Open Source Intelligence assessment (OSINT)

What is OSINT?

OSINT stands for open source intelligence, which refers to all unclassified information and includes anything freely available on the Web. Unlike closed source intelligence, which encompasses all classified information, OSINT can be accessed by anyone. Common OSINT sources include social networks, forums, business websites, blogs, videos, and news sources. While these sources may sound simple enough, they’re not always easy to access. Much of OSINT is available on both the Surface Web and the Deep Web. The sheer size of the Internet and the difficulty of navigating the Deep Web are what limit the ability to easily find and utilize the full range of OSINT.

The high level process for OSINT assessment is Harvesting , Enriching and Reporting discussed as follows

Harvesting :

OSINT The first step in the OSINT process is harvesting—or finding and collecting—content using sites like Google, Bing and Yahoo pulling from the Surface Web and social media. Fortidm’s technique goes deeper and pulls OSINT from the Deep Web as well. Deep Web content is often found behind search forms that must be searched using google hacking. We use the term harvest because we collect and store all of the text-based content from each result we collect offline. This allows analysis to be performed on the data later; also, if the site were ever to be taken down, or if the site content were ever to be changed, we would have a record of what the content was when it was captured.

Enriching :

To fully utilize OSINT content that has been harvested, it must be put into a usable format. This process is known as normalization and enrichment. The first step in the enrichment process is normalizing harvested text from the content. Data on the Web exists in many different formats, like HTML pages, Word documents, PDFs, PowerPoints, and Excel files. The normalization process involves extracting only the relevant texts from these different document formats and turning them into one single format. Putting all the text into one single format provides an unstructured set of text to work with, meaning that at this point it’s just a block of text. However, because an analytic engine cannot make sense of a block of text by itself, the data now needs to be structured somewhat manually and correlated to extract the relevant content.

Reporting :

The final report contains several useful information available publicly and formed with a standard OSINT document that contains company’s the sensitive information such as employee information, financial information and other corporate information that reached the public views inadvertently using some form exfiltration. The report will be beneficial in education and training of employees and enable the enterprise to focus on implementing mitigating controls on data loss prevention.