Open Source Intelligence (OSINT) & the cyber threat of being profiled
In the wrong hands, public-facing data on businesses and employees can be used to launch personalized cyberattacks. Learn how threat actors do it and how to help protect against it.
While you might not be familiar with the term “open source intelligence,” you have almost certainly used it at some point. Gathering open source intelligence could be as simple as performing an online search to research a salesperson you just met or looking up someone’s LinkedIn page to find out if they’re in your professional network.
Open source intelligence (or OSINT) gathering on its own is not illegal. In fact, government, law enforcement, and military entities often rely on it. However, in the wrong hands, this seemingly innocuous information could pose a significant threat.
In this article, you’ll learn more about open source intelligence gathering, understand where threat actors can find it, and what you can do to help protect yourself and your company.
What is open source intelligence gathering?
Open source intelligence refers to publicly accessible, or available by request, information on an individual, company, or account. Collecting this information can involve searching through social media sites, news stories, and public state records, as well as digging through the dark web.
“Cyber criminals are constantly gathering this information. They might not know the best way to launch an attack at first, but by gathering that data and finding more connections between individuals, they can start to put the pieces together. Eventually, they’ll identify the best approach for an attack,” explains Brandon Hoyt, Cybersecurity Operations Director at Huntington National Bank.
Where do threat actors find open source intelligence information?
It’s easier than you might think to uncover pages of information about someone. Below are just a few examples of common places a threat actor might begin their search for open source intelligence:
- Social media accounts often contain details a threat actor could use to gain credibility, including schools attended, professional organization memberships, and job records.
- State and county auditor sites offer a treasure-trove of information, such as tax records, addresses, phone numbers, and even other members in your household.
- Court records (probate, municipal, common pleas, federal, and state) can contain information pertaining to individuals such as social security numbers, driver’s license numbers, and telephone numbers. Additionally, signatures can often be found on case documents and county records.
- Company websites with profiles of employees provide useful information for cybercriminals to use to impersonate someone or fool others.
- Public-facing accounts on sites like Amazon or Pinterest could also provide threat actors with data on a person’s interests and activities.
- The Deep Web refers to websites, databases, and online resources that cannot be reached through standard search engines. An estimated 90% of online content is located in the deep web†. Information located here is considered accessible by the public and therefore is still categorized as open source. It is also increasingly common for the information from an organization data breach, like usernames and passwords, to be available to the highest bidder on the Deep or Dark Web. Based on a 2022 research survey conducted by LastPass, 62% of respondents reported using the same password or a variation of a past password—with only 50% changing their password after being informed that a breach had taken place‡. This trend allows bad actors to either use purchased credentials to gain access, or to generate similar alternative versions of passwords to compromise users.
What do threat actors do with this information?
The next step in this process is developing a report on an individual based on details found through open source intelligence gathering. This comprehensive profile often includes who an individual is, what apps they use, how much time they spend online, where they live, who they work for, and so on.
"Open source intelligence gathering is very targeted. Threat actors are taking the time to gather publicly available data and scraping breach data to create a profile of you. With that profile, they can start social engineering attacks
, spear phishing
campaigns, pretexting, and other attacks directed toward an individual or group of individuals."
Cybersecurity Operations Director at Huntington Bank
Being targeted in an open source intelligence gathering scam could lead to account compromise and identity theft and could allow cybercriminals to impersonate you in personal and professional settings. Additionally, threat actors might use the information they’ve gathered to blackmail someone.
Sometimes, however, a threat actor will not use the information themselves at all. They’ll sell it on the dark web.
How can I help prevent myself and my company from being targeted?
Anyone within an organization could be targeted through open source intelligence gathering. Fraudsters are not only targeting C-suite executives or the leadership team. Often individuals targeted in this way are ones with access to specific programs, sensitive information, or are connected to another person similarly useful to a criminal.
Prevention methods include:
- Pay attention to the information you’re sharing online, including on your company website or in press releases.
- Educate children, significant others, or extended family members about the risks of sharing information online. Advise them to exercise caution and avoid oversharing, as they can be another common vector for intelligence gathering to build a profile of you.
- Be mindful of how much data you’re sharing in app permission settings, especially on company-owned devices.
- Practice strong password management processes across internal and external sites in the case of breaches, requiring changes that limit simple variations of past passwords.
- Be aware of the data you might have publicly available, especially unused social media accounts, old email addresses, or employee profiles.
- Additionally, make sure employees are well trained in proper processes to follow when performing tasks related to payments, financial or otherwise sensitive information, or access to networks or systems. For example, a business email compromise (BEC) attack can be successful if an employee does not follow proper protocols – or a company doesn’t have strong ones in place.
Contact your relationship manager for more information about protecting your organization against cybersecurity threats such as open source intelligence gathering.
Connecting you to what matters most
Strategy, insights, capital – whatever your organization needs, we can help you make the connection.
Huntington Commercial Bank delivers carefully structured, fully integrated solutions to help meet your unique needs.
† Lenaerts-Bergmans, Bart. 2022. “What is the Dark Web?” CrowdStrike, September 20, 2022. The Dark Web: How to Access and Potential Risks - CrowdStrike. Accessed October 9, 2023.
‡ LastPass. 2022. "Psychology of Passwords 2022: Proactive Cybersecurity." Last Pass. Accessed October 9, 2023.
The information provided in this document is intended solely for general informational purposes and is provided with the understanding that neither Huntington, its affiliates nor any other party is engaging in rendering tax, financial, legal, technical or other professional advice or services or endorsing any third-party product or service. Any use of this information should be done only in consultation with a qualified and licensed professional who can take into account all relevant factors and desired outcomes in the context of the facts surrounding your particular circumstances. The information in this document was developed with reasonable care and attention. However, it is possible that some of the information is incomplete, incorrect, or inapplicable to particular circumstances or conditions. NEITHER HUNTINGTON NOR ITS AFFILIATES SHALL BE LIABLE FOR ANY DAMAGES, LOSSES, COSTS OR EXPENSES (DIRECT, CONSEQUENTIAL, SPECIAL, INDIRECT OR OTHERWISE) RESULTING FROM USING, RELYING ON OR ACTING UPON INFORMATION IN THIS DOCUMENT OR THIRD-PARTY RESOURCES IDENTIFIED IN THIS DOCUMENT EVEN IF HUNTINGTON AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF OR FORESEEN THE POSSIBILITY OF SUCH DAMAGES, LOSSES, COSTS OR EXPENSES.
Lending and leasing products and services, as well as certain other banking products and services, may require credit application approval.
Third-party product, service and business names are trademarks/service marks of their respective owners.