programme

arno reuser — Wed, 29 Oct 2025 15:24:47 +0000

Proud to announce our first OSINT Intelligence Analysis training programme! Four days of hard work, starting with the fundamentals of OSINT followed by two full days of the best intelligence analysis techniques to make sense of a complex and confusing world.

Conducted by Arno Reuser for the OSINT part, and Marc van Oudheusden for the intelligence analysis part, the programme will be packed with the latest, proven methods of analysis to help you on your way making sense of the world.

As always, this will be a in-class training in Leiden NL, next to the central train station and a mere 20m train ride from Schiphol Amsterdam airport.

Interested? read more or send us a message

On the difference between OSINT, OSINF, Information, Intelligence

arno reuser — Wed, 08 Oct 2025 08:41:37 +0000

…and how it all gets together

Open Source Intelligence (OSINT) is a collaborative, integrated research/production METHODOLOGY to CREATE an actionable intelligence product (called OSINT report) resulting from analysis of a representative selection of open source information (OSINF) in order to meet some intelligence requirement that is used to take decisions and start some change.

Open Source Information (OSINF) is information that can be COLLECTED from the public domain by anyone in a legal and ethically acceptable way, and that meets quality requirements such as authenticity, reliability, accuracy, time etc, regardless source, format or time, whether for free or commercial, and is being used to be analysed, probably in conjunctions with other sources, to become OSINT.

Information is any piece or document that serves the purpose of deriving information from, or is assigned that purpose. Thus, anything can be OSINF as long as the object is used to derive information from, like digital info, books, newspapers, audio/video, oral history, taxi drivers, porters, phone logs or archeological findings are all considered information that can be collected, indexed, catalogued, described, categorized and used for analyse, again after applying quality criteria.

Intelligence is analysed information that interprets, explains, predicts, clarifies, connects, judges, opinionates, categorizes, qualifies OSINF in order to support decision makers in making decisions and implementing change. Intelligence is by definition never collected, but created. An intelligence report produced by service P and send to Q is for the sender P intelligence, but for the recipient Q it is information, not intelligence, until Q has analysed the report, then it becomes intelligence again.

Legal and ethical restrictions mean, in short, that OSINF is only OSINF if the information was obtained in a legal way and that the information was intentionally published in the public domain. Hacking, cracking, password sniffing, stealing, data leaks etc. are therefor not considered OSINF and thus not eligable for OSINT. Wikileaks is thus not OSINF since that information was never intended to be in the public domain.

Conclusion. OSINT is thus very much more than just the world wide web (WWW) or social media. OSINT also deals with the other 98% of open source information that is NOT on the WWW or social media or even on the Internet. The W3 is only a fraction (less then 2%) of the surface web.

There is a wide variety of OSINT definitions. Mainly because there is many different requirements or backgrounds. Obvciously, an OSINT definition for a stratetic intel service is different then that of a law enforcement agency. In addition, there is different levels of OSINT, typically there are five classes with varying complexity.

One never collects or gathers OSINT. One CREATES OSINT. Also, there is no such thing as OSINT tools. All ‘tools’ are by assumption open source. OSINT is a methodology, a process, not an object. Almost all tools available today in the digital world, whether free or fee-based, can be used to collect OSINF in one way or the other. Using the phrase OSINT as an adjective does not mean something specific and does not make the tool more special or something.

Want to read more about OSINT or how to design your OSINT production capability? See the OSINT Bibliography I compiled over the years at htttp://bib.opensourceintelligence.biz

Want to learn more about OSINT training? Try http://www.opensourceintelligence.biz

#OSINT #OSINTtraining

Cyberspecialists are doing it wrong.

arno reuser — Fri, 12 Sep 2025 14:59:35 +0000

Many cyber security firms focus on just two main items. The first is tools, technical stuff and software solutions, the other is rigidly ticking off checklists based on international standards and norms of which there are so many.

Pretty easy to do and it has led to many cyber companies who may be classified as cyberclowns: yet another specialist that comes in, does something expensive of which no one understands what and why and then disappears. The effect is that the customers are not seriously interested any more. That’s where the real danger is.

The real danger in the broad field of cyber security is not the bad guys. It is not the foreign state or non-state actors, but the intended victims. People who are oblivious, ignorant or have other priorities then security. Companies who consider cyber security too expensive, not necessary now (may be next week), irrelevant, not ‘my cup of tea’, no time, too busy, nothing will happen anyway, not interested, or any other excuse to postpone to a later date or all together.

Cyber security should very much more focus on security awareness, training, education, informing the public that cyber security is fun! It is sexy! It is lovely to do, and important. Just as important as getting your drivers license, insurance, and wearing your safety belts when driving an motorcar. Only then it is time to discuss standards and software.

As long as cyber focuses wrongly, nothing will happen. As long as “information capabilities” is not a compulsory subject in primary and secondary schools, no one will take the matter seriously. Information capabilities such as open source research, programming, validation techniques, network analysis, network configuration, etc.

(extract from the presentation I planned to deliver at CyberSec Netherlands 2025)

Cybersec Netherlands hashtag#OSINT

Vague questions in OSINT … and what to do

arno reuser — Fri, 15 Aug 2025 09:22:42 +0000

So I ask OSINT students to solve a modest research assignment any way they see fit. They all listen carefully to me, then turn around to the computer screens and frantically start typing.

After a few minutes I call them back to the central table to ask them what exactly they are doing, what is the research plan, the approach, the strategy?

No one answers.

The research assignment is full of vague terms, ambiguous terms, omissions, contradictions such as: the latest, recent, some, “a list of”, references, most important, “to what extent”. But no one asks me what I mean with that. No one asked me what the information is going to be used for, what the purpose is, the goals, what the problem is I am trying to solve with that information. No one asks who the customer actually is.

Yet they are all typing.

I wonder what.

Once I show them that the assignment is so vague that it cannot be solved, the penny drops. Once I demonstrate that it is impossible to start any OSINT assignment without knowing the customers’ intent, another penny drops. Then it is time to teach the concept of An Answerable Question. A research question that is so precise, detailed, complete and accurate that there can be no misunderstanding to what information exactly is required.

An Answerable Question is part of the OSINT process Requirement Analysis and Problem Deconstruction. Following Kettering’s law*, I share with the students OSINT Standard Operating Procedure (SOP) #4 : a full implementation of describing and solving the assignment problem Arno’s way: concept analysis, assumptions analysis, customer analysis, and Answerable Questions.

It takes time. And effort. But the benefits are clear.

Searching and finding the public open source domain is much easier once you know what you are looking for.
A well and clearly designed requirement analysis and intelligence collection plan explain when to stop.
Continuation at a later date or by some one else in the team is now possible.
Since we know exactly what to do we can now make a time planning and even a budget.
Collecting the requirement analyses over time allows for analysis of customers’ requirements so we can look ahead.
Finally, team work is now possible. An assignment can be shared amongst multiple team members.

Remember Law #4: ”no OSINT research makes any sense without detailed requirement analysis and problem deconstruction”

I have been using this technique for 25 years now, gradually changing and improving, using tables and flow charts for assistance. But believe me, everything you think you are doing wrong I did wrong too. And I still make those mistakes. I still remember that particular customer coming to my office asking me to do the same research I did two months earlier, again. But back then, I simply started typing until I found what I needed, I compiled, edited, analysed, collated and produced. So I had no clue what he was talking about.

Making mistakes is good. Mostly, you can learn so much from mistakes, but on the condition that: 1. the person concerned acknowledges the mistake, and 2. that the person is willing to learn from it.

* A problem well stated is a problem half-solved” Charles Kettering (1876-1958)

Google secret date search

arno reuser — Tue, 12 Aug 2025 07:30:35 +0000

Google has a few ways of limiting results by date. It used to be just using daterange: which required a Julian date. That has been replaced by before: and after: search operators. These can be used with a more readable data format such as:

“border conflict” after:1995-05-02 before:1995-05-0

To limit results to just that time frame only to hopefully find what has happened on those dates, instead of all the follow up responses and reactions. Remember, no spaces.

But there is another option too, that requires a little more attention. This option allows to limit results: from the last X hours, or X days or even the last X months. This is a great option to track events, developments, demonstrations, riots etc where you only require ‘the latest’.

The option is called

&as_qdr=PQ

hier is de code weggehaald. P is a unit like ‘h’ for hours, ‘d’ for days and ‘m’ for months. Q is an integer. The complex thing is that this one needs to be added to the URL bar as an extra parameter. Do NOT type this in the search bar!
Examples. Limit results to the last 6 hours only:

https://www.google.com/search?q=”border+conflict”&as_qdr=h6

Limit results to the last 2 days only.

https://www.google.com/search?q=”border+conflict”&as_qdr=d2

Click on the Tools button on the right side of the toolbar to check if your query has actually worked (figure)

Unfortunately, this only applies to the Google search language.

This techniques is useful to monitor developments. First try a query to find out what has happened. Something like:

intitle:”border conflict” OR intitle:”border dispute” cambodia thailand

Will probably do the trick. You may want to select the Google News database first. If it is an older conflict, add the after: and before: search parameters to find out what exactly has happened.

Then, when you are happy with the results and your information position, generalise your query a little and add a as_qdr to the URL, save your query as a bookmark on your bookmark toolbar to execute your query at any moment.

https://www.google.com/search?q=”border+conflict”+OR+”border+dispute”&as_qdr=h6

Then you add a ‘live’ bookmark. That is, you first develop and run a query suitable for monitoring, then you add a bookmark at your bookmark toolbar. Or even better, in a folder at your bookmark toolbar to prevent clogging up that toolbar too soon.

Now, whenever you click your button, you only get the latest results.

Final remarks

Usually you have multiple of these queries for use with different sources. With Google’s site: option, you can select one or more domain names and limit your results further by source. The disadvantage of this techniques is off course you only select results from sources indexed by Google.

More importantly, to use these techniques effectively, first you need to have your requirement analysis and problem deconstruction ready and productive. You need to know what you are going to do, before diving into the tangled information jungle that is called the world wide web. Otherwise, you will get problems with information explosion.

OSINT Bibliography usage tips

arno reuser — Mon, 14 Jul 2025 16:17:07 +0000

The OSINT Bibliography now holds about 150 titles of reports, papers and books on open source intelligence. Most links are to the full text, but in cases of copyright I have linked the title to a purchase or library catalogue card.

I have in addition added a How to use section to explain how to read documents from a librarians perspective. It is very simple, but, as always in OSINT, quit important to follow a few simple rules to get the best possible open source retrieval result.