Defensive and Offensive Applications of Open Source Intelligence
In real life, a footprint can be used to distinguish and confirm the identity of an individual. The same is true on the Internet, where activities and transactions that have been carried out leave behind a digital footprint, which at times can be leveraged for gathering intelligence about a particular individual and their activities. As an example, websites which reveal partial phone numbers can allow attackers to piece together an individual’s phone number in full, or an attacker attempting to break into an online account could use information available on a target’s Facebook page (e.g., name of hometown, or name of first school) in order to take guesses at their security answer. In a similar fashion, organisations may unknowingly give away sensitive information online, which could potentially be used by an attacker looking for an entry into their network. Attackers often seek to target employees as a part toward ultimately compromising their employing organisation. The question then arises, how much information is available online right now which could potentially assist an adversary in carrying out an attack at your workplace or organisation? Open Source Intelligence (“OSINT”) traditionally refers to the practice of gathering information that is available publicly, and then analysing and piecing it together with other knowledge for use as intelligence. An adversary may be interested in accumulating open source intelligence for several reasons; acquiring business edge, sabotage, theft, et cetera. How does an organisation protect against this threat? Further, how can organisations utilise the defensive gains of OSINT?
This Birds of a Feather session does not have a particular decided flow for discussion. All inputs, including questions, techniques, experiences, war stories, et cetera, will be helpful for moving the conversation forward. However, it should be clarified that, for the purpose of this discussion, the use of open source intelligence will not cover the associated investigative or journalistic aspect, but rather that which deals with potential security implications, both from the red and blue perspective.
There are no particular requirements for this session, however, participants may benefit from having a basic understanding of computer security and open source intelligence. The session will be considered a success if participants walk away having acquired more knowledge about the topic at hand, including knowledge about specific techniques or methods which could be adapted in an offensive or defensive manner.
Vandana Verma, Shubham Mittal and Karan Saini will be participating in this discussion.