Sure, you could Google yourself to see what information about you is floating around out there. Or you can go levels deeper and “OSINT” yourself, arming yourself with more data that could help you take measures to protect your privacy and lessen the risk of identity theft.
Open-source intelligence (OSINT) is the collection and analysis of publicly available information specifically to generate profiles on individuals or groups. Information is scraped from a variety of sources including traditional and online media, public government data, and trade and academic publications.
The more information about a person there is online, the more accurate a profile will be—not great for an individual’s privacy or susceptibility to identity theft or other forms of fraud.
OSINT techniques fall into several categories:
- Passive: This involves the passive collection of information from a variety of sources using search engines. In this scenario, no direct contact is made with a target, nor is there a high risk of detection.
- Semi-passive: This involves the collection of information using scraping or aggregation tools. In this scenario, there is also no direct contact made with a target, nor is there a high risk of detection.
- Active: This involves actively collecting available information sitting on a target’s servers. This is done via searching for access points into a target’s networks, entering said network, and retrieving information. In this scenario, direct contact is made with a target and there is a higher risk of detection.
Who uses OSINT?
Cybersecurity professionals use OSINT to find company data leaks to patch up, such as open ports and unsecured documents. OSINT research is also conducted by members of law enforcement, private investigators, national security, business/competitor intelligence, and recruitment and HR professionals.
Individuals can use OSINT tools to research themselves in order to tighten up their personal privacy and security.
What can people find out about me online?
Given how broad the sources of OSINT are, the types of information discoverable on individuals can include:
- Usernames and passwords
- Email addresses
- Social media accounts
- Physical addresses and residential history
- Dates of birth
- Business registrations
- Medical history
- Employment history
- Academic history
- Financial history
- Service subscriptions
- Sexual health and history
- Schedules and routines
- Political opinions
Free open-source intelligence tools
There are a variety of free and paid OSINT tools that are readily available online which can give you an indication of what kinds of personal information you have out there.
Some great OSINT tools that are also free include:
IntelTechniques Search Tools
After being taken down in 2019, the IntelTechniques Search Tools are back online. Created as a supplementary tool for the educational materials written by Michael Bazzell, a former U.S. government computer crime investigator, the IntelTechniques Search Tools help you search for everything from social media accounts to home addresses and information gathered from data breaches.
We’ve written about the Internet Archive before. Its Wayback Machine digital archive is a treasure trove of around 700 billion—you read that correctly—web pages which can make hunting information that is no longer readily available on the internet an easier task.
Phoneinfoga, or the phone information gathering tool, is an advanced search tool to scan any instance of a phone number on the internet. Simply plug in the phone number you want to search (in international/E164 format) and let the tool do its thing!
Have I Been Pwned?
Have I Been Pwned? is a great resource for finding out if your phone number or email have been compromised in any international data breaches. The tool currently has information on over 600 compromised sites and 11 billion accounts.
Like Google Image Search, TinEye is a reverse image search tool. Unlike its Google counterpart however, TinEye is more accurate and returns fewer false positives. This is useful for finding out what unwanted images of you may be in use.
The BuiltWith tool is a website profiler that provides information on what technology and content management systems are used on a website. This is useful for finding out useful data for competitive analysis on your competitors.
Google and DuckDuckGo
This one’s a no-brainer. These two are great free OSINT tools, especially if you know how to use filters for finding exactly what you want. A list of Google search filters can be found here and here; and a useful guide on DuckDuckGo search syntaxes can be found here.
What are the downsides of open-source intelligence?
In terms of practicality, sorting through the sheer volume of data that’s available on a person or a company can be cumbersome. Further, you’d also need to verify that the information you’ve discovered is actually accurate.
That said, the biggest downside of OSINT lies in the ability of the information discovered to be exploited by malicious actors. There are also laws in place that dictate what you can look into and what you can do with the information you’ve retrieved—these laws will vary according to region. In other words: Just because something can be found doesn’t mean it should be.
FAQ: About open-source intelligence
Is OSINT legal?
OSINT—the gathering of publicly available information—is a perfectly legal undertaking. That being said, what you do with the information you’ve discovered is what ultimately decides its legality. There’s a difference between penetration testers looking to discover vulnerabilities to fix them and hackers looking to exploit them. It is also worth noting that most laws surrounding OSINT will limit what one can do with what’s discovered.
Is OSINT free?
OSINT is free in both the gratis and libre senses. Gratis in the sense that it can absolutely be conducted at no monetary cost and is the collection of publicly (freely) available information. Libre in the sense that information gathered can essentially be done so with little or no restriction.
How do hackers use OSINT?
Hackers use OSINT as a way to gather information to discover possible vulnerabilities in order to exploit targets. Information gathered could be used to construct a profile of a victim to impersonate them or to socially engineer them for more meaningful information.
What can OSINT be used for?
OSINT can be used for anything ranging from building profiles on individuals for national security, to competitor analysis, to background checks by recruitment and HR professionals. Its use depends on who is conducting a search and for what purpose.
Take back control of your privacy
30-day money-back guarantee