Sources and tools of open source intelligence

The world is becoming more interconnected through social media and digital communications, and the amount of relevant information available to attackers is growing exponentially. Open Source Intelligence (OSINT) refers to the practice of gathering data from published or otherwise publicly available sources. Whether it is an IT security expert, a malicious attacker, or a state-sanctioned intelligence officer, open source intelligence is the use of advanced technology to search large amounts of visible data to find information that achieves a goal.

Sources of open source intelligence

Open source intelligence in cybersecurity is the use of data to determine what actions are needed to help detect and prevent cyber threats before they impact an organization.

Using open source intelligence tools in an organization can help discover information about the company, its employees, IT assets, and other confidential or sensitive data that attackers can exploit to improve cybersecurity.

Tools of open source intelligence

1. For example, information on LinkedIn is a common source of open source intelligence.

Attackers can use LinkedIn crawl tools to conduct reconnaissance in order to understand and research individuals or companies prior to targeted phishing attacks.

LinkedIn is a great resource when it comes to reconnaissance of an entire organization. An attacker can find all employees, their names, job titles, locations and emails. It is a simple and powerful data source often used for attack surface analysis prior to penetration testing.

LinkedIn's open source intelligence can use multiple public data sources to collect emails and names as well as subdomains, IPs and URLs. some people even publish their birthdays on LinkedIn - all useful information for attackers.

2. Dark web data breach dumps are also another common source of open source intelligence.

Many companies and organizations have been the victims of serious breaches. The compromised data was stolen data that was made public by the attacker. The use of compromised data can be beneficial in open source intelligence investigations.

Compromised data may include names, phone numbers, addresses, credit card details, passport numbers, and other sensitive data. In the early stages of an open source intelligence investigation, compromised data is critical to building a profile. This information can reveal updated data points and confirm existing data about the target.

Leaked data is often uploaded to forums, pasteboxes and file storage sites where it is sold and shared. Items sold on the dark web include credit cards, malicious services such as malware, DDos-as-a-service, and data dumps.