Open-Source Intelligence, or OSINT in short, is the methodology of using information that is freely available on the internet, collated together to build a profile. To explain the usage of OSINT clearly, we will provide an example below, along with where you would typically find the information:

Name: Joe Blogs

Age: 30

Email: joe.blogs@googlemail.com

Employed at: CoolGuys

Employed as: Network Engineer

The above information is collatable from the following services:

Generic social media sites – Name, DOB, Mobile, Email

LinkedIn – Employer and Job Title

When we dig a bit deeper into the company he is employed at, we find the following:

Seeking an apprentice Network Engineer with the following skills:

Experience with Windows Server 2008

Ability to manage security of bespoke business websites

Knowledge of Windows XP, Vista and 7 device management

READ MORE: Time for a digital clean-up

When searching the email belonging to Joe Blogs on Database Breach pastes, we are able to see the following information from recent leaks:

Paste 1: joe.blogs@googlemail.com:HappyCat1989

Paste 2: joe.blogs@googlemail.com:HappyCat89

Paste 3: joe.blogs@googlemail.com:HappyCat89!

From all of the information above, we can determine that CoolGuys uses very dated hardware, along with bespoke websites. We also see that Joe is terrible at remembering his password and has a bad habit of reusing this across multiple services.

This information could be used to compromise his other personal services, or directly attack the CoolGuys with different credentials (most containing some variation of HappyCat – his reused password). We could also look for vulnerabilities relating to the old hardware equipment used within the company, increasing the attack surface of the network drastically.

It is crucial to ensure that you hide as much information as possible on the internet (including company information), and to regularly check if any passwords you use have been leaked recently and change these immediately.