What is OSINT?
A staggering amount of data is published on the internet every minute. A great portion of this data is publicly accessible. This has major implications for data collection and intelligence. Open-Source Intelligence (OSINT) is the gathering of information that is publicly available. The most common sources of this information includes various social media sites, blogs, company news sites and search engine results (e.g. Google).
How is OSINT used?
The first stage in the cyber kill chain is reconnaissance. This refers to the gathering of information to target specific users or organisations. OSINT plays a great role in the information gathering stage, where adversaries will use information that is available to the public to gain further insight into their targets. A good example of this is using social media to gather further information about a target and sculpting customised mails for spear phishing campaigns towards targets. With OSINT tools, the reconnaissance process gets streamlined, enabling a more efficient narrowing-down to the target.
Although there are many different tools that can be used for OSINT, below are 3 examples of information gathering tools and their functions to give you an idea of how information can be gathered in the OSINT stage:
Defence against OSINT
OSINT is not only used for malicious purposes, it can also be used for counter-intelligence. OSINT generally forms part of a Pen-Test and can help an organisation understand how their threat vectors are exposed to the public. Below are a few recommendations on how to defend against OSINT:
Link to PDF version:
Written by: Michael Frese