Open Source Intelligence (OSINT) and Its Effect on Cybersecurity
The military uses two techniques of data collection and information gathering for their observations; covert techniques and overt techniques. Covert techniques are secretly gathering the information or data from secret data sources, therefore these covert techniques are usually illegal. Overt techniques are collecting the data or information openly or in plain sight, because that it is in plain sight, these techniques are usually not considered illegal.
Open Source Intelligence (OSINT) is an overt technique of data collection. The definition of OSINT is changing day by day, in a 2011 document issued by the Office of the Director of National Intelligence, OSINT was defined as “Intelligence produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.”[1] The utilization of open sources for intelligence is dating back to the Second World War, the US government recognized the value of openly available media sources[2] at the time, and the main objective was to understand, translate and analyze foreign radio broadcasts and press.
With the new era of technology and internet; the definition of OSINT got more complicated, people are effortlessly making their information and data available online and in other platforms. They are putting their emotions, pictures, news, thoughts, professions and every data or information they are willing to put out, on to the online world. The mass of data relating to their information is increasing every day, but it does not mean the OSINT is a lot easier because of it. The mass of information is making it harder to manage and navigate around the data. The law enforcement and intelligence requires specialized tools to analyze those open sources legally and accordingly to the forensic standards. The computer power needed for the processing is also increasing, therefore tech companies put all their efforts onto machine learning and AI to process the information.
There are six main categories to perform an OSINT:
- The use of public media sources, such as news reports, printed magazines, and newspapers.
- The internet, and can include everything from online databases, social media, and search engine manipulation. In addition, it also includes online publications such as blogs and discussion groups.
- The use of public government data, such as; budgets, public hearings, publicly available reports and records; in such cases the data comes from official sources.
- The use of commercial data, which can include; financial, corporate databases and assessments.
- The use of academic and professional publications, such as; academic papers, dissertations, journals, theses.
- The use of grey data, this can be described as “hard to find” data which includes; unpublished works, technical reports, business documents and patents.
The techniques to perform an OSINT may result with an “information explosion” which can be described as a data overload, due to the increase of online data, the information that can be used to practice OSINT got extensive, and trying to analyze the masses of data will slow down the process of OSINT.[3]
OSINT is also used by hackers for their malicious purposes, to deceive or impersonate their target they require a lot of information, and they choose to gather those information through an OSINT. Open Source Intelligence has its vulnerabilities regarding cyber security, and can result in data breach, identity theft, cyber-attacks or exposure of personally identifiable information on the internet.
It is almost impossible in today’s online world to protect ourselves from Open Source Intelligence, it is not in itself a form of hacking but rather used by hackers as a tool. Data will always be available through public records, but the most effective way to protect ourselves from a broader and an unwanted OSINT is to be mindful of the information we share online, and perform a regular search to ensure what type of information is available.[4]
[1] Office of the Director of National Intelligence, U.S. National Intelligence: An Overview 2011, Washington, D.C., 2011, p. 54.
[2] Glassman and Kang, p. 675.
[3] Patrick Putman, What is open source intelligence?
[4] Patrick Putman, What is open source intelligence?