Any intelligence collected legally from open, public sources is known as Open Source Intelligence Gathering, or OSINT. With so much information freely available on social media and other online sources, OSINT is often the most effective method for profiling people or groups, gathering evidence, or following up on reports of suspected attacks or fraud.
OSINT grew out of spycraft as it shifted away from clandestine methods of information gathering (think phone tapping and couriers ferrying secure communications) and toward scouring publicly available information like newspapers and files or databases. With the advent of the internet, vast amounts of information became accessible to anyone, and OSINT became increasingly useful not just to sophisticated government and law enforcement agencies, but to financial crime analysts, fraud and brand misuse investigations and particularly – to cybersecurity analysts.
Cybersecurity teams frequently use OSINT for OPSEC (operational security) by understanding what information about their company is available in the public domain. OSINT is a great way to find out if any private information has intentionally been leaked, especially on social media, or perhaps accidentally exposed on public sources without proper authorization or approval.
OSINT is not limited to research on the surface web – it can also be conducted on the deep or dark web. OSINT can still be applied to sites requiring login or subscription — as long as analysts can gather the information legally, without violating any access rules. And, that extends to the dark web.
If you’re using the dark web for OSINT, it’s important to remember:
In addition to being a valuable technique for OPSEC, OSINT can also be used to gather threat intelligence to proactively reduce cyber risks. OSINT is used to analyze, monitor and track cyberthreats from targeted or indiscriminate attacks against an organization.
If an issue is caught by a threat intelligence platform (TIP) or subscription service, the job of an OSINT analyst is to dig deeper and gather any available information across surface, deep and dark web to understand the urgency and scope of the potential problem. For example, a TIP may identify that company’s email addresses and passwords have been found for sale on a dark web site. An analyst would want to look at the complete package to assess the risk of bad actors using this information for future phishing attacks or data breaches. Investigators may also gather valuable insights on how the email addresses may have been obtained and where the weaknesses in the enterprise security perimeter lie. Additional information about attackers’ tactics and methods can be gleaned from various dark web forums. Having a thorough understanding of how the dark web works and how to use it as a resource without exposing their organization to risks is an essential skill for any OSINT analyst.
Using the local computer and network to collect open source content puts OSINT teams and investigators at risk. In To minimize the risk, organizations use a variety of tools such as client-side virtualization, VPNs, segregated storage and advanced malware-scanning solutions. These are costly to deploy, and the complicated IT management requirements create security and attribution gaps.
Tools like Silo for Research offer a fully isolated, anonymous and secure platform designed for the demands of OSINT teams. They protect analysts and their organizations during the information gathering process and keep researchers compliant through collection, collaboration and production. A specialized solution like Silo for Research, gives analysts an isolated browsing platform for accessing social media sites, forums, and other web-based resources without ever touching the web. It also gives them control of their digital fingerprint to avoid tipping off subjects and adversaries during their investigation.
Analysts are always under pressure. Especially when they are investigating a fast-moving incident or impending threat, they can’t afford to waste any time – researchers need to process as many data sources as possible in the shortest amount of time. And this is where automation is most valuable. Automation help you target more sources in less time, removing the human bandwidth limitation, increasing output and productivity, and saving valuable time to remediate issues faster.
OSINT is a fast-growing, multi-faceted discipline, and an increasing number of organizations, even beyond financial corporations and federal and law enforcement agencies, are investing in tools that can help make their analysts’ jobs easier and accelerate issue resolution times.
The more sophisticated your adversary is – more time and effort is required to set up a successful OSINT strategy. With data constantly changing, the number of sites analysts need to investigate grows every single day. Automation – especially using the right tools and techniques – can help ensure that teams are gathering the most relevant data as quickly and efficiently as possible, while keeping investigations – and investigators – secure.
OSINT data collection: you still need humans, but automation is well worth the investment: OSINT data collection automation ensures that teams are gathering the most relevant data as quickly and efficiently as possible, while keeping investigations — and investigators — secure
OSINT OPSEC: not just for government anymore: OSINT OPSEC is critical for any type of investigator to protect their mission, organization and themselves from cyber adversaries
OSINT 2021 guide: tools and techniques for threat intelligence: Open source intelligence (OSINT) from the surface, deep or dark web is invaluable to threat intelligence investigations. Find the shortcuts to improve your research
OSINT gathering key to keeping up with financial crime: A survey of financial crime analysts found that 90 percent believe their organizations should invest more in accelerating time-to-insight during investigations
Cyber threat intelligence: how to use OSINT: Where do Cyber Threat Intelligence (CTI) and Open Source Intelligence (OSINT) rank on the priority list of IT security leaders? Which tools should they use, and what's the recommended playbook?
The best defense is a good OSINT: Timely patching of well-known vulnerabilities will go a long way in protecting against threats