OSINT Notes.pdf
Document Details
Uploaded by CharmingCherryTree1511
NFSU
Tags
Related
- Chapter 8 - 02 - Discuss Various Threat Intelligence Feeds and Sources PDF
- Chapter 8 - 02 - Discuss Various Threat Intelligence Feeds and Sources PDF
- Threat Intelligence Sources PDF
- Department Of Defense Instruction On Open Source Intelligence (OSINT) PDF
- UNIT1-OSINT - PDF
- OSINT (Inteligencia de Fuentes Abiertas) PDF
Full Transcript
OSINT OSINT refers to all the information that is publicly available. There is no specific date on when the term OSINT was first proposed; however, a relative term has probably been used for hundreds of years to describe the act of gathe...
OSINT OSINT refers to all the information that is publicly available. There is no specific date on when the term OSINT was first proposed; however, a relative term has probably been used for hundreds of years to describe the act of gathering intelligence through exploiting publicly available resources. The U.S. Department of Defense (DoD) defines OSINT as follows: “Open-source intelligence (OSINT) is an intelligence that is produced from publicly available information and is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.” OSINT sources are distinguished from other forms of intelligence because they must be legally accessible by the public without breaching any copyright or privacy laws. That’s why they are considered “publicly available.” This distinction makes the ability to gather OSINT sources applicable to more than just security services. For example, businesses can benefit from exploiting these resources to gain intelligence about their competitors. During the search for OSINT sources, classified information that is not protected properly can appear. This includes leaked documents, such as those published by WikiLeaks. This type of information is called NOSINT, as opposed to OSINT. Intelligence usually considers all sources regardless of their legal accessibility. OPEN SOURCE INFORMATION CATEGORIES The set of sources legally available to the public There are four categories of open information and intelligence as per NATO literature on through specific channels is OSINT:- called gray literature. Open source data (OSD): This is generic data coming from a primary source. Examples These sources include include satellite images, telephone call data and metadata, datasets, survey data, books, journals, photographs, and audio or video recordings that have recorded an event. dissertations, technical Open source information (OSINF): This is generic data that has undergone some filtering reports, and internal first to meet a specific criterion or need; this data can also be called a secondary source. documents of commercial Examples include books about a specific subject, articles, dissertations, artworks, and enterprises, commercial interviews. imagery, and any Open source intelligence (OSINT): This includes all the information that has been information that is discovered, filtered, and designated to meet a specific need or purpose. This information controlled by its producer. can be used directly in any intelligence context. OSINT can be defined in a nutshell as the Gray literature is a major output of open source material processing. element of OSINF and can Validated OSINT (OSINT-V): This is OSINT with a high degree of certainty; the data should be obtained legally by be confirmed (verified) using a non-OSINT source or from a highly reputable OSINT acquiring the permission of source. This is essential, as some outside adversaries may spread inaccurate OSINT its copyright holder or by information with the intent to mislead OSINT analysis. A good example of this is when a paying for it (for example, TV station broadcasts live the arrival of a president to another country; such information through subscriptions is OSINT, but it has a large degree of certainty. agencies, commercial bookstores, and so on. OSD and OSINF comprise the main sources (primary and secondary) of information that OSINT uses to drive its results. Another issue you need to understand within the OSINT context is the difference between data, information, and knowledge. The three terms are usually used interchangeably; however, each one has a different meaning, although the three do interact with each other. Data: This is a set of facts describing something without further explanation or analysis. For example, “The price of gold per ounce is $1,212.” Information: This is a kind of data that has been interpreted properly to give a useful meaning within a specific context. For example, “The price of gold per ounce has fallen from $1,212 to $1,196 within one week.” Knowledge: This is a combination of information, experience, and insight that has been learned or inferred after some experimentation. Knowledge describes what your brain has recorded in the past, and these records can help you to make better decisions about the future when facing similar contexts. For example, “When the price of gold falls more than 5 percent, this means the price of oil will fall too.” OSINT TYPES OSINT includes all publicly accessible sources of information. This information can be found either online or offline, including in the following places:- The Internet, which includes the following and more: forums, blogs, social networking sites, video-sharing sites like YouTube.com, wikis, Whois records of registered domain names, metadata and digital files, dark web resources, geolocation data, IP addresses, people search engines, and anything that can be found online. Traditional mass media (e.g., television, radio, newspapers, books, magazines). Specialized journals, academic publications, dissertations, conference proceedings, company profiles, annual reports, company news, employee profiles, and résumés. Photos and videos including metadata. Geospatial information (e.g., maps and commercial imagery products) OSINT ENTITIES AND ORGANISATIONS The two government agencies that do OSINT globally are the Open Source Center in the United States and BBC Monitoring in Great Britain. Open Source Center (OSC); it is the largest OSINT organization and has vast resources to do its job. OSC works closely with other local intelligence agencies in the United States and offers its services to U.S. government intelligence agencies. BBC Monitoring (https://monitoring.bbc.co.uk/login) is a department within the British Broadcasting Corporation (BBC) that monitors foreign media worldwide. Jane’s Information Group (http://www.janes.com) is a British company founded in 1898. Jane’s is a leading provider that specializes in military, terrorism, state stability, serious and organized crime, proliferation and procurement intelligence, aerospace, and transportation subjects. The Economist Intelligence Unit (https://www.eiu.com/home.aspx) is the business intelligence, research, and analysis division of the British Economist Group. The main domain of the Economist Intelligence Unit is its business and financial forecasts; it offers a monthly report in addition to a country economic forecast for the coming five years with a comprehensive view about current trends on economic and political issues. Oxford Analytica (http://www.oxan.com) is a relatively small OSINT firm compared with the previous two. Oxford Analytica specializes in geopolitics and macroeconomics subjects. It has a global macro expert network to advise its clients on the best practices of strategy and performance when accessing complex markets. Factiva (http://new.dowjones.com/products/factiva) is a global news database with licensed content. It harvests data from more than 33,000 premium sources, and many of these sources (74 percent) are licensed and cannot be found freely online. Factiva collects sources in 28 languages in addition to its unique service of being able to provide access to resources that have not been published yet by their creators. LexisNexis (https://www.lexisnexis.com/en-us/gateway.page) is currently owned by RELX Group (formerly Reed Elsevier). It originally focused on providing high-quality legal and journalistic documents, but it has expanded its coverage to include more services such as media monitoring tools, supply management tools, sales intelligence solutions, market intelligence tools, and risk solutions that analyze public and industryspecific content to predict risk and improve decision-making. PARTIES INTERESTED IN OSINT INFORMATION Government bodies, especially military departments, are considered the largest consumer of OSINT sources. The huge technological developments and widespread use of the Internet worldwide have made governments a huge consumer for OSINT intelligence. Governments need OSINT sources for different purposes such as national security, counterterrorism, cybertracking of terrorists, understanding domestic and foreign public views on different subjects, supplying policy makers with required information to influence their internal and external policy, and exploiting foreign media like TV to get instant translations of different events happening outside. International organizations like the UN use OSINT sources to support peacekeeping operations around the globe. The UN balances superpowers’ and emerging nationstates’ concerns when creating its policy, which requires it to be as transparent as possible. To achieve this, the UN found that it is more convenient to exploit OSINT sources (including commercial satellite images) for intelligence needs instead of depending on reports from its member states, which may have conflicting policies. Humanitarian organizations, like the International Red Cross, use OSINT sources to aid them in their relief efforts in a time of crisis or disaster. They use OSINT intelligence to protect their supply chain from terrorist groups by analyzing social media sites and Internet messaging applications to predict future terrorist actions. NATO depends heavily on OSINT sources for intelligence purposes and for making plans for peacekeeping operations. It also benefits from commercial satellite imagery to plan operations because not all NATO member states have such facilities. NATO has published three standard references about how to exploit OSINT to the public. LEAs Police uses OSINT sources to protect citizens from abuse, sexual violence, identity theft, and other crimes. T his can be done by monitoring social media channels for interesting keywords and pictures to help prevent crimes before they escalate. Law enforcement uses OSINT to monitor and track a criminal’s networks across different countries. Business Corporations Information is power, and corporations use OSINT sources to investigate new markets, monitor competitors’ activities, plan marketing activities, and predict anything that can affect their current operations and future growth. In the past, exploiting OSINT sources was limited to big businesses with good intelligence budgets. Nowadays, with the widespread use of the Internet, small companies with limited budgets can exploit OSINT sources effectively and merge acquired information into their business plans. Penetration Testers and Black Hat Hackers/Criminal Organizations OSINT is used extensively by hackers and penetration testers to gather intelligence about a specific target online. It is also considered a valuable tool to assist in conducting social engineering attacks. The first phase of any penetration testing methodology begins with reconnaissance (in other words, with OSINT). (source: http://www.DarknessGate.com) Privacy-Conscious People These are ordinary people who might want to check how outsiders can break into their computing devices and what their ISP knows about them. They also need to know their online exposure level to close any security gap and delete any private data that may have been published inadvertently. OSINT is a great tool to see how your digital identity appears to the outside world, allowing you to maintain your privacy. Terrorist Organizations Terrorists use OSINT sources to plan attacks, collect information about targets before attacking them (like when using satellite images such as Google Maps to investigate the target location), procure more fighters by analyzing social media sites, acquire military information revealed accidentally by governments (like how to construct bombs), and spread their propaganda across the world using different media channels.