OSINT, HUMINT, SIGINT… at least give me a hint!

Military analytics nomenclature rests on a foundation of abbreviations and key concepts– here’s an essential overview.

Asset

A recruited source who provides information (aka an informant or mole).

Bona Fide

Proof that someone is legit (e.g., a way to verify a contact is trustworthy).

Case Officer (CO)

A trained intel officer who recruits and runs human sources.

CI

Counterintelligence – preventing or exposing enemy spies inside your system.

COA

Course of Action – potential plan or strategy, often from an adversary.

Dead Drop

A hidden location for passing items or messages without direct contact.

ELINT

Electronic Intelligence – subset of SIGINT; radar and non-voice electronics.

Escrow (in cybercrime)

A service used to hold funds (often in cryptocurrency) during illicit transactions (for example transactions with stolen data) until both sides fulfill their part of the deal. It builds “trust” in black markets where participants are anonymous.

Handler

The intelligence officer who manages and communicates with an asset.

HUMINT

Human Intelligence – info from human sources (spies, defectors, interlocutors, or by interviews).

IMINT

Imagery Intelligence – satellite and aerial photography analysis. E.g. NGA satellites, commercial services like Maxar or Planet.

Legend

A fabricated backstory/persona for an operative under cover.

MASINT

Measurement & Signature Intelligence – data like radar, acoustics, or nuclear signatures.

Numbers Station

Shortwave radio station used for encrypted messaging across the globe by intelligence assets.

Order of Battle (OB)

The structure and strength of a military force (units, commanders, weapons).

OSINT

Open-Source Intelligence – info gathered from public sources (news, social media, VKontakte, Telegram (esp. milbloggers like Rybar), Twitter, OSINT initiatives like Bellingcat).

RaaS (Ransomware-as-a-Service)

A business model in cybercrime where ransomware developers sell their malware to affiliates. Affiliates carry out attacks and split the profits (ransom payments) with the developers. It works similarly to SaaS (Software-as-a-Service), just for ransomware campaigns.

SCIF

Sensitive Compartmented Information Facility – a secure, soundproof intel room.

SDR (Surveillance Detection Route)

A planned movement to check for tails (used to evade surveillance).

SIGINT

Signals Intelligence – intercepted communications or electronic signals. E.g. NSA’s XKEYSCORE, Skyling, or PRISM (for data scraping), Palantir.

Stealerlog

Data files or logs produced by information-stealing malware (“stealers”). These logs typically contain stolen credentials, cookies, session tokens, browser autofill data, crypto wallet keys, and more. Cybercriminals buy/sell these logs to gain access to victims’ data and accounts.

TECHINT

Technical Intelligence – analysis of weapons systems or foreign tech.