OSINT – Do you know what it is?

OSINT = Open Source Intelligence. That is that information that a threat actor can gather about you and your organisation, from open source resources – there is no need to hack you if you leave the information lying around.

When I was studying, the weeks we covered OSINT, were some of the most fun. One tool we used, allowed me to work out why for a while, Octagon Technology had been receiving email enquiries about buying some serious plant and machinery. I found out someone in the US had included our email address, on their online contact form – I got that fixed. We also found out some interesting stuff about the lecturers!

OSINT does not have to be technically difficult. Threat actors can gather a lot of information about your operation by simply posing as a customer and sending you an email.

I include OSINT in several of my training courses as it is important that organisations understand what they could be giving away in the post on social media, or that having the firewall device on open display in the reception with the IP address and other secret information Dymo taped on it where everyone can see. I have a very effective scenario, I use, where the CEO goes on holiday, and a business email scam is run on the company, because of a post her children made on Instagram.

Simple posts on social media about a new member of staff, can lead to them being the target of a social engineering attack. Awareness training for all members of your team – including any third party marketing resources you use can help with these issues.

OSINT – In House

We practice what we preach.

I have written a detailed policy for our support team, to make them aware of the consequences of over sharing, particularly on new projects where there may be one-off contractors involved.

Data Mining

Then there are the data miners, that combine various disjointed bits of information about you, gathered from a variety of OSINT sources, and put them together to give the whole answer.

Then there is really low-tech OSINT

What about post-it notes everywhere that are on full sight to anyone who visits your offices!

And do not get me started on the person in the coffee shop, who when getting a new password for their Microsoft account, not only double checked their own email address carefully spelling it out, but also carefully repeated the password using phonetics so there were no mistakes. I was sitting with my back to them, at another table in McDonalds, when this happened. So with the number of people working in coffee shops, McDonalds, hotel lounges, motorway service station, etc, it might be a good return on the threat actor’s time to hang about there carrying out their other attacks, or just drinking coffee, to see what they can get.

OSINT and Your Organisation

All of the above and more are real world examples and in some cases had to fix after they became an issue.

There has been much written about the cyber-conflict in the Ukraine – but there is also a “old style” OSINT spying game going on as well.

Open Source Intelligence May Be Changing Old-School War | WIRED UK

If you think you may be over-sharing then it is time to do something about it.

Clive Catton MSc (Cyber Security) – by-line and other articles