The 5 OSINT Mistakes You Don't Want To Make
Recently, the United States military would attribute Operational Security challenges to “a bunch of randos tracking planes on twitter”
Given our modern world gives us a vast array of data that we can analyse, consume and eventually, use for investigative purposes, this should come as no surprise.
However, the road to a functional and effective Open Source investigator is long and often paved with mistakes.
So, in today’s article, I’ll be sharing a few tips that should help you along your way, meaning that you can focus on the data. 
There are 2841 John Smith’s in California. Which one is your target? Source: whitepages.com
Not Verifying Your First Hits
Sometimes, having too much information can be worse than having no information at all. As such, when you’re conducting your first searches, it’s worth cross-checking all the information you have to hand.
Does your target have a doppelganger in the same city that happens to have the same name?
Perhaps the criminal record check you uncovered is linked to this person, too and has nothing to do with your target.
Understanding all the available data that you have to hand and being aware of potential pitfalls regarding the identity of your target early has the potential to save you plenty of drama later down the path.
Thankfully, social media makes this a lot easier thanks to the ability to upload pictures that can be used to confirm identity later on. Criminal checks and other sources of information do not do this, meaning it’s much easier to make simple mistakes that should be caught early.
Leaving Digital Footprints
Creating sock puppet accounts can be a pain, but do you know what’s worse? Having your surveillance target appear in the “people you may know” list, or alternatively, giving them notification that you have interacted with their profile, all because you didn’t use good opsec.
Opsec > Convenience every time, and while you don’t have to always use a new sockpuppet account for each inquiry, well-crafted accounts that are passable and not linked to you are the minimum barrier for entry to most OSINT inquiries.
And while good investigators will focus on what they are able to find, they will also focus on what they are revealing to a target in the process of doing so.
Remember, social media companies are effectively surveillance companies now as well. Expecting them to have your back while you do your thing is going to end about as well as you’d expect.
Ignoring Legal Boundaries
Firmly in the “Just because you could doesn’t mean you should” category, staying legal is a key objective for all but the most unsavoury of Investigators.
“It’s public information” doesn’t mean you can do what you want with it, and the usual protections around stalking and doxxing will still apply to people in most jurisdictions.
While laws may not apply in some instances, ethics will, and it’s worth keeping this in mind as things unfold.
A great example of this is the usage of breached data. While many will argue that it is in the public domain and therefore valid, in the real world, this becomes much murkier in practice.
Perhaps your locality has specific laws and regulations regarding the usage of such information. Or perhaps our breach dataset consists of private medical information or proprietary info that may see us end up in legal troubles if distributed.
Knowing where you are on the legal spectrum means it’s much easier to keep things between the lines, so to speak.
Inadequate Documentation
Not every investigation is going to end up in court, but if you’re not documenting things as if they will be, then realistically, it’s only a matter of time before things come unstuck.
There’s no denying that having auditable strategies along with established practices for documentation can be a bit of a headache, but by implementing this at the start, you’re ensuring that your inquiries remain relevant, usable and more importantly, trackable.
Evidence is clear, verifiable facts. Which means you must be able to say “I got this from here, using that tool, and it occurred at this time”. If you can’t confirm where you got your information and from what time, then it becomes hearsay that has the potential to affect your credibility.
A large portion of agency revenue comes from the uncovering and exchange of information. Making your reports look like the key pieces of evidence that they should be is a large part of justifying your end rate, and tools like Hunchly are the lever you pull to make it all happen.
Over-Complicating Things
The question is not, “Do we love awesome hacker tools?” but more specifically, the question is “Do we need awesome hacker tools?”
While sometimes the answer is going to be yes, the reality is often a little different. There’s no denying that cool tools will always be fun and, in some instances, they are even worth the ticket price!
But fundamentals will take you a long way, and it’s worth not overcomplicating things, particularly if you are new to all this.
One of the best returns on investment when you’re getting started with this type of thing is time spent understanding the concept of search and Google dorking, and then putting it all into practice.
There’s no denying that AI has the potential to change some of this in the coming years, but like traditional detectives that knock on doors, some fundamental skills will stay useful for your entire career.
Use the tool. Write the script. Automate the process.
But don’t be afraid of asking yourself if there is a better way of doing something. Your future self might just thank you
A Word On Style
While there’s plenty of merit in following the pack when it comes to tools and strategies, to properly flourish means to develop your own style, complete with strengths and weaknesses.
Even the truly talented will struggle to master everything, while the rest of us will pick a niche or two and then run with it. Some people master breach data. Some people like threat hunting.
And others just like to trawl through massive datasets in the ongoing hunt for clues.
Identifying your niche and then leaning into it means you’re setting the stage to play to your strengths and keep the days at work where you truly hate your job to an absolute minimum.
That might not be everything you need for a successful career, but it’s certainly a good start.
Investigator515 explores the RF spectrum, cybersecurity, and the hidden tech behind modern and historical espionage.
Follow for new content weekly
Bluesky • X • Substack
You might also like,
- OSINT Investigators Guide to Self Care & Resilience
- Spies In The Mud: The RF-111 Aardvark
- What The Tech?! Space Shuttles
