OSINT Cowboys:

A Beginner's Guide (To Doing it Wrong!)

Introduction

Open-source intelligence (OSINT) is changing the way investigations and risk management work. It gives investigators and organisations fast access to information they might have missed and is often cheaper than using commercial intelligence sources.

But there’s a perennial problem.

Given that there are still no universally accepted OSINT standards and methodologies or globally agreed-upon OSINT training criteria and certification paths, it’s not uncommon for less experienced practitioners to cut corners, be unaware of basic security protocols, disregard the importance of acting ethically, and make mistakes that can compromise investigations and even put life at risk.

Let’s call them the "OSINT cowboys" – in other words, they shoot first and ask questions later.

What Makes an OSINT Cowboy?

OSINT cowboys share common traits: they're impatient, overconfident, and often self-taught through YouTube tutorials rather than learning through properly structured training or learning from an experienced OSINT mentor. They treat investigations like a game, forgetting that real people and serious consequences are involved. Whilst their output can look impressive to the untrained eye, experienced professionals recognise that their reckless approach doesn't just hurt their work; it damages the credibility of OSINT as a discipline.

The Six-Chambered Hall of Shame: Six Unacceptable Cowboy Habits

1. Using Personal Accounts

Cowboys seem to find a common trait irresistible: searching social media platforms such as Facebook or LinkedIn with their real accounts to research subjects. This is investigative malpractice. Your profile could reveal your identity, location, connections, and interests. Worse, platforms track this activity and may suggest you as a connection to the very people you're investigating. From an investigator's perspective, this isn't just risky - it's potentially career-ending, so professional investigators insist on only using carefully constructed sock puppet accounts separate from their real identity.

2. No Virtual Private Network (VPN)

Technically, cowboys may not understand the dangers of browsing target websites, social media profiles, and forums without hiding their real IP address. It’s a fundamental safeguard that is second nature to experienced investigators. Unprotected, you will leave a direct trail from the investigation back to your real location or organisation. We've seen cases where subjects traced investigators back to their offices simply by checking server logs. Using a VPN is a basic operational security (OpSec) measure, but one that, to OSINT cowboys, apparently isn't so basic.

3. Believing Everything They See Online Without Verification

The internet is full of fake profiles, manipulated images, and outright lies, and there are numerous reports of organised criminal groups deliberately seeding misinformation. Despite this, cowboys routinely accept online data as fact without verifying its authenticity. They don't reverse-search images, check account creation dates, cross-reference information across multiple sources, or do a basic AI detection test. At best, this approach leads to false conclusions and wasted time, but in some cases, relying on unverified information could put lives at risk. Imagine a case where an informant provided information about an organised criminal group, unverified leaks or misattributed online profiles could easily lead to their exposure. The consequences of failing to verify can be catastrophic.

For instance, President Trump shared a photo he said was of murdered white farmers in South Africa. The image was a still frame from a Reuters video documenting atrocities in the Democratic Republic of Congo – a completely different country, and utterly different context. This high-profile mistake demonstrates how unverified "intelligence" can spread misinformation at the highest levels. The error would have been caught immediately if basic image verification had been performed, even a simple reverse image search. Instead, false information was amplified to millions of people, undermining any legitimate concerns that may have existed.

Modern investigative work relies on OSINT to a growing extent. However, an effective intelligence-gathering process rests on more than the assembly of data: structured practices of grading, handling, and securely disseminating intelligence are required. These practices provide operational security, create credibility, and enable effective collaboration.

For investigators who work in areas like undercover operations, covert internet operations, surveillance, crime scene forensics, computer forensics, and "whistleblower" case handling, these steps are crucial to success and stave off the "tipping off" of investigation subjects. Other areas can involve victims, witnesses, and third-party information requests, which are generally termed "sources."

Any information OSINT investigators collect needs to be recorded using intelligence grading systems.

4. Poor Evidence Management

The principles underpinning digital evidence management are well established and apply equally to OSINT-derived evidence. However, screenshots without timestamps, files saved with generic names, or no properly documented record of when or how evidence was collected aren’t acceptable. Cowboys treat digital evidence like personal photos, not potential court exhibits. They don't hash files, maintain a chain of custody, or use proper forensic tools that are genuinely forensic. It falls apart when their "evidence" gets challenged in court or during internal reviews. We've seen investigators lose credibility and cases because they couldn't prove when or how they obtained key evidence.

5. Ignoring Basic Operations Security Measures

Cowboys reuse the same email address for multiple sock puppets. They use weak passwords. They access investigation materials from their devices. They don't segregate their work. These security failures can expose entire investigations and put subjects at risk. If a case did make it as far as formal proceedings, any lawyer with even basic experience is likely to successfully challenge the admissibility of a cowboy’s so-called “evidence”. More importantly for investigators, that scenario could destroy your reputation and potentially end your career in this field.

6. Playing Fast and Loose with the Law

Some cowboys think OSINT means "anything goes" as long as it's technically "open source." They create fake personas to trick people into providing information. They allow their focus to stray from their subject to people unconnected with the case. They access data they shouldn't and are prepared to use hacking techniques like keystroke loggers. This isn't just unethical, it can be illegal and could put organisations at serious legal risk. Investigators who cross these lines often find themselves on the wrong side of lawsuits or, in extreme cases, criminal charges. This is bad enough, but even worse is that unethical practices could let bad actors escape accountability.

Conclusion

When cowboys get caught or called out, it reflects poorly on everyone. Stakeholders lose trust in OSINT capabilities, and courts could become more sceptical of OSINT-derived evidence. The entire field suffers, making it harder for professional investigators to do their jobs effectively.

Experienced OSINT professionals know that it takes time, effort, and discipline to implement the measures and processes to safeguard against cowboy behaviours. It takes time to set up proper sock puppets that put distance between an investigator and the subject of their investigation, it takes time to embed robust operational security measures into your workflows, and it takes time to learn and understand how easy it is to leave digital footprints and how to avoid leaving any that could compromise your work. The mandatory discipline of verifying information through multiple sources so your findings hold up under scrutiny, takes time, as does documenting everything with forensic precision. Ultimately, following legal and ethical guidelines even when no one is watching takes discipline and an inherent understanding of the implications if you don’t.

The Coalition of Cyber Investigators has seen too many investigations fail because of basic mistakes. That's why we help organisations create good policies, train people on best practices, and ensure investigations meet professional standards - no cowboy stuff allowed.

The stakes are too high for shortcuts, and successful OSINT investigations depend on professionalism and discipline. Every mistake can result in ill-informed decisions, and every piece of inadmissible evidence means a case is weakened and victims don't get justice. It’s not a game; it can be the difference between truth and lies, safety and danger, or accuracy and inaccuracy. Cowboys just aren’t welcome in the world of OSINT.

Authored by: The Coalition of Cyber Investigators

Paul Wright (United Kingdom) & Neal Ysart (Philippines)

©2025 The Coalition of Cyber Investigators. All rights reserved.

The Coalition of Cyber Investigators is a collaboration between

Paul Wright (United Kingdom) - Experienced Cybercrime, Intelligence (OSINT & HUMINT) and Digital Forensics Investigator;

Neal Ysart (Philippines) - Elite Investigator & Strategic Risk Advisor, Ex-Big 4 Forensic Leader; and

Lajos Antal (Hungary) is a highly experienced expert in cyberforensics, investigations, and cybercrime.

The Coalition unites leading experts to deliver cutting-edge research, OSINT, Investigations, & Cybercrime Advisory Services worldwide.

Our co-founders, Paul Wright and Neal Ysart, offer over 80 years of combined professional experience. Their careers span law enforcement, cyber investigations, open source intelligence, risk management, and strategic risk advisory roles across multiple continents.

They have been instrumental in setting formative legal precedents and stated cases in cybercrime investigations and contributing to the development of globally accepted guidance and standards for handling digital evidence.

Their leadership and expertise form the foundation of the Coalition’s commitment to excellence and ethical practice.

Alongside them, Lajos Antal, a founding member of our Boiler Room Investment Fraud Practice, brings deep expertise in cybercrime investigations, digital forensics, and cyber response, further strengthening our team’s capabilities and reach.

The Coalition of Cyber Investigators, with decades of hands-on experience in cyber investigations and OSINT, is uniquely positioned to support organisations facing complex or high-risk investigations. Our team’s expertise is not just theoretical - it’s built on years of real-world investigations, a deep understanding of the dynamic nature of digital intelligence, and a commitment to the highest evidential standards.