Know about OSINT and how it is used
Hackers, State-owned agencies use Open Source Intelligence Tools to search through available data to achieve their goals
Open Source Intelligence Tools (OSINT) is the process of collecting information from already published information or that which is publicly available on the Internet. Most IT security professionals, malicious hackers, or State-owned intelligence agencies use advanced techniques to search through vast amounts of visible/available data to find what they’re looking for to achieve their goals and learn information that many don’t even realise is public.
Data gathering is done in three methods: (1) Passive – Collecting data via publicly available resources. (2) Semi Passive – Sending internet traffic to target in order to acquire information. (3) Active – Using advanced techniques to harvest technical data of the target.
In simple terms, many OSINT tools are open source in nature and are used to analyse and gather from almost anywhere and even the most unlikely of places that may provide you with valuable intelligence on the subject of your investigation.
Open Source information includes:
* The Internet, including forums, blogs, social networking sites, video-sharing sites, records of registered domain names, metadata and digital files, dark web resources, location data, IP addresses and everything that is found online.
* Also information from online, newspapers, books, magazines, specialised journals, academic publications, dissertations, conference proceedings, company profiles, annual reports, company news, employee profiles, resumes, metadata in photos and videos as well.
Advantages:
Using OSINT really does depend on your goals and the kind of intelligence that you want to gather, and below are a few benefits:
* OSINT process is ‘less expensive’ to other intelligence sources
* Data/intelligence is of ‘lesser risk’ as it is collected from publicly available platforms
* Is ‘easily accessible’ almost available everywhere, no matter who you are.
* Collected data may not have a ‘copyright license’ as these resources are already publicly published.
* Allows government agencies in investigations to detect tax evaders, and criminals by monitoring the target’s social media accounts, vacations, lifestyle, people they are meeting, and traveling.
* Can be used to find counterfeit products and direct police to close such websites.
* Helps governments/organisations to understand their people’s ‘attitudes/expectations’ to act accordingly.
Disadvantages:
* An adversary can use it to collect information about you, your business
* Finding information is not enough, putting it to use in a meaningful way consumes time and effort.
* Filtering out junk data can be challenging based on volume of data
* Validating information consumes time and effort
* Some may deliberately post false information to mislead
Few Important links:
* Check how apps access your data – https://reports.exodus-privacy.eu.org/en/
* Use light beam plugin on browsers (How Corporate’s Share Data) – https://myshadow.org/resources/lightbeam?locale=en
* Check for data breaches of your email ID – https://amibeingpwned.com
* Data collected from publicly available sources – https://osintframework.com
* Open Source Intelligent Techniques – https://inteltechniques.com/
* Open Source data collections by security professionals and forensic investigators – https://www.maltego.com/
* Shodan is the search engine for ethical hackers – https://www.shodan.io/
* To Quickly Check the Availability of Name or a Brand Availability – https://namechk.com/
* Fact-Checking an Image (Reverse Image Check) – www.tineye.com
* For Image Verification (Date / Camera / Location etc, Where it is taken) – http://exifdata.com/
* Un Shorten Short Web Links – www.unshorten.it
* Check if the Website is doing Phishing Activity – https://isitphishing.org/
* Check the Complete Email Header – https://mxtoolbox.com/EmailHeaders.aspx
* Check domain tools – http://whois.domaintools.com/
* Check the old version of the target website – https://archive.org/web
* Open Source Information System — https://attack.mitre.org/
Most netizens treat social media platforms as though they’re actually whispering in their best friend’s ears, unaware of the negative outcomes of sharing personal and professional details.
Social media gave voice to the voiceless, but at the same time, we are creating a surveillance society where the smartest way to survive this society is to go voiceless.
Stay Tuned to Cyber Talk for more on internet ethics and digital wellness by Anil Rachamalla, End Now Foundation, www.endnowfoundation.org
