BLOG | MAR 10, 2022
THE IMPORTANCE OF OPEN SOURCE INTELLIGENCE
With it being cheap, open-source intelligence (OSINT) is becoming the mostly widely used form of gathering information. However, OSINT is widely misunderstood and misused. In this blog, we cover what it is and how it’s used, so that an organisation can outline a plan that effectively integrates this discipline into its security.
With the proliferation of online information, and online tools that can sift through vast amounts of information, OSINT is now more relevant than ever.
WHAT IS OPEN SOURCE AND OSINT?
The term ‘open-source’ refers specifically to information that is available for public consumption. If any specialist skills, tools, or techniques are required to access a piece of information, it can’t reasonably be considered open source. Open source information is not limited to what you can find using the major search engines. Web pages and other resources that can be found using Google constitute significant sources of open source information, but they are only a small amount of information that is out there.
A significant element of online information is found first of all on the deep web such as medical and legal records and documents. Then the dark web which houses illegal information and drug trafficking sites. These two domains are reported to cover over 99 percent of information found online and cannot be indexed by popular search engines such as Google. Despite this, much of the content of these domains can be considered open source because it’s readily available to the public.
Information can also be considered open source if it is:
Published or broadcast for a public audience (for example, news media content)
Available to the public by request such as census data
Available to the public by subscription or purchase such as industry journals
Seen or heard by any casual observer
Made available at a public meeting
Obtained by visiting any place or attending any event that is open to the public
Open-source intelligence does not require hacking into systems or private credentials to access data. Viewing someone’s public profile on social media is OSINT; using their login details to unearth private information is not.
HOW IS IT USED?
As valuable as OSINT intelligence can be, information overload is a real concern. Most of the tools and techniques used to conduct OSINT intelligence initiatives are designed to help security professionals (or threat actors) focus their efforts on specific areas of interest.
OSINT helps security teams unearth clues that individuals leave in the open that compromise security. OSINT tools pick up on problem data, such as dates of birth, National Insurance numbers, family members or even hobbies that could help attackers compromise an account.
Most OSINT practitioners have their own methods and tools for carrying out their work, but most techniques start with a reconnaissance or assessment of an organisations’ or individual’s online profile. This could include annual reports, financial fillings and associated news coverage, as well as social media presence and professional profiles. Any organisation/employee information that has been put online will be seen as a data set and can be used to gather OSINT.
By identifying individuals and employees within organisations, their skillset, their mind sets through blogs and posts, assessments can be made to identify strengths, weaknesses, opportunities and threats. This information can then be used to strengthen or weaken an individual or an organisation.
The use of OSINT can go even deeper, potentially right into the code of a company’s web applications. Within the cyber world this information can be utilised to identify vulnerabilities and build targeted attacks against an organisation’s coding in order to breach IT systems.
OSINT is a valuable tool for raising security awareness, as well as a technical tool for identifying security risks. OSINT sources are open data feeds and geospatial information, from Google and other mapping tools, and have in the past been used to supply floor plans of sensitive locations online and highlighted security issues such as photos of key cards that can affect the integrity of an organisation.
OSINT STRATEGY
OSINT should form part of an organisation’s security plan as it is vital means of spotting, and removing, sensitive information from the public domain that could be abused by malicious actors to compromise an organisation. A company should bear in mind the legal and ethical considerations, and the fact that security teams must exercise a certain level of skill and caution to use OSINT effectively, ethically, and legally.
Having a clear strategy with defined goals is key for any OSINT programme or service. Once you know what you’re trying to accomplish and you’ve set objectives accordingly, identifying the most useful tools and techniques will be much more achievable. Ultimately, though, finding the right combination of tools and techniques for your specific needs will take time, as well as a degree of trial and error.