While it’s been getting an increasing amount of attention in recent years, OSINT—which stands for open source intelligence— is nothing new. 

It has its roots in the military, which primarily used OSINT decades ago to gather publicly available material, including newspapers, and TV and radio broadcasts. The goal was to gather intel on the enemy’s military and political activities in the name of national security.

However, after World War II, intelligence teams shifted their attention to what was considered more sophisticated methods at the time, such as SIGINT, signals and electronic intelligence, and HUMINT, which stands for human intelligence or simply old-fashioned Sherlock Holmes-type spying.

But OSINT is back in a big way.

And it has a lot to do with the fact that there’s a massive amount of public information available online. Although military officials have led the way with the re-emergence of OSINT, it is available to anyone.

To better understand OSINT and what it can mean to you, let’s take a look at a general definition beyond the acronym: OSINT basically translates into any information about an individual, company or organization that can be legally and freely obtained from various public sources. That information can be gathered from a significant number of sources, including the following:

  • Code search
  • Documents
  • Domain names
  • Email addresses
  • Geospatial research
  • Images
  • IP addresses
  • Metadata search
  • Online communities
  • People search engines
  • Search engines
  • Social media
  • Telephone numbers
  • Usernames
  • Videos

 

However, not everyone is on the same page on how OSINT should be used.

 

Using OSINT for good—and bad

Trace Labs, a nonprofit global organization, is among those using OSINT for incredibly good purposes. Trace Labs crowdsources OSINT to help people more quickly find missing loved ones while, at the same time, training the community in the tradecraft of OSINT.

Since 2018, Trace Labs founder Robert Sell and his team have led a community of “good hackers” to successfully track down more than 300 missing people using OSINT. Sell, who is a global IT expert, created a model in which Trace Labs invites amateur and seasoned hackers globally to help work on missing cases. 

Trace Labs, which uses the hashtag #OSINTForGood, regularly hosts a global OSINT search party. Participants work together in teams of four to conduct open source intelligence operations to find missing persons. Think of it as a digital search and rescue.

On the other hand, although gathering public information through OSINT is perfectly legal, some people harness the power of OSINT to engage in criminal activity, such as spear phishing. Cybercriminals are able to leverage OSINT as a first point of attack, finding personal information about individuals and businesses by searching through social media accounts, websites, IP addresses, videos and other data online. By analyzing this information, sort of gathering intel like military officials did, they can launch cyber attacks like phishing against their prospective victims.

The threat of cyberattacks is steadily increasing, according to Barracuda Networks. The IT security company released a report that revealed 35 percent of 10,500 organizations analyzed had been targeted by at least one phishing attack in September 2021 alone. Each company that was targeted reported an average of three employees had received fake messages.

“Cyber thieves are using new strategies, tactics and techniques to help increase the chances of success of their phishing attacks against companies and organizations,” Barracuda said in the report. “As attackers work to make their phishing attacks more targeted and effective, they’ve started researching potential victims, working to collect information that will help them improve the odds that their attacks will succeed. Bait attacks
are one technique attackers are using to test out email addresses and see who’s willing to respond.”

These cyberattacks have racked up millions in costs for international and U.S. companies, including Facebook, Google, Xoom Corp., Mattel and Upsher-Smith Laboratories. With Upsher-Smith, the pharmaceutical company paid out more than $50 million in 2014. The phishers were able to pretend like they were the Upsher-Smith’s CEO, and directed the accounts payable department to issue nine fraudulent wire transfers. 

As a pre-emptive move against these types of threats, cybersecurity agencies are using OSINT to identify any weaknesses in a company’s networks. Any sensitive information is removed.

 

Learning OSINT for true crime investigative work

If you’re like the Trace Labs team and want to gather public information to fuel your search, you could go about it the old-fashioned way — combing through websites, social media platforms like Twitter, and other online and offline resources. But that would be incredibly time-consuming.

Instead, you could streamline that process by using tools listed under the OSINT Framework, a collection of resources compiled by Justine Nordine. As Nordine says on the site, the intention behind the framework is to “help people find free OSINT resources.”

By clicking on a specific category and subcategory, you can get a comprehensive list of tools to help in your search.

For example, under “People Search Engine,” users can choose from “General People Search”  and “Registries.”

A click on “General People Search” leads to an extensive listing, including the following:

  • Been Verified
  • Speedy Hunt
  • Fast People Search
  • True People Search
  • Cubib
  • Sorted By Name
  • Addresses.com
  • AnyWho
  • Ark
  • My Life
  • The New Ultimates
  • Genealogy.com
  • eVerify
  • Nuwber
  • SearchBug

 

Other popular OSINT tools to assist in your search

BeenVerified: Quickly search for people’s public information — current and previous addresses, social media accounts, phone numbers, age—with this tool. 

CheckUserNames: Use this OSINT tool to find usernames on more than 150 social media platforms.

Google Dork: This Google hack enables you to get information that you wouldn’t be able to get easily without using a series of advanced search engine operations.

HaveIbeenPwned: Have you or those you know been the target of an attack? Find out with this easy-to-use tool.

OSINT.Link: This site also provides a listing of various OSINT sources, including meta search engines, reverse image search engines and graphic search tools.

Maltego: This comprehensive tool, which charges a fee, speeds up the OSINT process by allowing for real-time data mining and information gathering. 

Metagoofil: Extracts metadata from public documents, including pdf., doc., xls, ppt., docx and more.

Shodan: This tool crawls the internet worldwide to provide comprehensive intelligence.