OSINT or Open Source Intelligence refers to information about individuals or companies that can be freely and legally gathered from publicly available sources. Skilled analysts locate this intelligence, and use it to create a profile of any target, which in turn may be used to launch attacks on these targets.
As a company, you have to be aware of the public information available about you, and how you can use tools and techniques to protect yourself from risk. Below we introduce the sources of information available, and how you can use intelligence reports to reduce your vulnerability to attacks which leverage open source intelligence to launch.
OSINT analysis pulls together pieces of intelligence from public sources to create a profile of a target. Research may focus on companies, key employees in a company, and even friends and family of company employees.
Open source intelligence can be grouped into internet sources, traditional mass media, specialised journals and academic sources, photographs and videos, and geospatial information.
The internet is by far the largest source of intelligence. Researchers can find useful information about a target online and turn it into means to facilitate a successful attack. Internet resources include search engines and targeted searches in databases (for example LexisNexis or tax registers) to news sites, blogs, forums, and more.
Intelligence investigations can uncover basic info, such as names of targets and their associates, phone numbers, email and social network accounts, and home addresses. Social networks provide visible intelligence about individuals and companies alike. Videos and images can be reverse searched via sites, such as YouTube and other video channels in order to uncover any incriminating media. Each layer of information is used to inform the next deeper level of research.
For businesses, business records, public registration documents, even their own company websites can uncover a wealth of information from tax details to IP addresses. Some intelligence will come directly from the business. Documents published by a company, webinars, public speeches, conference presentations, and more, can be examined and mined for intelligence. Once these details have been found, they can be used to delve deeper into a target’s profile, or use them to lure the target into providing additional sensitive personal information by various means, including social engineering.
OSINT investigations may be used as the first step in a targeted attack campaign against an individual or company. The wealth of legally available information allows other forces, from competitors to hackers to create a profile and use it against the target. Most OSINT investigations avoid any direct interaction, allowing for sneak attacks on unsuspecting targets.
Researching your own open source intelligence is a great way to assess the information you are providing to potential attackers. Once you know your digital footprint, you can:
Receive early warning of data leaks, including oversharing on social media, system weaknesses which could lead to breaches, or even the wrong version of a document published on your website. With an effective intelligence strategy, you can close these holes as soon as possible.
Understand risks and threats that open source information presents to you and your company. Armed with this information you can develop defensive strategies to respond to physical or cyber attacks.
Keep your finger on the pulse of what other people, customers, the media, competitors, and others may be saying about you.
Information gathering investigations are intended to answer a question about a target. Based on this question, the investigators will use open sources to uncover information and paint a picture of that target. With this information, an analyst can profile their target to understand their characteristics, and narrow the search to identify vulnerabilities, all without actively engaging the target. An attacker can then use this intelligence to plan an attack.
The internet contains a huge amount of legally collectible open source intelligence which can be accessed via search engines and targeted searches of databases and other sources. In order to make searching more effective, specialised tools have been developed to support intelligence searches and protect anonymity.
A huge range of tools are available for anyone to use. In order to understand the resources available, professionals have created directories such as the OSINT Framework, Awesome OSINT or the Kali Tools listing page for a directory of tools and how to use them.
Intelligence is everywhere, and it is unavoidable that some information will be available about you from publicly available sources. As a company, you will want to ensure that you are on top of your digital footprint at all times.
Prevention is key, and ensuring that you expose as little information about your company as possible is a great way to start. Ensure that employees at all levels are given full internet security training to reduce exposure to both themselves and your company.
Not all OSINT can be avoided however, and that is why you should aim to take a proactive approach towards understanding your footprint, and develop ways to respond to attacks which may come out from that information. A full assessment will enable you to identify weak spots and create security plans. As open source intelligence is continually created and updated, regular intelligence assessments allow you to understand your exposure and vulnerabilities, reduce your footprint, remove harmful and unwanted information, and react in real-time to attacks and breaches.
Cynance is a business oriented cyber security and data protection consulting company, providing OSINT online discovery services for clients around the globe.