Open Source Intelligence For Executive Protection

Open Source Intelligence For Executive Protection

Posted February 15, 2023 by Donald Kuehner

Open Source Intelligence For Executive Protection

Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources to produce actionable intelligence. It encompasses the use of publicly available information from sources such as social media, websites, and news articles to gather information about an individual, organization or event. This information can then be used to identify vulnerabilities, plan attacks, and mitigate risk.  One of the biggest problems of OSINT is one of potential information overload; in addition to vetting the information to ensure that it is reliable intelligence. An example of this would be the collection of intelligence through social media.  Twitter and its dashboard application Tweetdeck, are excellent sources to find information in real time while an event is happening.  But because the information is often being pulled from the public, an extensive vetting process must be conducted to verify that the information is factual. In fact, without valuable OSINT tools, finding and searching the right information can be a time-consuming activity.

As Executive Protection agents we are tasked with the security and risk mitigation measures necessary to guarantee the safety of individuals, particularly those exposed to elevated risk due to their employment, status, or net worth. Executive protection previously involved hiring close protection specialists to provide physical security measures. However, in the modern landscape, online threats require digital activity to protect executives. Executive protection teams now involve digital specialists who spend time online assessing and minimizing threats to VIPs.  Often public figures and CEOs become targets of hate groups that look to harm or disrupt their lives, brands and business.  These hate groups are very active online and will advertise their agenda in public forums.  Techniques used to gather information on these groups online include creating “sock puppet” accounts on social media to gain access to their online post or simply follow prevalent leaders of these groups on social media to see planned activities.

Emerging Event and Travel Risk

Executives are at increased risk when they are traveling and in locations that they do not usually frequent. High-profile individuals who travel frequently are at heightened risk of interacting with dangerous situations that could jeopardize their safety or make their destination unsafe; this includes civil unrest, extreme weather, natural disasters, terrorist attacks, and criminal activity. OSINT solutions like Liveuamap, Snap Map, Twitter and Tweetdeck provide executive protection teams with the ability to scan social media posts and news articles from within a geographic region for early warning signals of emerging event and travel risks. Real-time awareness of emerging threats to executives enables security teams to avoid areas, people, and scenarios.

Likewise, unplanned disruptive events at familiar company premises like protests also present a safety risk for executives. Protests at or near logistics sites and headquarters can result in logistics problems and physical threats to executives. Collecting and analyzing intelligence in advance of company events enables security teams to identify planned activity and evade it by selecting alternative locations and travel plans. 

Physical Threats

The digital environment provides a space for anonymous individuals to make violent threats towards people and businesses. VIPs, particularly celebrities and CEOs of large companies, may receive thousands of threats over social media and messaging services every year, usually after making controversial decisions or statements. We saw this with Facebook’s CEO Mark Zuckerberg following the aftermath of the 2016 presidential election.  The GOP had hired Cambridge Analytica to pull data from Facebook users and construct election strategies for the Trump Campaign.  The election was extremely polarizing which left part of one side looking to place blame somewhere.  Facebook and their CEO became the target of threats and vocal protest both online and in public.  Facebook, now Meta, was forced to rapidly expand their list of protected executives from a handful of C Suite executives to nearly 200 employees.  Most of this expansion came in the form of digital protection teams.  Today we are seeing similar polarization with Elon Musk’s purchase of the social media company Twitter.  Elon Musk’s travel movement was being shared publicly by individuals online and social media.  This is a type of passive attack where the attacker spreads information that is for the most part kept secret.  Although these attacks aren’t direct, others who wish to do him hard can capitalize on this information and use it plan and coordinate attacks or disrupt his daily life.

 Most threats made online are false, made by online trolls who intend to intimidate their victims rather than carry out any physical violence. However, a minority of individuals making threats online do intend to carry out their plans. Groups may plan violence on social media, forums, and the dark web, meaning that executive protection teams must have access to relevant information from each of these channels to help minimize threats.

Identifying credible threats that warrant further attention and action is difficult. Searching social media platforms with tools like Tweetdeck, searching for advanced operators like ‘stab’, ‘shoot’, or ‘kill’ and the name of an executive, enables protection teams to identify threats. Pivoting from these threats to manually assess the potential threat actor becomes a time and labor-intensive activity.  Dataminr can assist in gathering intelligence by aggregating data and geofencing regions for teams to plan risk mitigation. Similarly,  Skopenow enables executive protection teams to automatically investigate potential threat actors, collating and analyzing their digital activity and backgrounds for further information that can substantiate a threat.

Threat actors may also identify property information that leaves them extremely vulnerable to physical attacks, such as vehicle details or home floor plans. Executive protection teams should scan the digital space for specific information that poses extreme risks to executives to identify any records for removal.


Doxing involves threat actors publicly exposing confidential information about people or businesses from the internet, often collected from social media and data breaches. Doxxing presents a very serious risk to executives as information released via doxxing can facilitate threats, violence, and harassment aimed at them and their families. Doxxed information can include addresses, bank records, medical information, passwords, SSNs and like mentioned earlier flight plans. Leaked information can impact stock value, intimidate executives, or support plans to commit violence against an executive. 

Executive protection teams must conduct proactive threat assessments to identify information on the internet that poses a risk to executives, enabling them to target it for removal. These threat assessments should include scanning the social media profiles of the executives and their families, as well as scanning the dark web for relevant breached data. .


Threats to executives are not always physical. Threat actors can cause large-scale damage to an executive’s reputation through digital means, using social media accounts that mirror the executives to use their reputation to spread rumors or misinformation. Spreading false or misleading information digitally through mirrored social media accounts could be to influence politics or to scam members of the public, however, the impact on the executive is damaging to their reputation and usually results in a negative impact on society. 

Misinformation campaigns are a relatively cheap but effective way to inflict damage on a person or business. Individuals, groups, and state governments can all undermine executives through misinformation to cause financial and reputational damage. Misinformation spreads rapidly across the internet through social media and news sites, with unsubstantiated rumors quickly reaching across the globe. When left unchecked, misinformation proliferates, therefore, it must be swiftly detected and actioned before the damage to an executive’s reputation is unsalvageable. 

Executive protection teams can scan social media and news sites for any mentions of an executive’s name and their brand names to monitor the internet for misinformation. I firm understanding on how to conduct counter surveillance online and the collection of OSINT can assist executive protection teams better protection for their principal. PWA Certified Executive Security Specialist (CESS) covers cyber security and OSNIT fundamentals   

Contact Us

"*" indicates required fields

This field is for validation purposes and should be left unchanged.