In this article, we will give a brief introduction to OSINT gathering and discover how public -ordinary-looking- information can be exploited by 'the bad guys' to gain unauthorized access to a corporate information system.The Open Source Intelligence (OSINT) term -which was originally formulated by the intelligence community- refers to all the information which is freely accessible to the public and can be used in any intelligence context.
Years ago, this term was mainly associated with intelligence and military, however, with the rapid growth of internet communications and the emergence of social media websites, it becomes heavily used by corporates to profile and collect useful information about internet users for marketing purposes. The perpetrators did not miss the wave and are now using such sources to gain useful insight into their targets before launching attacks.
OSINT resources can be found either online or offline, it includes all the information which is freely accessible to the public. The following list main OSINT categories:
As we note, OSINT sources are wide and cover -almost- all sorts of publicly accessible information, from a cybersecurity perspective, exploiting such resources by the bad actors can lead to catastrophic consequences as we are going to see next.
From a cybersecurity perspective, OSINT sources can be exploited using various methods, the following are two of them:
Metadata is data about data; it contains descriptive hidden information about the file it belongs to. It exists in almost all digital files such as documents, video and audio files, and web pages. Metadata -usually- comes within the file it belongs to, however, some file types store it separately. We can differentiate between two types of metadata:
If you are responsible for producing documents for your organizations (e.g Meeting schedule, invoices, budget files, job announcements, white papers and any type of Office, PDF or image file..etc.), You must check the metadata of all digital files before uploading them to the Internet or sharing them with colleagues/customers to avoid leaking sensitive information about yourself and the machine you have used to create a subject file/s. There are many freeware tools that can view and edit a digital file’s metadata; The following are the most popular one.
If you are a Windows user, you can view/edit the metadata info of many file types by just right-clicking a file ➤ Properties (see Figure 1)
MS Office documents and PDF files are of special importance, because of their widespread usage in the corporate world. To View/Remove metadata from Microsoft Office 2010, 2013, and 2016 documents, you can check the document metadata by selecting File and then going to the Info tab. The Properties panel will be on the right side; from here you can remove document metadata by clicking the Properties button and selecting Advanced Properties (see Figure 2).
Figure 2 - Viewing/Editing MS Office file metadata info
It is a good practice to delete all hidden metadata associated with MS Office files before sharing them with someone else or posting them online, fortunately, Microsoft Office provides functionality for deleting hidden metadata. You can access this feature in Microsoft Word 2010, 2013, and 2016 by selecting File ➤ Info ➤ Check for Issues ➤ Inspect Document.
To clear all hidden metadata from PDF files, Adobe has a feature called Sanitize Document. You can access it from Tools ➤ Sanitize Document. Please note that not all Adobe Acrobat Reader versions support this feature.
Social media sites open up numerous opportunities for cybercriminals to harvest sensitive information about prospect targets (whether it is a person or corporation) because of the vast amount of useful information located in one place. For example, you can get a great deal of personal information about any person worldwide by just checking their Facebook page. Such information often includes the person of interest’s connections on Facebook, political views, religion, ethnicity, country of origin, personal images and videos, spouse name (or marital status), home and work addresses, frequently visited locations, social activities (e.g., sports, theater, and restaurant visits), work history, education, important event dates (such as birth date, graduation date, relationship date, or the date when left/start a new job), and social interactions.
This can all be found in one Facebook profile. To know what your Facebook profile reveals about your social interactions on this platform and investigate other Facebook users’ activities, you can use a free online service called StalkScan. This service allows you to investigate the public information of any Facebook user. To use this service, enter the Facebook URL of the target profile, and the site will populate the page with all the public social interactions produced by the entered profile (see Figure 3).
Information from social media websites along with the one collected from the target file's metadata can be combined together to draw a complete picture of target corporate IT systems and the managerial hierarchy. Some benefits cybercriminals gain by exploiting these sources include the following – and more:
OSINT resources can be leveraged in different scenarios to acquire useful information about any target online, in this article we’ve briefly examined two methods: files metadata and information gathered from social media sites. Any of this information could contribute to a serious data breaches if utilized successfully in phishing attacks against your employees. Make sure that they are prepared to recognize such attempts.