Daily Post 1369


What data you create while being on the internet indulging in all activities from official to the weird can make you go topsy turvy. When connected with the data of other individuals, friends, foes & activities, it can create trails, matrix, connects, correlations, patterns and even predictions, which our uninitiated brain cannot imagine of. A stage further, it gets connected with the generic data bases; company detail, passenger manifest, CCTV searches, payments, website ownership etc, the data points get connected to give an exponential picture, a picture which is not only a digital reality, it is the physical reality, it is the real you and not what you project to be.

Propelled by technology of finding a meaning out of the huge date resources of the world, Open Source Intelligence, OSINT, ”is the process of someone (or a device or algorithm) gathering publicly available information on a person, group, or organisation.’ It can be done for legal purposes or commit criminal acts, the tools and the platform remains the same. ”It simply depends on the intent of the reconnaissance.” OSINT thus is the use of publicly available resources to find out information about the target. Target can be anything. The downing of the airliner by Iran and the Ukrainian rebels of MH-17 could be fixed only by OSINT. There are large databases of information which are available publicly and are free to search.

A must for everyone to know, these sources include; internet databases (DNS, Whois), municipal databases (housing purchases, driver licenses, taxes paid), judiciary information (court dockets, marriages, divorces), voting histories, donation histories, general search engines (Google, Bing), and specialised search engines (Shodan). Landmines to follow are social media sites and the internet harvesting tools like the Harvester, FOCA,Metaoofil etc. Besides these, there are literally thousands and thousands of free, publicly accessible sites and services. This is the tinderbox you are on. This is the world you interact with on a day to day basis. Simply put, this is an automatic creation of trail nobody can come out of. Caution is the only answer.

There are purely legitimate OSINT sites and services, the multitude of ”dump sites” and ”pastebins.” Darkweb sites both paid and commercial can be included in this definition. Unauthorised and confidential information is also traded for a price. ”You can’t mitigate what you don’t understand.” You should know what is OSINT information available about you, adversary should not be the first one. What you find unpalatable, wherever authorised to remove, do it, other places you can ask the hosting agency to remove. Generally, they cooperate. Try and think of scenarios in which he hacker can use that information. Either way, ”one of the best defenses is to understand how much OSINT is out there about you and your organisation and then take appropriate defensive mitigations.”


Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.

Scroll to Top