Circuit Stitch: Welcome to DR's note, your weekly dose of knowledge from Circuit Stitch Blog.

Today we will talk about OSINT.

What is OSINT and how do you pronounce that? Let’s start with the latter and work our way from there. It is pronounced O SIN T, start with the O and say SIN, and end it with a T. So what is OSINT, it stands for Open Source Intelligence, the meaning which is coming from Wikipedia is, “the collection and analysis of data gathered from open sources (overt and publicly available sources) to produce actionable intelligence.” Basically, it means any source of information you can gather by publicly available means. It’s the beginning steps that some hackers would take to investigate you and find out all they can so that hack or take advantage of you.

Are hackers the only ones that do this? Nope, it is not just hackers that use OSINT, it is business’s, law enforcement, or nation-state actors. Businesses use OSINT to gather knowledge about consumers as to better market to them and thus increase profits. Law enforcement use it to gather knowledge people they are trying to arrest, to build a better case on them. Nation-state actors use this info to do all sorts of malicious things spear phishing (target phishing campaign) to industrial sabotage. Nation-state actors can be some of the most highly trained and devoted hackers out there.

Your are probably asking yourself, how does this pertain to me? OSINT can be used to learn more about you! This is one reason I say to keep all your account private as much as possible and don’t overshare on social media. But how do they find all this out? Nowadays they have software out there that can do sweeps of the internet for certain usernames, email addresses, etc. But the most common thing used today is called Google hacking or more commonly known as Google Dorking. Techopedia defines Google Dorking as “a hacking technique that makes use of Google's advanced search services to locate valuable data or hard-to-find content.” So you use advanced search services that are already baked into Google’s search engine, In the next paragraph we will look into how this is done and ways you can use it to your benefit.

So let say you wanted to search a website (lets say Target) for an item or items(lets say Pokemon), you could type in the Google search bar pokemon target and you’ll get things from Pokemon cards to toys to youtubers that went to target for Pokemon. Now if we put in the Google search bar site:target.com “Pokemon”, this will search the Target website for anything that has the word Pokemon in it. You can do this with any website and and search terms, I used this process when looking for ink for printers here at SMC. There are tons that you can do with Google Dorking, I’ve linked a google dork cheat sheet in the sources if you care to look.

Other the Google Dorking what are some other ways that people find OSINT. Well once someone gets your name or even a username that you use on social media, video games, etc. they can start to build their OSINT on you by searching either of those terms and as they find more info it will give them more to search. It’s like a snowball effect or an even more strange analogy where the person takes a penny and trades up to eventually have a car. It is reasons like these I advocate that you use a Password Manager, 2FA, change accounts to private, and never trust anyone online or on the phone. If you just do a couple of these then you will be ahead of so many people.

I hope this has been eye-opening and gives you a better understanding of what OSINT is and how it can be used to help or harm you. As always if you have a questions or concerns feel free to call or email me, I’d love to talk about it. Also if you have any DR note topics you want me to discuss please let me know. Until next week, I hope you have a great week and Be Awesome.