Open-Source Intelligence (OSINT) is intelligence derived from publicly available data and information. Open sources can be anything from public records, magazines, books, journals, and press articles to social media posts, commercial satellite imagery, and other computer software or digital applications.
Historically, the intelligence community regarded OSINT as a source type, alongside Human Intelligence (HUMINT), Signals Intelligence (SIGINT), Imagery Intelligence (IMINT), and Geospatial Intelligence (GEOINT). Today many experts argue that OSINT is more than a collection discipline. It’s perhaps better described as a facet of the other fields. For example, publicly available satellite imagery can be considered open-source GEOINT.
There’s no OSINT without INT
Key to understanding OSINT is the “INT.” Intelligence is information collected, validated, processed, and analyzed to fulfil an intelligence requirement, in most cases to serve decision-making. Intelligence is usually about an adversary’s intentions (what he/she/ it wants to do) and capabilities (what he/she/it can do).
OSINTing does not just mean surfing the internet or using fancy tools. Performing OSINT means you follow ethical guidelines, employ specialized intelligence analysis methods, and adhere to the highest reasoning standards.
Why Do We Need OSINT Tools?
OSINT is also a process useful in cybersecurity, to identify external threads or for ethical hacking and penetration testing.
Law enforcement agencies, private investigators, and journalists also rely on the same techniques to learn more about a crime, suspect, organisation, or person of interest.
Similarly, HR professionals can perform searches on potential candidates by scanning background checks open source directories.
Marketing and sales teams can use OSINT tools when they need to target a specific user, or simply need to check if an email address is valid.
Sadly, it should also be acknowledged that fraudsters and criminals can use the same tools and techniques for exploits. For instance, when building a synthetic ID, a fraudster can stitch data they have acquired from a darknet marketplace, and combine it with data acquired through public records.
OSINT in the Open
OSINT is a valuable tool for raising security awareness, as well as a technical tool for identifying security risks.
OSINT harvest data from legitimate sources such as online search engines, websites, and professional social networks. OSINT assessments can discover information such as versions of software, names of devices used to print documents, and email addresses.
Along with obvious sources, such as a company website and LinkedIn, this information can also be gathered through metadata stored within files created and published by an organization.
Other increasingly important OSINT sources are open data feeds and geospatial information, from Google and other mapping tools.
And the use of OSINT can go even deeper, potentially right into the code of a company’s web applications.
Is OSINT legal or ethical?
In the UK, OSINT is legal, but security teams need to stay within a clearly defined framework, which is agreed with their clients in advance of conducting OSINT.
Much will depend on where target information resides. OSINT that gathers information where there is a reasonable expectation of public access – a blog post or a LinkedIn profile, for instance – is generally considered legal. But where data are password-protected, obtained by deception, or anonymized and aggregated, the legality is less clear-cut.
It often comes down to intent, “When we are hired to do it for companies or high net worth clients who are legally entitled to monitor the activities of an individual for the purpose of obtaining evidence for presentation in Court, by way of the OSINT process, it is 100% ethical. Whereas if someone is doing it to stalk an ex, it’s not ethical.”
How Can ITM Help You?
iTM covers all aspects of Cyber Security including but not limited to Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Mobile Device Management, Cloud security best practice & architecture, OSINT and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.