02.05.2023
4 min
1688
The combination of online security and open source intelligence (OSINT) helps both maintain privacy in social networks and effectively use available data for investigations. The article provides the key rules of data protection, the use of VPNs, anonymous browsers, as well as the basic principles of working with OSINT tools for information analysis.
First and foremost, OSINT means the collection, analysis, and interpretation of information that is publicly available and legal to use. This research helps in cyber security, intelligence, law enforcement and journalism. OSINT skills are in growing demand as they enable the extraction of critical data from open sources, which facilitates risk understanding, threat analysis and monitoring.
monitor security risks,
carry out investigations on persons,
fact check
verify information sources,
detect early signs of cyberattacks,
evaluate competitors on the market,
check the reliability of the person.
Artificial intelligence, machine learning, and OSINT natural language processing have revolutionized investigations. These technologies make it possible to automate the collection of information, improve data analysis, and reveal patterns that could previously have gone unnoticed without the use of computer processing. This makes the process faster and more accurate, opening up new opportunities for researchers.
OSINT is a multitasking method based solely on public information. A distinctive feature of OSINT is its focus on open sources of data available to all, as opposed to traditional intelligence methods that use confidential or closed sources of information.
These can be various sources, both online and offline, for example:
Social networks (Facebook, Twitter, LinkedIn, etc.),
News sites and blogs,
Online forums such as Reddit,
Public databases and government records,
Academic publications and research,
Corporate websites and financial reports,
Public events and presentations,
Books and magazines,
Conversations with reliable sources,
Domain name registries,
Geolocation data,
“Deep web” is content that is not indexed by search engines.
Intelligence based on open sources includes a clear sequence of steps for obtaining and processing data:
Data collection. Determine the purpose of the study and collect relevant data.
Organization of information. Organize information by creating a structured system.
Interpretation of findings. Critically analyze the resulting data to identify patterns.
Reliability check. Check the reliability of sources using fact-checking.
Draw conclusions. Use the obtained results to make decisions or prevent risks.
Intelligence based on open sources can be used both for personal and business needs. OSINT helps:
Verify information,
Protect your online reputation,
Investigate possible fraud,
Reduce security risks,
Hire specialists,
Conduct marketing research.
OSINT is a broad concept that can be divided into such areas as:
SOCMINT (social media intelligence) uses publicly available information from platforms like Facebook, Twitter to gather data about people’s relationships, locations and views.
HUMINT (agency intelligence) focuses on gathering information through interviews or surveillance.
GEOINT (geospatial intelligence) uses satellite images and maps to investigate locations.
FININT (financial intelligence) tracks financial transactions and cash flows.
SIGINT (signals intelligence) analyzes communication signals, such as emails or phone calls, to identify communication patterns.
Each OSINT method focuses on different sources of information for different intelligence purposes.
Not all OSINT techniques are manual. To optimize data collection, there are tools that can significantly save your resources. These include programs for automatic data collection, web analysis, social media searches, and activity tracking. The choice of tools depends on the specific objectives of the investigation, the volume of data and the required depth of analysis. Useful applications for OSINT intelligence include:
Hunter.io is a search tool for finding email addresses associated with domains. Suitable for B2B lead generation and helps establish contacts through HUMINT research.
X-Ray Contact is used to search for a person’s digital footprint, even with minimal initial data, such as a name or username. Suitable for SOCMINT.
Mention is a tool for real-time monitoring of brand mentions, discussions in social networks, convenient for SOCMINT companies.
SEC EDGAR — provides access to public financial statements of companies, assists in FININT investigations.
Shodan is a search engine for discovering Internet devices such as webcams, servers, and IP addresses important to SIGINT.
Google Earth Pro is a platform for researching satellite images, maps, 3D terrain, ideal for GEOINT intelligence.
Pimeyes is an image search service with face recognition that helps you track down photos with a specific person.
Social Links — automates the process of collecting data from open sources and creates a convenient visualization of the received information.
RocketReach – Find contact information for sales and marketing professionals.
OpenSanctions is a tool to check if a person or company is under sanctions.
WhatsMyName – aggregates social network user profiles, helps SOCMINT investigations to collect identity data.
Here are some real-life examples of successful OSINT investigations so you can better understand the concept:
Europol’s Stop Child Abuse – Trace an Object program uses OSINT techniques to uncover criminals who commit crimes against children thanks to tips from the public. Thanks to OSINT intelligence, this initiative has already helped identify many victims and apprehend criminals.
In 1991, OSINT sources were needed to track down and arrest notorious criminal Pablo Escobar. Clues such as financial reports and analysis of media materials helped bring down his drug cartel.
After the crash of Malaysia Airlines flight MH17 in 2014, OSINT resources such as satellite images, social media coverage, videos published on the Internet helped to identify the criminals involved in the attack.
In 2020, a group of individuals used HUMINT techniques to facilitate a major Twitter data leak for the purpose of a Bitcoin scam.
During OSINT investigations, it is important to avoid the transition from legal information gathering to hacking. OSINT focuses on exploiting publicly available data sources on the Internet or offline, while hacking involves illegally accessing protected systems through vulnerabilities or malware. Although OSINT is legal and ethical, in the wrong hands it can become a tool for criminals. They can use this data to stalk, obtain personal information or trade secrets of companies, leading to serious privacy violations.
Malicious OSINT researchers can easily obtain data such as real names, home addresses, phone numbers, financial information and other sensitive details without victims’ consent. Such activity undermines trust and can be used for blackmail or harassment. In addition, OSINT can be used for corporate espionage to obtain trade secrets, intellectual property, or other sensitive corporate data. Therefore, when using OSINT, it is important to adhere to ethical standards and ensure the protection of personal information of people and organizations.
Yes, an OSINT investigation is legal because it only uses information that is publicly available. This is data that is knowingly made public by individuals or organizations. There is nothing illegal in analyzing this data as it is already publicly available. However, it is important to remember that using OSINT techniques to commit crimes such as hacking, phishing or identity theft is illegal and punishable by law. OSINT must be applied ethically and within the legal framework.
Despite the perceived anonymity on the Internet, it is quite difficult to maintain confidentiality. Social networks attract many interested parties, such as marketers and dark web criminals, who are looking for personal data. To protect your online privacy, it is important to follow certain tips, even if you are not an expert in OSINT tools.
First of all, personal data in the context of social networks includes any information that can identify an individual. This can be real name, demographic data, photo, contact information and place of residence. Your social circle, interests, and activity can also be determined based on your interactions. Companies and attackers often seek even deeper data, such as financial information or your social media habits, creating privacy risks.
Although social networks try to protect users through rules and moderation, there are no guarantees of privacy. Ultimately, the responsibility for the security of their own information lies with the user, since only he can control what is published and how his personal information is used. That’s why it’s important to always be careful about what you share on social media and take steps to protect your privacy.
Here are the main threats you can face online:
Leak of your information. In the best case scenario, you can become a target for companies or social networks themselves, which process your information for the selection of targeted advertising. In the worst case, the privacy of the information will be compromised by cybercriminals to resell it, demand ransom, make you a victim of fraud, etc.
Phishing. Cybercriminals can use your information posted on social networks to force you to reveal your data or lose your money. A typical feature of phishing schemes is that criminals pretend to be your relatives, colleagues, reputable financial institutions, etc. in order to instill trust. Your personal information, which was published by you independently or “merged” on the network without your consent, is the key to tailoring a phishing scheme specifically for you.
Dissemination of misinformation. You may accidentally believe posts that are designed to manipulate your thoughts or actions. For example, becoming a victim of the Russian IPSO, which is distributed by bots in social networks under the guise of believable posts from Ukrainian users. Also, rumors and fakes can spread about you, especially if you are a person with a wide social platform. Therefore, ensuring online privacy is one of the methods of data protection on the Internet.
A digital print cannot be completely removed. Everything that was once published on social networks or elsewhere online remains on the Internet forever. Even if you have “cleaned social media” and removed unwanted information from unwanted sources, your personal data can still be obtained using OSINT methods.
The best way to protect yourself from social media threats is to be proactive about keeping your information private. Privacy means you can control who sees your posts, photos, contact details and other information. It’s important to only share information with those you trust. However, complete online privacy is almost unattainable due to data leaks, social media processing of information, and the risk of revealing your identity to other users.
However, despite the impossibility of ensuring complete confidentiality of information online, this does not mean that nothing can be done. Strengthen your online security and take care of your privacy with these basic techniques:
Use a VPN.Almost everyone now knows about VPNs as a method of encrypting your traffic to access sites that are blocked in your country. However, another important function of such services is to hide your real IP address. In this way, attackers, marketers, or even the providers themselves will not be able to get personal data about your real location. There are many similar services, such VPN services as NordVPN, Windscribe or Surfshark to strengthen your security on the network. Our advice: Don’t neglect a VPN especially when using public Wi-Fi, such as in a cafe.
Two-factor authentication.Enable two-factor authentication when you sign in to your accounts on all social networks. This way, your profile will be much harder for attackers to hack, so there is a better chance of keeping the information you share in personal correspondence or on closed accounts confidential. However, be aware that two-factor authentication via SMS can be dangerous, as phone number cloning services exist. The best option is to trust specialized services, such as Google Authenticator, to ensure maximum confidentiality of information.
Use one-time contact details.Our advice: do not register on many social networks or other sites with the same email or phone number. If your personal data is stolen on one platform, all others will also be immediately at risk. The best solution: create temporary mail with services such as Crypto Gmail and create new virtual numbers using eSIM+.
Anonymous browsers.Conventional browsers such as Chrome or Safari are not able to fully protect the privacy of information, even if you enable the anonymity mode. If you want to search for information online with complete protection from third parties, try anonymous browsers such as TOR, Idyll or Waterfox. Anonymity is your safety when researching online.
Do not open suspicious emails or files.If you have even the slightest doubts about whether a message, link, or file is real, try the VirusTotal service. It will help to find out whether they are infected with malicious software in order to compromise the confidentiality of information.
Take care of your passwords.Create strong, unique passwords for each of your accounts. The best way to keep the information you use to log in private is to choose a trusted password manager like LastPass, 1Password, KeePass. This is much more secure than storing this personal information in a file on your device.
Any platform provides users with the ability to maintain some confidentiality of information and have the right to privacy. Remember:
You have the right to control what data social networks collect.
You have the right to review the privacy policy and to consent or decline.
You can exercise the right to have your data deleted (“right to be forgotten”).
You have the right to opt out of personalized advertising.
You have the right to be informed about data leaks and changes in the rules of using the platform.
