<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=254990494906321&amp;ev=PageView&amp;noscript=1">

OPEN SOURCE THREAT INTELLIGENCE

What to look for in an OSINT software platform

Introduction

The role of the modern security professional is becoming more and more complex, and it’s no surprise considering the influx of unexpected places where threats are beginning to surface. In order to gain the upper hand, your strategy must include a diverse means of gathering intelligence, both for a predictive and reactive approach. In an era where content is being created at an exponential rate - 90% of the world’s data was created in the last 2 years alone - the future of security must be intelligence-led.

A major source of intelligence that cannot be overlooked is the vast amount of data being produced by consumers, hackers, newsmakers, and bloggers every single day. Globally, almost every person and organization is communicating across multiple platforms and networks, as well as handling personal and corporate needs virtually - such as shopping, travel planning, and data management. Finding like-minded communities and audiences online is the goal; however, wherever you have people congregating, especially if there is potential for monetary gain, the risk of malignant behaviour increases. Enter: Open source threat intelligence.

Read more: The Role of Intelligence-Led Security in the Modern Tech Stack
5 Reasons Why Every Organization Needs an OSINT Team

What is open source threat intelligence?

Open source intelligence, or OSINT, refers to the process of gathering information from public, legal data sources to serve a specific function. Some open sources might include social media, blogs, news, and the dark web. 

The concept of OSINT very basically works like this:

Public information exists data is gathered information is analyzed for intelligence

The purpose of seeking information from public data varies on the type of insights you wish to gather. Many industries and professionals look to open sources to uncover workplace security threats, protect executives, prevent loss, manage assets, gauge brand sentiment, and monitor conversations for creating marketing strategies. Public safety and defense professionals use certain types of OSINT for investigations, prosecution, evidence gathering, and events monitoring.

open source threat intelligence for loss prevention and asset monitoring

Access to these data sources is often free, but the true value lies in what can be analyzed and extracted from the data.  Organizations using OSINT for threat intelligence require the ability to detect key information quickly and efficiently. They can do so by using a threat intelligence platform.

The vast amount of online data to sift through is overwhelming and with the complex ways today’s online threat actors are conducting themselves, the vulnerabilities to your organization continue to become more elusive. This data, when gathered and monitored effectively, can be extremely valuable for predicting, analyzing, and reviewing incidents at every stage of their occurrence. But where to begin? 

Read More: How to Build a Complete OSINT Strategy in 5 Steps

Open Source Data: What sources demand your attention?

Where you look for information depends on what you want to find. Performing a Google search is a simple form of OSINT, but when you are responsible for the safety and security of a particular person, place, or asset, you need to be casting a keen eye over multiple sources. Criminal behavior tends to be hidden, and it is unlikely a surface web search will take you there.

social media for OSINT data discovery

While there are insights to be gained by monitoring social media platforms like Twitter and Facebook, today’s security teams need to go omnichannel. Here are a few more to consider for potential threat detection and why they might be chosen by corrupt operatives.

discord-512-1Discord: The voiceover IP program Discord was originally designed for the Twitch gaming community to communicate and has versatile chat, video and voice capabilities (think a cross between Skype and Slack). It’s free and open for people to create their own “servers” and host either private, password protected, or public channels. With over 200 million users, Discord is conducive to illicit conversations and arrangement-making. 

vkVKontakte: With over 500 million accounts, the social networking site VKontakte (VK) is one of the most popular social networks in the world. It has a Facebook-style interface, Foursquare-like check-ins, and a Pirate-Bay type of file-sharing service. Users can add friends, gain followers, create groups and share files freely. However, unlike Facebook, VKontakte falls under Russian operating laws, meaning a lack of IP restrictions and fertile ground for all kinds of activity.

redditReddit: The 7th most visited website in the US (and 22th in the world), Reddit is an online forum and news aggregator. The content on Reddit is text-heavy and user-generated and there is A LOT of it. With over a million subreddits, basically anything you can think of, a redditor has talked about it.

telegramTelegram: Telegram is an instant messaging, voice, and video messaging service, but with the extra features of auto-delete and added encryption (think a cross between WhatsApp and Snapchat). Telegram allows private or public group channels where users can post in a way that their identities aren’t shown, only the name and avatar of the group is revealed. With over 200 million active users, it’s no surprise that Telegram is an attractive app for unlawful activity.  

Other forums and sharing platforms to consider are YouTube, Tumblr, Snapchat, 4chan, Flickr, and Foursquare. Read More about Social Media Monitoring 101

But, what is the favourite playground for criminal activity?  A place not monitored, not indexed and extremely susceptible to corrupt endeavours: the Dark Web...

Can you search the Dark Web for threat intelligence?

90% of the internet’s data is on the deep and dark web, deeming it a considerable resource for threat intelligence. The problem is that it’s very difficult to find and gather the information expeditiously unless you have a dark web tool that can assist. The data on the dark web is neither indexed by the popular search engines nor is it regulated, and generally, you’ll need a separate Tor browser to access the information (Tor is an internet tool that allows users to stay anonymous by using something called onion routing).

The dark web's hidden and illicit activity make it an essential element to include in your open source threat intelligence strategy. But what exactly can be found by accessing these open sources? 

Read More: Dark Web Threat Intelligence

What kinds of threats can be found using open source tools?

The emergence of intelligence-led security is a direct result of the varied and growing range of threats that are being plotted, planned, discussed, and executed online. As our physical and digital realities are becoming more and more interlaced, individuals and organizations are creating more informational weaknesses and thereby more opportunities for an ever widening range of cyber attacks and other threats to occur. These include: 
  • Hacking
  • Information leaks
  • Cybercrime
  • Fraud 
  • Dark web activity
  • Shoplifting and theft
  • Active threats

Open source threat intelligence can be an invaluable addition to your protocol when handling internal processes such as:

  • PR and company reputation management
  • Workplace and facilities safety issues
  • Live events monitoring
  • Executive protection and risk management
  • Natural disasters and incident response

How are specific industries using OSINT?

Financial industry: An overwhelming amount of financial crime and fraud activity occurs on the dark web. Banks and other financial institutions have a responsibility to protect both their customer’s personal information, and of course also have a vested interest in protecting themselves. Dark web intelligence tools can help discover issues before they become a larger problem.

Issues like:

    • Data breaches
    • Credit card fraud
    • Money laundering and cryptocurrency transactions
    • Counterfeit currency
    • IP address targeting
    • Professional hacking services and individuals willing to hack bank accounts
    • Leaked credit card data
    • Lists of company hacked logins
    • Updates on banking trojans

Read More: Geo-Social Financial Trends to Watch or download this Banking Case Study to see how the financial industry is using OSINT

retail industry mall open source threat intelligence

Retail industry: Retail security teams working in loss prevention and asset protection are some of the most well-versed when it comes to the importance of open source data. Publicly available information can be gathered to discover a wide range of intelligence like individuals blatantly admitting to theft, tutorials on how to buy items with stolen cards, and how and where to steal from specific brands and buildings. Understanding the threat landscape through information gathering can also protect against active threats like dangerous persons, incidents and natural disasters.

Retail organizations are using open source intelligence for:

    • Loss prevention: gift card fraud, shoplifting
    • Active threat management
    • Asset protection
    • Live event monitoring such as Black Friday sales, executive meetings and summits
    • Broad level brand reputation monitoring

Read more: Open Source Intelligence for Retail Security or download this Retail Case Study to see how retail organisations are using OSINT.

Defence and Public Safety: Some specific examples of how the defence and public safety sectors are using OSINT are to discover threats like:

    • Crisis management and first response
    • Weapons and drugs sold on the dark web
    • Narcotics activity
    • Trafficking
    • Emergency response to natural disasters and active threat actors
    • Dark web investigations, research and crime analysis
    • Harassment and bullying

Read More: The Top 4 Ways a Social Media Map Can Help in a Disaster
What is Hacking? How Does it Work?

What are the best open source threat intelligence tools?

There are many OSINT tools on the market, both free and with costs associated. The truth is, not one intelligence tool is 100% effective as a standalone strategy. Rather, combining a selection of niche solutions to use in tandem is the best practice. Remember that the best OSINT tools will have a geographical element, giving a digital window to narrow down the data by specific locations. Refine your strategy and choose tools to develop a tech stack devoted to the specific needs of your organization. 

OSINT for asset monitoring loss prevention

Social media and discussion forum monitoring: Echosec is an open source threat intelligence and data aggregation platform that helps companies extract key information and gain situational awareness from publicly available information sources. Security teams use Echosec for predictive intelligence and real time issues management, as well as brand monitoring and post-incident review.

Read more about Echosec: Explore Echosec

Dark web and darknet intelligence: Beacon is a dark web discovery platform designed for threat intelligence. Beacon allows security teams to pull fully indexed data from deep and dark web sources such as Onion and Pastebin from their own browser (no Tor required). You can filter by the type of information you're looking for, like credit cards, drugs, email and other criteria.

Read more about Beacon: Explore Beacon

Email hacks: Have I Been Pwned? is a free online resource to check if your email address has been put at risk due to a data breach.

Twitter monitoring: TweetDeck allows you to view multiple timelines in one user view. TweetDeck allows a user to create specific filters such as specific activity and geographical locations. 

Internet archives: Wayback Machine is an internet archive tool, like a library, of historical data. This tool allows the user to search the history of archived websites, metadata, text contents, and TV news captions.

Read More: Why the Best OSINT Tools Use Geofencing Technology

OSINT Education and Training

Feeling like you’re missing something? There are various organizations offering open source intelligence (OSINT) training and education. Organizations like Hetherington Group can assist with the best methods for investigative knowledge and skills for gathering critical threat intelligence for your organization.

Conclusion

Business is happening online, and today’s security strategy needs to be informed by the masses of public data being created every day. Gathering, filtering, and analyzing this information requires the advanced capabilities of specialized tools.

Both amateur and professional criminals are using sophisticated strategies and seemingly innocuous platforms to conduct illicit business. More and more media platforms are being infiltrated and used outside their intended purposes. Evolving threats require predictive and intelligence-led security strategies. Security teams must gather intelligence from every corner that they can. Open source threat intelligence software is essential for any enterprise using public data sources to inform their decision-making.

Not only can OSINT help protect against hidden intentional attacks such as information leaks, theft and fraud, but it also has the ability to gain real-time and location-based situational awareness to help protect people at work, at events, institutions or even the shopping mall. The right threat intelligence tools will give your security management team the upper hand.

Want to learn more about how the Echosec products can assist your open source data discovery strategy? Reach out to our team for a personalized consultation

BOOK A DEMO

 

Photo credits: istock, Jacob Owens, Michael Descharles, Burst, Tyler Franta