The Power of Open Source Intelligence with Nico Dekens

Listen to this episode:

About this episode:

In this episode of Behind the Data, host Matthew Stibbe interviews Nico Dekens, known as Dutch_OsintGuy, to explore the world of Open Source Intelligence (OSINT). They discuss the significance of OSINT, the various data sources and tools used in the field, and the importance of critical thinking and validation in data analysis. Nico shares real-world applications of OSINT, including a project where he pinpointed a location using sun calculations. The conversation also explores the role of AI in OSINT and the importance of being aware of cognitive biases when analyzing data. Listeners are provided with resources to further their understanding of OSINT.

Timestamps

00:00 Introduction to OSINT and Data Trends
03:03 Understanding Open Source Intelligence (OSINT)
05:55 Data Sources and Tools for OSINT
08:51 Real-World OSINT Applications
11:49 The Role of AI in OSINT
14:58 Critical Thinking and Source Validation
17:49 Cognitive Biases in Data Analysis
20:46 Resources for Learning OSINT

Key discussion topics

OSINT stands for open source intelligence: It refers to publicly available information, not just the internet. It includes TV, radio, and newspapers. The process of OSINT involves collecting, processing, and analyzing data to create actionable intelligence.
Critical thinking is essential in OSINT: This is crucial to avoid jumping to conclusions too quickly. Cognitive biases can affect data interpretation and should be actively managed. Asking the 5Ws and 1H can help clarify data points and avoid assumptions.
AI's role in OSINT: It can assist in coding and data analysis but should not be relied upon uncritically. Validation of data is crucial to ensure accuracy and reliability in findings.

Transcript

Matthew Stibbe (00:00)
Hello and welcome to Behind the Data with CloverDX. I'm your host, Matthew Stibbe, and today I'm talking to Nico Dekens from shadowdragon.io, who is otherwise known as Dutch OSINT Guy. I interviewed him a few weeks ago for a podcast that I run for another client, a company called Blackdot Solutions, which is about OSINT and I thought he would be a great contributor to this show as well. Great to have you with us, Nico.

Nico Dekens | Dutch_OSINTguy (00:25)
Thank you, my pleasure.

Matthew Stibbe (00:26)
So before we dive into the world of OSINT, I'd like to start with a really practical question I ask all my guests on this show. Are there any data technology trends that you're particularly excited about and geeking out about?

Nico Dekens | Dutch_OSINTguy (00:40)
Yeah, I think like most of the world, everything that has to do with, I hate to say the word AI, but for me specifically, ⁓ MCP, so controlling things through servers and agents, that really speeds up a lot of work that I need to do because typically I work with a lot of data and using that technology just speeds up my processes and helps me refine that. Yeah.

Matthew Stibbe (01:03)
Well, so a lot of our audience here are not familiar with OSINT. Indeed, I wasn't until I started working for Blackdot. So tell me what is OSINT?

Nico Dekens | Dutch_OSINTguy (01:13)
Yeah, so OSINT is an acronym for open source intelligence. And open source intelligence is a discipline and it comes from the intelligence community. So I think it originated mostly in government around World War II, World War I, when people saw that there was information in the public realm. So open source intelligence is publicly available information. ⁓ So publicly available information is everywhere.

Nowadays, when you talk about OSINT, people think it's information that's somewhere on the internet, which is true, but people forget about TV, radio, a library, a newspaper. So information that's available to anyone around the world. So I always make the analogy, my mother should be able to obtain or get access to the information. The hard part very often is knowing your way to

get access to that piece of information. This is where the intelligence part, where the analyst, the investigator comes in. So it's all about publicly available information. So no secret stuff, nothing is hidden. It has to be somewhere for someone to find. But the next step is what you do with it. How do you add context to it? How do you turn that into what we call, in our world, in open source intelligence, actionable intelligence? So someone comes with you with a research question, which should always be a...

I like to say an answerable question. Tell me everything about Matthew Stibbe is like, what do you mean everything? I want to know if Matthew Stibbe ever visited Amsterdam in, I don't know, September of 2025. That's an answerable question. And then the follow up question would be what can you tell me because I'm going to do that investigation about Matthew? Because only a first and last name... maybe you have someone that has exactly the same name. So maybe you got an email address, maybe you got a phone number.

Maybe you got a picture that I could use for reference. And then you go onto the internet initially to see what you can find. Do some preliminary research. And based upon that, you start collecting information that potentially could answer that research question. So it's an analytical process to, first of all, divide a research question, collect the data, process and sort that data to come to an actionable intelligence package that someone else can take or make a decision upon.

Does that answer your question to some extent?

Matthew Stibbe (03:34)
Yes, absolutely. And when you're doing it as a practitioner, certainly from my conversations, there is a lot of internet and a lot of data involved in it. So what kind of data do OSINT professionals typically use? And what sort of things would we be thinking about if you're doing OSINT research?

Nico Dekens | Dutch_OSINTguy (03:54)
Yeah.

Yeah. So just to make very clear, open source intelligence is not speed drawing in Google. We were just talking about this just a moment ago. I recently wrote a blog about... you can read that on my webpage, dutchosintguy.com, What OSINT is not. So OSINT is collecting information in a targeted way in numerous sources. So it could be Google as a starting point. But for me, Google is nothing more than a door. ⁓ You found the door, but you haven't walked in yet.

So it means now you have to visit all those results that Google points you to and see what these pages may contain that may be valuable information for your investigation or not. Or is there bias in the play or logical fallacies or assumptions that you're making based upon what you're searching. So the next pivot could be social media. Well, nowadays there are hundreds, if not thousands of platforms that provide people access

through the internet in form of apps or platforms where they can communicate with each other or to the world. ⁓ That's where you look. ⁓ Could also be traditional forums, could be chatting boxes, could be newspaper outlets, could be radio, TV shows, ⁓ databases on sanctioned entities. What my world uses a lot because a lot of people are now sanctioned nowadays, but they need to be investigated. ⁓ Finance portals,

Chamber of Merchandise information. So there's so much information out there and that's always the hard part in my world. This is why you need that answerable research question because if I only need to find out if you ever spent some time in Amsterdam in September, there's no need for me to go to Company's House, for example. Could do, but at this point, no need. So understanding the landscape for most open source intelligence practitioners is very important,

if not maybe one of the most important things because that's the only way to get started. Where do I need to look but more importantly where shouldn't I look first?

Matthew Stibbe (05:55)
So an answerable question, a of a parameter of the search space. Are there dictionaries or libraries of data sources that you use? I mean, is that something that is available?

Nico Dekens | Dutch_OSINTguy (06:08)
Yeah, on GitHub there are a lot of people that maintain, as well as myself, I do myself, repositories for known or common sources that are very often being used for our typical research. There's also something called the OSINT framework ⁓ built by someone I know, Mr. Nordeen, who basically built a little framework. Hey, if you got an email address, you need to find ⁓ something about someone, these are four or five pivot points or sources that you could potentially use to leverage more. Same for phone numbers, same for first, last name, nicknames, company information. So there are many repositories out there that I like to use. One of my personal favorite is built build and maintained by one of my good friends, Lisette. And she's got a domain called technisette.com. And that's basically a very large repository of training tutorials, databases, links to resources where you can find information that you may be looking for.

Matthew Stibbe (07:06)
That would be tremendously useful and interesting I'm sure for everyone, they're already typing that in. It's a strange thing about ⁓ OSINT. I think you all know each other. I think everyone in OSINT knows everyone else in OSINT. I haven't actually interviewed anyone who wasn't already connected with everyone else. ⁓ So, and then you're... one of the other things I've noticed from doing other interviews is that you're all sort of Python programmers. I mean you've all got some sort of data processing skills and I think

I think if we drew an overlap or a Venn diagram of everyone I'm interviewing for CloverDX, and everyone I interview for Blackdot, Python is sort of in the middle of that. But what sort of tools are you using to analyze data and move data?

Nico Dekens | Dutch_OSINTguy (07:52)
Yeah, it really depends, of course, Python as a programming language, just because it's fairly easy to learn for people who don't have, let's say, any development skills. I think it's one of the easiest to learn programming languages, but also it communicates very well with application programming interfaces. And that's what... APIs, that's what we do a lot because we need data at scale and we have repetitive tasks over and over. So scripting something in Python just saves you time. So you build something once and then you can use it forever for all the use cases that you have. Sometimes it breaks, but then it's easy to fix because it's just a couple of lines. Yeah, alternatively, there are a bunch of commercial tools out there. I work for a company that builds commercial tools because that's becoming the biggest problem in our world. The internet landscape has grown so exponentially and so fast that 10, 15 years ago, typically I could do an investigation by hand, but nowadays it's...

I could still do it, but I would spend weeks finding that information versus using a commercial tool or maybe a freely available tool on GitHub that just saves me time. So I have more time left for the actual ⁓ analysis part, for the in-depth part to make sense of all that data.

Matthew Stibbe (09:13)
I'd love to explore perhaps a project that you've worked on recently and kind of how you use tools and data sources to get a result. Do you have something in mind that we could discuss?

Nico Dekens | Dutch_OSINTguy (09:29)
Yeah, so recently I was working on a ⁓ use case where somewhere in the Middle East there's something very horrific happened and there was some footage shared online. ⁓ My task and my goal was try to exactly pinpoint where this happened somewhere on Mother Earth. ⁓ So I had no context. All I knew it was somewhere in the Middle East, a rough region, so let's say a country. But, in this video, there was nothing more than basically desert, and dunes, desert dunes and a bunch of individuals. Now I need to find that location. Well, based upon the comments, ⁓ there were clearly some people that knew that region in that video because it was shared on YouTube later where people said, I think it's that province in that region in the Middle East. So I can narrow it down. Doesn't mean it's true because people lie on the internet all the time, but at least I got something. Yeah.

Matthew Stibbe (10:21)
I like that. People lie on the internet. Yeah, sorry.

Nico Dekens | Dutch_OSINTguy (10:28)
And that's also something that we deal with a lot within OSINT, trying to tackle disinformation and misinformation. But to get back to the story, I pinpointed that province, but now I thought I found that region, but now I could use the sun as the oldest clock in the world. So sun calculation within open source intelligence is very common because you now had shadow cast of these bodies and that would help me determine the time. And if I can determine the time and how high the sun is up based on shadow cast, it could help me narrow down if I found that location, if I found that spot. So I used, in this case, first of all, suncalc.org, which is just a freely available webpage. But for me, it was not doing what I wanted it to do. So I built my own, let's say ⁓ suncalc.org on steroids version, which gave me little bit more capabilities to work more with elevation, to work more with shadow cast, but also maybe even moon cast and other information, or just to see... to play with color saturation because sometimes video footage shows shadow cast, but it's so blurry that I basically needed to edit that video a little bit to highlight certain piece of information that I need to take that next step. Well, based upon that, I was able to pinpoint that location.

And after validating that, I was able to find the exact X and Y coordinates on a map to tell you, hey, this is where that happened. But I could also tell them, hey, on this day between 6 in the morning and 6.15 in the morning, because we had that shadow cast. And that's one of the typical use cases that we come across very often.

Matthew Stibbe (12:10)
Amazing. And...

When you were, if you look back on that project and you wrote the shadow cast on steroids thing, what would you have done differently now that you've learned because of going through that process?

Nico Dekens | Dutch_OSINTguy (12:27)
I think I would probably have leveraged artificial intelligence, in this case, Claude coding, earlier, because I was doing this out of muscle memory and I spent like three days whipping up all kinds of code and it worked, let's say half-baked. And then I basically handed off my code to Claude and said, hey, review my code because I'm getting all kinds of weird errors and I'm too dumb for this. And it basically told me like, hey, fix this line, fix this line, add this line, do this, and it should work. And I did it and it worked. So for me, it was again, a huge eye-opener because now I had that assistant in this case, a digital assistant sitting next to me that could do a code review and also improve my code and give me suggestions. So that was my biggest lesson learned in that little project.

Matthew Stibbe (13:22)
I'm fascinated by this concept of vibe coding. And I'm not anymore a programmer, but back in the day I used to write. I worry about how much risk people are taking if they're relying on AI to do data analysis or whether they're relying on AI to do code reviews or AI to write code. At what point can you just go, I don't need to know anything about coding. I'm just gonna let the AI do the work.

And what are the risks or benefits of doing?

Nico Dekens | Dutch_OSINTguy (13:56)
I that's a very good question. I teach open source intelligence classes all around the world and everybody just like you said wants to learn Python. And this is why they leverage, let's say someone else's script from GitHub, for example. And that's always the risk because if you're not able to read code or someone else's code, there might be something in there that is an operational security risk. It might be communicating to a super secret server somewhere in China or Russia that makes you highly uncomfortable.

Or, it might have access to your entire hard drive or other sensitive information. So this is why I still think you will always have to review something that was made by a machine or by an algorithm or let's say 'sexy math', whatever you like to call it. ⁓ So that's how I look at these assistants. They are super powerful. They are super helpful. But I think it's mandatory for someone always to be able to review what it spits out and ensure that there's nothing in there that makes you or your company highly uncomfortable.

Matthew Stibbe (14:58)
I liked your analogy of using it as a code. I'm almost... like a pair programming coding buddy, but you're not relying 100 % on it uncritically. You're bringing some skills and some judgment and some risk assessment to it, and it's helping do things quicker. And I think my fear is that people are just going to go, OK, Claude, OK, ChatGPT, write me some code that does this, and not really know why it's not working, or even worse, not even know it's not working properly. Which sort of touches on something that we've discussed before, and I'm very interested in, is this ⁓ idea of source criticism and sort of logical thinking, critical thinking.

Nico Dekens | Dutch_OSINTguy (15:37)
Yeah, exactly.

Matthew Stibbe (15:52)
And you've said in the past, OSINT is a state of mind. What is the state of mind of OSINT and how can it be applied to these sorts of use cases?

Nico Dekens | Dutch_OSINTguy (16:00)
Yeah, I think in general it counts for anyone who is doing something with data or generating a form of intelligence. It could be due diligence that you're performing, could be internal assessments. For me, it's all about critical thinking, always coming up with those scenarios, what if, and doubt your own outcomes, doubt the data. And that's why I also recently wrote a blog on AI because I see too many people now, just like we discussed, that blindly trust these answers coming out of these, what I like to still call a black box. They drop in a question in ChatGPT, it gives you an answer and they just take it for granted. I think you should always challenge it. Maybe a good example was recently ⁓ there was a big ⁓ far right wing protests in the UK as well as this week in the Netherlands where people were waving their country flags, but if you gave that picture to ChatGPT and tell me... and ask it, hey, where is this in the world? Because it has that image analysis capability, based upon the flags, it would say, hey, it was in London or it was in Amsterdam. But, when you actually with your own human eyes analyze that picture, you could see street signs that were nothing near London or near Amsterdam. So it just...

It's kind of biased and this is why I think you should challenge every outcome based upon the data that you collected and be your own devil's advocate. So it's all about a process. Hey, I know what I want. I know what I don't want to see. I collect data that data ⁓ shows, let's say pieces of the puzzle. You try to put it together, but now let's make absolutely sure that there are no pieces in the wrong position because maybe if I turn it around, it's supposed to be on the lower left instead of the lower right or something like that. And that's what I think is so important to everything that I do, but in general, people working with data. Validation, validation, and more validation.

Matthew Stibbe (18:05)
Trust but verify. We'll come back to cognitive biases in just a minute. But this thing of uploading a picture into ChatGPT and saying, where is this picture taken? If anyone listening to this hasn't done it, it's an astonishing thing that it can give you some real... like I took generic pictures of the neighborhood around where I live, the countryside, and it was able to give me quite a good description of not X and Y coordinates, but it's probably in this part of England.

From a picture. And then I ran some holiday snaps through of different places and it was able to locate, it's that building in that street in that Eastern European town. It's mind blowing and for people listening to this, this is one of the reasons why almost everybody that I've interviewed for Blackdot Solutions has their background blurred out. I think because of the fear of being geo-located.

Anyway, I just wanted to mention that, but let's talk about cognitive biases. You mentioned this earlier. How can you sort of train yourself as an analyst to be aware of your cognitive biases and adjust and account for them?

Nico Dekens | Dutch_OSINTguy (19:21)
Yeah, I think when I look at people who start practicing open source intelligence or intelligence collection in general, they tend to jump to conclusions too fast, which most of the times in my opinion has to do with people don't grant themselves enough time to thoroughly look at the information that they have collected, but also ask these questions. And for me, it's very simple. 5Ws, 1H is still golden for me. So who, what, where, when, with what, with whom, how. Those questions, if you ask these to basically every data point that you need or that you have collected, you will find answers. And that's something that I hammer upon in my trainings. I literally say, I think a hundred times a day, without questions, there will be no answers. So you have to reason over and over with yourself and your own data. Hey, this is what I found.

So who is it coming from? Who posted it? Why did they post it? With what reason? What can I tell about the account? Is this account continuously spreading this information? Is it connected to fake accounts that I can point out and prove? ⁓ Maybe the time zone settings are off. This person pretends to be from London, UK, but when I see that person post, it's always, let's say, in a time zone somewhere in the US or Russia.

Could that be a little tell or giveaway that I'm dealing with someone that's trying to influence others? So there's many things that you can do and leverage to ensure that you're not overlooking something, that you're not jumping to conclusions. And what I always like to do is when I have, let's say, a conclusion or a preliminary conclusion, let someone else within my team look at my findings, but preferably let someone look at it who has little to no knowledge about my profession, because they are very good at pointing out like, hey, Nico, you claim this, but now show me how did you come to this conclusion based on what information, what facts, what underlying evidence did you formulate this sentence or outcome.

Matthew Stibbe (21:30)
I remember a poem by Rudyard Kipling that begins, I keep six honest serving men, they taught me all I knew, their names are what and why and when and how and where and who. So this has been fascinating. I want to ask you two more questions just as we come to the conclusion. The first one is, if somebody listening to this would like to learn a little bit more about OSINT and some of the disciplines and practices that we've talked about, which I think are hugely applicable to the CloverDX world, where would they go? Where would they start?

Nico Dekens | Dutch_OSINTguy (21:42)
I love it, that's great.

Nico Dekens | Dutch_OSINTguy (22:08)
I would point them shamelessly to my own webpage, Dutchosintguy.com. There's a blog on there where I write about OSINT, I give tips and tricks. And I would also like to encourage them to go to either maybe ⁓ shadowdragon.io because there's a ton of information on ⁓ open source intelligence, how to perform it, how to search for information, how to understand it from a business perspective, from a law enforcement perspective, from a due diligence perspective.

And same counts for Blackdot, for example. They do a similar thing that we partner with. So those are very good starting points just to familiarize yourself with open source intelligence.

Matthew Stibbe (22:46)
Fantastic. Well, you've partially answered my final question, which is if they want to find out more about Dutch OSINT guy, where would they go for that?

Nico Dekens | Dutch_OSINTguy (22:54) I'm everywhere on the socials under my moniker Dutch underscore OSINT guy because I'm Dutch, like OSINT and I'm a guy. Couldn't couldn't have made it more easy. So if you just search on any platform on X, on Facebook, on Twitter, whatever, you will find me somewhere or in a search engine. Just search for that name and you will find a lot of YouTube videos with keynotes and everything.

Matthew Stibbe (23:17) And I would strongly recommend that people go do that. I found your writing fascinating and informative. So ⁓ great. Well, Nico, thank you very much for being on the show. It's been a pleasure, as always. ⁓ And that brings this episode to a close. If you'd like more practical data insights or you want to learn more about CloverDX, please visit cloverdx.com forward slash behind the data. Thank you very much for joining us and goodbye.

Nico Dekens | Dutch_OSINTguy (23:47) Thank you.