The risk of crime related to open-source intelligence (OSINT) continues to escalate.
This is according to Community Monitoring Service (CMS) senior manager Gerrit van Heerden, who says we are seeing a growing, increasingly clinical approach by criminals who are using publicly available digital information to reduce risk in criminal execution. At the same time, they identifying higher-quality victims.
The beginning of the year, when back to school and work schedules are determined, is prime time for open source intelligence revelations, but also a time to mitigate from the get-go.
Van Heerden says investigators at CMS have noted a sustained upward trajectory in pre-planned crimes. “We estimate that open source intelligence has played a role in at least 20% to 30% of robberies over the past 12 months.”
In cybercrime, global research consistently shows that many offences rely on some form of open-source data exploitation.
He adds that research shows that skilled OSINT users are often able to deduce or uncover identifying details behind a significant proportion of anonymous online profiles.
“Offenders are increasingly relying on publicly available digital information to plan and execute real-world crime,” says van Heerden.
Open-source intelligence has long been a legitimate tool in cybersecurity, journalism and formal crime-fighting and investigative work. However, criminals are now gathering and applying the same intelligence techniques to identify marks and plan offences with greater precision.
“OSINT allows criminals to work smarter, not harder,” van Heerden says. “They can determine when a home is likely to be empty, which entrances or areas on a property may be less monitored and how predictable a household’s movements are, all without being physically present.”
According to CMS, everyday digital behaviour is feeding this intelligence cycle. Location check-ins, real-time travel posts, visible routines and shared personal details allow criminals to infer occupancy patterns, identify predictable windows of opportunity and assess risk remotely.
“Whether you live in a residential estate, a boomed off area or in an unsecured suburb, the risks are the same, because location influences a criminal approach,” he says.
“Available software allows much of this process to happen quickly. Even basic tools can aggregate data into usable profiles, and AI services can be manipulated to identify behavioural patterns with surprising accuracy. Even selfie backgrounds tell a story.”
The growing use of OSINT has also exposed children as an unintended vulnerability in household security. Posts related to school activities, sports schedules and family travel frequently reveal routine information that, when viewed over time, becomes actionable intelligence.
“A sustained lack of awareness is the real challenge,” van Heerden says. “This is particularly true among younger family members who share digitally, naturally and innocently. Criminals don’t look at posts in isolation. They look for patterns, repetition and predictability.”
Van Heerden points out that the rise of OSINT-driven crime fundamentally challenges traditional notions of security that focus almost exclusively on physical infrastructure such as walls, gates and alarm systems.
“There is a dangerous gap between how secure people feel and how exposed they actually are. You can invest heavily in physical security, but if your digital footprint tells a criminal exactly when you’re away, you’ve already lowered the barrier to entry.”
Van Heerden adds that residential crime is only one outcome of OSINT misuse. The same intelligence techniques are increasingly being used to drive fraud, impersonation, advance-fee and Ponzi-type victim identification, social engineering and phishing attacks.
“By harvesting personal details and behavioural cues, criminals are able to create convincing pretexts that bypass suspicion and exploit trust,” van Heerden says. “The success of many scams today has less to do with technical sophistication and more to do with how well the criminal understands their target.”
He explains that security awareness goes well beyond traditionally perceived elements of safety like locks, cameras and response time gauges to include digital behaviour as a fundamental component of risk management.
“This isn’t about telling people to stop using social media. It’s about understanding that digital behaviour increasingly forms part of the threat landscape. If that reality is ignored, people are simply exposing themselves. You do not want to be a sitting duck.”
In mitigation, van Heerden suggests households delay posting travel information until after returning home, regularly reviewing privacy settings across all platforms, educate family members about oversharing and treating online activity as an extension of physical security practices.
“Open-source intelligence has changed how crime is planned,” he reiterates. “Until people understand that what they share online shapes real-world risk, criminals will continue to exploit that gap.”