Open-Source Intelligence in Investigations

?As technology continues to advance, so do the tools available to individuals and businesses seeking to gather information about others. Open-Source Intelligence, or OSINT, is one such tool that has become increasingly popular in recent years.

OSINT, or open source intelligence, is the process of collecting and analysing publicly available information in order to gain insights and intelligence. This can include anything from social media posts to government records, and can be used to investigate a wide range of topics, including security breaches and individual activity both legitimate and more clandestine.

CCL Forensics use a mix of manual techniques and paid-for services to build intelligence about an individual and organisation. Though invasive and hard to reach sometimes, the data is publicly available and legal to obtain.

It must be noted any use of recovered credentials, such as entering a site such as Facebook without the owners permission, which is not my own, is illegal without prior authority for example accessing a forgotten password, in a property claim on a deceased person and of course the authorities with proper permissions.

After cost-estimating a case CCL Solutions Group will request some identifiers to start the search such as received emails (including the header), business names, name and IP addresses as a start of the informational quest. Using the we could harvest business storage silos, leaked Darkweb details, even dating profiles and other more embarrassing personal data.

For lawyers, insurers and businesses, OSINT can be particularly valuable when investigating potential security breaches in mergers and acquisitions, general exposure of a company for prior to writing and putting a value on a policy insurers and underwriters and for sourcing individuals trying to duck debts are just a few real world use cases. By collecting publicly available information, OSINT can be used to identify if a company has been breached, details about an individual, their user handle, IP address, and linking it all together to build a profile of activity.

Here are some real case examples of how OSINT has been used in the past to identify potential security breaches:

‘Target’ Breach

In 2013, the US retailer Target suffered a massive data breach that compromised the personal information of over 100 million customers. The breach was discovered when cyber criminals stole payment card information from Target's point-of-sale system. For those in elsewhere than the USA Target are a large Minnesota based retailer.

The breach was eventually traced back to an HVAC contractor that had access to Target's network. OSINT played a crucial role in identifying the contractor as a potential source of the breach.

Investigators used publicly available information to identify the contractor's email address and LinkedIn profile. They were then able to determine that the contractor had access to Target's network through a third-party vendor portal. This allowed the investigators to identify the contractor as a potential source of the breach. According to a poll (source unverified) Target's consumer perception took a 54.6 percent dip the year following the data breach.

Equifax Breach

In 2017, credit reporting agency Equifax suffered a massive data breach that compromised the personal information of over 147 million customers. The breach was caused by a vulnerability in the company's web application framework.

OSINT played a crucial role in identifying the vulnerability that was exploited in the breach. Security researchers were able to identify a publicly available forum post that detailed the vulnerability, allowing them to determine how the breach occurred.

By using OSINT to identify the vulnerability, investigators were able to determine the extent of the breach and the potential damage that had been done.

Twitter Hack

In 2020, Twitter suffered a high-profile hack that compromised the accounts of several high-profile individuals, including Barack Obama, Elon Musk, and Jeff Bezos. The hack was caused by a vulnerability in Twitter's internal tools that allowed hackers to take control of the affected accounts.

OSINT played a crucial role in identifying the hackers behind the attack. Investigators were able to use publicly available information to identify a group of hackers that had been involved in previous high-profile attacks. They were also able to use publicly available information to determine the email addresses and IP addresses used by the hackers during the Twitter attack.

By using OSINT to identify the hackers, investigators were able to determine how the attack was carried out and who was responsible for it.

Conclusion

OSINT can be a powerful tool for lawyers and businesses seeking to investigate potential security breaches. By collecting and analysing publicly available information, OSINT can be used to identify vulnerabilities in a company's systems, potential sources of a breach, and the individuals responsible for carrying out the attack. In a competent researchers hands information previously only available to intelligence agencies is now available to the public for better, or for worse.

As technology continues to evolve, it's likely that OSINT will become an increasingly valuable tool for businesses and legal professionals alike. Whether you're investigating a potential breach or trying to gather intelligence on a specific individual, OSINT can help you uncover valuable insights and intelligence that would otherwise be impossible to obtain.