The increasing use of the Internet (according to the latest report published by We Are Social and Hootsuite, there are more than 4,338 billion internet users) and the ease of publishing content on the web, has resulted in a large amount of publicly available information, both in the Clearnet and in the Deep Web.

What is OSINT?

OSINT emerged in 1941 in the US and stands for “Open Source Intelligence”.

At first, the term OSINT was coined by the army and intelligence agencies, but over time, it has spread to the field of cybersecurity as well.

Applied to cybersecurity, OSINT refers to the knowledge collected from open, declassified and public access sources (on the Internet) to generate intelligence.

Some of the main OSINT sources are: 

  • Newspapers, magazines, blogs, forums, social media (Twitter, Facebook, LinkedIn, etc.)
  • Free databases and public libraries on the Internet
  • Traditional search engines: Google, Bing, Yahoo, Ask, etc. Metasearch engines and specific search engines.
  • Phone books
  • Maltego, Palantir.

The process has several phases:

  • Identification and establishment of requirements: conditions that must be met to achieve the objectives.
  • Search for sources of information: given the large amount of information on the Internet, it is essential to limit the sources that will be used.
  • Selection of the information that is useful.
  • Acquisition of information
  • Information processing and analysis: process by which raw data is converted into actionable information.
  • Making conclusions and obtaining useful knowledge

Finally, some of the possible uses of the information obtained are:

  • To ascertain the reputation of a certain person or company or conduct some research or follow up.
  • Document on a certain subject, conduct sociological, psychological or linguistic studies.
  • Audit of companies.
  • Marketing: Evaluate market trends or perform market analysis for possible marketing campaigns, product launches. Competitor Analysis
  • Consultation of winners in competitions, granting of grants or grants of any kind.
  • Security: Identification and prevention of possible threats. Preparation of cases or design of action plans for certain events.
  • Search for general information: knowledge acquisition, learn to do something, etc.
  • Journalists: documentation for reporting.

Advantages and disadvantages

Advantages Disadvantages
Convenience and ease of access: information can be collected from anywhere Sometimes the excessive amount of information slows the process of selecting and filtering it
Cost savings: obtaining the information does not imply any cost Reliability of published information. To minimize this risk, it will be essential to ensure the reliability and reputation of the selected source.
Constant update of the information Collecting data and information on a large scale, analyzing and visualizing it for efficient use, often requires the use of analysis software licenses, subscriptions and large budgets.

Follow us on Twitter and LinkedIn to stay up on the latest updates!