Overview

You most likely have heard how important it is to protect your privacy and the information you share online. To demonstrate this, we are going to try something new; we are going to show you how to research yourself and discover what information is publicly known about you. The process is called OSINT, a fancy way of saying Open Source Intelligence. This means researching public resources online to see how much information you can learn about a computer IP address, a company, or even a person like yourself. Keep in mind, cyber attackers are using these very same tools and techniques. The more attackers can learn about you, the better they can create a targeted attack. This concept has existed for years, but the latest online tools make it so much simpler to accomplish.

How to Find Information

You will not find all the information on a single website. Instead you start with one website, learn some details, then use those details to search on and learn from other sites. Then you combine and compare results to create a profile or dossier of your subject. A good place to start is with search engines such as Google, Bing, or DuckDuckGo. Each of these have indexed different information about you, so start your search with more than one search engine. Start by typing your name in quotes, but after that expand your search based on what are called operators. Operators are special symbols or text you add to your search that better define what you are looking for. This is especially important if you have a common name; you may have to add more information such as your email address or the town you live in. Learn more about operators and advanced search techniques in the Resources section at the end. Examples include:

  • “FirstName LastName” > What information can I find online about this person
  • “Firstname Lastname@” > Find possible email addresses associated with this person
  • “Firstname lastname” filetype:doc > Any word documents that contain this person’s name

There are also sites dedicated to learning about people. Try one of these sites to see what is publicly known about you. Keep in mind these sites are not always accurate or may be country specific. You may have to search several sites to verify the information you find.

Finally, there are numerous other sites you can search to learn more, such as Google Images, Google Maps, social media sites, and many others. For an interactive list of all the different websites you can use to learn about yourself, we recommend the OSINT Framework at https://osintframework.com.

How to Find Information

Learn what other people or organizations have collected, posted, or shared about you online (churches, schools, sports clubs, or other local community sites).

Understand that these same resources are available to anyone else, including cyber criminals who can use that information to target you. Be suspicious. For example, if you get an urgent phone call from someone claiming to be your bank, just because they know some basic information about you does not prove it is your bank. Instead, politely hang up, then call your bank back on a known, trusted number to confirm it is them. It is the same with email, just because an email has some known facts about you does not mean it is legitimate.

Consider what you share publicly and the impact that information could have on you, your family, or your employer.


Resources

Social Engineering
Top Tips for Social Media
Social Engine Operators
OSINT Framework
SANS OSINT Course SEC487

License

This information appeared in the January 2019 SANS OUCH! Newsletter and is under the Creative Commons license.