OSINT or Open Source Intelligence refers to information about individuals or companies that can be freely and legally gathered from publicly available sources. Skilled analysts locate this intelligence, and use it to create a profile of any target, which in turn may be used to launch attacks on these targets.

As a company, you have to be aware of OSINT, and how you can use OSINT tools and techniques to protect yourself from risk. Below we introduce OSINT sources, and how you can use OSINT reports to reduce your vulnerability to attacks which leverage your OSINT outputs.

Publicly available intelligence

OSINT analysis pulls together pieces of intelligence from public sources to create a profile of a target. OSINT research may focus on companies, key employees in a company, and even friends and family of company employees.

OSINT sources can be grouped into internet sources, traditional mass media, specialised journals and academic sources, photographs and videos, and geospatial information.

OSINT on the internet

In today’s world, the internet is by far the largest source of OSINT. OSINT researchers can find  anything about a target online and turn it into means to facilitate a successful attack against a target. Internet resources include search engines and targeted searches in databases (for example LexisNexis, tax registers and more) to news sites, blogs, forums, and more.

OSINT investigations can uncover basic info, such as names of targets and their associates, phone numbers, email and social network accounts, and home addresses. Social networks provide visible intelligence about individuals and companies alike. Videos and images can be reverse searched via sites, such as YouTube and other video channels in order to uncover any incriminating media. Each layer of information is used to inform the next deeper level of research.

For businesses, business records, public registration documents, even their own company websites can uncover a wealth of information from tax details to IP addresses. Some OSINT will come directly from the business. Documents published by a company, webinars, public speeches, conference presentations, and more, can be examined and mined for intelligence. Once these details have been found, they can be used to delve deeper into a target’s profile, or use them to lure the target into providing additional sensitive personal information by various means, including social engineering.

Why you should care about OSINT

OSINT investigations are often the first step in a targeted attack campaign against an individual or company. The wealth of legally available information allows other forces, from competitors to hackers to create a profile and use it against the target. Most OSINT investigations avoid any direct interaction, allowing for sneak attacks on unsuspecting targets.

Gathering your OSINT is a great way to assess the information you are providing to potential attackers. Once you know your digital footprint, you can:

Receive early warning of data leaks, including oversharing on social media, system weaknesses which could lead to breaches, or even the wrong version of a document published on your website. With an effective OSINT strategy, you can close these holes as soon as possible.

Understand risks and threats that open source information presents to you and your company. Armed with this information you can develop defensive strategies to respond to physical or cyber attacks.

Keep your finger on the pulse of what other people, customers, the media, competitors, and others may be saying about you.

How is OSINT collected?

OSINT investigations are intended to answer a question about a target. Based on this question, the investigators will use OSINT sources to uncover information and paint a picture of that target. With OSINT, an analyst can profile their target to understand their characteristics, and narrow the search to identify vulnerabilities, all without actively engaging the target. An attacker can then use this intelligence to plan an attack.

The internet contains a huge amount of legally collectible OSINT which can be accessed via search engines and targeted searches of databases and other sources. In order to make searching more effective, OSINT tools have been developed to support OSINT searches and protect anonymity.

No alt text provided for this image

OSINT Framework contains OSINT types which can be expanded into sources of intelligence

A huge range of OSINT tools are available for anyone to use. In order to understand the resources available, OSINT professionals have created directories such as the  OSINT Framework, Awesome OSINT or the Kali Tools listing page for a directory of tools and how to use them.

No alt text provided for this image

Kali Tools groups OSINT tools by use

Understanding your digital footprint

OSINT is everywhere, and it is unavoidable that some intelligence will be available about you from publicly available sources. As a company, you will want to ensure that you are on top of your digital footprint at all times.

Prevention is key, and ensuring that you expose as little information about your company as possible is a great way to start. Ensure that employees at all levels are given full internet security training to reduce exposure to both themselves and your company.

Not all OSINT can be avoided however, and that is why you should aim to take a proactive approach towards understanding your OSINT footprint, and develop ways to respond to attacks which may come out from OSINT. A full OSINT assessment will enable you to identify weak spots and create security plans. As OSINT is continually updated, regular intelligence assessments allow you to understand your exposure and vulnerabilities, reduce your footprint, remove harmful and unwanted information, and react in real-time to attacks and breaches.

Cynance is a business oriented cyber security and data protection consulting company, providing OSINT online discovery services for clients around the globe.