The OSINT Output Hosted by Tim and Chris

By Jay Heisler, Freelance Canadian Journalist

Bio: Adeel Khamisa (LinkedIn Profile) is the Program Manager for Penlink Canada, where he supports law enforcement, intelligence units, and investigative teams across North America through the company’s OSINT platform, Tangles. Adeel’s expertise spans call detail records, mobile forensics, and open-source intelligence (OSINT), along with the design of analytical workflows that help investigators move from raw data to actionable insight.

What do you do in your current role and how does that support organizations doing OSINT in Canada?

The best way to think about this is to start with the context investigators are operating in today.

Across law enforcement, financial crime, and corporate security, online activity is no longer just a component of investigations. It is often the environment where the crime itself is planned, coordinated, and sometimes executed. What has changed in the last few years is the accessibility of sophisticated tools. Techniques like synthetic identity creation or large-scale online deception used to be limited to highly resourced threat actors. Now those same capabilities are being used in everyday fraud, including scams targeting individuals and families.

Because of that shift, I see my role in two parts.

First, it’s about raising awareness. According to industry estimates, 80-90% of investigative data is derived from open-source information. OSINT needs to be understood not as a niche capability, but as a foundational part of modern investigative work, especially when generating leads, identifying subjects, and building context around people and networks. The reality is that most individuals now have some form of an online footprint that reflects aspects of their offline lives, and investigators need to be equipped to responsibly and effectively work with that.

Second, it’s about evolving the methodology. The volume of open-source data is too large to handle manually. Analysts need ways to scale their work through automation and increasingly through AI, so they can move from searching to actually analyzing and connecting information. That’s where the real value is created.

At Penlink, that’s where I focus my efforts. Through our platform, Tangles, we help investigators and analysts work more efficiently by giving them tools to surface, organize, and analyze open-source information in a way that keeps pace with the sophistication and scale of modern criminal activity. Tangles enhances investigative workflows by automating the search and analysis of data across the open, deep, and dark web—enabling users to uncover hidden connections, monitor emerging threats, and transform vast amounts of information into actionable intelligence quickly and efficiently.

What is the state of OSINT in Canada?

I always smile a bit when I get this question, because OSINT is so broad that any single answer risks missing entire communities of very passionate practitioners. But I’ll try to frame it from a different angle.

Relative to where criminals are—it is quite behind. As much as I want to acknowledge how far things have come, the real measure for me is how effective we are at catching and preventing crime. In many cases, we are still playing catch-up. The more important question is why, and what we can do about it.

A lot of the current gap is the result of several major shifts happening in a short period of time. COVID-19 was one of the most significant forces pushing people online. Entire segments of the population, especially those most vulnerable to exploitation, suddenly became active online. Education moved online, and children were introduced to the internet at a very young age. At the same time, many seniors had to adopt online banking, grocery ordering, and other services. While often set up by family members, they are now fully participating in the digital environment.

That is where we start to see increases in human trafficking networks, coordinated drug distribution, child exploitation and credible threats to safety, just to name a few.

Soon after, AI became widely accessible, and criminals quickly adapted. They began using AI to generate documents, videos, and entire synthetic identities at scale.

These gaps can and are being exploited by criminals, while institutions often have limitations on how they can respond

There are many capable people who want to do this work and integrate OSINT into their organizations, but there is still a need for updated frameworks and clearer guidance in Canada.

From an institutional perspective in Canada, whether in law enforcement, corporate security, or financial crime, open-source work has always existed. Investigators search social media, review corporate records, and follow digital trails. But OSINT as a formalized discipline is still emerging.

In practice, that means you often see pockets of excellence rather than fully scaled capabilities. There are highly skilled individuals and teams doing advanced work, but not always a consistent, organization-wide approach to training, tooling, or process.

At the same time, the need is accelerating. The shift toward online activity, the growth of transnational crime, and the accessibility of AI are all increasing both the volume and complexity of open-source data. This is putting pressure on organizations to mature their OSINT capabilities much faster.

I would describe the state of OSINT in Canada as active but uneven. There is strong awareness, growing demand, and capable practitioners, but there is still a gap in standardization, scale, and integration into broader investigative workflows.

What about any interesting stories?

Around 2008, I was working at a software company that took on some very advanced problems from organizations like DARPA. Many of the programs developed after 9/11 were maturing and starting to contribute real technology to defense and law enforcement. One key application was automating OSINT extraction and using early machine learning techniques to surface meaningful information. In many ways, that work resembles what we are doing today at Penlink.

In 2009, I wanted to apply those techniques to something I could discuss more openly, so I turned to disease surveillance. H1N1, or swine flu, was one of the first global pandemics in the digital age. There was a growing volume of online reporting, and at the time, parts of the web were more open. Some organizations even published GeoRSS feeds, which allowed outbreaks to be mapped in near real time.

I began collecting sources, plotting them over time, and geolocating events. Clear patterns emerged. I was not alone in this. Journalists and epidemiologists were identifying similar trends, which became important in later global events.

One key insight was how global travel accelerated the spread. In one case, the data suggested that a traveler returning from a rural area stayed at a hotel and shared a floor with international guests. That cluster may have contributed to cross-border transmission. I created a video on this that is still online today.

What stood out was how clearly the data showed the role of travel in early transmission. By the time COVID-19 emerged, that understanding carried forward. Early responses focused on restricting travel to slow the first wave, followed by efforts to manage community spread, which ultimately drove larger waves. This illustrates how OSINT can surface patterns early and influence decision-making.

The second story, if we have space, is about the importance of aggregating and automating this information into a platform. It highlights not just the analysis itself, but what software enables practitioners to do at scale.

In 2008, I volunteered with Ushahidi, a platform that allowed people to publicly report events in near real time. It was used for election monitoring in Kenya and during the Haiti earthquake. The platform combined submitted reports with open-source data to create a clearer operational picture.

During the Haiti earthquake, it helped first responders, including teams from the U.S. Department of State, coordinate relief and rescue efforts. People were located and rescued from rubble based on these reports.

In one conflict zone I supported, I focused on identifying anomalous geospatial data and validating or flagging it. While doing this, I noticed an unintended consequence. When mapped, many reports aligned closely with specific residential locations, often the only building in an area.

When combined with public news reporting, it became possible to infer where journalists were operating and who might be supporting them. If that information is publicly accessible, it places those individuals at risk.

That is something I still think about. In modern conflicts, many people contribute information without fully understanding how easily their location or role can be inferred. It highlights both the power of OSINT and the responsibility that comes with using it.