An OSINT Trip down Memory Lane

I've been searching the web for over 25 years now. Back in high school, I had to write an essay on the "Ring Parable" featured in the book Nathan the Wise. Boy, did I hate writing essays. At the time I was frequently online, often browsing and engaging in newsgroups on the Usenet. I happened to find a finished essay on the topic there and that's basically how my OSINT journey started (after I had hand-written the essay into my paper notebook). From then on, whenever I wanted to know something I would look it up online.

Fast forward several years and I was a SIGINTer in the German military, supporting our mission in Afghanistan. Our adversaries were the Taleban and terrorist groups operating in the country. At the time, conducting OSINT on the internet wasn't really a thing. Sure, as one of the oldest intelligence disciplines, OSINT had it's place - but back then it was mainly reading what news agencies had published or printed. However, I found that there was a lot to be learned from what was published online. Let me give you an example.

In 2006 the Al Fajr Media Center was founded. This was one of the main producers of Al Qaeda propaganda on the internet. Journals, videos, books, posters - loads of content that was produced to advertise Al Qaeda's activities. A lot of the content was created in a very professional way. While Al Fajr Media Center itself did not have a website, they relied on jihadist forums to spread the PDFs and video files. I initially found one of these documents while searching for specific keywords (e.g. Taleban) and using the filetype:pdf operator on Google. From there I would try to find all sources in which the files had been posted. This led me to closed forums like "ansar-jihad . net", in which you had to sign up. Of course, it would require a certain amount of OPSEC, as you don't want to sign up with your personal email.

The next challenge was maneuvering the Arabic content. Back then I could read most of it, but in a painstakingly slow speed. Google Translate had just started that year and the results when translating Arabic where far from perfect. But it was good enough to quickly understand the gist of things. Unfortunately, full page translations in Arabic didn't work that well. So I was mostly copying fragments manually to Google Translate. Here's a glimpse of Google Translate at the time.

Wait, doesn't this sound familiar? Twenty years later we are still using the same basic techniques. Searching on search engines using operators, logging in with fake accounts, translating foreign languages with translation tools, propaganda content being spread through other channels. One could argue that not much has changed in the past two decades, so it should be common knowledge on what is possible in OSINT and thus make our adversaries keep better OPSEC themselves. Luckily, stupidity is part of human nature and that's why we continue to find relevant and revealing information online. However, some of the bad guys actually do know what they're doing - which makes our work a lot harder.

One of the journals that the Al Fajr Media Center published on a regular basis was "The Technical Mujahed" (Al Mujahed Al Teqany). These magazines covered a variety of topics - from OPSEC to video editing, from understanding GPS to using surface-air missiles. And surprisingly the OPSEC and InfoSec content was quite good. I actually learned a couple things as well while reading.

These journals were often first published on one of the more prominent jihadist forums and from there spread virally to other forums. Very similar to what we are seeing today on Telegram (starting in one group or channel and then being shared across numerous others). Even back then, finding "patient zero" was of utmost importance, as this could help us identify individuals who were likely directly linked to the Al Fajr Media Center. Once those individuals where found, the idea was to find their real life identities by searching for usernames and trying to find corresponding accounts on other platforms. I often ran into a dead end at the time, since username search engines hadn't been invented yet and there wasn't as much social media stuff going on at the time. Plus, the guys that were linked to Al Fajr Media were actually good at OPSEC. Which could clearly be seen in the articles they wrote.

Someone that uses steganographic techniques to communicate secretly and runs this off a VM wasn't going to be found or identified easily. Luckily, despite having all these great tips, the majority of low-level terrorists were too lazy or too dumb to follow these examples.

At a certain point another jihadist media outlet entered the scene: GIMF - Global Islamic Media Front. These guys also created high quality propaganda that was disseminated via forums, linking larger videos via files shares.

The unique thing about the GIMF was that they created their own tools for the jihadi community to use. Two examples for this where also published in the Technical Mujahed. One tool would hash files, a technique we OSINTers also use today to ensure the integrity of the evidence we collected. Jihadists would use the technique to ensure that files they sent each other hadn't been tampered by a man in the middle attack. This actually happened when another jihadist magazine called "Inspire" was hacked by MI6, with the British spies adding code that translated to cupcake recipes. Another tool was Mojahedeen Secrets, that allowed messages to be encrypted with a 256bit AES cipher. Many direct messages sent through forums or messenger services such as Paltalk at the time were encrypted using Mojehedeen Secrets.

Everything I've described so far originates from OSINT. From 2006 until now, the fundamentals of this intelligence gathering technique have not changed. The platforms and tools may differ, but the core skills remain the same: searching, filtering, validating, analyzing. Sure, sometimes we find nothing. Maybe our targets aren’t online. Maybe they’re good at OPSEC. But even then, the foundation remains strong.

By mastering basic OSINT methods and applying structured intelligence analysis, you can stay effective across decades. The key is staying curious and keeping your knowledge current - platforms evolve, but human behavior remains predictably flawed.

Your success in this field isn't just about using the latest tech. It’s about building a mindset. And that mindset starts with the same curiosity that once led a teenager to plagiarize a Ring Parable essay and ended up mapping out global jihadist networks.