A cybercrime story is never far from the news. Last month M&S was the latest in a growing line of high-profile institutions to suffer from a cyber attack.
State-sanctioned practices, coupled with the growing use of AI and emerging technologies, are creating a complex cybercrime scene with a minefield of risks. It’s why the NCSC warned of a growing gap between cyber threats and defense capabilities last year, reporting a threefold increase in severe incidents compared to the year before.
With threats appearing from all angles, law enforcement agencies, financial institutions, and businesses alike are all in need of efficient tools and processes to squash these threats. And one of the answers could lie in open source intelligence (OSINT).
Chief Executive Officer at Blackdot.
What is OSINT?
With criminals hiding behind fake identities and information spread over many sources, OSINT is proving to be a highly effective mechanism, mobilizing publicly available data in the fight against cybercriminals.
OSINT is the targeted collection and analysis of publicly available or licensable data to produce actionable insights.
One of the key steps to defining OSINT is recognizing how it differs from OSINF – open source information. OSINF is publicly or commercially available information located in sources such as news publications, social media, online forums and corporate registries (like Companies House). Naturally, this data can be biased and unregulated, meaning its insights are limited on their own.
OSINT is the product of collecting, combining and analyzing OSINF. It produces actionable intelligence and can draw out insights that are not always apparent in the raw data. Given the number of internet users has doubled over the past ten years, there has never been such a volume and range of this data – and therefore never more of an opportunity to get insights out of OSINT.
Who uses it?
While traditionally employed by government intelligence agencies, the use of OSINT has spread to other public sector bodies, financial institutions, large corporates and media outlets to derive insights not available through other sources of intelligence.
For banks and corporates, for example, regulations like the EU’s sixth anti-money laundering directive (part of its AML package) or its corporate sustainability due diligence directive require institutions to conduct robust due diligence on their customers and supply chains. This is to protect the market against risks such as unknowingly engaging with people who are facilitating money laundering or potential business partners who have adverse human rights and environmental impacts.
OSINT helps to cast a light on these hidden risks and identify connections between companies or people, making it an ideal tool for fighting complex, network-based crimes. It can play a lead role in use cases such as anti-money laundering and organized crime investigations.
So, whether investigators are reviewing publicly available social media content to learn more about a sanctioned entity’s assets or finding connections to possible shell companies in corporate records, this open source data can be harnessed to provide critical intelligence to crime fighters.
Unmasking criminals: How OSINT tackles cybercrime
Of course one of the main objectives of criminals is to remain undetected. And from fake profiles to the dark web (more on that soon), the internet has provided cybercriminals with a variety of ways to act anonymously and mask their identities. So, OSINT for cybercrime is all about finding the real-world identities behind the perpetrators. But how can it help to unmask criminals?
OSINT offers major benefits to investigating cybercrime by giving investigators the means to uncover insights not available anywhere else. For example, by analyzing where the same usernames are used across the web, investigators can begin to draw connections to a suspect’s real-world identity.
Cybercriminals operate in the online world, so OSINT is perfectly suited to fighting them. Sources such as internet forums and publicly available social media accounts are exactly the places where bad actors may have scattered breadcrumbs concerning their identity or operational activities.
Then there is the dark web. This is a key gateway for criminals, and therefore a key data source for investigators. Criminals talk more freely about their activities there, whether they are sharing personal data from cyberattacks or describing their techniques. But as the dark web involves using another browser, it isn’t easily accessible through normal web browsing techniques and accessing it can be an extremely risky process.
OSINT platforms can provide a secure ecosystem for investigators to tap into dark web resources, as well as improving security when reviewing publicly available social media and other web sources. By being able to uncover leaked data or messages on dark web forums in a safer environment, investigators can understand the nature of stolen information or start to map out criminal networks. And by assessing correlations between forum posts, profile images and metadata across dark and surface web, they may ultimately find real-world identities behind criminals.
Crucially, this can provide organizations with insights to prevent future attacks and plug security gaps.
OSINT: A fearsome defender
Nearly every crime has a financial motivation in some manner. Cybercrime facilitates different forms of crime such as fraud and money laundering, but these are distinctions that criminals do not make. Consequently, the organizations using OSINT to fight back against cybercrime are also playing their part in dismantling systems that fund broader criminal activity.
More cybercrime stories will hit the news this year, adding to the multitude of threats presented by cybercriminals. It will be more critical than ever that investigators have the right tools to understand the huge volumes of unstructured data available online - and use it to identify and disrupt criminal networks.
OSINT lets investigators take full advantage of publicly available data and turn it against cybercriminals. Whether it’s government agencies investigating serious and organized crime or banks adhering to compliance requirements, the technique allows investigators to use a wide range of publicly available sources – including the dark web – to connect the dots and unmask the real-world identities of cybercriminals.
We've featured the best online cybersecurity course.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.