OSINT is a major aspect in cyber security. Yet it is often greatly misunderstood! Its importance extends to you as an individual and to the entirety of the security landscape. By the time you finish reading this, you’ll know everything you need to protect yourself in this digital world- from Google Dorking, also known as Google hacking, to how hackers implement their skills in searching for missing people.

OSINT stands for Open Source Intelligence, meaning the gathering of information from publicly available sources. For example, let’s say you wanted to connect with a friend from the school days, the first thing you could look up their social media profiles, to find that their old accounts are no longer being used, then you look up their friend’s list in order to find close relatives which leads you use to dig up more information such as newer profiles. This is a simpler example of OSINT, but know that the term goes beyond just looking up profiles of your friends. Another example of OSINT techniques is Google Dorking.

Google Dorking (aka Google hacking) is the use of special operators to narrow down your searches. Operators such as “intitle” and “inurl” are used to find websites that run unsecured versions of software, while other operators such as “filetype” can be used to find exposed files that may contain sensitive information. Google Dorking is also used to find unsecured IOT devices, such as web cameras or baby monitors, as they use very specific titles for their web portals. This gave rise to more specialized search engines, such as Shodan, which simplifies this process and provides more advanced tools.

Social media, as you can guess, is a massive source of information that could be a great use to anyone conducting OSINT. Your profile usually includes your full name, your date of birth, the country you are from, what your interests are, and even the names and profiles of your close friends or family! This allows anyone to build an entire dossier about you and then exploit that information for their own gain, be it large-scale surveillance, advertising, stalking and harassment, or just breaking into your accounts.

With social media being mentioned, we neglected the “media” of this term. People’s posts of pictures and videos of themselves often leak much more than the average person expects.

Information such as your habits, when you are out of your house, or even your home’s actual location is obtained by studying photos or videos you have posted of your house and then trying to narrow down the location using the architectural style of the building or by spotting any landmarks that can be tracked down using satellite data and tools such as Google Lens, but that doesn’t even scratch the surface of it.

Oftentimes, people leak important information about their employers, such as building layout, security checkpoints, or even what the ID looks like. This information can be used by someone like a physical penetration tester or a malicious actor to make a fake ID and break into the building.

Some criminals even started combining AI and the data they gathered via OSINT to manipulate people. A recent example of this is a mother receiving a call from people pretending to have kidnapped her daughter. They had used AI to copy her daughter’s voice and required a ransom to release her.

While OSINT can be used by malicious actors, there are a lot of benefits that come from it. A lot of journalists use OSINT to expose corruption on a daily basis. In these past couple of years, some organizations and hobbyists have used this tool to find missing people. One such example is Trace Labs.

Trace Labs is a non-profit dedicated to finding missing people via crowd- sourcing OSINT. They host events where teams try to find information about missing people; the more useful the information is, the more points your team gets, and so on. That evidence is then handed over to the proper authorities.

Another example is The Charlie Project, a website dedicated to cold cases of missing people. It allows hobbyists to try to find missing people and brings closure to families whose relatives have gone missing.

All you need to remember is that abusers, stalkers and thieves can and do use OSINT people daily, and knowing that, you need to be careful online, here are some tips:

• Private your social media profiles and delete ones that you don’t use.
• Don’t share any photos of you online, but if you do, check that they don’t reveal important information such as your location.
• Educate others around you; it doesn’t matter what you do if your family or friends leak information about you anyway.