OSINT is intelligence “drawn from publicly available material”, according to the CIA. Most intelligence experts extend that definition to mean information intended for public consumption.
The CIA says that OSINT includes information gathered from the internet, mass media, specialist journals and research, photos, and geospatial information. Most of these sources were used in the Bellingcat MH17 investigation.
OSINT does not require its exponents to hack into systems or use private credentials to access data. Viewing someone’s public profile on social media is OSINT; using their login details to unearth private information is not. In intelligence agency terms, OSINT is also information drawn from non-classified sources.
This method of data gathering is applied in sectors and by individuals in various fields such as Law enforcement agencies, private investigators, financial services, intelligence analysts, and more.
You would be amazed at the sort of sensitive information just lying out there in the public or on the internet and all it takes to get to it is a simple search.
IS OSINT LEGAL?
Being able to gather such type of information gives it this air of illegality but contrary to that fact, OSINT tools are legal. They collect and analyze information that is already publicly available on the open web, such as social media, blogs, newspapers, government records, and academic and professional publications. OSINT tools are unable to penetrate social media privacy settings and other private content.
In Nigeria for instance, schools usually have their admissions lists pasted on the internet for students to check. There are instances where companies have gone through publicly available admissions list to confirm if potential employees actually got admission to the said university.
Put this string in a google search ” inurl:admissions list nigeria pdf ” without the quote. You could manipulate the string to trace straight to a specific university, department and year.
Just as much as we have good, we also see hackers with evil intent also putting to use, OSINT skills for illegal purposes. Reconnaissance for instance being the first step in conducting a hacking exercise be it White Hat or Black Hat, a Hacker would definitely always rely on publicly available information about a target they have in mind.
Whether an OSINT researcher is a hacker looking for vulnerabilities to exploit or an analyst assessing exposure, their core task is to combine public data into an intimate understanding of a business target.
OSINT can be used to identify unintentional leakage of sensitive data through social media networks and other publicly available platforms.
Skilled investigators can gather multiple leads through OSINT more especially where investigating cyber crimes and even as far as tackling extremist groups.
OSINT can be used to find devices which are connected to the organizations network and have open network ports.
To detect obsolete software and application.
Discovering leaked out information which may pose a threat to an organization.
POPULAR OSINT TOOLS
When conducting an OSINT exercise, tools such as one of the following tools can come in handy;
FACEBOOK: This is one of the biggest sources of OSINT. If you are an investigator or an analyst and spend your day collecting data on events, people and doing deep analysis, you are in the right place. You can conduct searches on phone numbers, emails, maps, check ins.
MALTEGO: This tool has many uses; it finds connections between data instances and creates a map. With this tool, you can scrap the internet for employee email addresses of top companies staff and this tool could literally tell you if that email has been part of any database leak that revealed the password as well and would direct you to the link where that leak can be seen so as a company you could try finding out if one of your official email address has been hacked and more especially you should change your password.
Perhaps a staff could have absent mindedly used the official email address to register on a website to make a quick food order and then that website gets hacked? Revealing email addresses and maybe passwords stored in clear text? That would be very risky having your official mail login details sitting out there in public domain.
SHODAN: this is a search engine like Google that searches for internet connected devices. If your internet-facing devices aren’t protected, Shodan can tell hackers everything they need to know to break into your network. Funny thing is, Hackers rarely use Shodan.
GHDB: This is a compendium of Google hacking search terms that have been found to reveal sensitive data exposed by vulnerable servers and web applications. Just as demonstrated above on how to search with strings.
CHECK USERNAMES: With a simple search of a specific username used on any social media forum, this tool traces out every other social media forum this username has been used on and most times people who actually felt they are anonymous would eventually discover that somehow, somewhere, a trace was left linking the username to their real identity. The popular Silk Road Founder was traced by linking his username “altoid” in Silk Road to a username that was used to advertise on a public forum under the same nick name “altoid.”
OSINT FRAMEWORK: A free online system that presents a collection of investigative tools that link together to discover and present information about a target.
Worthy of note are tools such as Who.is, Snitch.name, Genealogy.com Speedy Hunt etc. There are a million tools out there which can assist in conducting an information gathering process as OSINT is not limited to the above listed.
OSINT was employed by the FBI to trace Invictus Obi the Nigerian entrepreneur and convicted fraudster who is currently serving a ten-year prison sentence in the United States for internet fraud that caused $11M losses to his victims. As his username was traced to a Nigerian forum in which he made a few exposing statements as to his location.
OSINT: GOOD OR EVIL?
Knowing the ways of a Hacker even if you aren’t one is a digital skill that one needs in this period whereby COVID19 has made the internet a more active place than it used to be. Everything is going to the internet so now, hackers have a wider network to reach out to and we would not want to be found in that web
As much as open-source Intelligence techniques can be useful, you still can’t deny the fact that it’s a double-edged sword. Just like your team will collect information about your organization, the attackers can do the same.
Modern-day attackers invest sufficient time and resources to plan their attacks carefully. Gathering information about their potential target is a vital component in their preparation process. Attackers may use social engineering techniques like phishing and vishing to trick individuals into sharing sensitive information.
This information will likely form the base of their attack. On the other hand, organizations can utilize OSINT techniques to minimize the information available in the public domain about their business operations. For any organization that seeks to utilize OSINT exercises, they must do so within the boundaries of the relevant laws.
This article was written by Sylvester Uduosa Esq. a Certified Ethical Hacker and founder of SLYTECH Entp. a Cybersecurity firm based in Nigeria which assists companies and individuals with Pentesting their networks and security with the sole aim of discovering vulnerabilities before criminals do and saving companies from losses that maybe incurred as a result of such vulnerability.