HFC - Open-Source Intelligence (Lesson)

Open-Source Intelligence

Open-Source Online Tools

How do malicious actors gather information so that they can create effective emails that seem realistic and are perfectly targeted to the right individuals? One of their tools is to use Open-Source Intelligence (OSINT) tools. 

OSINT Definition: Any information that can be gathered from free, public sources about an individual or organization.

The key with OSINT is to mine the Internet for publicly available information. There is no need to hack into anyone’s accounts because most people have a fairly deep online presence and most of that information is open to the public! 

To create an effective phishing email, malicious actors need to gather information about the target, such as performing reconnaissance about their life, their interests, their work, family, hobbies, schools, etc. Once they have gathered this information, they can craft a scam email that will appeal to the victim personally. OSINT tools provide a simple, powerful way to gather publicly available information about people or companies.

OSINT Characteristics

  • Free – it must be free to anyone. If you have to pay a fee to get the information, then it isn’t OSINT.

Example: If you need to subscribe to a database to access information such as phone numbers and email addresses, it isn’t OSINT.

  • Public - it must be available to anyone.  If you need membership in an organization, then it isn’t OSINT. 

Example: If you want to find all the computer science teachers that belong to the Computer Science Teachers Association (CSTA), you will need to become a member to get a list.  That’s not OSINT!

  • Legal - you cannot take any action to bypass controls that protect the information; information must be legally accessible by a member of the public. If you have to do something illegal or unethical, then it isn’t OSINT.

Example: If you crack a password, use phishing to get credentials, or hack into an organization’s database, then you have broken the law.

Example: Google reviews of businesses, tweets from an open Twitter account, posting about a home on Zillow, etc. 

However, there is a gray area of OSINT… If someone else steals information and posts it online publicly, then technically it is OSINT. OSINT also includes information that has been leaked to the public and is now freely available on the Internet.  For example, information published by Wikileaks.org or posts by data breach hackers. However, is it ethical to use such information?

Food for Thought - Ethical Boundaries Reflection Activity

OSINT Tools

  • Internet Search: The obvious place to start looking for information about someone is a plain Google Search for someone’s name but using different search techniques. For example, a search for John Doe will return information on John, on Doe, and on John Doe.  Instead, you can put your search term in quotations so that it returns information only on the full name, John Doe.  You can also try a different search engine, such as DuckDuckGo or Bing. What are some other search techniques?
  • Google Maps Search: You can use street view and satellite view to find information. What kind of car does the target drive? Minivan may indicate young children. Expensive cars may indicate someone with a high income. How many cars do they have? Many cars could indicate teenagers.  Do they have a pool or playset? Is there a wheelchair ramp?
  • Google Reverse Image Search: Malicious actors often use the target’s photo to find their personal information.
  • Archive.org (aka the Wayback Machine) Search: Even if data is no longer online, it may be available here.
  • Social Media Search: Facebook, Twitter, Pinterest, YouTube, Classmates, Instagram, Reddit – the target’s public profile may have a lot of information!
  • Spokeo Search: Provides addresses, phone numbers, family relationships, etc.
  • Real Estate Website Search (such as Zillow): Cost of home, pictures (in & out), home description, taxes, etc. This information could help fine-tune a spear-phishing attack.
  • LinkedIn Search: Information about career, education, awards, and business contacts.
  • Political Affiliation Search: Many states, such as Florida, provide open voter registration records that can be found with a quick search. During an election season, a spear-phishing campaign may target people who support one of the candidates or political parties!
  • Shopping Databases: Amazon wish lists, gift registries, etc.

OSINT Tools Activity

Download OSINT Tools Activity Transcript Links to an external site.

In this lesson, you have learned about open-source online tools (OSINT) and how malicious players can use this free, public, and legal information to target victims. You have also learned what information you should not freely and publicly share to protect yourself from becoming a victim.

 

[CC BY-NC-SA 4.0 Links to an external site.] UNLESS OTHERWISE NOTED | IMAGES: LICENSED AND USED ACCORDING TO TERMS OF SUBSCRIPTION - INTENDED ONLY FOR USE WITHIN LESSON.