In the past months, we have reviewed a couple interesting OSINT utilities. In fact, a few weeks ago, we also published the Top 20 OSINT Tools as a great resource for everyone starting an information security investigation. But one thing is missing for all those who have just been introduced to the fascinating world of cybersecurity: the key concept of OSINT.
We are talking and writing about OSINT, Infosec, Tools, Cybersecurity, and Open Source. But do you really know the definition of OSINT? That's what we are going to explore today. What is OSINT? How can I make use of it? What are the main benefits for my company? And which are the best-recommended OSINT techniques? Read on…
What is OSINT?
OSINT stands for Open Source Intelligence, and it is one of the key aspects in understanding the cybersecurity that rules the Internet these days.
The term OSINT comes from many decades ago, in fact, US military agencies started using the term OSINT in the late 1980's as they were re-evaluating the nature of information requirements in tactical levels under battlefields. Then in 1992, the Intelligence Reorganization Act determined the main goals of intel gathering included key concepts like:
- Must be objective intelligence free of bias
- Data must be available on public and non-public sources
While the concept of OSINT has evolved since then, as it does not include the non-public sources, the concept originates from that time.
Open source intelligence (OSINT) is information collected from public sources such as those available on the Internet, although the term isn't strictly limited to the internet, but rather means all publicly available sources.
"OS" (from OSINT) means Open Source. In this case, it is not related to the famous open source movement, but to any publicly available source where the user can obtain the information in their intelligence data collection.
The key word behind OSINT concept is information, and most importantly, information that can be obtained for free. It doesn't matter if it is located inside newspapers, blogs, web pages, tweets, social media cards, images, podcasts, or videos as long as it is public, free and legal.
With the right information in your hands, you can get a great advantage over your competition, or speed up any company/people investigation you are in charge of.
But OSINT is even simpler, you know; many of us associate OSINT to cyber war, cyber attacks, cybersecurity, etc. And while those things are a part of it, OSINT is much more explicit and uncomplicated.
OSINT examples include:
- Asking questions on any search engine.
- Research public forums on how to fix your computer.
- Watch a youtube video on how to make a birthday cake.
As you see, you don't need to be a hacker to use OSINT in your daily life: you're already using it, you just might have not known it.
However, since we are focused on modern OSINT for the cybersecurity fields, we will now take a look at how your company or project can benefit from it.
How can I make use of it?
Companies and individuals use OSINT all day long, as we've shown before, and yet they don't consciously know it.
Sales, Marketing, and Product management teams also use OSINT to increase conversions or just be more effective while delivering their services to the public.
In the cybersecurity field, using the right tools for your OSINT investigation can be really effective if you combine it with critical thinking and have a clear OSINT strategy.
Whether you are running a cybersecurity investigation against a company/person or if you are on the opposite side working to identify and mitigate future threats, having pre-defined OSINT techniques and clear goals can save you a lot of time.
Most IT companies do not embrace OSINT to boost their cybersecurity defenses, and sooner or later, this may become a problem as they are not able to identify and detect app, services, and/or server threats.
OSINT Techniques and Resources
While there are a lot of OSINT techniques and mechanisms, not all of them will work for your target. First, you will have to ask yourself a couple of questions:
- What am I looking for?
- What is my main research goal?
- What or who is my target?
- How am I going to conduct my research?
Try to find the answer to these questions, and that will be the first step in your OSINT investigation.
While a lot of OSINT techniques are used by government and military agencies, they can often be applied to your own company, too. Some may work, others may not, but that's part of the OSINT strategy – you will have to identify which sources are good and which ones are irrelevant for your research.
Let's take a look into the most popular OSINT techniques used in cybersecurity:
- Collect employee full names, job roles, as well as the software they use.
- Review and monitor search engine information from Google (especially using Google Dorks), Bing, Yahoo, and others.
- Monitoring personal and corporate blogs, as well as review user activity on digital forums.
- Identify all social networks used by the target user or company.
- Review content available on social networks like Facebook, Twitter, Google Plus, or Linkedin.
- Use people data collection tools like Pipl, who will help you to reveal a lot of information about individuals in one single place.
- Access old cached data from Google – often reveals interesting information.
- Exploring old versions of websites to reveal important information using sites like the Wayback Machine
- Identify mobile phone numbers, as well as mail addresses from social networks, or Google results.
- Search for photographs and videos on common social photo sharing sites, such as Flickr, Google Photos, etc.
- Use Google Maps and other open satellite imagery sources to retrieve images of users' geographic location.
- Use tools like GeoCreepy to track down geographic location information to have a clear picture of the users' current locations.
- Use automated OSINT tools to retrieve information, such as Spiderfoot or us.
- Use popular OSINT extensions that include useful sources like OSINT Browser.
- Explore DNS Services, as well as domains, subdomains, and IP addresses using our own SecurityTrails toolkit.
- Run port scanners against the target company server infrastructure to find running services.
- Use tools to search for internet-connected devices like Shodan used by your target.
These are some of the most popular techniques you will find. However, after you are done doing OSINT research, you will have a lot of data to analyze. That's when you will have to refine your results, and search in detail for all the really necessary things you need, and discard the rest.
The final step in the OSINT strategy will be to translate all this digital intelligence data into a human-readable format, so it can be understood by non-technical individuals, which are often at the head of most companies.
Now you know what OSINT is, and how you can make use of it to boost your cybersecurity investigations, as well as to prevent attacks into your own network by hiding crucial information from your company, people, as well as domain names, servers, IP addresses and much more.
Knowing this leads to the next question: are you ready to unveil the real power of data intelligence as an advantage against your competition? If so, start testing SecurityTrails cybersecurity platform, or sign up for a free API account to integrate our almighty security platform with your own web applications.