Open Source Intelligence Applied to Cybersecurity

 Introduction 

The application of Open Source Intelligence (OSINT) to cybersecurity is not something most businesses will use everyday it is an area worth understanding and having knowledge of. Since it  is a vital resource to stay on top of events and threats which may threaten a business. The vast majority of businesses will not collect OSINT themselves but rely on specialist reporting. This post will aim to give an overview of it. OSINT can be defined as an intelligence that is produced from publicly available information and is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.

In the cybersecurity field, OSINT is used widely to discover vulnerabilities in IT systems and is commonly named Technical Foot-printing. Foot-printing is the first task conducted by hackers – both black and white hat hackers – before attacking computer systems. Gathering technical information about the target computer network is the first phase in any penetration testing methodology.

OSINT Types

OSINT can be classified – according to where the public data is found – into the following categories:

  1. The internet is the main place where OSINT resources are found. Internet resources include the following and more: blogs, social media websites, digital files (photo, videos, sound) and their metadata, technical foot-printing of websites, webcams, deep web (government records, weather records, vital records, criminal’s records, tax and property records), dark-net resources, data leak websites, IP addresses, and anything published online publicly. 
  2. Traditional media channels such as TV, radio, newspapers, and magazines. 
  3. Academic publications such as dissertations, research papers, specialised journals, and books.
  4. Corporate papers such as company profiles, conference proceedings, annual reports, company news, employee profiles, and résumés.
  5. Geospatial information such as Online maps, commercial satellite images, geo-location information associated with social media posts, transport (Air, Maritime, Vehicles, and Railway) tracking.  
These resources can be used to create threat intelligence reports, conduct threat analysis, vulnerabilities reports etc; which can ideally is acted upon by the business or organisation to improve their cybersecurity implementation. 

Example Use Case

Ethical Hacking

The utilisation of OSINT search techniques and tools to discover weaknesses in friendly IT systems, so such vulnerabilities can be closed before threat actors discover them. Commonly found vulnerabilities include:

  1. Accidental leaking of sensitive information on social media sites. For example, an unaware employee may post a personal photo in the server room showing the type of security devices used to secure corporate network. 
  2. Open ports and insecure services running can be discovered when scanning the subject network for vulnerabilities using specialized tools. 
  3. Outdated operating system versions, software and any content management systems already in use. 
  4. Leaked information found on data leak repositories or across the dark-net.
Open Source Intelligence Tools

Cybersecurity professionals can make use open-source intelligence tools in the inspection phase of an incident response plan to gather information from hundreds of websites in minutes. OSINT tools use "AI" features to collect information from various public sources which can be used later.

With open-source intelligence tools, the investigation phases has the potential to become streamlined. There is a chance that OSINT tools could decrease the number of permutations and combinations concerning the data gathered from publicly available sources. OSINT can be used to help discover cyberattacks such as phishing and ransomware attacks being directed at a business or organisation.

Generally, first and foremost, open-source intelligence is a method of collecting data from publicly available resources. While malicious hackers do make use of open-source intelligence tools and techniques to collect data for launching an illegal attack, these tools and techniques are not illegal in themselves. They have been specifically designed to help people collect data that is already published and available to the general public. Therefore, OSINT is typically not illegal. If unsure please seek legal counsel as laws may vary from country to country. 

But any company which makes use of OSINT tools needs to control access to who may use them as there is potential for harm as for example doxing of unsuspecting victims. The methods used in doxing and OSINT are alike, and these methods are generally not illegal. Nevertheless, when OSINT is used to threaten someone, it becomes illegal and a serious criminal offence.

Conclusion

Hopefully, this post has provided an overview and some useful information about the application of OSINT to the field of cybersecurity. Remember, that OSINT is not applicable to every business or organisation as to take full advantage of it requires a certain level of scale and resource for it to be used effectively but it is still worth being aware that it exists. If you have found this interesting I would recommend reading further yourself on this subject. 


Sources

Comments

Popular posts

Personal Interest - Unbuilt fleets of the Royal Navy

Personal Interest - RAF Unbuilt Projects

Balancing functionality, usability and security in design