How can I use OSINT, I hear you asking. OSINT is your ability to find something out, online. But we’re not talking about simply asking Google a question (although that could pretty much be classed as OSINT!). We are talking about literally finding the exact location where a picture may have been taken. Or, tracking a person by an email address to see if they are cheating online. Even, in the more advanced areas, detecting a fake image and reverse-engineering it back to its original! These are the kind of cool aspects we at UserSearch are interested in. If these sound exciting, read on!
- Learn what OSINT is all about & who does it.
- Find out what kind of information is out there, for you to use for free.
- Get a taste preview of the darker side of OSINT.
- See some amazing OSINT resources to progress your own interest.
Generally speaking, all data that is publically available online, is referred to as open-source information. Those who seek this information, and the techniques used to find it, are called OSINT.
OSINT is used for threat intelligence, which is the process of determining likely threats to an asset. Of course, it’s also used to help investigators find information on people online, or locate someone.
The ease and availability of this information make it a common use in most fields of online & offline investigations. Honestly, can you think of a crime these days which would not in some way, involve data?
Something with so many advantages, no doubt comes with some hidden disadvantages. Misuse of this information results in Doxing, privacy issues, fake news, and moral mass government monitoring.
Signals intelligence and more…
Other fields which typically utilize OSINT are:
- Signal intelligence (concerned with monitoring, interception & interpretation of radio signals).
- Geospatial intelligence (the collection of information from images to geolocate assets).
- Human intelligence (social collection methods of people.
It is not wrong to say that threat actors can find and misuse anything that security professionals have access to.
What is OSINT?
So, what actually is OSINT?
American Law defines OSINT as information produced or assembled from within the general information available from public forums.
OSINT refers to the procedure that involves the identification, process, analysis, and reporting of publicly available data. This information is collected from public forums, examined, and circulated to the audience according to a set schedule. As well as, this information is for the particular use of an audience who requires specific intelligence information.
OSINT is a common threat intelligence technique among security professionals. It is essential to focus on the word ‘Public’ and ‘Open Source’ in this sense. This means information is collected through public locations, for public consumption. I.E, you don’t need a username or password, in order to look at it.
You should consider any information on Google as public. This information is considered fair game, for anyone. There are other points to consider, where Google Dorking comes in. However, we won’t muddy the water with that, for the moment.
The key skillset required, for OSINT analysis, is the ability to quickly determine the difference between useful, and useless information. Given the large number of false positives that could exist, this skill is essential.
Why is OSINT Important?
The regulation of public information is constantly under debate. Such vast collections of data can be quite dangerous, in the wrong hands.
The availability of so much data can be a blessing. On the contrary, trying to investigate this data can make it challenging to find precise, reliable information.
How is Open Source Intelligence Used?
Now you know the basics and what it is for, let’s jump on how to use it for Cyber Security.
Ethical Hacking and Penetration Testing
Security professionals commonly use open-source management. The purpose of using OSINT is to examine potential vulnerabilities in an open network before any threat actors catch them.
All potential social media leaks, unsecured or open ports, unpatched software, or leaked assets can be a possible weaknesses. This can be found through open-source checks, by both good and bad guys.
Identifying External Threats
Examining potential cybersecurity attacks to any vulnerabilities that threat actors may exploit, allows security professionals to address them quickly.
A single threat might not be something to worry about in many cases. Still, consistent monitoring of a cycle or loop of threats through potentially dangerous outlets can be a serious concern. Security professionals are responsible for studying and analyzing these build-ups with the help of open-source intelligence.
Moreover, it is essential to understand that open source intelligence embraces other subtypes of threat intelligence. Therefore, security professionals must verify the most authentic set of information for their use.
The Dark Side of Open Source Intelligence
While discussing both pros and cons of open-source intelligence, let’s address the dark side of open-source intelligence. Since open-source intelligence is available for intelligence analysts, threat attackers can also misuse this.
Threat actors use advanced open-source intelligence tools to see weaknesses in open public networks to prepare for attacks. It has become straightforward for threat actors to catch such cracks in networks and exploit them to achieve desired aims.
No doubt, this becomes the primary reason behind billions of cybersecurity attacks on small enterprises every year. Advanced open-source intelligence tools help determine where the cyber guys need to focus their time.
On the contrary, OSINT is not just to plan cybersecurity breaches, but also to devise malicious media campaigns against organizations. Attackers may also engineer influential campaigns and trick their users or followers using information available on social media or blogs.
Such campaigns are usually against state institutions or officials, they are state-sponsored. They use OSINT information to feed malicious campaigns through doctored phishing, smishing, or fishing.
It’s important security professionals constantly monitor OSINT information on their assets before vulnerabilities are public.
Open Source Intelligence Techniques
Now… let’s move on to the OSINT techniques used by experts. We will only list some of the most common techniques, as this could be a book in itself!
First, frameworks. Frameworks are essential to plan your OSINT investigation from the start. Creating a plan & setting a framework, prevents you from going on tangents, makes your searching more structured, and prevents loss of focus.
Creating a plan and strategy becomes essential depending on your research and objectives goals. Moreover, you must also focus on your resources and energies to achieve those aims.
Once a plan is ready, move on to selecting techniques and tools for the data collection.
OSINT techniques fall into major parent 2 categories:
1. Active Collection
In this OSINT technique, analysts engage directly with the system. It offers more accurate and real-time information. Network discovery tools such as Nmap offer a granular view of the targeted network security.
2. Passive Collection
Passive techniques involve the collection of information on any device or target network without any direct involvement in the system. In this technique, analysts have to depend on third-party information through passive tools like Wireshark. This tool helps analyze the real-time network traffic for Mac, Windows, Linux, and Unix systems.
This includes the combination of different threat feeds through threat intelligence platforms in a single feed and an easily accessible location. It is undoubtedly an improved way of accessing and harvesting intelligence.
Open Source Intelligence Tools
Many OSINT tools are widely available. Some of them are free to use, and some are paid.
OSINT Framework is one of the best resources out there for OSINT analysts. It’s a collection of OSINT tools that make your data collection tasks simple. Security researchers recommend using this tool for OSINT research, digital footprinting, and intelligence collection. Simply put, this framework offers a straightforward web-based interface that enables users to browse various tools by categories. (See image)
Google Dorking is a technique used to gather OSINT intel. It locates hidden information that website owners leave exposed, without realizing. In other words, Google Dorking helps users narrow down search engine results. This tool enables the user to modify search results using commands (operators). Investigators can find email addresses and uncover contact details from online documents, by using the correct operators.
Hundreds of other open-source intelligence collection tools exist. Analysts use these OSINT tools to identify exploitable threats and cracks in an open network, such as:
There are literally thousands of OSINT tools available, which can do a variety of tricks such as :
- Code search
- Metadata search
- Phone number research
- Identity and people investigation
- Email verification and search
- Image analysis
- Linking different social media accounts
- Geospatial mapping and research
- Wireless network packing and detection analysis
Patience is key…
The credibility of research will depend on the tools and techniques you use to obtain the results. Moreover, finding the right kind of technique and tools can be lengthy. Best advice? trial and error, and be patient.