OSINT Strategies in 2021

Most of the people use Internet services in which they store family and personal photos, as well as information related to political or religious affiliations, tastes, hobbies and much more. We spoke to the team at OSINTinsights.com, an OSINT publication, to find out more.

 But perhaps not everyone is aware that much of this information is publicly exposed and can be used by people or organizations with different objectives, from planning an attack, analyzing information, solving a crime or conducting investigations.

The truth is that the techniques and tools for the collection and analysis of information are increasingly popular and are a key aspect of information security. In this sense, in the 15th edition of Ekoparty, the OSINT Latam Group team presented a workshop on OSINT and Social Engineering tools applied to research.

OSINT stands for Open Source Intelligence (in Spanish Open Source Intelligence), and it is a set of techniques and tools to collect public information, correlate data and process it. That is, to apply analysis and intelligence to the large amount of publicly accessible information on the Internet with the aim of drawing useful conclusions for an investigation, monitoring, a marketing campaign, etc.

As in other methodologies, when we work with OSINT we have different phases or stages: Planning, Selection of Sources, Data Collection, Processing, Analysis and Reporting. All of them are important to be able to move forward with clear data and not get lost among the large amount of information that exists on the Internet. However, for those who are just getting started with these techniques, it can be somewhat cumbersome, so a good way to start to become familiar with the methodology is the Cyber ​​Patrol Workflow Guides. These guides are very useful to be able to order the information and learn to correlate the data. However, it is necessary to previously define the selectors and keywords that we are going to search, otherwise we will end up in a sea of ​​meaningless information. The more specific the searches, the better.

Although it is said that once something is uploaded to the Internet, it is never deleted again, the truth is that the original content could be deleted by the user or service that published it. It is not uncommon to return a day later to look for the information that we had found and that it has been eliminated, so all information found must be documented, to avoid the loss of evidence. On the other hand, as we find important data, it is necessary to classify them and assign them a value according to the confidence and the level of verification that we have of that data. In general, a scale is used in which the sources and data found are classified from “false source”, “doubtful”, “possibly reliable”, “probably reliable” to “verified or trusted source”. As the investigation progresses, the sources and data can go up or down in category according to the data that we obtain and corroborate.

OSINT domain name research tools to improve your investigations During the workshop presented at Ekoparty, we were able to compile a series of very useful searches and tools for conducting research, of which we share some below:

Searches by location: Many of the posts or comments that are uploaded to the Internet are georeferenced, so tools such as Geo Twitter, or others from the Geo Social Footprint project, can be used to search for news or posts in a specific location. Keywords: When defining keywords, it is necessary to know the language and lunfardo, since many words change according to the region. In this sense, the news in local newspapers can be very useful to define keywords. On the Newspaper Map site we will find local newspapers from different cities and regions around the world. Labor data, identity documents, etc: Many people do not have social networks, bank accounts or credit cards, however, they can be found through government pages through their identity document, social security, tax registration, public services or even traffic offenses. Generation of identities for research: As we explained in the article on legal aspects to take into account when carrying out security tests, it is advisable to carry out all investigations from a false identity, but this identity cannot be created with real data of another person. In this sense, there are applications such as Fake Name Generator to create an individual's data and This person does not exist to create fake photos from artificial intelligence. In addition, the idea is that these profiles have activity and appear real, for which applications such as PostCron can be used to con

good for my post about the kindle virus removal.

kindle fire viruses and hackers

one thing that i read up on recently is whether my kindle fire can get a virus. now i just bought this a few weeks ago. i've already browsed the internet, checked emails, done a lot of stuff on it already. it's hard to tell if it's actually able to get a virus. it runs a lot like a normal phone, especially considering it's using the same operating system as a lot of phones. a post a came on about kindle fire viruses was pretty informative on the subject. i consider my self 'well read' now. the issue with this is that since the kindle operates just like a phone, and phones are susceptible to viruses and other attacks, phones can easily get viruses, so so can your kindle fire!

the article i linked pretty much just went down the basics of how to protect yourself. there are a lot of tablet antivirus protection out there, some free, some not. it's recommended for AVG. it's probably the best in terms for tablet protection. other than that, general online safety should be heeded. like being careful browsing suspicious sites our download suspicious software. opening emails, like always, you must be careful.

i have yet to get a virus on my kindle fire. but my mother has one as well, and the other day she brought it over because she said it locked her out. i turned it on, and there was the FBI virus. it claimed she needed to pay them money through money pack to unlock the computer. it even said my mom downloaded zoophilia illegal pornography! impossible. But I did download the AVG tablet protection and it got rid of fast. So I can say as a fact that there are Viruses on the Kindle Fire. So always be careful when browsing and practice safe browsing online!

hackers being arrerested - is it enough?

Computer hacking and online fraud is the fastest growing crime in the world. It's also one of the most difficult to trace crimes. The arrest rate for hackers and online fraudsters can be as low as 2-4%! This is incredibly low and a huge alert to authorities. Hackers and fraud costs the US alone billions of dollars a year in financial losses. It's a menace to innocent people, authorities, and society in general.

Recently, FBI and other world agencies of started cracking down on this sort of crime. There have been hundreds of arrests this year of online hackers and online ID thieves. This is great news for the US government because these sort of arrests and convictions had been recently unheard of. That said- is this really stopping this type of crime? Well, statistics show no improvement yet. In fact, numbers say the crime rate is still growing when it comes to fraud and identity theft.

So what will actually help curb these sorts of crimes? It's tough to say. My personal opinion is that it will involve heavy participation of private companies, such as credit card companies and banking companies to work with consumers in creating a more protective environment. However, the financial amount these private companies must invest to make their products more secure is a heavy investment. In fact, it was said that the financial loss of fraud would be less of a burden than companies revamping security systems and spending money actually trying to fix the issue.

So, that said, in some essence, this is a simple process of cost benefit analysis. It won't be until financial loss from fraud and hacking grows so great where companies and the government has no choice but to crack down.

These statistics are quite alarming. I found a few cybercrime statistics here. http://www.fraud-alarm.net/computer-crime-rise/

It is frightening and I hope it wakes quite a few people up!

online shopping safety measures

1. use websites you're familiar with!

This is an important rule. eBay, Amazon, etc- all the big sites are well secured and you know the validity behind the website. These authority websites often implement hundreds of different safety measures when it comes to secured shopping online. Most fraudulent websites are lesser known, small, and built to last only a few weeks or months. You may find these websites from an email, on social media, or on the far end pages of Google. Most websites on the first few pages of Google are legitimate websites when it comes to online shopping (but don't always use that as a safety point).

2. HTTPS!

When you look at your browser URL when visiting a website, do you see a https or just http in front of the URL? HTTPS means the website is SSL secured and the data is encrypted. Not only does it mean the data is encrypted, it also means the website has been certified for SSL and therefore has some trust behind it. Again, don't use HTTPS alone as a point to shop at the website. Many fraudulent websites go the extra effort and apply for SSL certificates.

3. Double check the address!

The web store you're visiting should be a brick and mortar business as well- not just an online shop! Navigate the website and try to find the physical address listed for the web store you want to purchase from. Once you have the address, look it up on Google. Is it a real address, with a real store (Google Maps works great for this!)? If not, something phishy is going on.

A lot of people are interested what happens to the credit card if it is stolen. I found a good article that sheds light on the subject. So how do hackers use credit cards? A very interesting read.