July 21, 2022
OSINT for Charities and Non-Profits
Steve Adams
Product Marketing Manager
Non-profits and Charities can utilize OSINT to secure their people and organization and support investigations. Donation funded, charities and non-profits often have to rely on limited resources to conduct investigations and monitor threats.
Several charities established specifically to conduct investigations also utilize OSINT techniques, such as those supporting victims of domestic violence and those investigating animal cruelty. These charities conduct investigations into people and organizations involved in criminal activity and may either prosecute these individuals on their own or with the support of law enforcement.
Identifying Data Breaches
Receiving donations from the general public and working with people they exist to support, charities often handle a large amount of personally identifiable information. Charities often work with tight budgets, which can mean relying on dated technology and small teams of technical employees. Holding vast stores of PII protected by only a small team makes these organizations targets to cybercriminals.
According to research conducted by the Ponemon Institute, the average total cost per data breach is $8.19 million, a potential major blow to fundraising efforts. Data privacy is an important issue to charities and non-profits, who are responsible for meeting mandated standards for data protection.
Charities can utilize tools to monitor the deep and dark web for data breaches that contain their data. Breach data vendors often advertise the data that they have stolen on forums, listing the source. Charities can scan these forums for mentions of their brands and their domains to detect leaks as quickly as possible.
Identifying Fraudulent Campaigns and Accounts
Criminals may impersonate charities and their executives through false social media accounts to influence public opinion on specific matters and support financial scams. Exploiting the generosity of the general public, fraudsters will create social media accounts that mirror a charity's real accounts and use these fake accounts to link to fraudulent fundraising campaigns and siphon donations to their bank accounts. Similarly, fraudsters may set up accounts mirroring a charity executive’s social media account to make posts that either harm the individual's reputation or push a political agenda.
Charity analysts utilize OSINT tools, techniques, and platforms to identify and mitigate fraud, misinformation, and disinformation. Analysts can monitor social media and crowdfunding sites for campaigns and accounts that discuss their brand to ensure that any using their brand name aligns with the charity’s legitimate campaigns.
Monitoring Global Events
Global events can influence charity operations by determining where employees can safely travel and which incidents require an urgent response. Charities can utilize publicly available data to prepare for and tackle global and local disasters and public health crises. Fusing data streams including crime, traffic feeds, weather events, large-scale events, and more, analysts can understand local activity anywhere in the world. However, manually scanning the entire globe for major news events 24/7 is inefficient, expensive, impractical, and requires automation to be done effectively.
Charities utilize OSINT tools that efficiently collect, collate, and analyze geo-tagged and location-relevant intelligence at scale to address urgent or ongoing crises. Using automated tools, analysts can monitor for specific keywords, threats, and locations and receive automatic alerts to major news stories. These automated tools enable charities to make informed decisions promptly when a crisis requiring their attention occurs.
Facilitating Employee Protection
Charities often operate in remote or dangerous locations, which may be subject to organized crime group activity, political instability, civil unrest, and war. In these locations, employees are at high risk when traveling in these locations. This risk is even greater for executives, who may be well known and the target of kidnapping or violence. OSINT solutions like Liveuamap, Snap Map, and Tweetmap, provide charities with the ability to scan social media posts and news articles from within a geographic region for early warning signals of emerging risks to employees around the globe. Real-time awareness of emerging threats to executives enables security teams to avoid areas, people, and scenarios.
Similarly, unplanned disruptive events at familiar company premises like protests also present a safety risk for executives. Protests at or near logistics sites and headquarters can result in logistics problems and physical threats to executives. Collecting and analyzing intelligence in advance of company events enables security teams to identify planned activity and evade it by selecting alternative locations and travel plans.
Charity executives also receive threats of violence over social media for supporting specific causes or due to their salaries. Most threats made online are false, made by online trolls who intend to intimidate their victims rather than carry out any physical violence. However, a small minority of individuals making threats online do intend to carry out their plans. Law enforcement and charity security teams must have access to relevant information about potential threat actors to help minimize threats.
Identifying credible threats that warrant further attention and action is difficult. Searching social media platforms with tools like Tweetdeck, searching with advanced operators like ‘stab’, ‘shoot’, or ‘kill’ and the name of an executive, enables security teams to identify threats. Pivoting from these threats to manually assess the potential threat actor becomes a time and labor-intensive activity. Skopenow enables executive protection teams to automatically investigate potential threat actors, collating and analyzing their digital activity and backgrounds for further information that can substantiate a threat.
Investigating Internal Corruption
Charities and non-profits are not immune to internal threats, with employees and politicians both having exploited non-profits for their financial gain. Bad actors can abuse their role in a charity to siphon money or use charity funds for their enjoyment.
Using OSINT tools in the same way as law enforcement agencies, charities can investigate potential criminal activity and corruption to locate digital evidence of criminality. OSINT enables the quick detection of individuals living lifestyles beyond their means, or of unlawful activity, which enables charities to take quick decisive action in preventing internal threats.
Investigating External Criminality
Some charities and non-profits exist to campaign against and conduct investigations into issues like human rights abuses, environmental damage, and animal abuse. Organizations like the Environmental Investigation Agency utilize OSINT to conduct global investigations into organized groups involved in these crimes.
Intelligence Analysts and Internet Investigators working on charity investigation teams can use OSINT to locate and archive evidence of criminality to support disruption activity and arrests. By building subject profile intelligence reports, analysts can create products to support decision-making and to share with law enforcement.
Gauging Brand Awareness
To successfully raise funds and deliver on strategic goals, charities and non-profits rely heavily on public support. Understanding public perception of their brand is vital for charities in ensuring that support continues and grows.
Charities can utilize social listening tools like Google Alerts and SocialMention to monitor their brand image. Social listening tools enable charities to determine the sentiment within public opinion and gain insights from large quantities of data from social media.
Sentiment analysis enables charities to measure public opinion of a specific issue before and after a campaign. Identifying positive and negative keywords means charities can determine the impact of their campaigns and adapt to ensure that their short-term work is not hampering their long-term goal.
Manually utilizing OSINT is a resource and time-intensive process that requires specialist knowledge and training. Charities and non-profits can easily automate OSINT to negate the need for extensive resources, enabling small security or intelligence teams to manage OSINT activity.
Skopenow works with charities and non-profits by automating their OSINT efforts to protect their reputation and employees and investigate threat actors and criminals. Skopenow instantly and anonymously collects, analyzes, and archives social media accounts and posts, discovers alias’, and identifies flag behaviors and hidden links between multiple parties. Skopenow also produces automated court-ready reports, collating images, text, videos, and metadata. For more information, please e-mail us at sales@skopenow.com.