Principal OSINT workflows and derived intelligence

Principal OSINT workflows and derived intelligence

Source publication
Article
Full-text available
The amount of data generated by the current interconnected world is immeasurable, and a large part of such data is publicly available, which means that it is accessible by any user, at any time, from anywhere in the Internet. In this respect, Open Source Intelligence (OSINT) is a type of intelligence that actually benefits from that open natureby c...

Citations

... Open-source companies consider AI methods to scan different news from around the world to analyse accelerating trends. AI methods are also used to analyse sentiment for marketing, and political campaigns [99] as well as to fact check fake news and detect deep fakes across social media platforms [100]. Therefore, processing large amounts of data from different public sources through AI methods would represent a significant advantage in terms of efficiency and accuracy. ...
Article
Full-text available
Open-source intelligence (OSINT) tools are used for gathering information using different publicly available sources. With the rapid advancement in information technology and excessive use of social media in our daily lives, more public information sources are available than ever before. The access to public information from different sources can be used for unlawful purposes. Extracting relevant information from pools of massive public information sources is a large task. Multiple tools and techniques have been developed for this task, which can be used to identify people, aircraft, ships, satellites, and more. In this paper, we identify the tools used for extracting the OSINT information and their effectiveness concerning each other in different test cases. We mapped the identified tools with Cyber Kill Chain and used them in realistic cybersecurity scenarios to check their effusiveness in gathering OSINT.
... Steele [305] defnes open source intelligence (OSINT) as "unclassifed information that has been deliberately discovered, discriminated, distilled, and disseminated to a select audience in order to address a specifc question." Social media has been designated by many actors as a form of open source intelligence [91,260] due to its public availability. The surveillance of this data is legal, with 40 diferent countries doing some form of advanced social media surveillance, ranging from identifying defectors to political dissidents [291]. ...
Conference Paper
Full-text available
The feld of digital mental health is making strides in the application of technology to broaden access to care. We critically examine how these technology-mediated forms of care might amplify historical injustices, and erase minoritized experiences and expressions of mental distress and illness. We draw on decolonial thought and critiques of identity-based algorithmic bias to analyze the underlying power relations impacting digital mental health technologies today, and envision new pathways towards a decolonial digital mental health. We argue that a decolonial digital mental health is one that centers lived experience over rigid classifcation, is conscious of structural factors that infuence mental wellbeing, and is fundamentally designed to deter the creation of power diferentials that prevent people from having agency over their care. Stemming from this vision, we make recommendations for how researchers and designers can support more equitable futures for people experiencing mental distress and illness.
... Technological advances make OSINT evolve at a dizzying pace, providing innovative applications driven by data and Artificial Intelligence for different areas such as politics, the economy, or society. This framework also offers new lines of action against cyber threats and cybercrime [19]. OSINT has three representative phases that define the information processing methodology. ...
... Figure 1 describes these phases. [19,20], sequential phases for open-source information processing. The objective of this process is to generate knowledge from the data collected. ...
Article
Full-text available
Vulnerabilities represent a constant and growing risk for organizations. Their successful exploitation compromises the integrity and availability of systems. The use of specialized tools facilitates the vulnerability monitoring and scanning process. However, the large amount of information transmitted over the network makes it difficult to prioritize the identified vulnerabilities based on their severity and impact. This research aims to design and implement a prioritization model for detecting vulnerabilities based on their network environment variables and characteristics. A mathematical prioritization model was developed, which allows for calculating the risk factor using the phases of collection, analysis, and extraction of knowledge from the open information sources of the OSINT framework. The input data were obtained through the Shodan REST API. Then, the mathematical model was applied to the relevant information on vulnerabilities and their environment to quantify and calculate the risk factor. Additionally, a software prototype was designed and implemented that automates the prioritization process through a Client–Server architecture incorporating data extraction, correlation, and calculation modules. The results show that prioritization of vulnerabilities was achieved with the information available to the attacker, which allows evaluating the overexposure of information from organizations. Finally, we concluded that Shodan has relevant variables that assess and quantify the overexposure of an organization’s data. In addition, we determined that the Common Vulnerability Scoring System (CVSS) is not sufficient to prioritize software vulnerabilities since the environments where they reside have different characteristics.
... Steele [305] defnes open source intelligence (OSINT) as "unclassifed information that has been deliberately discovered, discriminated, distilled, and disseminated to a select audience in order to address a specifc question." Social media has been designated by many actors as a form of open source intelligence [91,260] due to its public availability. The surveillance of this data is legal, with 40 diferent countries doing some form of advanced social media surveillance, ranging from identifying defectors to political dissidents [291]. ...
Conference Paper
The 􀀀eld of digital mental health is making strides in the application of technology to broaden access to care. We critically examine how these technology-mediated forms of care might amplify historical injustices, and erase minoritized experiences and expressions of mental distress and illness. We draw on decolonial thought and cri-tiques of identity-based algorithmic bias to analyze the underlying power relations impacting digital mental health technologies today, and envision new pathways towards a decolonial digital mental health. We argue that a decolonial digital mental health is one that centers lived experience over rigid classi􀀀cation, is conscious of structural factors that in􀀁uence mental wellbeing, and is funda-mentally designed to deter the creation of power di􀀂erentials that prevent people from having agency over their care. Stemming from this vision, we make recommendations for how researchers and de-signers can support more equitable futures for people experiencing mental distress and illness.
... This paper also describes the various OSINT techniques used in World War II. Javier Pasto-Galindo et.al in [22] describes the Opportunities, open challenges and Future Trends of the OSINT techniques and methodologies. This paper emphasises on the fact that a ton of information available to gather information about everything. ...
Article
The need for Recon automation is rapidly increasing as ethical hackers are being lazy in performing every little check manually. So as to make the Recon process (Info gathering phase) of penetration testing easy, fast and accurate, a Recon framework with highly sophisticated tools written in languages like bash, go and python needs to be developed and made open source to everyone. Manually doing this task can be very intimidating since a lot of time and efforts are needed in accomplishing this task. So, automation of this task can be very handy to the penetration testers and saves a lot of time as they can focus on other tasks of the further tasks of a penetration test. So, our project is an automation to the tedious task of information gathering. This Recon Framework just takes the main top-level domain of the organization as the input, does the recon and stores the result in an organized manner in the corresponding directories. The output of this framework is ready to be used to perform further security tests as the results are generated in a neat greppable format and can be passed to other tools to further filter the data according to the ethical hacker's wish and need. In addition to that, the results are displayed in a graphical interface in the form of a web application. So, all a user needs to do is enter the top-level domain name of the organization on which he/she wants to perform penetration testing.
... This paper also describes the various OSINT techniques used in World War II. Javier Pasto-Galindo et.al in [22] describes the Opportunities, open challenges and Future Trends of the OSINT techniques and methodologies. This paper emphasises on the fact that a ton of information available to gather information about everything. ...
Preprint
Full-text available
The need for Recon automation is rapidly increasing as ethical hackers are being lazy in performing every little check manually. So as to make the Recon process (Info gathering phase) of penetration testing easy, fast and accurate, a Recon framework with highly sophisticated tools written in languages like bash, go and python needs to be developed and made open source to everyone. Manually doing this task can be very intimidating since a lot of time and efforts are needed in accomplishing this task. So, automation of this task can be very handy to the penetration testers and saves a lot of time as they can focus on other tasks of the further tasks of a penetration test. So, our project is an automation to the tedious task of information gathering. This Recon Framework just takes the main top-level domain of the organization as the input, does the recon and stores the result in an organized manner in the corresponding directories. The output of this framework is ready to be used to perform further security tests as the results are generated in a neat greppable format and can be passed to other tools to further filter the data according to the ethical hacker's wish and need. In addition to that, the results are displayed in a graphical interface in the form of a web application. So, all a user needs to do is enter the top-level domain name of the organization on which he/she wants to perform penetration testing.
... In summary, using OSINT data is important because the results may be a double-edged sword, depending on the aspect of using the data collected by OSINT. For information on overseas, OSINT projects, and open sources, refer to the following papers [5,15]. ...
... As Section 3 mentioned, research for providing general requirements should be provided, and additional research is required to proactively prevent security threats and cybercrimes that might occur if the users use the data of OSINT maliciously (See Section 4). e elements needed for future OSINT development might vary depending on the situation, however, in common, the following challenges should be continuously studied [13,15]. It is similar to the requirements mentioned earlier but will have a major impact on the evolution of OSINT. ...
... rough this, users need to be provided with data transparency, and research on this still remains a challenge. It also requires the integration and collaboration of many OSINT tools to provide data reliability and transparency [15]. (iii) Lack of validation of privacy management procedures: many companies, such as Facebook and Google, collect much data from online users for commercial intelligence. ...
Article
Full-text available
Recently, users have used open-source intelligence (OSINT) to gather and obtain information regarding the data of interest. The advantage of using data gathered by OSINT is that security threats arising in cyberspace can be addressed. However, if a user uses data collected by OSINT for malicious purposes, information regarding the target of an attack can be gathered, which may lead to various cybercrimes, such as hacking, malware, and a denial-of-service attack. Therefore, from a cybersecurity point of view, it is important to positively use the data gathered by OSINT in a positive manner. If exploited in a negative manner, it is important to prepare countermeasures that can minimize the damage caused by cybercrimes. In this paper, the current status and security trends of OSINT will be explained. Specifically, we present security threats and cybercrimes that may occur if data gathered by OSINT are exploited by malicious users. Furthermore, to solve this problem, we propose security requirements that can be applied to the OSINT environment. The proposed security requirements are necessary for securely gathering and storing data in the OSINT environment and for securely accessing and using the data collected by OSINT. The goal of the proposed security requirements is to minimize the damage when cybercrimes occur in the OSINT environment.
... This paper also describes the various OSINT techniques used in World War II. Javier Pasto-Galindo et.al in [22] describes the Opportunities, open challenges and Future Trends of the OSINT techniques and methodologies. This paper emphasises on the fact that a ton of information available to gather information about everything. ...
... Moreover, if experience, comprehension, and codification are added to this, such data becomes information. Whenever this is made accessible to an individual inspired by the motivation behind aiding the dynamic interaction, knowledge happens (Portillo & Nykiel, 2019;Pastor-Galindo et al., 2020;Norton, 2011). The exercises of get-together and relating such data using apparatuses are called Open-source insight (OSINT) (Norton, 2011). ...
... "Insight that is delivered from openly accessible data and is gotten utilized and scattered in a convenient way to a suitable crowd to react to a particular knowledge demand" US DoD (Department of Defense) (LISA Institute, 2020). "Gather, interaction and relate public data from open information sources, for example, the media, interpersonal organizations, discussions, and sites, public government information, distributions or business information" (Pastor-Galindo et al., 2020). ...
Article
Full-text available
The Internet’s emergence as a global communication medium has dramatically expanded the volume of content that is freely accessible. Through using this information, open-source intelligence (OSINT) seeks to meet basic intelligence requirements. Although open-source information has historically been synonymous with strategic intelligence, today’s consumers range from governments to corporations to everyday people. This paper aimed to describe open-source intelligence and to show how to use a few OSINT resources. In this article, OSINT (a combination of public information, social engineering, open-source information, and internet information) was examined to define the present situation further, and suggestions were made as to what could happen in the future. OSINT is gaining prominence, and its application is spreading into different areas. The primary difficulty with OSINT is separating relevant bits from large volumes of details. Thus, this paper proposed and illustrated three OSINT alternatives, demonstrating their existence and distinguishing characteristics. The solution analysis took the form of a presentation evaluation, during which the usage and effects of selected OSINT solutions were reported and observed. The paper’s results demonstrate the breadth and dispersion of OSINT solutions. The mechanism by which OSINT data searches are returned varies greatly between solutions. Combining data from numerous OSINT solutions to produce a detailed summary and interpretation involves work and the use of multiple disjointed solutions, both of which are manual. Visualization of results is anticipated to be a potential theme in the production of OSINT solutions. Individuals’ data search and analysis abilities are another trend worth following, whether to optimize the productivity of currently accessible OSINT solutions or to create more advanced OSINT solutions in the future.
... Several scientists have worked on NLP to support cybersecurity and cyber defense activities [12], such as protecting systems, detecting suspect movements and groups, monitoring risky scenarios, or finding criminal profiles, as can be seen in Table 1. ...
Article
Full-text available
Among the myriad of applications of natural language processing (NLP), assisting law enforcement agencies (LEA) in detecting and preventing cybercrimes is one of the most recent and promising ones. The promotion of violence or hate by digital means is considered a cybercrime as it leverages the cyberspace to support illegal activities in the real world. The paper at hand proposes a solution that uses neural network (NN) based NLP to monitor suspicious activities in social networks allowing us to identify and prevent related cybercrimes. An LEA can find similar posts grouped in clusters, then determine their level of polarity, and identify a subset of user accounts that promote violent activities to be reviewed extensively as part of an effort to prevent crimes and specifically hostile social manipulation (HSM). Different experiments were also conducted to prove the feasibility of the proposal.