Hacking

OSINT (Open-Source Intelligence)

With an estimated 80% of required information available for use in an open source for specific information vital for a deep analysis in newspapers, magazines, industry newsletters, television transcripts, and blogs. OSINT makes our work easier, by using OSINT we are able to get important information in just a couple of minutes.

OSINT (Open-Source Intelligence) helps us to find, select and acquire information from available public sources. It's a myth that OSINT is an Open Source Software like nmap. OSINT refers to any un-classified intelligence and includes anything freely available on the Web. OSINT sources include business websites, social networks, videos, forums, blogs, and news sources.

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Download Now

OSINT is unclassified and available, but link-crawling search engines like Google do not always access it. By researching various sources online we are able to get more information about what a company, individual, group, or country is up to, but it's not always easily found. The use of OSINT has grown within the private sector as well as being a mainstay of the military and the intelligence services for year.

Today it's common to see corporations using OSINT but perhaps calling it "Competitive Intelligence". However, the main motto of OSINT is to gather open source information and then analyse it to generate reports on subjects and raise awareness.

Open sources of information

Sources from where we can collect information (seen below):

Media: newspapers, magazines, radio, television, and computer-based information.
Web-based communities and user-generated content: social-networking sites, video sharing sites, wikis and blogs.
Public data: government reports, official data such as budgets, demographics, hearings, legislative debates, press conferences, speeches, marine and aeronautical safety warnings, environmental impact statements and contract awards.
Professional and academic: conferences, professional associations, academic papers, and subject matter experts.

Open source information transition 1455 to 2008

Elements of OSINT

The OSINT process includes four key elements:

Uncovering –Knowing who knows about the data and knowing where to look and we get the appropriate data are the key process which leverages distributed centres of expertise and archival knowledge.
Discrimination - Careful discrimination between good and bad sources, current and outdated sources and relevant and irrelevant sources is part of the unique value of the process.
Refining - The most important value added by the process is that of Refining; the final research report may be as short as a paragraph or a page.
Delivery - The best intelligence/research in the world is useless if it cannot be delivered to the client in a timely fashion and in a format that can be easily understood.

What OSINT can do?

From the use of OSINT tools we are able to achieve following information of an individual or organization.

Email addresses
Phone numbers
- OS info
- IP info
- Software's / version
- Geolocation
- Personal details

Before OSINT

After OSINT

OSINT Cycle:

Diagram1

Where we can use OSINT?

1- Business Intelligence

Executive and Employee Background Checks
Due Diligence on Potential Clients and Competitors
Corporate Self Analysis
Competitor Analysis

2-Government Intelligence

Products needed for Military Applications and Non-Military Applications

3-Individual intelligence

For finding people by name, email, address, and phone.

OSINT tools

Some OSINT tools are listed below:

The Wayback machine:

Sometimes you run into searches that turn up sites that are archived online at Google (cache) but often times sites that are no longer online are in fact archived by the likes of the Wayback Machine. This site has been really helpful lately for sites that were around circa 2001 but were taken down since then by people who didn't want to have their data out there anymore.

Go to archive.org and enter the name of the website.

Choose the year and the month from the time of its establishment till now.

And you will get the desired result.

Who.is:

Today it's easy to attempt to obfuscate who you are if you own a domain, and don't want people to know who really owns it. This privacy shield though sometimes is an afterthought if one at all so, one can gain a great deal of information about a target or a piece of the puzzle by looking at the domain data. Many engines and sites exist out there and I would just Google around some more for the ones you like. Some of them are Meta engines and will give you a lot of relational data to boot. One such site is Who.is

Who.is, is nice because it gives you a lot of info about the domain, the IP it sits on, the domain owner data, as well as things like what other domains reside on the same server spaceIT helps to search the who.is database, look up domain and IP owner information, and check out dozens of other statistics.

Go to who.is and enter the name of the website whose information you want to get.

And you will get the whole information of the site which includes the details of Who.is, Website Info, Traffic Info, History, DNS Records, Raw Registrar Data and much more.

Fig: contain overview of website.

It gives information of the administrator contact person, technical contact person including his/her email ID , address.

Fig: Details of Raw Registrar Data

Maltego:

Maltego is an open-source intelligence and forensics application developed by Paterva. Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining.

What does maltego do?

Maltego, is a program that can be used to determine the relationships and real world links between:

People

Groups of people (social networks)

Companies

Organizations

Web sites

Internet infrastructure such as:

Domains
DNS names
Netblocks
IP addresses

Phrases

Affiliations

Documents and files

These entities are linked using open source intelligence.
Maltego is easy and quick to install - it uses Java, so it runs on Windows, Mac and Linux.
Maltego provides you with a graphical interface that makes seeing these relationships instant and accurate - making it possible to see hidden connections.
Using the graphical user interface (GUI) you can see relationships easily - even if they are three or four degrees of separation away.
Maltego is unique because it uses a powerful, flexible framework that makes customizing possible. As such, Maltego can be adapted to your own, unique requirements.

Download Maltego from paterva.com and register yourself at Maltego community server. After its setup, launch it and enter the mail address and password to log in to the Maltego community server.

There are numerous options in Maltego. Suppose you want to search any domain and other information associated with that domain. Pick up the option of domain from the left side window and drag it to right side window. Rename the domain name to the site name whose information you want to get.

Right click on the domain name and then select "All Transform". By choosing this option you will get all the information weather it's an email ID, DNS related to Domain, Domain owner details, file and documents from details, telephone numbers, etc. Wait for a few moments to complete the transform and you will get the desired result.

You can perform various transforms with Maltego. If you want to know the information about an email ID. Just drag the icon of email address to right side and perform all transform. It gives the results such as other email ID's associated with that email ID, social networking sites and much more.

Translation services:

Today much of the content out there is in languages other than the one you might speak fluently. There are many online translation services such as Google translate and Bing translate that makes our work easier to change the other language to our familiar language.

Go to translate.google.com and enter the text, webpage URL or choose the document you want to translate.

Jigsaw:

Jigsaw is a prospecting tool used by sales professionals, marketers and recruiters to get fresh and accurate sales, leads and business contact information. Jigsaw is an online business directory of companies and business professionals that is built, maintained and accessed by a worldwide community of over a million subscribers. A large database allows members to exchange and share the business information of more than 29 million contacts from over 4 million companies.

Go to jigsaw.com enter the name of the company, name of the person who you want to search, job position or mail ID of the person and you will get several results, for more specific result you can use the advance search option.

IP2Location:

IP2Location is a non-intrusive geo IP solution to help you to identify visitor's geographical location, i.e. country, region, city, latitude, longitude, ZIP code, time zone, connection speed, ISP and domain name, IDD country code, area code, weather station code and name, and mobile carrier, elevation, usage type information using a proprietary IP address lookup database and technology without invading the Internet user's privacy.

Go to ip2location.com.In search box type the IP whose information you want to get.

Newsnow:

NewsNow provides a service in which breaking news articles are matched against key-word topic specifications, the relevant links and publication names are then delivered to the user.

Go to newsnow.co.uk. Enter the keywords, name of person, name of organisation whose news you want to get and press search button and you will get the results. NewsNow is mainly used in organizations to find the news of a competitor organization.

Social mention:

Socialmention allows you to easily track and measure what people are saying about you, your company, a new product or any topic across the web's social media landscape in real-time. Social Mention monitors 100+ social media properties directly including: Twitter, Facebook, FriendFeed, YouTube, Digg, Google etc.

Go to Socialmention.com enter the keyword or phrase and press enter and you will get the results from all the social media. It used to for survey of a product i.e. what people are saying about the newly launched product. It works as a review analyser for the organisation.

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Download Now

Limitation of OSINT:

Information overload- Information provided by OSINT Tools is huge in amount, filtering or harvesting of data is quit time consuming.
False Positive- Result given by OSINT tools may be right or may be wrong. There is no guarantee that the result provided by OSINT tools is totally right.

Conclusion:

As technology increases day by day the need of fast and specific information gathering arises, and it increases the need of OSINT. In the upcoming years OSINT will become the basic need of the organization weather it's private or government. By using OSINT we are able to get important information's in just couples of minute which is only possible by deep analysis in newspapers, magazines, industry newsletters, social networking media, television transcripts, and blogs.

Sources

Posted: September 11, 2013

Warlock

View Profile

Warlock works as a Information Security Professional. He has quite a few global certifications to his name such as CEH, CHFI, OSCP and ISO 27001 Lead Implementer. He has experience in penetration testing, social engineering, password cracking and malware obfuscation. He is also involved with various organizations to help them in strengthening the security of their applications and infrastructure.