São Paulo/SP – August 25, 2022. OSINT is a term used to refer to Open Source Intelligence, which is the method of obtaining information for free use, available in open sources such as magazines, websites, books, news, among others.
*By Leandro Viana
Upon hearing the word OSINT, the first reaction of most people outside the Information Security field will probably be: What is this? where do you live? What do you eat? But the truth is that everyone has carried out a survey, however small, at one time. And that, my dears, is a kind of OSINT.
OSINT is a term used to refer to Open Source Intelligence, which is the method of obtaining information for free use, available in open sources such as magazines, websites, books, news, among others.
When we do a Google search, for example, looking for names, addresses, news from newspapers, searching for profiles on social networks, this is all a form of OSINT. The options and ways are the most diverse, and the level of depth of your research has more to do with your curiosity and an “outside the box” way of thinking than with technical knowledge. However, like everything else in life, if we want to get the most out of this technique, it is important to look for the tools available on the market and understand what each one can provide us with information, in order to achieve the greatest amount of relevant information about a target.
OSINT example
- I want to research something.
Can I perform the search using tools other than Google? How about seeing what the same search brings up if I go to Bing or Duckduckgo?
- I want to meet a person, but I don't have much information.
What are this person's hobbies? Are there no pages, groups or communities with this specific hobby? How about filtering by location? Or even by comments on a post, likes on a photo. Can't find a comment or like from this person?
With these simple ways of thinking, we are making searches much more aware of the power of reach that we can reach, bringing much more satisfying results.
The importance of OSINT
In the example above, we had a different view of searching for a person, based simply on the hobby information that person would have. But in the same way, instead of having a person as a research target, it could still be a situation of much greater relevance.
A search for a missing person, information about a company that is no longer in business, a more detailed job for a college or simply a random search for news that interests us.
To avoid being targeted by OSINT attacks
As OSINT is a method that can be used by any person, company or even bad intentioned people, we must take some precautions regarding what is being published, the reach and availability of viewing and access to these publications, be they photos, comments, or even documents and files that may contain sensitive information.
With the lack of information and awareness, we can run the risk of exposing personal and business data of disastrous proportions falling into the hands of bad intentions.
Therefore, we can take some points as tips to avoid information leaks.
- Make sure the public file does not contain personal information (personal name, address, etc.)
- Check that the company's internal information is not included in social networks, announcements, personal publications, etc.
The disclosed information could be useful to an attacker. Also, if an account password is easy, it can lead to unauthorized access. If the disclosed information is linked to inside information, this in itself will result in an information leak. Therefore, it is important to make each employee aware of information security.
Summary
With OSINT, everyday information from personal interests to sensitive information about people and companies becomes fully accessible.
We must therefore make our friends and co-workers aware of the importance of keeping confidential information in secure environments. Which strengthens the security of personal and company information.
— Leandro Viana is a Pentester | Cybersecurity | RedTeam at [SAFEWAY]
How can we help?
THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.
today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.
In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law Suit, People and Technology.
through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!
