Open-source intelligence – it’s incredible what you can find from public sources

April 8, 2020 at 09:03

What is open-source intelligence, or OSINT? The fourth meetup of the Future Female x Helsec Cyber Security Essentials training program went online as a precaution to stop the coronavirus from spreading, and the OSINT hands-on workshop had to be postponed. However, we at Nixu thought that we could arrange some reading material for self-paced learning for the participants of this free course, who are women interested in working in cybersecurity or gaining more in-depth technical knowledge. Let's have a glimpse of how we can use open-source intelligence, gathering information from public sources, in cybersecurity and what tools are useful.


What is OSINT, and why is it useful?

Open-source intelligence (OSINT) means collecting information from public sources, analyzing it, and using it for intelligence purposes. The information sources can be anything from television and print newspapers to blogs and websites, social media, research papers, business and sales documents, and anything you can find online or offline. OSINT is one of many intelligence collection types. The main categories are human intelligence (HUMINT), measurement and signatures intelligence (MASINT), signals intelligence (SIGINT), and imagery intelligence (IMINT). Sometimes HUMINT and SIGINT can overlap with OSINT.

Open-source intelligence (OSINT) means collecting information from public sources, such as social media and web pages, analyzing it, and using it for intelligence purposes.

Traditional uses of open-source intelligence lie in national security, investigating crime and cybercrime, and researching threat intelligence or investigating malware campaigns and advanced persistent threat (APT) groups. However, OSINT is also useful for regular companies, cybersecurity consultants doing penetration testing, or red teaming and privacy-aware people.  Everyone who browses and shops online and uses social media can have a surprisingly large digital footprint.

In cybersecurity, specialists mine data from open sources, combine pieces of information, and create a map or a profile of the target. The target might be an organization and its network infrastructure and services they use, a person, or a group of employees that play a vital role in the organization. The information gathered with OSINT is useful in several ways:

 You can identify the attack surface: This is especially important if you are offering online services. What kind of version information is available? Are you exposing only the necessary services and information? What about your office network: are there any printers, WLAN controller management interfaces, or other unexpected hosts accessible from the internet? Can you identify potential persons who to target with social engineering attacks? This information-gathering phase is a typical stage in penetration testing and red teaming as well. However, it’s essential to understand that while passive and semi-passive data collection from open sources is considered legal, active information gathering methods, such as port or vulnerability scanning, are considered illegal if you don’t have permission. 

You can identify security gaps: Have you hardened the operating systems and applications that are exposed? Are there known vulnerabilities or weaknesses? What kind of ways there are to contact you or your organization, and are they all well-protected? 

You can fight information leaks: Accidents happen: somebody might accidentally publish material that wasn't supposed to be released yet. Maybe another online service suffered a data breach, and the email addresses and passwords are now in Pastebin – including your employees' passwords that might work for your web services as well. If you notice problems early, you have more time to react.

Outside security, open-source intelligence techniques, and tools can be useful for investigating market opportunities and checking what your competitors are doing.

Information sources and tools

There are numerous publicly available sources, both online and offline, that you can use for gathering information. Have you ever thought about how much data your social media profiles reveal when you take into account all your connections, as well? There's also more than meets the eye. File metadata often reveals interesting information about the author of the document and the tools and the operating system used for creating the file. Image metadata may contain the location where the picture was taken and thus your whereabouts.

The mind map below shows some common information sources, their uses, and what tools you can use for getting and analyzing the data. The mindmap has been from the point of view that an organization is a target. If the goal would be to gather information from an individual, say for social engineering or phishing attacks in penetration testing, many of the same information sources and tools apply.


Mindmap about OSINT tools and information sources
Mindmap about OSINT tools and information sources when focusing on an organization as a target.


One of the biggest challenges in OSINT is to handle the loads of information with which you will very typically end up. Tools come handy pretty quickly so you can automate data collection, organize the data, and find links between individual pieces of information. Tools like Maltego visualize the info so you can examine it more easily.

It's also good to understand that all information sources may not be reliable, so you may need to filter out some of it. You also need to pay attention to securely storing the data and respecting privacy, since the data may point out significant weaknesses in an organization and contain personal data.

The dark side of OSINT

All information that is out there is also available for cybercriminals. When you look at the mind map showing possible information sources and tools, you can begin to imagine all the potential malicious uses of that data. Identity frauds, social engineering, CEO frauds, targeted attacks with customized malware, … open-source intelligence can be a gold mine if somebody is interested in breaking into your company's IT systems. That's why it's better to understand your exposure. You cannot wholly remove data that has been published on the internet once, but you can make it more difficult to find. And what's more important, you can ensure that you don't have vulnerable services running and otherwise minimize your attack surface.

Want to learn more about OSINT?

If you want to learn more about open-source intelligence, take a look at the following material:


Want to keep track of what's happening in cybersecurity? Sign up for Nixu Newsletter.


Related blogs