Open-Source Intelligence, or OSINT in short, is the methodology of using information that is freely available on the internet, collated together to build a profile. To explain the usage of OSINT clearly, we will provide an example below, along with where you would typically find the information:
Name: Joe Blogs
Age: 30
Email: joe.blogs@googlemail.com
Employed at: CoolGuys
Employed as: Network Engineer
The above information is collatable from the following services:
Generic social media sites – Name, DOB, Mobile, Email
LinkedIn – Employer and Job Title
When we dig a bit deeper into the company he is employed at, we find the following:
Seeking an apprentice Network Engineer with the following skills:
Experience with Windows Server 2008
Ability to manage security of bespoke business websites
Knowledge of Windows XP, Vista and 7 device management
READ MORE: Time for a digital clean-up
When searching the email belonging to Joe Blogs on Database Breach pastes, we are able to see the following information from recent leaks:
Paste 1: joe.blogs@googlemail.com:HappyCat1989
Paste 2: joe.blogs@googlemail.com:HappyCat89
Paste 3: joe.blogs@googlemail.com:HappyCat89!
From all of the information above, we can determine that CoolGuys uses very dated hardware, along with bespoke websites. We also see that Joe is terrible at remembering his password and has a bad habit of reusing this across multiple services.
This information could be used to compromise his other personal services, or directly attack the CoolGuys with different credentials (most containing some variation of HappyCat – his reused password). We could also look for vulnerabilities relating to the old hardware equipment used within the company, increasing the attack surface of the network drastically.
It is crucial to ensure that you hide as much information as possible on the internet (including company information), and to regularly check if any passwords you use have been leaked recently and change these immediately.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here