Reduce Cyber Breaches by Controlling OSINT

Ten years ago digital OSINT – Open Source INTtelligence – was an obscure term only known by those who worked for three letter government agencies. Recently, OSINT became part of the national conversation when we learned that malicious actors have used as a springboard for historic compromises at highest level of U.S. government and at major corporations.

Ordinary Info to You; Opportunity to a Cyber Criminal

As its name suggests, OSINT is intelligence gleaned from publicly available sources such as social media, company websites, news sites, even information taken from a job board. What seems like innocuous and disparate pieces of information, can be very useful to a hacker

OSINT Used by Hackers

Common Sources Information That May be Useful
Programming Websites Information about target’s software/hardware stack
Corporate/Target Site Employee Names
Social Media Birthdays
Company Review Sites Internal gossip
Search Engines Confidential documents posted online for easy for sharing
Image Sharing Sites Employees or names tagged in photos
Job Sites Technical information about technology being used

Cyber Threats Put Together Scattered Data like Puzzle Pieces

Some OSINT information found may be in useful in its purest form, like a Social Security name and number on an employee list. However hackers with grander aspirations use information gathered from Facebook or Twitter as a starting point for socially engineering, or to generate large userlists with customized password guesses.

A motivated hacker might look at current job postings, then check the public LinkedIn profile for your organization’s IT-related employees to deduce an overview of your computer network, the software you use, and your current security solutions — all without scanning the network and from just visiting two websites.

Three Ways Organizations Can Manage OSINT

The reality is that as an organization’s digital footprint expands, so too does the opportunity for attackers to examine said footprint; the goal becomes to slow and manage that expansion. Here are some ways to take control:

  1. Inventory and examine what data you have in the wild, what needs to be out there, mitigate any damage.
  2. Establish guidelines and policies on what data can be released, where, and by whom. Tasks like establishing social media policies and improving user education about online usage (only post the absolute least you need to) can effectively help slow the spread of data.
  3. Monitor and track compliance through routine crawling of search engines for documents that identify violations in document handling processes. For example, a Google search for:
    *filetype:pdf site:mycompany.com “INTERNAL SENSITIVE” OR “CONFIDENTIAL” OR “NOT FOR PUBLIC RELEASE”*might reveal organizational-specific lingo such as nickname of secret projects or physical locations can also help to identify data leaks.

As even more devices come online, and as mobile computing continues it’s near exponential growth, it is becoming even more important to develop active programs to handle OSINT intelligence analysis as key element of cyber security.