What is Open Source Intelligence (OSINT)?
Open-source Intelligence, or OSINT, is data collected from publicly available sources to be used in an intelligence context. While it doesn’t necessarily refer to open-source software, OSINT instead refers more to information that is open and available to everyone, such as that which is available publically on the Internet.
An OSINT researcher is a skilled technician, capable of analyzing large amounts of data quickly, using sophisticated tools and knowledge of how the underground networks on the Internet work in order to understand the cyber criminals and how they operate.
OSINT can also be used to track a potential attacker prior to that attack occurring, as well as to analyze raw data to determine who may be impacted by an attack.
In the US Government, the CIA is responsible for collecting, producing, and promoting open source intelligence through its management of the DNI Open Source Center (OSC).
In the intelligence community, the term "open" refers to freely available information, usually in its raw form, such as in a database. OSINT data is useful for gaining intelligence as part of an investigation - using OSINT doesn’t necessarily mean that data is also easily accessible.
It doesn’t necessarily refer to information that can be found using regular search engines - a huge portion of the Internet cannot be found using major search engines. Instead, the “deep web” refers to a mass of pages or paywalls that cannot be indexed by Google, but is publically available nevertheless.
For example, tools like Shodan and Censys can be used to find IP addresses, networks, open ports, webcams, printers, and pretty much anything else that’s connected to the internet. These individual pieces of information can be combined with other publically-accessible bits of information to develop a profile about a particular topic of interest by the skilled analyst.
There’s also a dark side to OSINT - anything which can be found by security researchers can also be found by threat actors. In fact, late last year Dancho identified hundreds of gigabytes of raw OSINT information in underground cybercrime forum communities from more than a million websites and scoured them for fraudulent activity in an effort to shut down the community.