Open source intelligence (OSINT) is data obtained from publicly available sources which is analyzed and processed for intelligence purposes.
OSINT analysts are specialized in using sophisticated methods and tools to explore and pinpoint data to meet their objectives.
While OSINT sources are available to anyone, many times they are not broadly known to be publicly available. OSINT can be found both offline and online.
Common examples of information used for OSINT include:
Offline
- Diplomatic Documentation
- Academic Documentation
- Corporate Documentation
- Mass Media
Online
- Internet Search/Database
- Social Media Platforms
- Sharing & Publishing
- Blogging, Forums, and Online Communities
- Deep web
- Dark web
Open Source Intelligence Uses
Information security teams leverage OSINT for two reasons:
Discovering an Organization's Public-Facing Internal Assets
Using penetration testing (or ethical hacking), OSINT analysts test an organization's cybersecurity. Intelligence accessible through penetration includes:
- Data leaks
- Unpatched software
- Open ports and unsecured devices
- Exposed assets, such as IP addresses, networks, device names, and software versions.
Identifying External Information About An Organization
External information, like social media posts and content the dark and deep web can also create many cyber threats.
The Dangers of OSINT
Threat actors can use the same specialized methods that OSINT analysts do, but for malicious purposes. They instead gather intelligence to enact cyber attacks, such as:
- Social engineering, e.g., phishing and email spoofing
- Creating botnets to launch Distributed Denial of Service (DDoS) attacks
- Brute force attacks
- Doxing
- Malware injections, e.g., spyware, ransomware, and other types of malware
