As an individual’s online presence grows, the amount of information an attacker can use against them grows with it. Everyone has heard of a story of some online personalities’ information being leaked online. But very few people know how this happens and why it is so common.
Many of these ‘Hacks’ of personal information never actually take this private information but discover it using a number of techniques under the umbrella of OSINT (Open Source Intelligence). An individual or company can be put at great risk because of the information they have released about themselves online. OSINT techniques generally involve digging through a person’s online footprint and seeing what information they can find.
Do they have a photo of the outside of their house? Is there a fast food restaurant they really like to visit? All these questions, when asked in the context of individuals online footprint, become a gold mine of information about that person. Their habits and their posts are no longer viewed as entertainment by criminals but as a collection of points and metadata which, if collated and compiled carefully, can produce devastating results.
“But no one really cares about me that much, right?” I hear you say. Well, that would be true if your personal information was worthless and could not be sold for a profit. There is an entire market based on surveillance; buying and selling people’s data in order for it to be used further at a later date. This data is rarely harvested by individuals but by automated machines designed for this single purpose; collecting as much information about you as possible and turning it into profit by any means possible.
Understanding and auditing your online footprint is the best and most effective way to ensure that it cannot be used against you. Privacy settings might deter most attackers but the number one way you can prevent your data from being used against you is to understand the risks and only release information you know you are comfortable posting.
Although changing your online habits is a great start, it won’t shrink your already existing online footprint. That’s why, at Sencode, we’re helping shrink online footprints for people and organisations with our ‘Information Disclosure‘ service.
Frequently Asked Questions
OSINT or Open Source Intelligence is the process of collecting publically available information about a target. This can be done with or without the targets knowledge and is often the start of a larger campaign. OSINT can be used to collect and collate large amounts of information in order to build a collection of useful information this often includes personal information such and email addresses and addresses in order to launch a large campaign with the information gathered.
Hackers often use OSINT as the first step of an attack. Understanding an organizations footprint and being able to use it against them is extremely important. Many organizations will actively seek out their own footprint using OSINT techniques to ensure they are not leaking data that should not be public. Attackers will jump at any data they can use to gain a foothold on an organization and OSINT is no different. Knowing somthing about an organization that they did not know existed or had forgotten about can be extremely useful and can be used to great effect.