• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
    • Get the 2022 Cloud Scurity Comparison Guide
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
      • Cyber Threat Categories and Definitions
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Security

The More You Know: OSINT and Security

By Kara Drapala
Posted on October 21, 2015
Updated on July 24, 2020

Share

FacebookTweetLinkedIn

“Too many people still mistake secrets for intelligence,” says Stephen Mercado, an analyst in the Directorate of Science and Technology at the CIA. OSINT, or open source intelligence, has been both a boon and an Achilles’ heel for intelligence communities for decades. While certain public information may seem harmless, OSINT collected for malicious purposes can prove devastatingly efficient when devising attacks, especially in the hands of an experienced social engineer.
OSINT refers to the wide range of information collected from publicly available sources: print and broadcast media, academic texts, and more recently, social media, blogs, forums, and more.
In the recent past, OSINT has helped every major world power gather intel on adversaries in conflicts from WWII, to the Korean and Vietnam wars, to the Cold War. Sources have evolved from print publications obtained by foreign agents (the US aerospace publication Aviation Week — dubbed “Aviation Leak” for its scoops — was a “perennial favorite,” according to Mercado) to radio, and finally to the Internet, today’s unequivocal fire hose of information.
The Internet not only provides its own wealth of information, it also makes obtaining other sources of OSINT easier than ever. “During the Second World War, Dr. Fairbank traveled far and at great expense to gather Japanese publications in China and send them to Washington,” writes Mercado. “Today, anyone, anywhere can order Japanese media with a click of the mouse from amazon.co.jp or other online merchants and receive the orders by express air shipment.”
But with great ease comes great vulnerability. Attackers who are aiming to break into your network won’t read a few newspaper articles and call it day. Numerous tools freely available on the Internet can assist anyone interested in gathering OSINT. Infosec Institute has a brief list, which includes specific information-gathering tools and data such as Maltego, and WHOIS data, as well as multidisciplinary tools like NewsNow, which are primarily sales and marketing sites. (Another list is available here.)
Social engineers in particular are likely to make use of OSINT. Dale Pearson, writing for subliminalhacking.net,giphy (1) comments: “the use of both open source intelligence and acquired information, allows for individuals and groups involved in cyber crime to fuel their knowledge and power influence and manipulate their targets to achieve the required illusion of trust with their target.”
He continues, “The information gathered on a target allows the attacker to create a pretty accurate profile of their target, and potentially of that of their families and friends, as well as their interests both publicly and privately. The aim here is to either act as an individual of trust, or create a pre-text that will be considered trustworthy to aid in achieving their goals.”
According to social-engineer.org, “social engineering is a vector used in [more than] 66 percent of all attacks by hackers, hacktivists, and nation states,” and OSINT enables attackers to be more believable to unsuspecting employees.
However, defenders can make use of OSINT as well — to both understand what information is available to attackers, and how to educate employees and users on what information can be safely shared online. CSO Online statistics show that “the average U.S. company spends $15 million a year battling cybercrime.” Managing OSINT related to your business can help reduce the leverage bad actors have when attempting to infiltrate your networks.
OSINT is, according to Arthur Hulnick, a former CIA officer, “neither glamorous nor adventurous.” However, “open sources are nonetheless the basic building block for secret intelligence.” While not the sexiest intel on the market, OSINT can be highly effective for attackers. What constitutes sensitive information is different for everyone, so make sure your security team regularly communicates with employees about posting information in forums or on social media channels, and monitors all channels for sensitive data. Hackers want to infiltrate your castle — don’t make it easier by handing them the keys.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella