7/19/23, 11:53 AM An Introduction to Open Source Intelligence (OSINT) - Cyber Protection Magazine

 TOPICS  MAGAZINE NEWSLETTER PODCAST  CONTACT ABOUT     

You are here: Home » An Introduction to Open Source Intelligence (OSINT)

An Introduction to Open Source Intelligence (OSINT)

This is part 1 of our series of articles on OSINT. Find all articles here.

The internet has changed everything around us from education, healthcare, government interactions reaching social communication which
receives the greatest impact. The Internet has redefined how people communicate with each other and revolutionized how corporations do
business. Nowadays, the majority of world communications happen in what is known as Cyberspace.

According to cybersecurity ventures, by 2030, 90 percent of the human population, aged 6 years and older will be online, this means more
than 7.5 billion Internet users. People now use the internet to purchase goods & services, entertainment, connect with other people, share
information and files in addition to using social networking websites to communicate with friends and family members without any
geographical barriers.

Typing Speed (WPM) Test

Evaluate your candidates' speed…
English (Intermediate/B1)
TestGorilla
The English test will help you hir…
QA
We use cookies on our website / to
Test engineer
give
TestGorilla you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you
consent to the use of ALL the cookies.
This test helps you identify can…
Do not sell my personal information.
TestGorilla

Cookie settings ACCEPT

https://cyberprotection-magazine.com/an-introduction-to-open-source-intelligence-osint#:~:text=Open Source Intelligence (OSINT) … 1/8

7/19/23, 11:53 AM An Introduction to Open Source Intelligence (OSINT) - Cyber Protection Magazine

As the world continues to digitalize, digital societies will produce huge amount of digital data generated from people and business
interactions in Cyberspace. Exploiting this info in the right direction will open numerous opportunities for public and business
organizations to increase profits and operate more efficiently in the new information age.

Open Source Intelligence (OSINT) refers to all information that can be found publicly – mostly via the internet – without breaching any
copyright or privacy laws. Under this definition, a wide array of sources can be considered a part of OSINT. For instance, information posted
publicly on social media websites, posts on discussion forums and group chats, unprotected websites directories and any piece of
information that can be found by searching online. Keep in mind that most OSINT resources cannot be found using regular search engines
such as Google or Yahoo!, as many resources are buried deep in the deep and darknet and such resources constitute more than 96% of the
web content.

In this article, we will shed the light on the term OSINT, discover its types, actors interested in OSINT gathering and explore OSINT benefits
in today’s digital age.

What is OSINT?

As we already mentioned, OSINT refers to all the information which is open for public consumption, this includes both online and offline
resources. You may wonder, does this information need to be free to be considered a part of OSINT resources? The answer is No, for
example, the information contained in scientific papers, books, and magazine need to be purchased first in order to disseminate it in your
OSINT gathering activity.

The U.S. Department of Defense (DoD) defines OSINT as follows:

“Open-source intelligence (OSINT) is an intelligence that is produced from publicly available information and is collected, exploited, and
disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.”

OSINT Types

OSINT can be classified – according to where the public data is found – into the following categories:

1. The internet is the main place where OSINT resources are found, indeed, many researchers differentiate between the online OSINT
resources and the offline one by using the term “Cyber OSINT” to refer to internet resources exclusively. Internet resources include the
following and more: blogs, social media websites, digital files (photo, videos, sound) and their metadata, technical footprinting of
websites, webcams, deep web (government records, weather records, vital records, criminal’s records, tax and property records),
darknet resources, data leak websites, IP addresses, and anything published online publicly.
2. Traditional media channels such as TV, radio, newspapers, and magazines.
3. Academic publications such as dissertations, research papers, specialized journals, and books.
4. Corporate papers such as company profiles, conference proceedings, annual reports, company news, employee profiles, and résumés.
5. Geospatial information such as Online maps, commercial satellite images, geo-location information associated with social media posts,
transport (Air, Maritime, Vehicles, and Railway) tracking.

Who needs Open Source Intelligence?

There are different actors interested in OSINT gathering with varying motivation for each one.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you
consent to the use of ALL the cookies.
Do not sell my personal information.

Cookie settings ACCEPT

https://cyberprotection-magazine.com/an-introduction-to-open-source-intelligence-osint#:~:text=Open Source Intelligence (OSINT) … 2/8

7/19/23, 11:53 AM An Introduction to Open Source Intelligence (OSINT) - Cyber Protection Magazine

Figure 1 – OSINT is used by different users for different scenarios

Law Firms & Private Investigators

OSINT is used extensively by law firms to optimize their litigation by discovering information found on social media sites and other online
places to uncover biases and acquire important information about the individual’s or organization in question. The information acquired
from public sources can be beneficial in the following cases:

Discrimination & sexual harassment lawsuits

Wrongful termination, disability, and hostile work environment claims
Intellectual property violation cases

Ethical Hacking

IT security professionals utilize OSINT search techniques and tools to discover weaknesses in friendly IT systems, so such vulnerabilities can
be closed before threat actors discover them. Commonly found vulnerabilities include:

1. Accidental leaking of sensitive information on social media sites. For example, an unaware employee may post a personal photo in the
server room showing the type of security devices used to secure corporate network.
2. Open ports and insecure services running can be discovered when scanning the subject network for vulnerabilities using specialized
tools.
3. Outdated operating system versions, software and any content management systems already in use.
4. Leaked information found on data leak repositories or across the darknet.

Gain Intelligence About Competitors Activities

As the internet becomes widely adopted in all life and business areas, corporations can utilize OSINT to gain great insight into current and
future threats. For example, OSINT can be used to gain useful intelligence about competitors’ marketing and business operations, their
deals with other companies in addition to their future plans (e.g. expand to new markets, launch new products or services).

Related:
We use Bag
cookies on a bargain
our website tosafely this
give you theBlack
most Friday
relevantweekend
experience by remembering your preferences and repeat visits. By clicking “Accept”, you
consent to the use of ALL the cookies.
Do not sell my personal information.
Law Enforcement Agencies
Cookie settings ACCEPT

https://cyberprotection-magazine.com/an-introduction-to-open-source-intelligence-osint#:~:text=Open Source Intelligence (OSINT) … 3/8

7/19/23, 11:53 AM An Introduction to Open Source Intelligence (OSINT) - Cyber Protection Magazine

OSINT techniques help Law enforcement officials to improve their intelligence gathering activities to protect citizens and businesses from
cybercriminals. OSINT can also utilize in this context to identify possible criminals – by examining their social media accounts and online
behavioral – before they commit their crime. For example, law enforcement can use a search algorithm to scan social media sites – and
other online public sources sites – for terms like “shoot” or “kill.” to stop possible criminals before conducting any crime.

Government Agencies

Governments are the greatest consumer of OSINT intelligence; they need such info to predict future trends on a global level. Governments
seek professional reports concerning any area of interest (political, health, economic or sports events, etc.) from specialized OSINT firms to
help them in their decision-making process.

Individuals

Ordinary people use OSINT to check how much personal information is exposed about them online. This helps them to discover and delete
any unwanted information leaked publicly and prevent bad actors from exploiting such info to target them with customized attacks (e.g.
Social engineering attacks).

In general, all internet users are using some sorts of OSINT search techniques in one way or another, for example, when using Google to
search for something, or when using the search box in Facebook or Twitter to search for someone, you are utilizing OSINT to find this info.

Cybercriminals and Terrorist Organizations

In the bad side, cybercriminals and terrorists are using OSINT techniques in the same way good people use to find information about their
targets. Threat actors use OSINT to examine possible targets, identify weaknesses in target computer networks and finally use this
intelligence to exploit the target.

OSINT is considered a valuable tool to assist in conducting social engineering attacks. The first phase of any penetration testing
methodology begins with reconnaissance (in other words, with OSINT).

Figure 2 – General penetration testing methodology always begin with OSINT gathering (Reconnaissance)

Conclusion

Pushed by the huge technological advancement and the wide prevalence of internet communication worldwide, OSINT becomes a critical
component of both public and private intelligence, supplying businesses, governments, and individuals with a plethora of tools and
techniques to gather intelligence from high-quality information to the base and make decisions on. OSINT is beneficial for different
scenarios,
We whether
use cookies on our you are to
website conducting anmost
give you the investigation for research,
relevant experience competitor intelligence,
by remembering vulnerability
your preferences and repeatassessment, threat
visits. By clicking analysis,
“Accept”, youor
consent to the use of ALL the cookies.
you are simply an individual who cares about his privacy and wants to discover what personal information is already – inadvertently –
Do not sell my personal information.
leaked about him, OSINT will give you the required tools to have access to some of the best available data in the world and mostly for free.
Cookie settings ACCEPT

https://cyberprotection-magazine.com/an-introduction-to-open-source-intelligence-osint#:~:text=Open Source Intelligence (OSINT) … 4/8

7/19/23, 11:53 AM An Introduction to Open Source Intelligence (OSINT) - Cyber Protection Magazine

This was an introduction to the OSINT subject, in the next article, we will explore how to implement many OSINT techniques to gather
intelligence about our targets using online public sources.

The second part of this series can be found here.

Dr. Varin Khera

Chief Strategy Officer ITSEC Group / Co-Founder ITSEC Thailand c | Website

Dr. Khera is a veteran cybersecurity executive with more than two decades worth of experience working with information
security technology, models and processes. He is currently the Chief Strategy of ITSEC Group and the Co-founder and CEO of
ITSEC (Thailand). ITSEC is an international information security firm offering a wide range of high-quality information security
services and solutions with operation in Indonesia, Malaysia, Philippines, Singapore, Thailand and Dubai.

 Previously the head of cyber security Presales for NOKIA, Dr. Khera has worked with every major telecom provider and
government in the APAC region to design and deliver security solutions to a constantly evolving cybersecurity threat landscape.

Dr. Khera holds a Doctor of Information Technology (DIT) from Murdoch University, a Postgraduate Certificate in Network
Computing from Monash University and a Certificate of Executive Leadership from Cornell University.

Dr. Khera was one of the first professionals to be awarded the prestigious Asia Pacific Information Security Leadership Awards
(ISLA) from ISC2 a world-leading information security certification body under the category of distinguished IT Security
Practitioner for APAC.

Related Posts

Open Source Intelligence (OSINT): A Practical example

This is part 2 of our series of articles on OSINT. Find all articles here.…

Tags: osint

Post Quantum Cryptography: Renewing the last line of defense

Open Source Intelligence (OSINT): A Practical example

2 thoughts on “An Introduction to Open Source Intelligence (OSINT)”

Pingback: Open Source Intelligence - All you need to know - Cyber Protection Magazine

Dave

July 16, 2022 at 3:44 am Permalink

I would add journalists to your list of those who use OSINT.

Reply

Leave a Reply
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you
consent to the use of ALL the cookies.
Your email address will not be published. Required fields are marked *
Do not sell my personal information.

Cookie settings ACCEPT

Comment *

https://cyberprotection-magazine.com/an-introduction-to-open-source-intelligence-osint#:~:text=Open Source Intelligence (OSINT) … 5/8

7/19/23, 11:53 AM An Introduction to Open Source Intelligence (OSINT) - Cyber Protection Magazine

Name *

Email *

Website

Save my name, email, and website in this browser for the next time I comment.

Post Comment

Newsletter

Name

Email *

GDPR Agreement *
I consent to having this website store my submitted information so they can respond to my inquiry.

Subscribe

Read our archived Newsletters here.

Support Us

We keep advertising at a minimum to maintain independence. That means we need support from our readers.

How about you buy us a coffee?

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you
consent to the use of ALL the cookies.
Do not sell my personal information.

Cookie settings ACCEPT

https://cyberprotection-magazine.com/an-introduction-to-open-source-intelligence-osint#:~:text=Open Source Intelligence (OSINT) … 6/8

7/19/23, 11:53 AM An Introduction to Open Source Intelligence (OSINT) - Cyber Protection Magazine

Recent

Meta’s Threads threatens personal security for women seeking abortions

Credential Harvesting: Understanding and Combating the Threat

Bolstering Workforce Security During Summer Holidays

Boosting digital hygiene without technology

A Guide to Understanding Vulnerability Reporting and Scoring

Cybersecurity needs cyber deception: stay alert and be aware

Bridging the Gap: Empowering Women for a Stronger Cyber Security Future

How UK organisations can prepare for the next wave of cybersecurity regulation

Latest Podcast

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you
consent to the use of ALL the cookies.
Do not sell my personal information.

Cookie settings ACCEPT

https://cyberprotection-magazine.com/an-introduction-to-open-source-intelligence-osint#:~:text=Open Source Intelligence (OSINT) … 7/8

7/19/23, 11:53 AM An Introduction to Open Source Intelligence (OSINT) - Cyber Protection Magazine

The Looming Identity Crisis

Rohit Ghai, CEO of RSA Security

   
Contact us Advertising Submit Imprint Privacy Policy

The views and opinions expressed on Cyber Protection Magazine are those of the authors and do not necessarily reflect the official policy or position of Cyber Protection
Magazine. Any content provided by our bloggers or authors are of their opinion and are not intended to malign any club, organization, company, individual or anyone or
anything.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you
consent to the use of ALL the cookies.
Do not sell my personal information.

Cookie settings ACCEPT

https://cyberprotection-magazine.com/an-introduction-to-open-source-intelligence-osint#:~:text=Open Source Intelligence (OSINT) … 8/8