Open Source Intelligence
Open Source Intelligence should not be confused with Open Source software although it can involve the use of Open Source tools. Instead it relates to the gathering of readily available information from the Internet. In the computer security field we are interested in looking at what is exposed that might in turn be of use to a hacker. This could be personal information, details of software installed or vulnerable parts of a network such as open ports. The hacker would be looking to use this as a direct attack or as a vector for phishing. At Kindus we want to ensure that any exposed information is restricted to that required to promote and run a business. Security threats and solution methodologies should not be seen in a vacuum. Many of the aims and techniques of Open Source Intelligence gathering are shared with Penetration Testing and Attack Surface Management.
Exposed personal information not only benefits the hacker but is used in legal investigations and some of the more shady aspects of ‘direct marketing’. The hacker is also interested in details of the software behind websites and the addresses of remote access portals. Software programs will scan for these but there will be far too many results returned for meaningful interpretations without detailed search criteria. Fortunately a security consultant such as Kindus can use corporate information confidentially; input company names (human and device), IP addresses and software then see what comes back. The hacker is at least partially flying blind. They may be looking to target a specific country or organisation but the more information they can gather before making a search then the more chance they have of achieving a worthwhile result. In effect a seemingly minor data breach will provide leads for Open Source data gathering with more serious consequences.
An obvious source of information is from Google, including sophisticated ‘dorking’ searches. There no limits as to how far down this rabbit hole of exposed information any probe can delve. As well as web pages, publicly available sources include Social Media accounts, mailing lists, software repositories, chat engines such as Discord and video sites including YouTube and TikTok. Searches could also stretch to the Dark Web for lists of hacked data or vulnerable systems. Manual searches are an important technique but many avenues of Open Source Intelligence rely on automated solutions. Machine learning or AI can also help filter the massive volume of exposed data and restrict results to a plausible and relevant set.
A range of commercial and free to use solutions are available. Some are designed to harvest data for marketing purposes rather than to expose security vulnerabilities. Others are effectively abandonware and although still available are no longer supported or updated. For an idea of the scope of the issue consider OSINT Framework a graphical tree of OSINT tools that is often recommended in studies of the medium. It expands to show sources of web data from various categories. Many of the nodes that the engine expands to are dead links or relate to solutions that will take some programming knowledge to get up and running.
It would be quite possible to spend a lot of time and money on Open Source Intelligence investigations yet realise very few or more possibly way too many results. This could be because there are indeed no valid results but could be due to a search asking the wrong questions. Effort needs to go into planning what to search for. The same searches can then be run frequently and results compared with relative ease. Kindus can help with this planning and suggest which solutions are best for your organisation and budget.