OSINT
WHAT IS OSINT?
Open Source Intelligence (OSINT) refers to all the publicly available information. OSINT data can be gathered from the following sources:
1. The Internet, which includes the following and more: forums, blogs, social networking
sites, video-sharing sites like YouTube.com, wikis, Whois records of registered domain
names, metadata and digital files, dark web resources, geolocation data, IP addresses,
people search engines, and anything that can be found online.
2. Traditional mass media (e.g., television, radio, newspapers, books, magazines).
3. Specialized journals, academic publications, dissertations, conference proceedings,
company profiles, annual reports, company news, employee profiles, and résumés.
4. Photos and videos including metadata.
5. Geospatial information (e.g., maps and commercial imagery products)
Who needs OSINT Information?
OSINT is leveraged by different actors for variety of purposes.
1. Government: Government bodies, especially military departments, are considered the
largest consumer of OSINT sources. Governments need OSINT sources for different
purposes such as national security, counterterrorism, cybertracking of terrorists and to
investigate tax evasion cases.
2. International Organizations: International organizations like the UN use OSINT sources
to support peacekeeping operations around the globe.
3. Law Enforcement Agencies: Police use OSINT sources to protect citizens from abuse,
sexual violence, identity theft, and other crimes.
4. Business Corporations: Information is power, and corporations use OSINT sources to
investigate new markets, monitor competitors’ activities, plan marketing activities, and
predict anything that can affect their current operations and future growth.
Businesses also use OSINT intelligence for other nonfinancial purposes such as the
following:
A. To fight against data leakage, knowing that the business exposure of
confidential information and the security vulnerabilities of their networks is a
cause of future cyber-threats.
B. To create their threat intelligence strategies through analyzing OSINT sources
from both outside and inside the organization and then combining this
information with other information to accomplish an effective cyber-risk management policy that helps them to protect their financial interests,
reputation, and customer base.
5. Red team operations: OSINT is used extensively red team to gather intelligence about a
specific target online. It is also considered a valuable tool to assist in conducting social
engineering attacks. The first phase of any penetration testing methodology begins with
reconnaissance (in other words, with OSINT).
6. Privacy-Conscious People: These are ordinary people who might want to check how
outsiders can break into their computing devices and what their ISP knows about them.
They also need to know their online exposure level to close any security gap and delete
any private data that may have been published inadvertently. OSINT is a great tool to
see how your digital identity appears to the outside world, allowing you to maintain
your privacy. Individuals can also use OSINT to fight against identity theft, for example,
in case someone is impersonating you.
Open Source Intelligence Methods and Tools
A Practical Guide to Online Intelligence
by Nihad A. Hassan (Author), Rami Hijazi (Author)
