In an increasingly connected world, we leave a digital trail that tells the story of our activities. Each click, post or interaction leaves a fragment of information which, when put together, reveals a detailed panorama of our lives. In this context, OSINT, or “open source intelligence”, emerged. It is an approach that uses open and public sources to mine these fragments and turn them into a complete and meaningful picture.
In this article, you will understand how OSINT uncovers a universe of hidden information and plays a crucial role in discovering information in the digital environment. Enjoy your reading!
Contextualizing OSINT
Our presence in the world leaves clues. Wherever we go, we leave clues. Sometimes these clues are not easily visible or detectable. But they are there. The police, spies and (unfortunately) criminals know this and use these clues to locate people, confirm facts or prepare actions. Before the planet was digitized, people only looked for these clues in real space, in the physical world: in the streets, houses, vehicles and objects. However, with the huge digitalization of work, finance and even leisure, our clues now also exist in cyberspace. That way, with the mastery of digital machines, our clues can be found there.
The amount of information exposed on the Internet about people, companies and even ourselves can surprise us. A keyword search on search engines like Google, Bing and others can immediately bring up millions of addresses. Many are from the publicity pages of companies and individuals on their websites, but you can also find spreadsheets, presentations, maps, diagrams and many other documents whose owners think they have kept them well. But, as we know, they are exposed.
There is a huge amount of information available from open sources
The activity of locating these addresses and collecting, evaluating and analyzing publicly available data and information has gained ground in many organizations. It is now known as OSINT, or “open source intelligence”, intelligence that operates with open or public sources. You may have heard of the term. But there are many sources for OSINT. In addition to Internet search engines, we can add social networks, public records held by the government and society in general, and even the news. Because of this, many people prefer not to expose themselves – or their families – to the news or social media, because of the risk this can pose.
It’s important to note that when we talk about intelligence, it’s not just about locating data or information. The localized material needs to make sense for planning, for example. It must have academic, political, military or other value. Only after determining that this material makes sense and has value can it be called “intelligence information”. Another way to determine this is by finding out “why this data is important”.
Tools
The number and variety of things you can find with OSINT is huge. If you use simpler tools, such as Internet search engines, you can use the filters they offer to refine your answers and make it easier to find material. But there are tools that, in addition to locating and refining the results, build correlations between the items found and show the relevance of these correlations. Maltego is one of these tools: it is also open source and has the resources to collect and correlate material. Often, the relevance of a correlation can be a clue or even proof of what is being sought.
The use of OSINT is not universal: not everyone likes it
Now that you know that government agents, police, armed forces and even pentesters already use OSINT techniques, it’s important to point out that it’s not yet universally adopted. Mark Rowley, the former British police officer who headed the UK’s counter-terrorism unit from 2014 to 2018, says that people often overlook OSINT. For him, “in many organizations, there are significant barriers to the adoption of OSINT, as well as a failure to adapt quickly to emerging technologies”.
Despite this, OSINT has been decisive in clarifying many cases, including the downing of a Malaysia Airlines plane in 2014 by a missile launched by pro-Russian militias on Ukrainian territory. In that case, the Bellingcat collective, a global investigative journalism network, carried out an investigation into the matter based exclusively on OSINT and came to this conclusion, as other international organizations have also done, albeit using other means.
The use of OSINT
You may think it’s an amateur activity, but integrating an OSINT investigation into the “classic” intelligence cycle is possible. Thus, it involves preparation (determining the objectives and main sources), collection (the main part), processing (organizing), analysis (interpreting and identifying patterns and other evidence) and finally delivering the result. In general, this investigation takes the form of one or more reports.
Unfortunately, the existence of our digital “footprints” also arouses the interest of evildoers and even spies. They also seek out as much information as possible from open sources in order to better understand their targets and their weaknesses. Thus, information about people obtained even from data leaks can help them plan more targeted and sophisticated attacks. For this reason, they end up being more effective. You should know that there have been countless cases in Brazil and abroad of scams and fraud carried out with the help of data obtained in this way. We can mention telephone numbers, personal data such as CPF, full name, names of parents, children and other relatives, home and work addresses. All this helps in the planning and execution of actions.
Information exposed enabled a cybercriminal to be tracked down
A notable case of the use of OSINT in favor of the law led to the arrest of a Brazilian cybercriminal, who was notorious for the number of website defacements carried out in countries all over the world. Known as “VandaTheGod”, the information that led to his identification was obtained by a Brazilian hacker who located, organized and correlated a large amount of information published by the cybercriminal himself – including on social networks.
Although this was a “passive” OSINT investigation, there are also “active” investigations in which there is interaction with the target or person being investigated. But in this case, there is a high possibility of “attribution”, i.e. that the investigator will be discovered.
So, did you like the article? So be sure to check out our other materials and keep up to date with the world of technology and cybersecurity. See you next time!
