Open Source Intelligence can be defined as a process of acquiring information that is available to the general public that is then used for a particular purpose. The purpose of OSINT in an information security context is to collect intelligence to either mitigate risks or exploit those risks. Data collection can be divided into two overall categories: covert and overt. OSINT is considered overt as it uses methods to collect intelligence that is in plain sight.
How is information collected? When people think of open source intelligence, they typically think of acquiring information via search engines like Google or Bing. While search engines like this are valuable, there are a lot more sources that can be utilized.
The “deep web” is one example of a group of sources that is not available via search engine. The deep web refers to a collection of websites, databases, and more that cannot be indexed by search engines. A university database that requires a user to log in is one example. Public government data can be used. There are even websites that will search for Internet-connected devices such as routers. Social media is yet another source.
There are a variety of software tools that can be used for data collection. A few examples of tools used for OSINT include Whois, Nslookup, Shodan, and so on. Tools like this can be used to gather all sorts of network data like open ports, IP addresses, and even a list of public-facing devices that are using default passwords.
What is OSINT used for? Open source intelligence is used by information security professionals as well as threat actors to search out data that reveals weaknesses in networks and organizations. Security personnel will conduct research to identify these gaps in security and patch them. Threat actors will use publicly available information to conduct reconnaissance for the purposes of exploiting a target.
Some examples of weaknesses include open ports, unpatched software, or perhaps information published on social media that’s not supposed to be shared. Threat actors can use malware that targets unpatched software to breach an organization. Information found on social media can be used to social-engineer a target and gain privileged access.
In summary, OSINT is a methodology used in cyber security to collect, analyze, and apply publicly available data for the purpose of safeguarding or exploiting organizations and/or people.