As the Internet has evolved, there is a highly growing inclination to find information on a vast range of subjects, to mention but a few, posts and user profiles on social media, participants of a given social event in town, and a friend’s business premises, among others. A number of unwary Internet users spend time posting information of themselves including images, videos, comments, etc. in illegal or compromising positions to the detriment of their online safety, Reconnaissance is the most likely attack that such kind of users are prone to, and it is highly geared by Open Source Intelligence (OSINT) that relays information collected from public online sources.
Huge amounts of personal and organizational data can be accessed on websites, apps, and social media platforms that people access and update daily on their devices. Whereas OSINT is not a bad thing in itself since it is usually employed by law enforcement personnel and private detectives, hackers today leverage it with social engineering to exploit poor online practices of Internet users.
Criminals primarily use OSINT to target victims and conduct other attacks against people and their electronic data. Finding data on people, especially basic content such as usernames, email addresses, home addresses, and phone numbers, can be simplified using online search engines like Google and Bing, in addition to social media sites such as Facebook, LinkedIn, Twitter, and Instagram. Hackers can also do OSINT about networks and computers, through searching IP addresses, domain names, and related content can be important for a successful attack.
In respect of the threat landscape, what can you do to avoid falling prey to OSINT ploys? The key to circumventing OSINT is to restrict the amount of information that is available online, and the best way of achieving this goal is through testing. Start a review of your public online presence on the following target areas:
- Geographical locations of offices, especially remote or satellite offices that share corporate information but may lack stringent security controls.
- Employee names and contact information, especially names, email addresses, and phone numbers on the website, blogs, social media pages, and third-party data repositories such as public financial records.
- Clues about the corporate culture that can fuel social engineering attacks.
- Business partners or vendors that may connect into the target’s network.
- Press releases about adopting new devices or software.
- Government, financial, or other regulatory sites that provide information on mergers and acquisitions, names of key persons, and supporting data.
- Usenet newsgroups, particularly postings from the target’s employees looking for help with particular technologies.
- LinkedIn and other websites that provide employee information.
- Job search websites, especially ones for technical positions that provide a list of the technologies and services that must be supported by a successful applicant.
- Corporate and employee blogs, as well as personal blogs of key employees.
- Sites that provide lookups of DNS, route, and server information, such as Traceroute [traceroute.org], DNSstuff [www.dnsstuff.com], and Netcraft [www.netcraft.com].
- Shodan [shodanHQ.com] which lists Internet-accessible devices and allows the tester to search for devices with known vulnerabilities.
- Password dumpsites such as [Pastebin.com].