Keep up to date with the experts

Get insights direct to your email inbox

Subscription Form exit intent popup

Follow us on social

“We needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.”

IT Operations Manager

Simon Darley

Trusted by industry leaders

Request a Quote.

First we need a few details.

Contact Form Primary popup

By continuing, you agree to our Terms & Privacy Policy

Expert Intel

Open-Source Intelligence (OSINT) - Why it matters.

Expert: Sam B
Role: Senior Cyber Security Engineer
Specialises in: Threat intelligence
What you will learn:
The importance of open source intelligence.
Understanding what information is available about you online can go a long way towards preventing those with devious intent from exploiting it.

Digital based infrastructure is regularly under threat and day in, day out, within the Stripe OLT SOC team, we spend our time responding to these threats.  The most concerning incidents we face are dedicated campaigns against a particular individual or corporate entity. These dedicated campaigns are often built upon a foundation of Open-Source Intelligence (OSINT) Gathering.

What is OSINT?

OSINT is defined as “publicly available information appearing in print or electronic form including radio, television, newspapers, journals, the Internet, commercial databases, and videos, graphics, and drawings.”. For many individuals’ vast quantities of information have already been documented within the publicly accessible digital space. Be it through social media accounts, ancestry websites, government documents or information leaked during data breaches, and much of this data is only a few Google searches away.

By utilising this information, those with malicious intentions can leverage various avenues of exploitation to gain access where they shouldn’t. The most common tactic is using gathered intelligence combined with social engineering.

The following scenario details just how personal information online can provide threat actors with the leverage they so desperately seek. This scenario is based on a real-world OSINT case, with key information being obfuscated to provide adequate anonymity.

Real World Scenario

A malicious actor has been searching for a way to exploit a respected financial company, let’s call them, Layton & Blues. But due to a tight security posture enforced by the Layton & Blues IT team, there is very little access that can be gained through remote means. Phishing campaigns and targeted brute force password attacks have yielded no results.

From reviewing the Layton & Blues LinkedIn page, the threat actor uncovers that Amanda Tims (we shall call her) is the IT manager. A few Google searches and the threat actor has discovered Amanda’s Facebook social media account. Said account has some security settings in place, hiding information such as her phone number, email, and photo albums. However, her profile photo and posts are publicly available to view, allowing the threat actor to validate Amandas identity against her LinkedIn profile photo and snoop through Amanda’s posted content carefree.

It would appear that Amanda has posted a link to Rightmove on her Facebook page. She is in the process of selling her house and is welcoming friends and family to share the post to promote the house sale. The Rightmove property listing shows quality pictures, detailing the bedrooms, living rooms, kitchen, and office. The office pictures show a spacious, well decorated room with a single desk and- oh what luck, a desktop computer underneath it.

As with many different corporations in recent years, Layton & Blues have adopted a hybrid working policy (their marketing team created a great post about it on their website), which means that Amanda spends a lot of her time working from home. As the IT manager, she makes use of her personal high-spec desktop PC which has been properly adopted into her employer’s digital environment.

The malicious actor now has a very clear avenue of attack. All that is required is technical knowhow, the correct tools, and nerve.

Our threat actor contacts Rightmove and poses as a potentially interested cash buyer for Amanda’s property, under a fake name of course. The estate agent handling the sale is extremely helpful in arranging for a viewing at the earliest convenience. The threat actor has leveraged the property listing to build a position of trust and gain access to Amanda’s home address.

For those of you who haven’t attended a house viewing before, estate agents are often more than happy for you to wander around the property unattended. Such an event in this case provides ample opportunity to enter the office and plug a USB tool into the back of Amanda’s desktop.

The next time Amanda boots her computer any number of malicious attacks could be completed on her device. Be it Traffic Sniffers, Keyloggers, or Backdoor remote access capabilities, providing they have been clever enough to circumvent any local device security controls that are in place. The malicious actor now has explicit access to the IT managers device and Layton & Blues data.

How can you defend against Open-Source intelligence?

There are a number of steps within that scenario where the threat actor would have been blocked had Amanda been more aware of her online presence and the fact that she was a high value target for malicious actors targeting her employer. Enforcing stricter social media security controls in her case would have prevented any information being easily exposed. Using a personal device or allowing pictures to be posted of her device online was another key weakness.

Regarding defending against OSINT, awareness is everything. Understanding what information is available about you online can go a long way towards preventing those with devious intent from exploiting it. Professional Digital Footprint Assessments expose an individual’s digital footprint from the eyes of someone with the skills and tools utilised by malicious actors. Once you’re aware of exploitable data, the next step is remediation. Removing said data or tightening security controls to prevent public access.

We are seeing increasing examples of OSINT being exploited in the wild. As tools and techniques develop the threat will increase. OSINT is often overlooked in terms of corporate security posture, it’s crucial that we recognise that criminal elements have and will continue to utilise OSINT alongside classic ‘hacker’ tactics. 

As the digital working environment evolves it is our responsibility to be aware of our publicly accessible data, and to safeguard it against those that would seek to exploit it.

find us on Youtube

The latest in cyber & IT news, now on youtube!

Our latest expert Intel

  • The Crucial Shift In Ransomware Tactics

    March 24, 2023
    Read full article
  • edge

    Why Microsoft Edge is the best browser for business

    March 13, 2023
    Read full article
  • Windows 11 Business Premium

    A Journey to Modern Endpoint Management

    February 3, 2023
    Read full article
  • What is Open Authorisation Exploitation?

    January 23, 2023
    Read full article
  • Building the Right Business Culture to Manage Human Error - Ryan Pullen X ESW

    January 26, 2023
    Read full article
  • The Uber & Rockstar Hacks - Why there is no magic bullet.

    January 26, 2023
    Read full article
  • Open-Source Intelligence (OSINT) - Why it matters.

    January 26, 2023
    Read full article
  • TEDx Talk: Ryan Pullen – How clicking a link can cost millions.

    January 26, 2023
    Read full article
  • LOLbins & LOLlibs: What are they and why do they matter?

    January 26, 2023
    Read full article