OSINT stands for “Open-Source INTelligence”, which refers to any unclassified information and includes anything freely available on the web. OSINT is the opposite of close-source intelligence or classified information. Common OSINT sources include social networks, forums, business websites, blogs, videos, and news sources.
OSINT is one of many INTs disciplines employed by government intelligence agencies. Other common INTs include HUMINT (Human Intelligence; gathering intelligence by interacting with people); SIGINT (Signal Intelligence; gathering data from sensors); and GEOINT (Geospatial Intelligence; gathering data from satellites).
OSINT is unclassified and available, but it is not always easily found. Much of it is available on the Deep Web or “hidden internet” as some like to call it. The information is publicly available, but link-crawling search engines like Google do not always access it.
The term OSINT comes from many decades ago, in fact, US military agencies started using the term OSINT in the late 1980’s as they were re-evaluating the nature of information requirements in tactical levels under battlefields.
The key word behind OSINT concept is information, and most importantly, information that can be obtained for free. It doesn’t matter if it is located inside newspapers, blogs, web pages, tweets, social media cards, images, podcasts, or videos as long as it is public, free and legal.
With the right information in your hands, you can get a great advantage over your competition, or speed up any company/people investigation you are in charge of.
On the internet, open source intelligence can come from news websites, blogs, discussion boards, search engines, social media, and the dark web. In the past, OSINT research has differed from more aggressive forms of intelligence collection, because all the information was gathered from sites that did not require any kind of account or login. Increasingly, content is available on websites only through a login, despite the fact that the information is intended to be public. This is most visible on social media sites. There is some debate within the OSINT community as to whether simple logins, with no attempt to create an identity or engage in interactions, should disqualify that content from being considered “open source.” Some organizations use the term Social Intelligence (SOCINT) to distinguish this kind of information from OSINT.
Online OSINT has a number of challenges that are not seen in the older, more conventional methods. On the internet, it is often possible to know that you are being observed and by whom. If a target becomes aware that it is being scrutinized, it may take countermeasures. These can include removing the information completely, blocking access to the information from the organization conducting the OSINT research, or providing targeted misinformation to that organization. Many websites, particularly social media sites, are working very hard to eliminate “fake accounts,” as they are often involved in influence, abuse, or criminal activity. Unfortunately, this is also leading to the suspension of many accounts used for OSINT collection. Finally, open source intelligence can produce too much information. The internet is vast, so it is easy to capture far more information than can be reasonably analyzed. The amount of information created on the internet every day dwarfs the daily production of offline data from decades ago.
When harmless/unimportant looking publicly available information about target systematically collected and gathered together, it becomes harmful, especially in social engineering attacks.
Examples of resources for OSINT:
- Internet Service Registration – The global registration and maintenance of IP address information
- DNS: Local and global registration and maintenance of host naming
- Search Engines: The specialist retrieval of distributed material relating to an organization or their employees
- Email Systems: The information contained within each email delivery process
- Naming Conventions: The way an organization encodes or categorizes the services their online hosts provide
- Website Analysis: The information intentionally made public, that may pose a risk to security
Examples of tools for OSINT:
- Google Dorks: Sophisticated Google searches, shortly.
- Shodan: Search engine for inter-connected devices
- EXIF-Viewers: Sometimes you can find very useful information inside photographs
- Metagoofil: Info gathering tool for extracting metadata from public sources.
In the field of cybersecurity, using the right tools for your OSINT investigation can be really effective if you combine it with critical thinking and have a clear OSINT strategy. Whether you are running a cybersecurity investigation against a company/person or if you are on the opposite side working to identify and mitigate future threats, having pre-defined OSINT techniques and clear goals can save you a lot of time. Every organization should embrace OSINT as one of the cybersecurity defenses to identify and detect app, services, and/or server threats.