Open Source Intelligence Applied to Cybersecurity

 Introduction 

The application of Open Source Intelligence (OSINT) to cybersecurity is not something most businesses will use everyday it is an area worth understanding and having knowledge of. Since it  is a vital resource to stay on top of events and threats which may threaten a business. The vast majority of businesses will not collect OSINT themselves but rely on specialist reporting. This post will aim to give an overview of it. OSINT can be defined as an intelligence that is produced from publicly available information and is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.

In the cybersecurity field, OSINT is used widely to discover vulnerabilities in IT systems and is commonly named Technical Foot-printing. Foot-printing is the first task conducted by hackers – both black and white hat hackers – before attacking computer systems. Gathering technical information about the target computer network is the first phase in any penetration testing methodology.

OSINT Types

OSINT can be classified – according to where the public data is found – into the following categories:

  1. The internet is the main place where OSINT resources are found. Internet resources include the following and more: blogs, social media websites, digital files (photo, videos, sound) and their metadata, technical foot-printing of websites, webcams, deep web (government records, weather records, vital records, criminal’s records, tax and property records), dark-net resources, data leak websites, IP addresses, and anything published online publicly. 
  2. Traditional media channels such as TV, radio, newspapers, and magazines. 
  3. Academic publications such as dissertations, research papers, specialised journals, and books.
  4. Corporate papers such as company profiles, conference proceedings, annual reports, company news, employee profiles, and résumés.
  5. Geospatial information such as Online maps, commercial satellite images, geo-location information associated with social media posts, transport (Air, Maritime, Vehicles, and Railway) tracking.  
These resources can be used to create threat intelligence reports, conduct threat analysis, vulnerabilities reports etc; which can ideally is acted upon by the business or organisation to improve their cybersecurity implementation. 

Example Use Case

Ethical Hacking

The utilisation of OSINT search techniques and tools to discover weaknesses in friendly IT systems, so such vulnerabilities can be closed before threat actors discover them. Commonly found vulnerabilities include:

  1. Accidental leaking of sensitive information on social media sites. For example, an unaware employee may post a personal photo in the server room showing the type of security devices used to secure corporate network. 
  2. Open ports and insecure services running can be discovered when scanning the subject network for vulnerabilities using specialized tools. 
  3. Outdated operating system versions, software and any content management systems already in use. 
  4. Leaked information found on data leak repositories or across the dark-net.
Open Source Intelligence Tools

Cybersecurity professionals can make use open-source intelligence tools in the inspection phase of an incident response plan to gather information from hundreds of websites in minutes. OSINT tools use "AI" features to collect information from various public sources which can be used later.

With open-source intelligence tools, the investigation phases has the potential to become streamlined. There is a chance that OSINT tools could decrease the number of permutations and combinations concerning the data gathered from publicly available sources. OSINT can be used to help discover cyberattacks such as phishing and ransomware attacks being directed at a business or organisation.

Generally, first and foremost, open-source intelligence is a method of collecting data from publicly available resources. While malicious hackers do make use of open-source intelligence tools and techniques to collect data for launching an illegal attack, these tools and techniques are not illegal in themselves. They have been specifically designed to help people collect data that is already published and available to the general public. Therefore, OSINT is typically not illegal. If unsure please seek legal counsel as laws may vary from country to country. 

But any company which makes use of OSINT tools needs to control access to who may use them as there is potential for harm as for example doxing of unsuspecting victims. The methods used in doxing and OSINT are alike, and these methods are generally not illegal. Nevertheless, when OSINT is used to threaten someone, it becomes illegal and a serious criminal offence.

Conclusion

Hopefully, this post has provided an overview and some useful information about the application of OSINT to the field of cybersecurity. Remember, that OSINT is not applicable to every business or organisation as to take full advantage of it requires a certain level of scale and resource for it to be used effectively but it is still worth being aware that it exists. If you have found this interesting I would recommend reading further yourself on this subject. 


Sources

Comments

Post a Comment

Popular posts

Balancing functionality, usability and security in design

Image
Introduction When designing new devices or applications there is a requirement nowadays to consider there functionality, usability and security. While there has been a push through secure-by-design guidelines for security to be built-in from the beginning there are still gaps in implementation and part of these gaps are design considerations of functionality and usability. Part of this that doing security well is hard work, but it should never block useful functionality for the user. Ideally, when security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. Though achieving this balance is admittedly not straightforward. This blog post will aim to look at this triad and how they can be balanced and not compromise each other. Defining the Triad in design A triangle can be used to help explain the relationship between the concepts of security, functionality and ea
Read more

Personal Interest - Unbuilt fleets of the Royal Navy

Image
Introduction Throughout the 20th Century the Royal Navy designed and examined different types of fleets that were never realised either due to budget constraints, arms treaties or the changing nature of war. These are only a few examples of the different types of unbuilt fleets. Some of these had prototypes built and tasted for the Royal Navy which would serve as technological testbeds. Images and info from secret projects forum, shipbucket, popular mechanics/science and naval-matters. Washington Naval Treaty (WNT) The  Washington Naval Treaty  was a treaty signed during 1922 among the major nations that had won  World War I , which agreed to prevent an  arms race  by limiting naval construction. It was negotiated at the  Washington Naval Conference , held in  Washington, D.C. , from November 1921 to February 1922, and it was signed by the governments of the United Kingdom, the United States, France, Italy, and Japan. It limited the construction of  battleships ,  battlecruisers
Read more

Personal Interest - RAF Unbuilt Projects

Image
  Introduction This blog post looks at the different groups of cancelled RAF projects. It will focus on the 50s, 60s, 90s/00s and a brief look at hypersonic research projects. While these projects were often cut or cancelled for budget or austerity reasons, they were also pushed by the changing nature of warfare firstly from conventional style WW2 warfare to the predicated quick, short scale nuclear war which was expected from 1947 to 1989. Later from the 90s and into the 21st Century a change from state on state conflict to facing insurgencies, counter-terrorism and peacekeeping missions again led to a change in how wars are fought. Though the work and research done on these projects would rarely go to waste with it being used and applied in other projects and works even if sometimes it could take another ten or twenty years before anything operational came of that work. There won't be large amounts of text explaining or exploring the designs there are far better sources for th
Read more