Innovation can fuel business success, spawn medical breakthroughs, and generate new products that make life a little easier. But in the hands of cybercriminals, innovation can lead to less desirable outcomes.

One of their more recent new tactics is the use of open source intelligence (OSINT). Criminals have learned to use these legally available data sources as the basis for cyberattacks. Learn more about this practice and how it might impact you and your business.

The use of OSINT as a data-gathering technique has been used by the intelligence community since the 1940s. But with the advent of more sophisticated technology, it has become easier for criminals to use this methodology to process the large amounts of data needed and use it for their own gain.

Open source intelligence comes from publicly available information. Think about the information you willingly share with family, friends, or customers. That might include:

  • Traditional media – It could be an obituary in a local newspaper that supplies names and relationships of your family members. Or a TV report on your activities at a fundraiser for a local charity.
  • Internet – That includes all the information, photos and videos posted on social media websites. It might be a photo of you in front of your home with the house number and street sign visible in the background. Or it might be a record of which websites you visit.
  • Public government data – That can come from sources like reports, directories, or studies. For example, think about the information you can get from your county tax assessor’s website. It can include the value of your home, a photo of the house, and how many bathrooms you have.
  • Other – Consider other sources that can provide valuable information. Your neighborhood or church directory often list your address, phone number and email address. Your business’s website might have a photo of employees where they can zoom in on the security badges they’re wearing. You can put almost any address into Google Maps and get the geo-coordinates of your home or business.

Individually, these pieces of information may not lead to a security breach but collectively criminals can piece together enough information to launch an email phishing attack.

For example, with just an email address, information from your neighborhood’s website, and a photo of the subdivision, they can send you a fake email from the homeowner’s association asking you to come to a neighborhood party. When you click on the link to “learn more” and you’ve inadvertently downloaded malware on your computer.

It’s important to take a comprehensive approach to guard against cyberattacks enabled with publicly available information. For example, businesses can take advantage of the Federal Communication Commission’s Cyberplanner to develop a customized plan of attack. For individuals, they also offer the Consumer Help Center.

Awareness is often your first line of defense as cybercriminals apply new methods like OSINT to “innovate” their way into exploiting your personal information.

Related posts