I was having a conversation with a good friend of mine
yesterday evening. We went to grad
school together at good ‘ole SIUC, in the major, but different thesis
topics. Back then, the Internet at least
here in the United States was just starting to emerge very slowly, but at the
university, nobody was really using email.
All we had was just the mainframe. So when we collected our data, we had put
everything in Lotus 123 (not joking here), and upload it so we could use the
software package called SAS to analyze it.
Every bit of our thesis was sone at the library, including
the literature review, and the data collection.
Heck, I had to go through all of the data journals, and literally
handwrite everything down on paper and pen. Every time we had to make revisions
to our thesis, we had to print it out all again, since nobody had email. I am sure I killed a few trees by doing that.
But fast forward some twenty years later, we have now have
Google, data repositories up the wazoo, and all sorts of email packages that we
can use.
What would take us weeks back then we can now do in just a
matter of a few minutes. Heck, we can even hire somebody to ghostwrite our
thesis (not a recommended approach though).
So we asked each other last night, how did we do it back then? All we could answer was “I don’t know”.
So, this brings up yet another point. If we ever wanted to
know more about a person, we literally had to call him or her up, and start a
conversation. Or even better yet, in person,
face to face (OMG, I can’t believe I am actually saying that!!!). Or in a worst-case scenario, depending on how
desperate you were, you also could have hired a private detective.
But now, it seems like you can find information on just
about anybody with a few clicks of the mouse.
The explosion of social media has certainly helped in this regard, as people
are now posting things without giving too much regard to it. Heck, you can even now order a background
check on somebody that is very thorough and detailed.
All of these sources from which you can gather information
and data about a particular individual or group have now come under the collective
term of what is called “Open-Source Intelligence”, or “OSINT”.
In a way, this can be compared to open-source APIs, which are
free to download and use by the public.
The same can be said here of OSINT. But the scary thing about it, IMHO,
is that there is a lot more information out there about you available in the open
forum than you realize.
In fact, this is how the Cyberattacker first gets started when
they collect information about their intended targets. Just do a simple background check, check out
their social media profiles, find out their weak spots, and basically infiltrate.
Or, if the Cyberattacker wants to be more exact about what
they are doing, they can always penetrate into the Dark Web to get more data
about their targets. But the good news
here is that as much as OSINT can be used for nefarious purposes, you can
always take that information around and help use it to protect your own business,
clients, and most importantly, your family and friends.
How can this be done?
Well, just like doing a Penetration Test, you have to think like a
Cyberattacker, and how they use the tool.
Once you have a grasp of this, then take the reverse of it,
and apply it to your “allies” (for lack of a better term). To get started with, here are some of the most
common OSINT tools that the Cyberattacker uses today:
* Social media sites (Facebook and Linked In are the most notorious
here)
*Online romance sites (like eHarmony, Match.com, etc.)
*Mapping tools
*Physical exercise and activity mobile apps
*Specialized OSINT tools like Censys and Shodan
*Google (especially Google Earh and Maps)
*GitHub (one has to have more advanced Cyber knowledge here,
as it is a source code repository)
*Google Dorking, with this, the Cyberattacker is manipulating
the advanced search features of Google I order to gain more information about
their target
*Sodan/Censys: These
are search tools that have been designed for the ICS based technologies.
The above-mentioned resources are just a fraction of what is
truly available. To get a sense of this,
visit the OSINT framework, which can be seem at the link below:
You’ll be totally shocked when you go this website.
My Thoughts On This:
Once you have had the time to go through the bulk of these resources
(or you could merely contract a vendor to do all of this), then present all of
it you the people you selected. They
will be in total shock and awe when they see what is available out there in the
public forum about them.
But this is the only way to do it. We live in such a reactive society that only
this kind of approach is truly effective when trying to get people to have good
levels of Cyber Hygiene.
But of course, there is always information and data that
will be collected about us, whether we like it or not. In a way, it kind of feels that Big Brother is
watching over us. But there is nothing
we can do about this, this part of the price that we have to pay if we want to
live in an interconnected society.
But, after you have “shock and awe” your employees about
what you have found on them, the only thing you can really emphasize is not too
share too much information on social media profiles, and to make full usage of
the privacy options that each one of them has to offer.
Also keep in mind that the OSINT tools can also be used for
Pen Testing exercises as well, as the Red Team needs to get as much information
and data as possible about their client.
Finally remember that the favored tool that the Cyberattacker is going
to use when launching OSINT based attacks is that of Social Engineering.
This is something that you really need to emphasize in your
security awareness training programs.
No comments:
Post a Comment