Information Security Blog

Open Source Intelligence: What It Is And Why You Should Care

Open Source Intelligence: What It Is And Why You Should Care

A topic that’s gathering buzz in information security circles these days is open source intelligence, or OSINT. OSINT basically involves gleaning “intelligence” (aka data) from publicly accessible sources like the media, web-based communities, government and other reports, and/or geospatial data from maps to geo-tags on photos.

What can you do with OSINT? Some organizations, like Jigsaw (now part of use it to aggregate and sell contact and company information to help drive sales and marketing activities. Hackers and cybercriminals use it to target sensitive organizational data with social engineering, spear-phishing and other attack vectors.

At Pivot Point Security, we saw this trend taking shape about five years ago, when our clients began experiencing a spate of reputational risk related issues. For example, several customers were troubled by data that was in the public domain: in third-party databases like Google, Internet registrar services, you name it.

We developed a service offering we call Deep Internet Reconnaissance – DIR for short. It’s fundamentally a methodology for identifying technical risks, reputational risks and organizational risks inherent in the ambient “open source” data.

DIR’s main purpose is to educate our clients about what’s out there that relates to them, and what to do about mitigating similar risks in the future. It’s not a pleasant surprise to rely on certain data being sensitive and/or secure, only to find that it’s all over the place. And once data’s gone public it’s pretty hard to call it back.

Over the years we’ve refined DIR considerably. Say we start with the domain name of your company. We’ll hunt down e-mail addresses associated with it, tie them to names, tie those to company roles, then look on social media and check activity. Are these legacy accounts? General shared accounts? Do they relate to current employees? We focus our research on C-level and senior technical management, and staff with “security” in their title.

From the domain name we also figure out what IP address blocks are allocated to your company and how they’re registered. Can we move your domain name or IP addresses away from you? Did your CEO use his home phone number in the registration info?

Once you aggregate some data it’s amazing what you can do with it. With one DIR customer we used geo-tagged photos taken at company birthday parties and such in the Flickr accounts of employees to build a pretty accurate layout of their facility. I’ve also seen things like login/password data in the router configuration data that IT admins have posted to the Cisco support forum.

Sensitive data often changes hands “innocently” when somebody is looking for help – and suddenly your business is vulnerable to a data breach. Awhile back we were asked to do an assessment for a utilities organization. They wondered if their security was sufficient to thwart access to their member companies. It took less than five minutes to talk a help desk staffer into providing complete account data and admin-level access for a power company that was part of the system – using public domain data and no authentication.

Social engineering and spear-phishing attacks work because people naturally don’t want to be seen as holding things up; they want to be helpful and they want to avoid confrontation. If somebody sounds and looks genuine, they’re rarely questioned.

Part of our job at Pivot Point is to raise peoples’ awareness so they’ll push back when something isn’t aligning with their firm’s security posture. Because you don’t know what you don’t know until somebody tells you.


Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Free Whitepaper: Five Best Practices for SIEM


The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Is ISO 27001 Right for (Y)our Organization?


Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Free Whitepaper: Stop Wasting Money on Penetration Testing


Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

About the Author:

Marc Silverman, CISSP - Senior Security Consultant

Add a Comment

Share This