Ordinary Info to You; Opportunity to a Cyber Criminal
As its name suggests, OSINT is intelligence gleaned from publicly available sources such as social media, company websites, news sites, even information taken from a job board. What seems like innocuous and disparate pieces of information, can be very useful to a hacker
OSINT Used by Hackers
|Common Sources||Information That May be Useful|
|Programming Websites||Information about target’s software/hardware stack|
|Corporate/Target Site||Employee Names|
|Company Review Sites||Internal gossip|
|Search Engines||Confidential documents posted online for easy for sharing|
|Image Sharing Sites||Employees or names tagged in photos|
|Job Sites||Technical information about technology being used|
Cyber Threats Put Together Scattered Data like Puzzle Pieces
Some OSINT information found may be in useful in its purest form, like a Social Security name and number on an employee list. However hackers with grander aspirations use information gathered from Facebook or Twitter as a starting point for socially engineering, or to generate large userlists with customized password guesses.
A motivated hacker might look at current job postings, then check the public LinkedIn profile for your organization’s IT-related employees to deduce an overview of your computer network, the software you use, and your current security solutions — all without scanning the network and from just visiting two websites.
Three Ways Organizations Can Manage OSINT
The reality is that as an organization’s digital footprint expands, so too does the opportunity for attackers to examine said footprint; the goal becomes to slow and manage that expansion. Here are some ways to take control:
- Inventory and examine what data you have in the wild, what needs to be out there, mitigate any damage.
- Establish guidelines and policies on what data can be released, where, and by whom. Tasks like establishing social media policies and improving user education about online usage (only post the absolute least you need to) can effectively help slow the spread of data.
- Monitor and track compliance through routine crawling of search engines for documents that identify violations in document handling processes. For example, a Google search for:
*filetype:pdf site:mycompany.com “INTERNAL SENSITIVE” OR “CONFIDENTIAL” OR “NOT FOR PUBLIC RELEASE”*might reveal organizational-specific lingo such as nickname of secret projects or physical locations can also help to identify data leaks.
As even more devices come online, and as mobile computing continues it’s near exponential growth, it is becoming even more important to develop active programs to handle OSINT intelligence analysis as key element of cyber security.
With extensive experience in defensive and offensive security, Daniel has been a quiet trailblazer in digital intel-gathering long before cyber intelligence became a discipline. More than a decade ago he was inventing and applying his own intelligence tools in support of companies and governments around the world facing urgent threats. Using this deep understanding of web technologies and the behaviors of cybercriminals, he has enhanced, updated and packaged these tools under ShadowDragon.
Daniel is a member of the Odonata Holdings, Inc.