OSINT your digital footprint - do you know what you stepped in?
What is OSINT?
Open Source Intelligence (“OSINT”) is a method of intelligence gathering in which you collect and analyse information from publicly available and open sources. Val Dockrell, shares some of the fundamentals…
Information can be gathered from a number of sources, such as:
- Blogs, forums and discussion boards
- Social media (sometimes referred to as its own as SOCMINT, meaning social media intelligence)
- Court Records
- Corporate Registries
- Google maps and images
- Dark and deep web
Although open source data can be both online and offline, such as physical paper records, traditional mass media such as radio, television and newspapers, the internet provides access to the largest range of OSINT.
The use of the internet has become an increasingly vital part of our daily life. Especially during the past year of the pandemic in which we have become more reliant on the internet, be it for work, education, or entertainment. The BBC report that UK internet use more than doubled in 2020. With more people spending their time online, it is important to consider the impact of this on our personal or industries digital footprint.
A digital footprint is the data that is left behind whenever a person uses a digital service, such as social media, emailing, banking, dating, gaming, geolocation services, etc.
There are two types of ways in which a digital footprint is created; passive, when data on you is collected without your awareness (like your IP address being shared with the website you visit), and active where you voluntarily share your information online, for example posting on social media).
What is my OSINT footprint?
Your digital footprint forms part of your reputation and can have a significant impact on your future. There have been an increasing number of examples featured in the media where people have lost their job or sanctioned over comments they have made online.
For example, James Gunn, writer and director, was fired by Disney over offensive tweets, which he had tweeted over ten years earlier, that later resurfaced in 2018.
Once something is on the internet it could potentially be there forever. Even when a web page of article is deleted, it can be retrieved using OSINT tools. For instance, Archive.org, a digital archive of the world wide web, can show past versions of a website even if they are not currently live and have since been deleted.
As of January 2021, there were 4.66 billion active internet users worldwide. Even if you are not online regularly, or at all, your friends or family are likely to be, and these individuals can all contribute to your footprint whenever they mention you.
Not only is it useful to be aware of your digital footprint when it comes to reputation and employment, it is equally as important for safety.
Bad actors, such as, fraudsters and hackers can use information from your digital footprint against you, so knowing what is available can help identify the risks and threats that this can expose you to.
Your data can be compromised during a data breach and the information (usernames, logins and passwords) is then posted on paste sites, dark web marketplaces and forums, and shared via messaging apps.
Using OSINT techniques and tools you can identify whether your data has been leaked online.
For example, by entering your email into sites such as Have I Been Pwned, it will notify you if your data has been compromised in a data breach.
OSINT tools can be used to find IP addresses, networks, open ports, webcams, and printers which can act as access points into a user’s device.
In 2017, it was reported that someone hacked into a fish tank in North America at a casino and extracted data to a device in Finland. The sensors that regulated the fish tank were connected to the internet and allowed the hackers to gain bank details of the casino’s high-roller database.
Additionally, people finder tools such as 192.com can identify current addresses which sources open source data from the Electoral Register and corporate records from Companies House in the UK.
Registered email addresses and mobile telephone numbers can be extracted from LinkedIn profiles.
Information obtained during an OSINT gathering exercise can be used to build a full profile of a subject.
There are many other OSINT tools and techniques which can uncover a treasure trove of information and help you understand your own digital footprint.
By understanding what type of data exists online and how easily it can be found, you can learn how to better protect yourself online.
If you would like to understand your digital footprint, please contact the team at TenIntelligence.