Open-Source Intelligence (OSINT)

Question 1

what is Open source intelligence (OSINT)

Answer 1

is unclassified information
that discovered, has been deliberately discriminated, distilled, and disseminated to a select audience in order to address a specific question.

Question 2

T/F osint It is not a tool, it is not a website, it is not with fee, it is not free…

Answer 2

T

Question 3

what is Open on (Open source intelligence)?

Answer 3

refers to overt, publicly available sources (as opposed to covert or clandestine sources). [It is not related to open-source software or public intelligence].

Question 4

What is Threat Intelligence / Cyber Intelligence?

Answer 4

Based on the collection of intelligence using:

• Open source intelligence (OSINT)
• Social media intelligence (SOCMINT)
• Human Intelligence (HUMINT)
• Technical intelligence
• Intelligence from the deep and dark web.

Question 5

in Threat Intelligence / Cyber Intelligence Research and analyze trends and technical
developments in three areas:

Answer 5

• Cybercrime
• Hacktivism
• Cyber espionage
  (e.g. Advanced Persistent Threat-APT-)

Question 6

Actionsable intelligence

Answer 6

-Relevant
-Accurate
-Analyzed
-Predective
-Contextualized
-Timely

Question 7

Why OSINT?

Answer 7

In a world that changes rapidly, we need to have high quality information in the exact moment we need it.

Offensive:
* Information Gathering
* Industrial Espionage
Defensive:
* Penetration Testing
* Breach detection
* Chatter Monitoring

Question 8

During WWII, foreign Agents Collected:

Answer 8

• Print publications
• Newspaper
• Enemy propaganda
• Radio transmissions
• Obituary notices

Question 9

what is Social Media ?

Answer 9

platforms that enable users to create and share content.

Question 10

what is SOCMINT

Answer 10

collection of tools that allow organizations to monitor social media channels and
conversation, respond to social signals and synthetize social data points into meaningful analysis
based on the user’s needs.

Question 11

T/F SOCMINT allows to collect intelligence gathering from social media sites, using both intrusive or
non-intrusive means, from open and closed social networks.

Answer 11

T

Question 12

SOCMINT – Surveillance

Answer 12

• Chat monitoring
• Geolocation
• Face recognition
• Augmented reality

Question 13

Big Data’s 4 V Big Challenges

Answer 13

Volume – Data Size
Velocity – Data Streaming Speed
Variety – Data Formats
Veracity – Data Trustworthiness

Question 13

SOCMINT – Opinion mining

Answer 13

Also known as Sentiment analysis, refers to the use of Natural Language Processing (NLP), text analysis, computational linguistics, and biometrics to systematically identify, extract and study affective states and subjective information

Question 14

Volume – Data Size

Answer 14

40 Zettabytes (1021) of data is predicted to be
created by 2020.
* 2.5 Exabytes (1018) of data are created every
day.
* 6 Billion (109) people have mobile phones.
* 100 Terabytes (1012) of data (at least) is stored
by most U.S. companies.
* 966 Petabytes (1015) was the approximate
storage size of the American manufacturing
industry in 2009

Question 15

Variety – Data Formats

Answer 15

• 150 Exabytes (1018) was the estimated size of
  data for health care throughout the world in
  2011.
• More than 4 Billion (109) hours each month are
  used in watching YouTube.
• 30 Billion (109) contents are exchanged every
  month on Facebook.
• 200 Million (106) monthly active users exchange
  400 Million tweets every day

Question 16

Velocity – Data Streaming Speed

Answer 16

• 1 Terabyte (1012) of trade information is
  exchanged during every trading session at the
  New York Stock Exchange.
• 100 sensors (approximately) are installed in
  modern cars to monitor fuel level, tire pressure,
  etc.
• 18.9 Billion (109) network connections are
  predicted to exist by 2016.

Question 17

Veracity – Data Trustworthiness

Answer 17

• 1 out of 3 business leaders have experienced
  trust issues with their data when trying to make
  a business decision.
• 3.1 Trillion (1012) a year is estimated to be
  wasted in the U.S. economy due to poor data
  quality

Question 18

OSINT Process

Answer 18

1-Planning
2-Source Identification
3-Data Harvesting
4-Data Processing
5-Data Analysis
6- Results Delivery

Question 19

OSINT Process: Planning

Answer 19

• What are we looking for?
• Which strategy is the best?
• What about the cost?
• … and time?

Question 20

OSINT Process: Source Identification

Answer 20

• Who is the target?
• Which source should we consider?
• How many data are available?
• How accurate are the data?

Question 21

OSINT Process: Data Harvesting

Answer 21

• Collect data from the sources
• The more information we are able to gather, the more vectors of attack you may be able to use in the future

Question 22

OSINT Process: Data Processing

Answer 22

• Distinguish mere information from facts
• Untrusted vs. trusted
• Irrelevant vs. relevant
• Current vs. outdated
• Unimportant vs. important
• Cleansing
• Formatting

Question 23

OSINT: Data Analysis

Answer 23

• Analyze, evaluate, integrate data
• Validity, relevance, reliability
• Evaluate the implications
• Visualize results in an effective way

Question 24

OSINT: Results delivery

Answer 24

* Provide accurate intelligence to client * Punctual delivery * Adapt report language to the recipient * Evaluate results and… back to planning again

Question 25

T/F Offensive OSINT is when you gather information before an attack (attackers usually spend more time than testers), while defensive is learning about the attacks against your company (investigation and post mortem evaluation).

Answer 25

T

Question 26

T/F OSINT gives opportunities to both the defender and attacker; you can learn the weakness of a company and fix it; or… the same weakness could be exploited by an adversary.

Answer 26

T

Question 27

Industrial / Corporation

Answer 27

* Attack: * OSINT against Industrial sector * Defense: * OSINT to support strategic plans * Type: * In-house * Contracted out

Question 28

Industrial / Corporation – OSINT Attack Surface

Answer 28

* Physical: * Address List, Ownership, Security measures * Relationships: * Business partners, suppliers, clients, competitors * Organizational chart: * Position identification, transactions, affiliates * Infrastructure Assets: * Network Block owned, email addresses, technologies used, defense technologies * Financial : * Market Analysis, trade capital, value history

Question 29

Industrial / Corporation – OSINT Defense

Answer 29

Why? * Gain further insight into their own cyber security threats (data breach detection, vulnerable public facing devices, etc.) * Listen to what is being said about the company (reputation, a brand to protect, etc.) How? * Uncovering ongoing threats – Reactive Detection * Online reconnaissance - Proactive Prevention * Combination of both

Question 30

OSINT targeting Individuals

Answer 30

* Public Registries: - Court Records - Professional licenses or registries * Internet Presence: - Email Address - Personal Handles/Nicknames - Personal Domain Names registered - Assigned Static IPs/Netblocks * Mobile Footprint: -Phone number - Device Type

Question 31

OSINT targeting Individuals

Answer 31

* Social Media Presence Social Network (SocNet) Profile * Metadata Leakage: Location awareness via Photo Metadata * Tone: identification of the tone used in communications (aggressive, passive, appealing, sales, praising, dissing, condescending, arrogance etc.) * Frequency: Identification of the frequency of publications (once an hour/day/week, etc…)

Question 32

Supporting Technologies -Online Anonymity:

Answer 32

* Hide personal identity to prevent attacks attribution * Perform stealthy researches, without alerting the target * Circumvent Geo-blocking

Question 33

Supporting Technologies - Major Tools:

Answer 33

* Changing IP Address (ToR, VPNs) * Avoid to leave traces, such as browser fingerprint (VMs)

Question 34

Supporting Technologies - OSINT Searching Surface:

Answer 34

* Surface Web * Deep Web * Dark Web

Question 35

The Onion Router (TOR) What is:

Answer 35

* Short for “The Onion Router” * free and open-source software for enabling anonymous communications

Question 36

TOR What does it do?

Answer 36

* It protects the anonymity of users that want to communicate over a network * It will help them defend against traffic analysis * It will hide the destinations of all communications (any outside observer will not be able to tell whom the user is communicating with and for how long)

Question 37

Virtual Private Network (VPN)

Answer 37

A virtual private network extends a private network across a public network. * Enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network * Creates a safe and encrypted connection over a less secure network, such as the Internet * To ensure safety, data travels through secure tunnels (tunneling)

Question 38

Protocol that allows for the secure movement of data from one network to another through a process called ..................

Answer 38

encapsulation

Question 39

VPN - Functions

Answer 39

* Authentication The data were sent from the sender * Access Control Preventing unauthorized users from accessing the network * Confidentiality Preventing the data to be read or copied while being transported * Data Integrity Ensuring that the data has not been altered

Question 40

So, by using VPN I will be safe

Answer 40

Actually, not really.. * Problems with anonymity The user cannot be 100% sure to be anonymous. The VPN provider has the ability to view all the browsing history via its server * The inexperience of the VPN provider When a VPN provider lacks experience, there may be data leaks that may affect the privacy of the user

Question 41

OSINT Searching Surface

Answer 41

Web resources that: * are easy to access * are indexed by typical search engines * are indexed by specific search engines * Can be accessed only by using external technologies