Open-source intelligence (OSINT) is the investigative practice of combing through freely available information to find specific data. It is used in many different capacities like law enforcement, missing persons, corporate investigations, and even in your personal life. Using OSINT skills in work and life enables you to learn more about your general environment. At Social-Engineer, LLC, we utilize OSINT for every client engagement we participate in. In fact, it is the first step to developing pretexts and simulated attacks against our clients. We, as the adversary simulators, would just be blindly guessing about our targets without OSINT. That information also allows for a teachable moment for the client after the engagement. Showing them what is freely available, to anyone willing to look, allows them to be resilient when an attacker uses that information against them.
OSINT Skills for Work
We pride ourselves on accurately simulating real world attacks for our clients. We need to view the world the way an attacker would, while still remembering we are the good guys and gals. When we conduct OSINT on our targets, we approach it two ways. The first is general fact finding to build a profile of our target so we can see what type of digital shadow they cast on the internet. Do they have a social media presence at all? Are they listed in public records, or are they a virtual ghost? What we find in this first phase dictates how we approach the second phase. The second phase is where we review the data and follow the rabbits down various holes, or data paths.
We do this to build possible pretexts for attack. What did we find that would generate an emotional response in our target? That is the basic methodology when employing the mindset of an attacker. We want to reduce critical thought and leverage the scientifically-proven techniques of influence. We couple what we found with what we are seeking to accomplish. Then we blend that together into an approved attack plan. All the while, we are reporting on this data clearly and concisely, to build the teachable moments for our clients.
OSINT Skills for Life
Performing investigations in your personal life can be fun, enlightening, and very beneficial when seeking new service providers or interpersonal relationships. As seen in Ryan MacDougall’s DEFCON 27 speech, learning about your neighbors or potential contractors helps you make informed decisions about how you interact with them. Also, teaching your children these skills early on helps them navigate an ever-increasing digital world more effectively and safely. When doing research on a personal level, you don’t always need to know every detail about your target’s life. That is why stating a specific goal before you start makes your research more efficient and meaningful.
Learning a few basic google dorks (google search algorithms) can make even day-to-day searching more effective. Using the Tools-Any Time setting to filter results based on predefined time ranges or setting a custom time range can narrow down results significantly since your results won’t include items from outside your desired time frame and will only show relevant results to comb through. Also, the ‘site’ operator can limit results to only a desired domain. If you are looking for that one article you read once and can’t remember the URL or full title, this operator helps with that.
Lessons Learned
Regularly using OSINT skills for work and life illuminates the fact that there is information on all of us out there, potentially ripe for exploitation. Some may ask what we can do to limit that exposure and defend against exactly what we do at SECOM as part of our work. There are two camps that you may reside in when it comes to solutions. The first is to wipe the slate clean and go the digital equivalent of dark. Erase what you can from sites that respect that activity and minimize your attack surface. That may help, but not all sites will remove data since it is public information already. Even if you get it removed, it may get re-added back to a given site on the next iteration of their internal data collection.
The second camp is to know what is out there and be aware of it. If you are being targeted and that information is being used as part of the attack, you can be alert to the fact that anyone can see it and it is not a secret. You could also be satisfied to reside in both camps, where you remove the easy stuff, you no longer need public, and then understand what is left and stay vigilant.
The Role of OSINT in the Social Engineering Risk Assessment
There is an option for companies that are concerned about their high value targets, and the exposure of those targets. A Social Engineering Risk Assessment (SERA) provides the details companies need to make informed decisions on how to reduce that potential attack surface. We can customize this service to determine the corporate or private exposure of client-selected targets. Using various options for depth of the investigation, stakeholders can see what exists on the internet and how that information can be leveraged by an attacker.
In the end, utilizing OSINT in work and life can open the curtain to the information the world can know about you or your company. As the 1983 cartoon show G.I. Joe used to close with, “Knowing is half the battle.”
Sources
https://www.social-engineer.org/newsletter/what-is-your-favorite-osint-tool/
https://www.social-engineer.org/framework/influencing-others/influence-tactics/
https://www.social-engineer.com/osint-in-the-real-world-ryan-macdougall-at-def-con-27/
http://www.googleguide.com/advanced_operators_reference.html
https://www.social-engineer.com/services/social-engineering-risk-assessment/
Image
https://www.eff.org/event/osint-and-ethical-disclosure-hands-workshop