Tag Archives: OSINT

Introduction to Digital Exposure

Posted on by

I suppose there is a certain paradox in relation to having content about OSINT, OPSEC & Privacy on the same website. Why would someone who is involved in OSINT care about a person’s Privacy or why would someone who is keen on their Privacy care about OSINT or OPSEC.

I hope from the explanation below you will see how  OSINT, OPSEC and Privacy are so closely linked and if we practice one discipline we should have a good working knowledge of the others.

An OSINT practitioner needs to understand the limitations of their work if they do not know how Privacy or OPSEC practices deployed by a subject may affect  their ability to capture information or intelligence. Can they see this, understand it and can they circumnavigate it?  They also need to understand the risk of being compromised by  their own OPSEC practices. Do they understand that if they deploy tight Privacy practices on their accounts that this may effect what they can see of their subject.

A person who cherishes their Privacy needs to understand how it can be exploited by OSINT practitioners. What are the risks to people who do not practice Privacy or OPSEC.

OSINT

OSINT, stands for Open-Source Intelligence, which is a methodical driven approach to collecting, analysing and making decisions about data accessible in publicly available sources which is to form an intelligence picture of a subject, group, company, organisation or country.

It is probably true to say that OSINT has been around as long as it has been necessary to obtain information or intelligence. Certainly after both World Wars and the onset of the Cold War there was an uplift in the necessity to collect Open-Source Intelligence. As we have moved into the digital age, more information is publicly accessible and as our digital footprint expands so do the opportunities to obtain Open-Source Intelligence.

OPSEC

Operational security looks at what digital footprint risks we leave and  how we can mitigate those risks. It encourages us to view our habits  from the perspective of an adversary in order to protect sensitive  information about ourselves or the fact that we are looking at them.  What are our vulnerabilities and can they be discovered or exploited. It  is not that we are trying to hide it is that we are trying not to be  discovered. It is not just about social media, it includes, IP bleed, metadata bleed, how smart phones are constantly probing for connections that leave their own digital footprint.

Some measures we can take are free, some we will have to pay for, some  measures are simple to implement some require more knowledge and  application. The important point however is that we can increase our  OPSEC and still enjoy our smart phones.

PRIVACY

The above two have their history firmly planted in the military and intelligence worlds however with the advance of the digital age Privacy is also an important factor now.

I am not sure that while we use and carry around a smart phone, or other device that transmits and receives data that we can ever be 100% private. Can we really be expected to know what our smart phones and the apps on them are really doing. What we can do however is take steps either reasonable or extreme to reduce our digital footprint and increase our privacy.

What information we openly share or have to provide to be able to use a service can be potentially important personal identifiable information. We need to have some control over how our personal information is collected and used. The next data breach could expose you.

HOSTILE THREAT PROFILING

Putting all the above together, we can begin to see how individuals may be susceptible to hostile threat profiling. For people in positions of authority or influence this could be a vulnerability.

“Once effectively gathered, this intelligence can be used to locate an individual, identify patterns of life and target them accordingly. Many people are unaware of how they are sharing their personal details and what types of data may appear online. This is a particular risk for law enforcement, military, security services, diplomats and high profile people.”

David Benford, Hostile Threat Trainer.

“A high-valued target can be anyone with privileged access and organizational influence, with access to sensitive information, or anyone with high levels of exposure and influence”

“Social exposure will inevitably lead to security & personal information leaks, especially when the high-valued target is not aware of essential security guidelines”

Christina Lekati, Social Engineer

Ideally in the below image we would want the circles not to interlink  however this is not realistic given the digital age we live in. We need to make the area where they do interlink as small as possible. We also need to understand that the circles may not interlink evenly and as a result we can assess where our vulnerabilities lie more accurately.

In the below image we can look at what we want from our digital devices in terms of Usability, Security & Privacy. I have chosen a more Secure and Private approach by placing a dot in the lower left corner, I have scarifised  Usability. This may not be suitable for all, by moving the dot around the triangle you can see what is important to you and then you can be to work out how reasonable or extreme you strategy needs to be to achieve better Security and Privacy.

How you want to position the above circles or dot will depend on your own Threat Model which should be distinct to you.

Once we have an understanding of OSINT, OPSEC, Privacy & Hostile Threat Profiling we can then discover how individuals or entities can exploit our information or even find us. Realistically whilst we are carrying around smart phones, tablets etc, we can never really be 100% sure what we are giving up in relation to Privacy and how that affects our Threat Model.

Free Wi-fi, is it free?

Posted on by

So for my latest blog I decided too see if free Wi-Fi is indeed free or whether it comes with a hidden cost. Now I don’t use public Wi-Fi not because it is inherently vulnerable, as I can use a VPN to negate some of the risk, however for those who don’t use a VPN then there is the classic machine in a middle attack.

I don’t use it’s because of the personal identifiable information you are having to provide in most cases to sign up. For those who are old hands at privacy, they will be using burner emails etc but this is not mainstream behaviour.

This is a random selection of providers with no real methodology as to which ones I tried.

McDonald’s was my first port of call.

McDonald’s Wi-Fi is supplied by O2, a mobile number gets you through the first part where you receive a code which you then probably think is that, but no, you then need to enter an email address, name, date of birth and postcode.

What we are seeing is the potential for you to be tracked. If you have your Wi-Fi turned on all the time you could automatically reconnect to the Wi-Fi networks you have signed up to. Using your mobile MAC address the Wi-Fi provider can uniquely identify you. Not only that they can link you as a person to your device and you are no longer anonymous.

I did a little experiment with a second hand mobile I bought. It had been factory reset and had a new profile on it. When I tried to connect to the Wi-Fi in McDonald’s it provided me with the name of the previous owner. What I believe happened was that the Wi-Fi had recognised the device details that it had obtained when the previous owner had signed up, such as the MAC address. This was linked to a real life person and as such I got the welcome message of, ‘Hello Barry we haven’t seen you in a while, see what is new.’ (I did change the name). This demonstrates another danger that if you sell your mobile and you have been using free Wi-Fi then some of your personal information may be compromised.

For those of you who conduct OSINT and who chose to use public Wi-Fi to create sock accounts because social media companies such as Facebook have in affect banned VPNs for creating accounts; then you too need to be aware of not only the potential OPSEC risks but also what may happen if you sell a device. The above will apply to laptops and tablets etc too. Reusing a device may compromise your OPSEC and for those in LE for instance, you need to give careful consideration how a device is disposed of after it is no longer needed.

O2 supply Wi-fi to the following in the UK albeit I believe Bunnings is no longer with us.

You can use this link https://www.o2wifi.co.uk/hotspot to search a location for O2’s Wi-Fi.