Open-source intelligence (OSINT) refers to collecting information from public sources, analysing it, and using it for intelligence purposes. According to the CIA, OSINT is intelligence “drawn from publicly available material”, with the majority of intelligence experts extending that definition to mean information intended for public consumption.
This includes TV, magazines, newspapers, blogs, websites, social media, research papers, practically every source that can be found on or offline. And the big plus is that you don't need any particular skills or tools to gather it.
OSINT has been used to investigate crime and cybercrime, as well as for reasons of national security. Researchers use it to get a better understanding of APT groups and nation state backed bad actors, and malware or espionage campaigns. It is also used by security consultants for penetration testing, phishing simulation training or red teaming, and to help drive privacy awareness.
Remember, all of us who have social media accounts are vulnerable through what we share, as every detail increases our digital footprint and gives anyone who takes the trouble to look, more insight into our lives.
So how is OSINT used?
Researchers and other specialists gather data from all these open sources, and put them together like pieces of a puzzle to build a profile of the target, which could be a specific individual, a group of people, or a particular organisation. This information can be extremely useful, as it can help build an accurate picture of the attack surface, by unpacking the type of data that is publicly available on the target, whether (in the case of an online service, for example) more data is being exposed than necessary, and also which devices, interfaces and other, often unexpected hosts, are accessible via the web.
In this way, researchers would be able to pinpoint individuals who would make good targets for, and be susceptible to, social engineering, as well as other chinks in an organisation’s security armour. These might include applications that are unwittingly exposed, or other known vulnerabilities and weaknesses. It can also help to identify any information that might have been published accidentally, or before its intended release date. If you identify a problem early, it is easier to fix it.
And OSINT isn't only useful in the context of cybersecurity. It can also be used to delve into opportunities in the market, as well as to keep a close eye on your competitors.
It all sounds great, but OSINT isn't without its challenges, such as managing the inevitable flood of information that you will end up with. Luckily there are tools that automate data collection and organisation, and can even help find the links to put pieces of information together. Another challenge is sorting the wheat from the chaff, as information sources are not necessarily created equal, and some are bound to be unreliable.
Now that we’ve looked at the benefits, it’s important to note that there’s a flip side to every coin. As much as OSINT is useful to the security community, it is also useful to attackers. The potential malicious use cases for our information are endless, and OSINT is a treasure trove of information for bad actors and fraudsters. Understand where and how you are exposed to understand where you are weak, to minimise your personal attack surface.