SecureWorld News

Open-Source Intelligence: Using Public Data to Fortify Security

Written by Drew Todd | Mon | Nov 6, 2023 | 5:01 PM Z

In the interconnected digital landscape, vast amounts of valuable intelligence can be gleaned from publicly available open sources on the internet. Enter open-source intelligence (OSINT), the practice of legally collecting, analyzing, and making decisions based on public data.

OSINT provides a trove of information that can be extremely useful for both ethical security research and nefarious activity. As more personal and organizational data ends up online—whether through social media oversharing, high-profile breaches, or surveillance capitalism—the OSINT surface area continues to grow.

In a recent SecureWorld Remote Sessions webcast, Rosa Smothers, SVP of Cyber Operations at KnowBe4, delivered an insightful presentation on leveraging open-source intelligence to improve organizational security.

"It's not if the bad folks are going to be after you; it's just a matter of when," cautioned Smothers. "When conducting open source investigations, it's very important to make sure your computer is set up to quarantine and not potentially infect systems."

Smothers, a former CIA cyber threat analyst, revealed how cybercriminals and nation-states use OSINT to gather intelligence and exploit vulnerabilities. By searching public data sources such as social media, data brokers, network tools, and exploit databases, attackers can quietly build extensive profiles of targets.

However, security teams can use these same OSINT resources to their advantage. Smothers demonstrated free web tools—including What's My Name, NameCheckup.com, and OSINT Framework—that help gather usernames, domains, IP addresses, and other intelligence. More advanced paid tools such as Maltego and Analyst's Notebook assist with visualizing and analyzing OSINT data sets.

"The lesson here is just how easy it is for the bad guys and gals to look for targets of opportunity," Smothers explained. "OSINT threats should be considered alongside network and social engineering threats when evaluating your overall security posture."

By understanding hackers' TTPs (tactics, techniques, and procedures) and adopting OSINT techniques, defenders can get ahead of threats, monitor for suspicious activity, verify IP addresses, close security gaps, and even properly attribute cyberattacks. Smothers encourages security teams to leverage OSINT resources to build "health paranoia" and fortify their human and network perimeters.

If you are interested in hearing more from Smothers on OSINT, all of our Remote Sessions webcasts are available to watch on-demand and can be found here. Attendees can earn 1 CPE credit in each educational session. 

Follow SecureWorld News for more stories related to cybersecurity.