6 top OSINT tools: Find sensitive public info before hackers do

Hackers use open source intelligence to find information that will help them compromise systems. Using these tools will tell you how much of that info is exposed.

During the 1980s, the military and intelligence services began to shift some of their information-gathering activities away from covert activities like trying to read an adversary’s mail or tapping their phones to discover hidden secrets. Instead, effort was put into looking for useful intelligence that was freely available or even officially published.

The world at the time was changing, and even though social media had not yet made the scene, there were plenty of sources like newspapers and publicly available databases that contained interesting and sometimes useful information, especially if someone knew how to connect a lot of dots. This kind of spycraft was dubbed open source intelligence, or OSINT.

How OSINT is used in security

The same OSINT tactics used for spycraft can now be applied to cybersecurity. Most organizations have vast, public-facing infrastructures that span many networks, technologies, hosting services and namespaces. Information can be stored on employee desktops, in legacy on-prem servers, with employee-owned BYOD devices, in the cloud, embedded inside devices like webcams, or even hidden in the source code of active apps and programs.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!