The first step in launching a cyberattack is to get a clear understanding of the target by using a penetration test. Cybercriminals will try to gather as much information about a person or a business as they possibly can.
However, they will need to do this without the target’s knowledge, and without triggering their security measures. Gathering intelligence about their targets usually starts with assembling information from public sources.
This is known as Open Source Intelligence, or OSINT for short. The easiest way to gather this information is through anything available online such as social media platforms for example — which is one of the best sources of OSINT.
However, OSINT is not just limited to social media platforms. There are other sources that cybercriminals will use to assemble information about their target.
OSINT is usually gathered from any kind of free public source, which is why cybercriminals can gather this crucial information without your knowledge. The information they use can be found by anyone on the internet.
If you’re starting to worry about your organisation’s security, it might be time for a modern security health check.
What is Open Source Intelligence?
Open source intelligence is any publicly available information from open sources such as social media, websites, and news articles. This type of information is often used by cyberattackers to gain further insights into organisations they are looking to hack.
Different Open-Source Intelligence Sources
Here are some popular examples of OSINT sources:
- Websites
- Social media
- Public records
- Libraries
- Images
- Videos
- The dark web
What is OSINT Used For?
OSINT is information that’s widely and freely available, so what possible use could it have in the hands of a cybercriminal? Modern cybercrime is much more advanced than you might expect, and any kind of information about a target can be put to good use.
Cunning cybercriminals can use OSINT to their advantage and allow them to craft a precise plan for their cyberattack. The problem is that while they are gathering this intelligence and planning their attack, you will be unaware of their plans and how they will be launching their cyberattack against your organisation.
Cybercriminals will be able to gather crucial information about your organisation which allows them to build a profile and identify possible areas of vulnerability that they can exploit. It’s very much akin to how a military attack would be coordinated.
Intelligence and information are gathered first — preferably without the target’s knowledge. The next step is to use that information to develop a plan of attack. Once the information is structured and the plan has been perfected, the attack will be launched against the target.
Who Uses OSINT?
Various parties use open source intelligence, including:
- Cyber criminals
- Information security
- Cyber threat intelligence
- Government
- Law enforcement
- Military
- Investigative journalists
- Human rights investigators
- Private investigators
- Law firms
- Pen testers
- Social engineers
Is Open Source Intellegence Legal?
OSINT is completely legal because it only uses information that is available through “open sources”. This means that it doesn’t include information that is kept within your organisation’s database, but rather just information available from public sources.
From social media to news articles and press conferences, the information gathered by OSINT is available to everyone. There’s a vast array of information spread around the internet, and any of this information can be found. While everyone has access to this information, OSINT simply allows a cybercriminal to gather all the information they need in a more precise and efficient way.
This is done through various OSINT tools and techniques. In other words, a cybercriminal doesn’t have to sit behind their computer screen for hours on end searching for relevant information, there’s software that gathers all the intelligence for them. Because they’re not breaching your security, there’s nothing illegal about OSINT.
What is the OSINT Framework?
OSINT tools are the various instruments that can be used to gather information from the internet. The most obvious tool would be a search engine such as Google. However, the problem is that there are several different search engines on the Internet, with each one throwing out different results based on the search query.
Hunting for information in each search engine would take far too long. As always, there’s a solution to this problem. Searx is a metasearch engine that will allow you to anonymously draw results from over 70 different search engines. Instead of searching the same query 70 different times, you’re able to get the best possible results with just one search.
This is a much faster method when it comes to gathering public information from different sources.
There are hundreds of different OSINT tools available, and new ones are being developed on a daily basis. You can find similar tools for social media, PDFs, Word Documents, presentations, and so much more.
The best way to find these OSINT tools is through popular cybersecurity Twitter accounts. Scrolling through Twitter to find the correct and relevant information is not always easy, but of course, there’s another OSINT tool available here.
Twinx allows you to anonymously gather information on Twitter, without even having to sign up to the platform. This tool allows you to search for Tweets based on the user who posted them, the time frame, their geolocation, and tons of other parameters
What are OSINT Techniques?
There are two main OSINT techniques that cybercriminals can use to gather information about an organisation and their security measures.
Passive Recon
The first OSINT technique used is passive recon, which is mostly what’s been covered in this article. Passive recon will gather the information that is widely available to the public.
This information can be put together without directly engaging the target.
Active Room
The other OSINT technique, known as active recon, is much riskier. This technique will actively engage the target’s system through tools like NMap and will provide much more accurate and up-to-date information.
However, there is the possibility of triggering intrusion detection systems (IDS) and intrusion prevention systems (IPS) while scanning for vulnerabilities in the system. Therefore, active scanning is more likely to be noticed by the target, giving them time to take action.
What is OSINT in Cybersecurity?
It might seem like OSINT is only used by cybercriminals to gather information about their target and to find their weaknesses. However, your organisation can use OSINT to bolster its own cybersecurity measures.
Using OSINT to build a profile of yourself or your business will help you to identify the weaker areas of your security, as well as the information that you’re giving to everyone else on the internet (and potential cybercriminals).
Gathering information about yourself from public sources can help your security team to develop better defensive measures and strategies.
The information they can find using OSINT will allow them to build up effective phishing attacks against your employees using social engineering.
Social engineering is the act of manipulating and deceiving a victim by posing as a person or company that they might know and trust. If you’re aware of these elements and the potential phishing attacks that might come your way, you can proactively prevent them from being successful.
If you’ve identified a threat to your security, you can also use OSINT to build up a profile of the attacker. Gathering information about them, as well as their tactics and targets, will help you to have a better understanding of how they operate and the type of cyberattacks they might launch against your organisation.
Conclusion
Open Source Intelligence (OSINT) is an incredibly important tool in our modern society. OSINT allows anyone to legally and anonymously gather information about a person or a business.
There’s a vast amount of tools available to make this process easier and faster, which means that cyberattacks can be launched more precisely, and more quickly than before.
It’s important to understand the meaning of OSINT and how you can use it to reinforce your own cybersecurity measures. Contact us, by filling out the form below, if you’d like to discuss OSINT best practices:
Frequently Asked Questions
What Does OSINT Stand For?
OSINT stands for open source Intelligence.
How is OSINT Used by Hackers?
Hackers aim to find open source intelligence in order to discover vulnerabilities in an organisation’s systems. This information can be found from many sources, including search engines.
What is an Example of OSINT?
Gaining information such as IP addresses, configurations and device names are examples of OSINT. It’s possible for cyber criminals to get this information through available open ports.