Open Source Intelligence (OSINT)

What is Open Source Intelligence?​

The term ‘open source’ refers to publicly available information. Open Source Intelligence, OSINT for short, refers to data and information that’s been collected from numerous sources to be used for intelligence purposes.

OSINT is primarily used in law enforcement and business intelligence, but is also valuable and widely-used by security professionals to help them carry out their services, assessments and security testing procedures. While Open Source Intelligence does derive a great deal of information from publicly available sources, ranging from social media data to online publications, there are concerns for its legitimacy and accuracy.

Security Concerns Around OSINT?​

Many information sources detail valuable data via OSINT, but some other information sources may be accidentally or deliberately manipulated to reflect false, erroneous or incomplete data. Not to mention the fact that information may become outdated and obsolete as time passes. Due to the nature of Open Source Intelligence analysis, it can be hugely effective if used the right way. At the same time, it can prove ineffective if a well-planned strategy hasn’t been implemented.

Bridewell use OSINT to identify potential vulnerabilities and weaknesses in networks, which should ideally be rectified and strengthened before they are exploited by cyber attackers. Unfortunately, the reality is that if something is available to intelligence analysts or law enforcement officials, it is also available to potential attackers.

Using OSINT services for security purposes is incredibly important. It allows Bridewell to isolate and address weaknesses in a network, or remove any sensitive data or information before an attacker has the chance to exploit them using the same tools and techniques.

What Can OSINT Divulge?​

When Bridewell carry out an Intelligence Gathering (where we perform reconnaissance against a target to gather as much information as possible), as is expected, the intelligence cycle can return very little or overwhelming amounts of information. The extent of what we discover during the intelligence cycle can be hugely beneficial to us when it comes to the vulnerability assessments and exploitation of each penetration testing exercise. The more information we can gather using OSINT, the more vectors of attack we can identify and utilise. Accurate, detailed planning and preparation are both crucial to ensuring a successful ethical attack.

Each target’s requirements are different. While a Red Team analysis may disclose more detailed information, Bridewell will still consult OSINT to discover the following information from publicly available sources:

  • Physical security measures for the location
  • Infrastructure and networking detail
  • Full DNS listings of all associated assets
  • Netblock owners (whois data), email records (MX + mail address structure).
  • Any other information relating to organisations and employees which could potentially be used in future exploits.
  • We can also find previous breaches and any passwords which are associated with any organisation’s accounts, which could be used to gain access if any employees reuse them.

OSINT Techniques​

Knowing exactly what is needed by acquiring and using OSINT is essential, rather than just finding anything and everything that might prove useful. Even just one social media page can return overwhelming amounts of data, much of which might not prove useful. Having a clear strategy in place for acquiring accurate information will help you focus on achieving your goals.

Open Source Intelligence falls into three categories

  • Passive Gathering – this gathering technique is the hardest of the three as it requires our activities to be undetected by the target.
  • Semi-Passive Gathering – the goal for semi-passive information gathering is to profile the target with methods that would appear like normal internet traffic and behaviour. We are not conducting port scans, querying unpublished services or information, nor conducting complex reverse lookups.
  • Active Gathering – active information gathering should be detected by the target and be seen as suspicious or malicious behaviour. During this stage, we are actively mapping network infrastructure, actively enumerating and/or vulnerability scanning the open services, and are actively searching for unpublished directories, files, and servers.

Open Source Intelligence Specialists​

Bridewell Consulting utilise OSINT as part of our security services, including our Red Teamexercises. If we are to simulate a real-life cybersecurity attack on an organisation’s infrastructure, wireless networks, applications or mobile devices, we will use our knowledge and tools to ensure we have the relevant available information before we begin an assessment. We must conduct a thorough intelligence analysis of what is open source, as it may lead us to identify access points or vulnerabilities.

Ready to Take the Next Step?​​​​

We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.

Bridewell Consulting may contact you from time to time to keep you informed of security news and events.

You will always have an option to change your preferences or unsubscribe in line with our Privacy Policy.

Our Solutions

Let’s talk. Speak to our experts to see how we can work together, keeping your business protected and productive.