02 Oct 2021

OSINT: What is it and how is it used?

Open source intelligence (OSINT) means collecting information from public sources, analysing it and using it for intelligence purposes. The sources can vary from television and tabloids to blogs and websites, social media, research papers, business documents, and anything you can find online or offline. OSINT covers various types of intelligence. The main categories are human intelligence (HUMINT), measurement and signature intelligence
(MASINT), signals intelligence (SIGINT) and imagery intelligence (IMINT).



In OSINT, the term ‘open source’ refers to information that is available for public consumption. Web pages and other resources that can be found using Google constitute huge sources of open source information, but they are not the only sources. For example, online tools like Shodan and Censys can be used to find IP addresses, networks, open ports, webcams, printers and pretty much anything else that is connected to the internet.

How is data collected?

Collection of OSINT broadly falls into two categories: Passive collection and Active collection.

As the word suggests, ‘passive’ means obtaining OSINT in an uncomplicated and simplified manner. Information collected passively might include the headlining articles on a global online new source, or the popular posts of a public social media user. These users would rather remain invisible to their research subjects to avoid a negative response.

On the other side of the OSINT spectrum, active OSINT implies a dynamic approach to locating public data. These researchers need to have basic credentials like emails and usernames to gain access to the sites that hold important data. This information could be less obvious or hidden to the typical online user. One could choose to download a PDF file linked to a research subject’s blog, or ask to become friends with someone on Facebook to view their status updates. In such cases, you need not worry about revealing your identity to subjects of inquiry.

Tools and techniques of data collection:

There are a number of tools and techniques available online for researching and analysing public information. This information can be used by anyone, more so by analysts in investigative rolls. Let’s take a look into some popular OSINT techniques used in cyber security:

● Monitoring personal and corporate blogs, as well as reviewing user activity on digital forums.

● Identifying all social networks used by the target user or company.

● Searching for photos and videos on common social photo sharing sites such as Flickr, Google Photos, Facebook, etc.

● Collecting employees’ full names, job roles, as well as the software they use.

● Accessing old cached data from Google, which often reveals interesting information.
Common tools used in OSINT:

Maltego – it is a product of Paterva, and is a part of the Kali Linux operating system. This tool helps to observe against targets with the help of different built-in transforms.

Shodan – it is a search engine just like Google, but instead of showing websites, Shodan shows the servers, networks, and internet connected devices which are crucial for security research.

Google Dorks – this is a technique called Google dorking, or simply Google hacking. One uses the Google advanced search parameter directly in the browser to refine their search results and get the required information.

Applications of OSINT:

1. Ethical hacking and penetration testing
Security professionals use OSINT to identify potential weaknesses in friendly networks, so that they can be corrected before they are exploited by threat actors. For eg. accidental leaks of sensitive information through social media.

2. Identifying external threats
From identifying which new areas are being exploited, to intercepting threat actor ‘chatter’ about an upcoming attack, OSINT helps security professionals to prioritise their time and resources to address important threats.

3. Pre-employment screening
An OSINT analysis can offer a company with a ton of helpful information about a candidate before they are recruited. For eg., inappropriate social media blog posts, videos, pictures, blogs, forums are all sources of evidence that can be evaluated during OCINT pre-employment screening

The dark side of OSINT:

While the use of OSINT has been praised by the police and journalists for its crime-solving efficiency, public data can be dangerous when used in haste on social media. Also, this data is accessible to cyber criminals who can use it wrongly. For eg: In May, a video of a woman floating a national COVID-19 mask mandate went viral on social media. In the clip, the bare-faced woman argues with passers-by, defending herself as a ‘sovereign’, and hence, exempt from the law. Following her arrest, internet detectives took matters into their own hands. They soon identified the woman as the CEO of a digital security firm, and posted her personal information online. The only problem was, they got the wrong person! But the damage had already been done: false accusations against her led to a volley of racist and xenophobic comments online.