Ritu Gill: 0:00

People are very quick to use any OSINT tool that comes across their desk, and that's where it's really concerning, because you could be capturing every keystroke.

Rachael Tyrell: 0:10

Hello and welcome to Episode 8, season 1, of your Cyber Threat Intelligence Podcast. Whether you're a seasoned CTI expert, a cybersecurity professional or simply curious about the digital battlefield, our expert guests and hosts will break down complex topics into actionable insights. On this episode of Season 1, our host, pedro Kurtzman, break down complex topics into actionable insights. On this episode of Season 1, our host, pedro Kurtzman, will chat with Ritu Gill, who is an open-source intelligence analyst with 18 years of experience working with Canadian law enforcement. After serving 12 years with the Royal Canadian Mounted Police, ritu launched a consulting business specializing in OSINT training and research for law enforcement and related organizations across North America. Ritu is also the president of Osmosis, an organization dedicated to standardizing OSINT practices and connecting professionals in the field. Ritu holds a bachelor's degree in criminology and remains an active member of the OSINT community. Over to you, pedro.

Pedro Kertzman: 1:01

Ritu, thank you so much for joining the podcast. It's really great to have you here. Hey, pedro, thank you so much for joining the podcast. It's really great to have you here.

Ritu Gill: 1:06

Hey Pedro. Thank you so much for having me on your podcast. I'm excited to be here and have a conversation with you.

Pedro Kertzman: 1:12

Usually I start by asking the guests their journey into you know CTI or related areas to CTI. Would you mind walking us through that please?

Ritu Gill: 1:24

Yeah for sure. So OSINT is my jam. That's open source intelligence. I started early on. I mean it's been a while, it's been a number of years. I started in law enforcement, so I first started with getting my degree in criminology and then I started working for law enforcement pretty much right after that and kind of just built up you know those building blocks to where I am today.

Ritu Gill: 1:54

One thing I do tell people is, although I have that background and that was like my roadmap, everybody's journey always looks different. No one, nobody's roadmap is going to be exactly the same, because a lot of people are like oh well, how did you do it? I want to do it like that. It doesn't always work that way and really I kind of got into OSINT accidentally, because it wasn't an intention initially, but it's something that, after moving around to different sections and working different portfolios, eventually I came across this thing called OSINT and when I started sitting with some of my colleagues back then I realized how they were using it and what it was for and how it was applied in investigations. And then it really took off from there and I got really interested and I was curious and I was it was a bit younger, so definitely had a little more energy and uh, all that kind of stuff as well cool, super cool, and I totally agree, like everybody's journey will be unique, we just, uh, sometimes need to learn a little bit.

Pedro Kertzman: 2:58

You know what worked in this situation, on that situation, and then kind of do your own mix and, you know, move forward right yeah, I, yeah, I agree, I really do.

Ritu Gill: 3:10

I think, um, you know, there's, uh, there's, there's a hundred different ways to get to that same destination, right? So I always say, uh, depending on you know where somebody's located in the world, uh, maybe what their background education is in they have that and maybe that's not even an avenue they need to pursue. It could be something else, it could be totally a different pivot, it could be a different way they come to that same place.

Pedro Kertzman: 3:38

Yeah, that's a great point. Different aspects or variables kind of thing, any common ground-ish like a good way to start at least get more familiar with OSINT and see if that could be potentially your gem as well. Any recommendations around that?

Ritu Gill: 4:02

Yeah, of course I think there's lots of different opportunities and different ways. One of the ways that I like was at that early on stage I wanted to see how other people were using it, because really I didn't have an understanding maybe of it before, but once I saw how it was being used in research, in investigations, and then I could apply it myself in research, in investigations, and then I could apply it myself. So one thing I tell people is if you're already in a role that maybe could segue into you know, an OSINT role or more OSINT focused, if you get the opportunity to work on you know various types of files, I would say yes. So I often tell people say yes more than no. And what that means is example I worked with a number of people.

Ritu Gill: 4:49

We had different portfolios. This is early on in my career. You know. If a manager came around saying, hey, would you take on this, this file, and I'm like, oh, that's not really my portfolio, I don't really do say it was fraud. But if I said yes, it kind of brings me into a new kind of investigation, a different way of looking at it, and then there's lessons learned as well, right? So that's what I mean by saying yes more than no, because a lot of people would be like, oh, it's not my portfolio, no, thanks, uh, get somebody else to do it. Um. So one of those things really helped me, I think, early on, um, because I got exposure to different types of things that maybe other people didn't Right. Um, that's one thing for sure.

Ritu Gill: 5:35

Another one again I did like reading is huge for me, getting some of those OSINT books out there, um, some current ones and then reading it and then also applying what you learn. So don't just read it, but go try out the techniques, go try out some of these things. Can you somehow apply what's mentioned in the book? And I think that's another way of you know. Doing is a way of learning as well. There is a lot out there, so you need to be able to decipher the good stuff from the fluff. So that's another part of it, because the OSINT world, like this day and age, I feel like it's really changed from what it was five years ago, 10 years ago. But yeah, those are a few tips that I would.

Pedro Kertzman: 6:17

I would start with Any suggestions on that topic, like how to differentiate good tools or good old scenes from bad ones or not so good ones? If we can put this way, especially for people starting how to do this vetting process, what's the real good stuff to start using?

Ritu Gill: 6:35

Yeah, I think, like I mean, this conversation can go in a lot of different ways. There's Getting your OSINT tools is one part of it, but also I had mentioned, you know, the good stuff from the fluff, right? Sometimes it is really hard because we have a lot of people in the space. Now, you know, I could recommend individuals. Like I mean, I would say, hey, follow me, I won't give you fluff, but I'm not the only person, and also I'm a little biased.

Ritu Gill: 7:05

Yeah, yeah, I'm not the only person and also I'm a little biased, yeah, yeah. So I think I think it really comes down to many things, but some of the people that you know, again, I've been in this kind of world or industry for a long time, so I know who's who in the zoo for the most part. Um, you know, I, of course I don't know everything, but, uh, I've been around long enough where you know. I know whom I go to. People are people I follow online. Um, you know, uh, some some of the big OSINT names out there as well.

Ritu Gill: 7:36

Um, but when it comes down to, like you know, vetting your OSINT tools this is something that has come up a number of times, but it is such an important topic. You know people will ask like, oh well, ok, you know you do. Like, how do I do it? Well, you need to ask the right questions. You know who's behind this tool. Do you know? Is it apparent? Is it something that's kind of hidden? You know, if I'm going to invest in a tool and run my searches through it, if I can't figure out who owns the tool, I'm a little concerned.

Ritu Gill: 8:09

Oh yeah, right. So it's almost like OSINT, the OSINT tools in itself. Right, maybe do some dig some, dig up some research on them, and there's been some interesting examples of how people have done that Right and to uncover things that they initially weren't in front of them. So you can find out a lot by doing that right. Do your research, do your due diligence before getting into some of the tools, even things like you know who owns it? Do they save your searches? Who sees your searches? All this stuff, stuff is important and it's another part of opsec. Having good opsec and oscent is key. Um, that term opsec, like you know, we say use sock puppets, right? What does that mean? Using research accounts rather than your personal social media to conduct research and investigations?

Pedro Kertzman: 9:02

no, that's awesome, especially nowadays, I think, even with folks trying to pretend during hiring process, uh, that they are somebody they are not actually. So yeah, vetting those tools, please, before you put any confidential information on them. I think it would be super, super critical. What about, like like the next step People possibly listening are already doing some OSINT and they want to see how can they kind of up their game. What would be like something you saw in the past that kind of gave you like an extra or a higher level of OSINT skills?

Ritu Gill: 9:46

I would say overall, the answer to that would be practice, practice, practice. You know, again, my method. I was very passionate. I started learning so much that I started to teach colleagues on what I was finding. So you know, there's different avenues again, like how somebody would go from you know this point to that point. But if you're not only, you want to practice the things that you kind of read about and continue to get better at, but in those instances you might even uncover ways that are unique in how you're using open source and that, like I mean, people write blogs about it, people will teach other colleagues about it.

Ritu Gill: 10:28

So for me, I really, once I got into it, I got really comfortable and I felt I had a few things to share with colleagues. I started teaching open source and, honestly, you learn a lot even when you're teaching, and I always say, as an instructor myself, I don't know everything, but I'm kind of, I'm open to learning and I learn things from participants, from students, all the time. Um, but I also have a lot to share. But over the years I think that's added a lot to bringing me from you know this point to a little higher. So, um, yeah, those are a few things that I can think of.

Pedro Kertzman: 11:03

That's amazing. Practicing is really important. And mentioning blogs, what about your blog?

Ritu Gill: 11:10

Yeah, for sure there's. I mean I can mention there's lots of OSINT content out there. I do have, you know, I wear a lot of different OSINT hats. I always mention that. But yeah, I put out a free OSINT newsletter. That's a good way to, you know, stay on top of what's out there, because I'm pretty involved with the OSINT community, still online as much as I can be. Um, every Friday I put out um a newsletter on the top like five things that I've seen and that's usually five blog posts or um, something of interest. So that could involve like a research case, maybe a case study, maybe some tools, maybe something else that's related to OSINT. Um, yeah, and people can go check that out um on uh, it's a forensic, osint is the website and then you would just click on newsletter and you can sign up for free there.

Pedro Kertzman: 12:11

Perfect, thanks for sharing that. And so you're mentioning investigations, right? Any suggestions on how to use OSINT to do investigations?

Ritu Gill: 12:25

Yeah, there's so many different ways. I mean that's a big question, you know. Think of it as, put yourself kind of in that space, if you were the target, what is everything someone could find out about you using your name, your maybe email address, maybe phone number? So that's one part of like doing the research. But there is a key difference between doing research and producing Intel. So there's like OSINT being, there's the information side of it, and then there's the INT right, the intelligence of it, and then there's the INT right, the intelligence.

Ritu Gill: 13:08

I often tell people the difference is that without analyzing and adding value to the information, it is not intelligence. So typically we start with a intelligence question in the intel world and, as an analyst, that's where you would start with, like what's your objective? Like why are we doing what we're doing Right? Are you looking to find a travel pattern? Are you looking to identify lifestyle or is it something else? Are you trying to locate somebody who's wanted? So number one is find out what you're doing and why you're doing it, and then that that kind of can help direct the research part of it.

Pedro Kertzman: 13:45

OK, cool, you mentioned a few examples. That will uncover a lot of stuff from people you're doing your work with. What would be like the ethical aspects around that, what are like boundaries or anything related to it?

Ritu Gill: 14:01

Yeah, that's a good question. Ethics and OSINT is really important. The first thing that comes to mind for me is that's a good question. Ethics and OSINT is really important. The first thing that comes to mind for me is OSINT for good. You know cause. You can use OSINT for bad as well, so, but the concept of OSINT for good has been around for a while, but essentially it means do no harm, right, because we can cause a lot of harm using open source intelligence too, and so we want to really focus on doing good, not doxing people with information being sensitive to current investigations out there.

Ritu Gill: 14:37

So we read the news. Sometimes there's an unfolding event. I don't want to get involved to the point where I'm doxing people. Maybe law enforcement's working on things. It's very different if you're trying to help and then you pass on this information privately to law enforcement. I encourage that in that space. But you have to be very careful with how we use OSINT or open source resources out there and some of the techniques we know there is, you know, there. I also recommend there's Osmosis Association. They're great to follow because they are an association for OSINT professionals and they really push for ethical OSINT. So you know, that's another key part of it and I think it really is important. Sometimes ethics gets left behind, but I feel like there's a lot more focus in it in the last number of years.

Pedro Kertzman: 15:33

And yeah, that's great about the ethical within OSINT. Thank you. And what about if people, for example, want to quote unquote practice, but I want to use it like a real person to it? Any other alternative to that?

Ritu Gill: 15:49

Yeah, yeah, for sure. I mean I always mentioned that people should you know if they have a family member or maybe it's their spouse and, with permission, you know, they say I'm going to try to dig up everything about you and and see if I can you know see how private you are, everything about you, and and see if I can you know see how private you are. That's a good way to check, right? People do that on themselves all the time. Um, another thing I can just quickly mention is, you know, setting up Google alerts. You know on your name, maybe, or you know that's something I use because my name does pop up in different places, but I do want to know when that happens. Um, cause I can't stay on top of everything all the time. But Google Alerts is one way to do that. But when it comes to you know, that practical kind of OSINT, maybe people want to get their hands, you know, right into it.

Ritu Gill: 16:39

I would say there's many opportunities to do this. Some are free things right. There's people like Sophia Santos who, if you look her up on you know, google her name and just put OSINT next to it, I'm pretty sure her blog will come up, but she pushes out OSINT exercises that people can be a part of, you know, sign up and go through themselves, and then she also puts the answer out there too. So the answer's there as well. So you might be stuck, um, but she does a really good job of putting some great exercises for people to, you know practice at the end of the day. So that's one again, it's nice to have free stuff. Some people love GeoGuessr. Have you heard of that one? No, yeah, so that's a really big one where people are like trying to find. They give you an image and they try to find out where in the world it is, and it's gamified, right?

Pedro Kertzman: 17:37

Oh, that's cool yeah.

Ritu Gill: 17:39

Yeah, and then there's other stuff like TraceLabs. Right, you are essentially helping law enforcement find missing people. So they do these ctfs where you know it might be at a conference. They do a few events in the year where you're essentially you can be solo or you can be part of a team, but you're trying to help identify breadcrumbs on in on an individual so you know, say it was whoever it is, john Smith is missing and they give you what they know about this person. You go on the internet and find all the information and then there's a winner at the end who has the most points, essentially so that one.

Ritu Gill: 18:16

They're like gamified, but for a really good cause and if people have, if you want to spend some money again, some really high, really great quality training is called Case Scenarios with a K. So Case Scenarios is awesome. It's Espen and Ray Baker put together, but again big OSINT names, but really cool. Their graphics are like the best I've ever seen in a scenario like that. But it tests your knowledge and you can start with beginner. But they have different like projects you can like sign up for. You know, I think as little as I think it starts from maybe $50 to I'm not sure the limit, but that's something also if somebody wants to invest a little bit more into that learning piece. So again like and those are just quick hits things at the top of my mind that I'm like hey, these are out there for people to explore.

Pedro Kertzman: 19:15

That's great advice, thank you, and I'll make sure I'll include the links on the description of the episode, so if anybody wants to search any of these sites, there will be a link over there. And it's interesting because you mentioned practicing on ourselves and all that. I used to be a little proud that my online presence would be like super small, my, my, my digital footprint, if you will right. But then the podcast came up and it's everywhere. Oh okay, can I have everything right?

Ritu Gill: 19:51

yeah, yeah, I, I. I had the same thing. When I started out, I was very, you know, I only went by OSINT techniques, I didn't really tell people who I was. And then I came to a point where I was like, what do I want to do? And you know, everybody's OPSEC threat level is going to be a little different, and so you got to make an assessment. But yeah, you're right, you can't have everything.

Pedro Kertzman: 20:11

Exactly, exactly, yeah, but don't search on us people, don't do us yeah yeah, yeah, don't do that.

Ritu Gill: 20:16

Yeah, yeah, definitely do not.

Pedro Kertzman: 20:20

Great. That's super important Again, especially because you're uncovering so many aspects of people's digital footprints or breadcrumbs. Yeah, you got to be careful with this stuff that you're having access to and, again, how you store it or which are the tools you're running that information through. It's not only that you are being careful about the use, the after use of that information, but even if you're like recklessly putting that information through a tool you've never heard of or you know are not properly vetted or something like that, it will get. It potentially will get out there.

Ritu Gill: 21:03

Uh, just because you use that tool, if you're not trying to proactively disclose in that information I have examples as well where you know people get into oscent because it is the fun thing to do and, uh, you know it does get highlighted in movies, shows and all that stuff to show you kind of how fun it can be. But people are very quick to use any OSINT tool that comes across their desk. And that's where it's really concerning, because you don't know anything about that tool and you could be capturing every keystroke. Right, it could be capturing everything about you. It might say, sign up for our account and you know it's collecting all this information. So I do have examples where I was surprised at times to see, like, oh, the ownership behind a tool and you know at first glance you would never think you know it's associated to a certain, maybe region in the world or something else. But when we do a little bit of research it can go a long way because it could tell you things about that website or that tool maybe the tricky thing.

Pedro Kertzman: 22:05

I'm not sure if it's fair to divide. We're going to find two big chunks of osin tools commercial ones, that are probably easier quote unquote, easier to have a vetted list of the appropriate tools to use.

Pedro Kertzman: 22:21

Maybe I could put Maltigo probably on the top three of this kind of list, but there are a lot of tools that are like GitHub repositories or other websites and so on sites and so on and so any I don't know good list or website where people like completely uh overwhelmed on how to do the osint of the osint tools, uh could refer to to kind of a as a starting point at least yeah, I can.

Ritu Gill: 22:52

What I can do is, um, I do have a. I'll share a link with you. I don't know if you can put it in the show notes, but it's an OSINT tool checklist that we put together in terms of you know, one of the things is know the person who's created it. But other questions you can ask if you need to find out more. Of course, there's a lot of ways we can vet tools. There's other websites that we can use to see if they're you know what they're doing in the background maybe. But this simple tool is a starting point, so I'll definitely include that for people that are listening, that are curious to know what that might look like.

Pedro Kertzman: 23:32

Perfect. No, that sounds great, thank you. And talking about also learning how to do that and any other aspects within the OSINT, any good learning sources, not necessarily to learn the technicalities or tools, but how the industry is moving or new skills to develop when doing investigations, or anything like that comes to mind.

Ritu Gill: 24:00

Yeah, I mean there's so many different areas now it's hard to mention all of them because we have we have like, the traditional OSINT analysts doing this work. We also have investigative journalists that are doing OSINT Right. So there's like different communities out there to follow and that's why I say there's so much. I used to be part of this organization called OSINT Curious. I don't know if you ever came across it, but it was a number of us that would push out blog posts and video posts on like ways to do certain OSINT research techniques, ways that people could apply some of the things they learn, even things that you might not want to do or be aware of. So there's lots of different things there.

Ritu Gill: 24:50

We did shut down the project a few years ago, but that website is still available and there's still blog posts up there that are relevant. They're just not updated. But again, I worked along with a number of you know really well-known OSINT people and like those would be like one of the sources and the people involved in OSINT Curious. I would also say, like I mean, go do some open source and find out who those people were and follow them online. Right, do some open source and find out who those people were and follow them online Right. A lot of these posts really, really helpful tips and tricks on their own social media right LinkedIn, twitter, other places- and uh any like uh closing thoughts for the listeners, uh many anything.

Ritu Gill: 25:36

Yeah, of course. So, uh, as just a closing thought, there's a couple of things I want to mention. Networking is really big in this community, so it's one of those things that I really recommend. I know it's not always easy for people, but get out to some events. Osmosiscon is one of the biggest OSINT events and there's going to be. Osmosiscon is one of the biggest OSINT events and there's going to be OsmosisCon next year in June. But get there and talk to people.

Ritu Gill: 26:06

And sometimes it's hard, but in those spaces when we're doing shared work, it's an easy way right to connect with people doing the same type of work. But you can learn and you might get opportunities that you wouldn't have got otherwise. So you kind of have to put yourself out there at times, but that's one thing I really recommend and it doesn't have to be that event. There's other events that you might come across in the OSINT world. Get out there, talk to people, see what kind of work they're doing, ask the questions. That's really been helpful in my career as well. I think that's been impactful. And other things I already mentioned the free newsletter that you can sign up for. The idea is to keep learning, you know, but also take breaks, don't burn out, because that can happen as well. So those are a few, you know. Closing thoughts for my side.

Pedro Kertzman: 26:58

That's awesome, thank you. And you mentioned about the conferences, right, uh and um, I think it's black hat, if I'm not mistaken. They often have like a live oscent track or day or something like that, or defcon, and I'm blanking. Uh, have you been on those? Those Do you think it's worth to be there? Or more generic-ish conferences that will have some OSINT in it.

Ritu Gill: 27:25

Yeah, I think all of them offer something of value. For sure I would start smaller rather than bigger, because it can be overwhelming too Sometimes when there's too many people, I find like it's really hard to network in those spaces because it's just chaos. But at the same time I feel I could go to any one of them if they have some OSINT side to it or a track, and you will learn, you'll meet other people and it's just sparking up some conversations and being open to learn is the main thing. But yeah, I encourage, wherever you are in the world trying to find, to see if there's something in your community that has you know that's aligned with OSINT in any way. That's a good starting point.

Pedro Kertzman: 28:10

Amazing, amazing. Ritu, thank you so much for coming to the show. I really appreciate all the insights and I'll hope I'll see you around, of course. Yeah, thanks so much for coming to the show. I really appreciate all the insights and I hope I'll see you around.

Ritu Gill: 28:20

Of course, yeah, thanks so much, pedro. Thanks for having me on your podcast. It's really an honor. I appreciate it.

Pedro Kertzman: 28:25

The honor is all mine, thank you.

Rachael Tyrell: 28:30

And that's a wrap. Thanks for tuning in. If you found this episode valuable, don't forget to subscribe, share and leave a review. Got thoughts or questions? Connect with us on our LinkedIn group Cyber Threat Intelligence Podcast. We'd love to hear from you If you know anyone with CTI expertise that would like to be interviewed in the show. Just let us know. Until next time, stay sharp and stay secure. We'll be right back.