Open Source Intelligence Opportunities and Challenges – A Review

Szymoniak, Sabina; Foks, Kacper

doi:10.12913/22998624/186036

Artykuł - szczegóły

Tytuł artykułu

Open Source Intelligence Opportunities and Challenges – A Review

Autorzy

Szymoniak Sabina , Foks Kacper

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.12913/22998624/186036

Warianty tytułu

Języki publikacji

Abstrakty

Data files, photos, and videos on the internet are vast sources of information about the person who posted them. These files contain content about appearance, behaviour, views, and material status. Analyzing these files helps verify the accuracy of the content and helps verify the creation method. Social media platforms like Facebook, Twitter, and Instagram often post this information. Public databases provide information about enterprises, corporations, and public figures, enabling access to government trips, scientific articles, and company reputations. These resources help in understanding potential collaborations and identifying potential partners. Open-source intelligence (OSINT) is a collection of tools and methods for extracting information from publicly available sources. It helps verify the accuracy and authenticity of information, as seen in the FBI's 2020 investigation of a Philadelphia woman involved in protests and preparing precise attacks like spear phishing. In this manuscript, we present an up-to-date overview of research that uses open-source methods and techniques. We will concentrate on the tools and methods advancing the cybersecurity industry. Studying the manuscript of OSINT opportunities and challenges can help readers understand the state of the art in theory and practice. We will also highlight the future directions and requirements for OSINT methods and the newly designed tools using these methods.

Słowa kluczowe

open-source intelligence OSINT tools OSINT techniques social media

Wydawca

Lublin University of Technology
Polish Society of Ecological Engineering (PTIE), Branch of PTIE in Lublin

Czasopismo

Advances in Science and Technology. Research Journal

Rocznik

2024

Tom

Vol. 18, no 3

Strony

123--139

Opis fizyczny

Bibliogr. 85 poz., fig., tab.

Twórcy

autor

Szymoniak Sabina

sabina.szymoniak@icis.pcz.pl

Department of Computer Science, Częstochowa University of Technology, Dąbrowskiego 69, Częstochowa, Poland

https://orcid.org/0000-0003-1148-5691

autor

Foks Kacper

Department of Computer Science, Częstochowa University of Technology, Dąbrowskiego 69, Częstochowa, Poland

Bibliografia

1. Lee, Soon L., Cai Lian T., Sivakumar T. Facebook depression with depressed users: The mediating ef- fects of dependency and self-criticism on facebook addiction and depressiveness. Computers in Human Behavior, 2023; 139: 107549.
2. Govers J., Feldman P., Dant A., Patros P. Down the Rabbit Hole: Detecting Online Extremism, Radicalisation, and Politicised Hate Speech. ACM Comput. Surv. 2023; 55(14): 1–35. https://doi. org/10.1145/3583067
3. Kutschera S. Incidental data: observation of privacy compromising data on social media platforms. Interna- tional Cybersecurity Law Review. 2023; 4(1): 91–114.
4. Pattnaik N., Li S., Nurse J.R.C. Perspectives of non-expert users on cyber security and privacy: An analysis of online discussions on twitter. Computers & Security. 2023; 125: 103008.
5. Downing J. Social Media, Digital Methods and Critical Security Studies. Critical Security Studies in the Digital Age: Social Media and Security. Cham: Springer International Publishing. 2023; 71–108.
6. Govardhan, D., Krishna, G.G.S.H., Charan, V., Sai, S.V.A., Chintala, R.R. Key Challenges and Limita- tions of the OSINT Framework in the Context of Cybersecurity. In 2023 2nd International Confer- ence on Edge Computing and Applications (ICE- CAA). IEEE 2023; 236–243.
7. Manohari, D., Adithya E.S., Vijayakumar K. Information Retrieval using OSINT and GHDB.” 2023 International Conference on Advances in Computing, Communication and Applied Informatics (AC- CAI). IEEE 2023.
8. Kim K., Youn J., Yoon S., Kang J., Kim K., Shin D. Study on Cyber Common Operational Picture Framework for Cyber Situational Awareness. Applied Sciences. 2023; 13(4): 2331.
9. Grigaliūnas Š., Brūzgienė R., Venčkauskas A. The Method for Identifying the Scope of Cyberattack Stages in Relation to Their Impact on Cyber-Sustainability Control over a System. Electronics. 2023; 12(3): 591.
10. Block L. The long history of OSINT. Journal of Intelligence History. 2023; 1–15.
11. NBC Philadelphia. https://www.nbcphiladelphia. com/news/national-international/instagram-etsy-sale- tattoo-how-fbi-found-woman-accused-of-torching- ppd-cars/2436832, Accessed 22nd November 2023.
12. Evangelista J.R.G., Sassi R.J., Romero M., Napolitano D. Systematic literature review to investigate the application of open source intelligence (OSINT) with artificial intelligence. Journal of Applied Security Research. 2021; 16(3): 345–369.
13. Hassan, Nihad A., Hijazi R. Open source intelligence methods and tools. New York, NY: Apress, 2018.
14. Nobili M. Review OSINT tool for social engineering. Frontiers in Big Data 6(2023).
15. Li X., Li D., Yang Z., Zhao H., Cai W., Lin, X. 2022. ND-NER: A Named Entity Recognition Dataset for OSINT Towards the National Defense Domain. In International Conference on Neural Information Processing. Singapore: Springer Nature Singapore. 2022; 361–372.
16. Black I.S., Fennelly L.J. Investigations and the art of the interview. Butterworth-Heinemann, 2020
17. Böhm I., Samuel Lolagar S. Open source intelli- gence: Introduction, legal, and ethical considera- tions. International Cybersecurity Law Review. 2021; 2: 317–337.
18. Qusef A., Alkilani H. The effect of ISO/IEC 27001 standard over open-source intelligence. PeerJ Computer Science. 2022; 8: e810.
19. The Police1. https://www.police1.com/investigations/ articles/using-webint-and-osint-to-tackle-extremist-groups-Fvy2So5OzaAoNLTC/, accessed 17th November 2023.
20. The Telegraph. https://www.telegraph.co.uk/world- news/2022/07/04/celebrity-ukraine-volunteer-sol- dier-exposed-fraud-internet-sleuths/, accessed 17th November 2023.
21. Kowta A.S.L., Bhowmick K., Kaur J.R., Jeyanthi N. 2021. Analysis and overview of information gath-ering & tools for pentesting. In 2021 International Conference on Computer Communication and Informatics (ICCCI) IEEE, 2021; 1–13.
22. Herrera-Cubides, J.F., Gaona-García P.A., Sánchez-Alonso S. Open-source intelligence educational resources: a visual perspective analysis. Applied Sciences; 2020; 10(21): 7617.
23. Yamin M.M., Ullah M., Ullah H., Katt B., Hijji M., Muhammad, K. 2022. Mapping Tools for Open Source Intelligence with Cyber Kill Chain for Adversarial Aware Security. Mathematics. 2022; 10(12): 2054.
24. Inc. Barracuda Networks. https://assets.barracuda. com/assets/docs/dms/Spear-phishing-vol7.pdf, accessed 22nd November 2023.
25. Microsoft. https://www.microsoft.com/en-us/micro- soft-365/business-insights-ideas/resources/what-is-spear-phishing-how-to-keep-yourself-and-your-da- ta-above-water, accessed 18th November 2023.
26. Distler, V. The Influence of Context on Response to Spear-Phishing Attacks: an In-Situ Deception Study. Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems. 2023.
27. Butt U.A., Amin R., Aldabbas H., Mohan S., Alouffi B., Ahmadian A. 2023. Cloud-based email phishing attack using machine and deep learning algorithm. Complex & Intelligent Systems. 2023; 9(3): 3043–3070.
28. Birthriya S.K., Ahlawat P., Jain A.K. An Efficient Spam and Phishing Email Filtering Approach using Deep Learning and Bio-inspired Particle Swarm Optimization. International Journal of Computing and Digital Systems. 2023; 13(1): 189–199.
29. Nalini Priya G., Damoddaram K., Gopi G., Nitish Kumar R. 2023. Phishing Attack Detection Using Machine Learning. In International Conference on Emerging Trends in Expert Applications & Security. Singapore: Springer Nature Singapore. 2023; 301–312.
30. Pro-tibetan activists become victim of spear phish- ing. https://thehackernews.com/2012/04/pro-tibet- an-activists-become-victim-of.html, accessed 26 September 2023.
31. Tyagi S., Tyagi R.K., Dutta P.K., Dubey P. 2023. Next Generation Phishing Detection and Prevention System using Machine Learning. In 2023 1st International Conference on Advanced Innovations in Smart Cities (ICAISC). IEEE, 2023; 1–6.
32. Sonowal G., Sonowal G. Types of Phishing. Phishing and Communication Channels: A Guide to Identify- ing and Mitigating Phishing Attacks. 2022; 25–50.
33. Maniscalco P.M., Holstege C.P., Cormier S.B. Operations Security, Site Security, and Incident Response. In Ciottone’s Disaster Medicine. Elsevier. 2024; 573–581.
34. Yamin M.M., Ullah M., Ullah H., Katt B., Hijji M., Muhammad K. 2022. Mapping Tools for Open Source Intelligence with Cyber Kill Chain for Adversarial Aware Security. Mathematics. 2022; 10(12): 2054.
35. OSINT framework, https://osintframework.com/, accessed 28th February 2024.
36. Awesome OSINT, https://github.com/jivoi/awe- some-osint, accessed 28th February 2024.
37. Alsmadi I., Dwekat Z., Cantu R., Al-Ahmad B. Vulnerability assessment of industrial systems using Shodan. Cluster Computing. 2022; 25(3): 1563–1573.
38. Phil Harvey. Exiftoolgui for windows v12.62. https://exiftool.org/exiftool_pod.html}, accessed 25 August 2023.
39. Pastor-Galindo J., Nespoli P., Mármol F.G., Pérez G.M. 2020. The not yet exploited goldmine of OSINT: Opportunities, open challenges and future trends. IEEE Access, 2020; 8: 10282–10304.
40. Reider-Gordon M. Too Much Information: OSINT in Criminal Investigations and the Erosion of Privacy. Regulating Cyber Technologies: Privacy Vs Security. 2023; 145.
41. Katzner, T., Thomason, E., Huhmann, K., Conkling, T., Concepcion, C., Slabe, V., Poessel, S. Opensource intelligence for conservation biology. Conservation Biology. 2022; 36(6): e13988.
42. Osterritter L., Carley K.M. Conversations around organizational risk and insider threat. In Proceedings of the 2021 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. 2021; 613–621.
43. Alquwayzani A., Aldossri R., Rahman M.H. 2023. How dark web monitoring can be used for osint and investigations. Journal of Theoretical and Applied Information Technology, 101(10).
44. Connolly K., Klempay A., McCann M., Brenner P. Dark Web Marketplaces: Data for Collaborative Threat Intelligence. Digital Threats: Research and Practice. 2023; 4(4): 1–12.
45. Pastor-Galindo J., Mármol F.G., Pérez G.M. On the gathering of Tor onion addresses. Future Generation Computer Systems. 2023; 145: 12–26.
46. Chaudhary M., Bansal D. Open source intelligence extraction for terrorism‐related information: A review. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery. 2022; 12(5): e1473.
47. Lakomy M. Open-source intelligence and research on online terrorist communication: Identifying ethical and security dilemmas. Media, War & Conflict. 2023; 17506352231166322.
48. Gianluigi, M. E., & MUCCI, M. F. (2023). Coun OSINT and Basic Data Mining Tools. In International Conference on Cybersecurity and Cybercrime. 2023; 10: 71–80).
49. Wangchuk T., Rathod D. Opensource intelligence and dark web user de-anonymisation. International Journal of Electronic Security and Digital Forensics. 2023; 15(2): 143–157.
50. Yu, S. Cyber profiling: Predicting political orientation with SOCMINT. Telematics and Informatics Reports. 2023; 10: 100058.
51. Sasaki T., Yoshioka K., Matsumoto T. Who are youƒ OSINT-based Profiling of Infrastructure Honeypot Visitors. In 2023 11th International Symposium on Digital Forensics and Security (ISDFS). IEEE, 2023; 1–6.
52. Lohar S., Kolte J., Zambare P. AutOSINT: GUI- Based Foot printing Software with AI and OSINT. EPRA International Journal of Multidisciplinary Research (IJMR), 2023; 9(5), 301–305.
53. Dale D., McClanahan K., Li Q. AI-based Cyber Event OSINT via Twitter Data. In 2023 International Conference on Computing, Networking and Communications. IEEE. 2023; 436–442.
54. Reyes J., Fuertes W., Arévalo P., Macas M. An Environment-Specific Prioritization Model for Informa- tion-Security Vulnerabilities Based on Risk Factor Analysis. Electronics. 2022; 11(9): 1334.
55. Suryotrisongko H., Musashi Y., Tsuneda A., Sugitani K. Robust botnet DGA detection: Blending XAI and OSINT for cyber threat intelligence sharing. IEEE Access. 2022; 10: 34613–34624.
56. Zheng G., Zhang Y., Yue X., Li K. Interpretable prediction of thermal sensation for elderly people based on data sampling, machine learning and SHapley Additive exPlanations (SHAP). Building and Environment. 2023; 242: 110602.
57. Li X., Xiong H., Li X., Zhang X., Liu J., Jiang H., Dou D. G-LIME: Statistical learning for local interpretations of deep neural networks using global priors. Artificial Intelligence. 2023; 314: 103823.
58. Fauziyyah A.K., Adrian R., Alam S. Analyzing Image Malware with OSINTs after Steganography using Symmetric Key Algorithm. Sinkron: jurnal dan penelitian teknik informatika. 2023; 8(2): 818–824.
59. Duitsman M., Kalinina-Pohl M. Open Source Intelligence and Investigative Techniques for Locating Radioactive Sources. 2013.
60. Guo Y., Liu Z., Huang C., Liu J., Jing W., Wang Z., Wang Y. CyberRel: Joint entity and relation extraction for cybersecurity concepts. In Information and Communications Security: 23rd International Conference, ICICS 2021, Chongqing, China, November 19–21, 2021, Proceedings, Springer International Publishing. 2021; I23: 447–463.
61. Guo Y., Liu Z., Huang C., Wang N., Min H., Guo W., Liu J. A framework for threat intelligence extraction and fusion. Computers & Security. 2023; 132: 103371.
62. Shamunesh P., Vinoth S., Srinivas L.N.B. CybercheckOSINT & Web Vulnerability Scanner. In 2023 2nd International Conference on Edge Computing and Applications (ICECAA). IEEE, 2023; 275–279.
63. Melshiyan M.A., Dushkin A.V. Information Security Audit Using Open Source Intelligence Methods. In 2022 Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElCon- Rus). IEEE, 2022; 379–382.
64. DeCusatis C., Peko P., Irving J., Teache M., Laibach C., Hodge J. A Framework for Open Source Intelligence Penetration Testing of Virtual Health Care Systems. In 2022 IEEE 12th Annual Computing and Communication Workshop and Conference. IEEE, 2022; 0760–0764.
65. Al Mahmeed Y., Elmedany W., Sharif M.S. Eagle-Eye: Open-Source Intelligence Tool for IoT Devices Detection. In 2022 International Conference on Innovation and Intelligence for Informatics, Comput- ing, and Technologies (3ICT) IEEE, 2022; 526–530.
66. Saraswathi, V.R., Ahmed I.S., Reddy S.M., Akshay S., Reddy V.M., Reddy S.M. Automation of recon process for ethical hackers. In 2022 International Conference for Advancement in Technology (ICO- NAT) IEEE, 2022; 1–6.
67. Marinho, R., Holanda, R. Automated Emerging Cyber Threat Identification and Profiling Based on Natural Language Processing. IEEE Access, 2023.
68. San Biagio, M., Acquaviva, R., Mazzonello, V., La Mattina, E., Morreale, V. A new SOCMINT framework for Threat Intelligence Identification. In 2021 International Conference on Computational Science and Computational Intelligence (CSCI). IEEE, 2021; 692–697.
69. Elmas T., Ibanez T.R., Hutter A., Overdorf R., Ab- erer K. WayPop Machine: A Wayback Machine to Investigate Popularity and Root Out Trolls. In 2022 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASON- AM) (pp. 391–395). IEEE, 2022; 391–395.
70. Mahaini, M.I., Li, S. Detecting cyber security re- lated Twitter accounts and different sub-groups: a multi-classifier approach. In Proceedings of the 2021 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. 2021; 599–606.
71. Nobili M., Faramondi L., Setola R., Ghelli M., Persechino B., Lombardi M. An OSINT platform to analyse violence against workers in public trasportation. In 2021 International Conference on Cyber-Physical Social Intelligence (ICCSI) IEEE, 2021; 1–6.
72. Daskevics A., Nikiforova A. ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detection tool or what Internet of Thingstering Daesh Cognitive and Cyber Warfare with Search Engines know about you. In 2021 second international conference on intelligent data science technologies and applications (IDSTA). IEEE, 2021; 38–45.
73. Daskevics A., Nikiforova A. IoTSE-based open data- base vulnerability inspection in three Baltic countries: ShoBEVODSDT sees you. In 2021 8th International Conference on Internet of Things: Systems, Management and Security (IOTSMS). IEEE. 2021; 1–8.
74. Karthika S., Bhalaji N., Chithra S., Sri Harikarthick N., Bhattacharya, D. NoRegINT—A Tool for Performing OSINT and Analysis from Social Media. In Inventive Computation and Information Technologies: Proceedings of ICICIT 2020 Springer Singapore. 2021; 971–980.
75. Jan S.A., Barclay F.P. Conflict and Conflicting News Discourses: An Analysis of Newspaper Coverage of Pulwama Attack. Journalism Practice. 2023; 1–19.
76. Abdullah A., Laghari S.A., Jaisan A., Karuppayah S. OSINT Explorer: A Tool Recommender Frame- work for OSINT Sources. In Advances in Cyber Security: Third International Conference, ACeS 2021, Penang, Malaysia, August 24–25, 2021, Revised Selected Papers. Springer Singapore. 2021; 3: 389–400.
77. Griné T., Teixeira Lopes C. A Social Media Tool for Domain-Specific Information Retrieval-A Case Study in Human Trafficking. In Joint European Conference on Machine Learning and Knowledge Discovery in Databases Cham: Springer Nature Switzerland, 2022; 23–38.
78. Seo S., Kim D. (2021). OSINT-based LPC-MTD and HS-decoy for organizational defensive deception. Applied Sciences, 11(8), 3402.
79. Drichel, A., Drury, V., von Brandt, J., Meyer, U. Finding phish in a haystack: A pipeline for phishing classification on certificate transparency logs. In Proceedings of the 16th International Conference on Availability, Reliability and Security. 2021; 1–12.
80. Khan S., Wallom D. A system for organizing, collecting, and presenting open-source intelligence. Journal of Data, Information and Management. 2022; 4(2): 107–117.
81. Garzia F., Borghini F., Bruni A., Lombardi M., Minò L., Ramalingam S., Tricarico G. Sentiment and emotional analysis of risk perception in the Herculaneum Archaeological Park during COVID-19 pandemic. Sensors. 2022; 22(21): 8138.
82. Li T., Wang X., Yu Y., Yu G., Tong X. Exploring the Dynamic Characteristics of Public Risk Perception and Emotional Expression during the COVID-19 Pandemic on Sina Weibo. Systems. 2023; 11(1): 45.
83. Qing H., Bang Z., Agostini M., Bélanger J.J., Gützkow B., Kreienkamp J., Reitsema A.M., van Breen J.A. PsyCorona Collaboration, N. Pontus Leander. Associations of risk perception of COVID-19 with emotion and mental health during the pandemic. Journal of affective disorders. 2021; 284: 247–255.
84. Savadori L., Lauriola M. Risk perceptions and COVID-19 protective behaviors: A two-wave longitudinal study of epidemic and post-epidemic periods. Social Science & Medicine. 2022; 301: 114949.
85. Garzia F., Borghini F., Makshanova E., Lombardi M., Ramalingam S. Emotional analysis of safeness and risk perception of cybersecurity attacks during the COVID-19 pandemic. In 2022 IEEE International Carnahan Conference on Security Technology (ICCST). IEEE, 2022; 1–6.

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2024).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-f5f42af9-f023-4a9d-8e08-7ebdea74035b