With the availability of tons of threat intelligence subtypes, open-source threat intelligence (OSINT) is the most prominent subtype. And the best thing is – it’s free.
Unlike the major subtypes such as human intelligence, signals intelligence, and geospatial intelligence, and others; open-source intelligence is often misused and misunderstood. OSINT works like this:
Public information exists -> Data is collected-> information is analyzed for intelligence.
Today, more and more companies are seeking solutions to uncover workplace security threats, protect executives, prevent loss, manage assets, and monitor conversations for creating marketing strategies.
But what exactly is open-source threat intelligence?
What Is Open Source Threat Intelligence?
Open-source intelligence is produced from publicly available information, which is then collected, analyzed, and distributed promptly to a relevant audience.
But what do you mean by publicly available? If any professional skills, tools, or techniques are required to access information, it can’t fairly be considered open source.
Crucially, open-source information is not limited to what you find using the major search engines. Web pages and other resources that can be found using Google surely generate massive sources of open-source information, but they are far from the only sources.
There are tons of freely accessible information available online that can be found using search engines. For example, open-source intelligence tools like Shodan and Censys can be used to find IP addresses, networks, open ports, webcam, printers, and pretty much anything else that’s related to the internet.
Information can be viewed as open-source if it is:
- Published for a public audience
- Available to the public by request
- Available to the public by purchase
- Could be seen or heard by any unexpected observer
- Made free at a meeting for public
- Retrieved by visiting any place that is open to the public
How Open Source Threat Intelligence Used?
Now you have a glimpse of what exactly is open-source intelligence, we can look now how it works for cybersecurity.
1. Ethical Hacking
Security teams leverage the power of open-source intelligence tools to identify potential gaps in friendly networks so that it can be easier to handle the threats before occurring. Commonly found weaknesses include:
- Unintentional leaks of sensitive information, such as via social media
- Open ports or unsecured internet-connected devices
- Unpatched software, such as websites running old accounts of traditional CMS products
- Leaked or exposed assets, such as proprietary code on paste bin
2. Identifying External Threats
In most cases, identifying external threats requires an analyst to identify and connect multiple data points to verify a threat before action is taken. For example, while a single threatening tweet may not be cause for concern, that same tweet would be viewed in different data if it were tied to a threat group known to be effective in a particular industry. The same use case can be applied to an IP address or a domain. They might not be relevant in isolation, however, with relevant context, it can highlight a potential attack campaign carried out by a sophisticated threat actor.
Open Source Intelligence Techniques
As we have discussed how open source threat intelligence is used, it’s time to look at some of the techniques that can be used to gather and process open-source information.
First of all, you need to have a clear strategy and framework in place for leveraging the power of open-source intelligence. It’s not recommended to approach open source intelligence from the perspective of finding anything and everything that might be interesting or valuable; otherwise, the absolute volume of information can confuse you.
Secondly, you need to find a set of tools and techniques for collecting and processing open-source information.
There are two types of open source intelligence techniques:
- Passive Collection: It involves the use of threat intelligence platforms (TIPs) to link a variety of threat feeds into a single, easily accessible location.
- Active collection: It is the use of a variety of techniques to search for specific insights or information.
Open Source Intelligence Tools
Internet is flooded with the types of tools available for security teams, and some of the most commonly used and misused open-source intelligence tools are search engines like Google.
There are a series of advanced search functions called “Google Dork” queries that can be used to gather the information they uncover.
Google dork queries are based on the search operators used by IT professionals and hackers regularly for business operations. Common examples include “filetype:”, which narrows search results to a particular file type, and “site:”, which only returns results from a designated website.
Apart from search engines, several tools can be used to identify network weaknesses or exposed assets. For example, Wappalyzer is used to identify which technologies are used on a website and combine the results with Sploitus to determine whether any relevant vulnerabilities exist.
To make the best use of open source threat intelligence, you need to have a clear strategy in mind. Once you have it, you can easily accomplish your objectives, identify the best tools, and techniques that will be much more achievable.
OSINT not only protects from malicious attacks, but it also can gain real-time and location-based situational awareness to help protect people at work, events, and even in the shopping malls.