Cybersecurity and Scam Prevention
How OSINT tools prevent data and information leaks online
22 April 2019
Discover the power of Open-Source Intelligence (OSINT) tools in protecting your digital footprint. Uncover vulnerabilities and take action to protect yourself!
It’s a recurrent trope in spy movies—a skilled secret agent infiltrates an organisation and gathers compromising data on its people and processes; information that can be used as leverage. Far from being limited to works of fiction, gathering publicly available online information is more common in everyday life than you think.
For example, when companies seek to fill a position, their human resource division runs background checks on potential candidates through job portals or even social media pages.
Intelligence amassed from public and unclassified sources and analysed for a specific purpose—be it national security or corporate profiling—is known as Open Source Intelligence (OSINT). Such information can be used for good or malicious intent and a key step to protecting yourself is by using OSINT tools to enhance your cybersecurity solutions.
If you are a(n):
Organisation or business concerned about the security of your data?
IT professional or cybersecurity expert looking to assess and mitigate online security threats?
General individual who wants to check if their personal information has been exposed online?
Government entity involved in national security?
Here’s a quick download of OSINT 101, with tips on how to identify and protect against data leaks.
Understanding the risks of data leaks
Data leaks are a growing concern in Singapore and globally. For businesses, the risks include:
Financial loss: Companies may face direct financial damages, including fraud, theft, or ransom payments.
Reputational damage: A breach can severely damage customer trust, leading to lost business and long-term brand harm.
Regulatory fines and legal action: Non-compliance with data protection laws (like Singapore’s Personal Data Protection Act (PDPA)) can result in heavy penalties and lawsuits.
Operational disruption: Breaches can halt operations, compromise internal systems, and require costly incident response efforts.
Loss of Intellectual Property: Confidential business strategies, designs, or trade secrets may be exposed, giving competitors an unfair advantage.
Customer Churn: Users may leave the platform or stop using services due to fear of their personal data being compromised.
Individuals also face risks such as identity theft, financial fraud, and reputational damage, while government entities should be concerned that leaks of sensitive information could potentially endanger citizens.
How to prevent data leaks?
Open-Source Intelligence (OSINT)
OSINT is the practice of collecting and analysing publicly available information related to an organisation that could be used by attackers. OSINT tools help identify vulnerabilities which inform the next steps you can take to enhance cybersecurity and enforce data leakage protection.
What are OSINT tools?
OSINT tools use a variety of techniques to gather and analyse publicly available data. Here's a general overview of how OSINT works:
Collection: OSINT tools crawl and collate publicly available information from sources as varied as social media platforms, government reports, news articles, press releases, academic papers, and commercial databases. This could be done manually or through automated programmes.
Processing: Once the data is collected, the tool filters out any duplicated, irrelevant, outdated, or inaccurate information. Data may be reorganised depending on its relevance and importance.
Analysis: The processed information is analysed for any salient trends, patterns, or relationships. Analysis technologies include natural language processing and data visualisation.
Dissemination: The filtered and analysed OSINT information is disseminated to key decision-makers and personnel. This can take the form of a report or alert, depending on the organisation’s protocol.
Core functions of OSINT tools
OSINT tools have several core functions, including:
Threat intelligence: Identifying potential cyber threats and vulnerabilities.
Digital footprinting: Mapping an organisation's online presence.
Brand monitoring: Tracking mentions of a brand or organisation online.
Background checks: Verifying information about individuals or organisations.
Who uses OSINT tools?
OSINT tools can be used for good or malicious intent. Cybercriminals may use OSINT to find potential targets and vulnerabilities, for instance, while ethical ‘white hat’ hackers use OSINT for penetration testing and vulnerability assessments.
Businesses may use OSINT for market research, competitive analysis, and brand monitoring, while government agencies may find it relevant to maintaining national security and law enforcement.
What are some key OSINT sources?
Key OSINT sources include:
Search engines (Google, Bing, etc.)
Social media platforms (Facebook, Twitter, LinkedIn, etc.)
New media (blogs, personal websites, digital newsletters, online portfolios, etc.)
Public records (government databases, company registries)
News sources
Web scraping tools
Data analysis tools
Traditional media (magazines, newspapers, radio and TV broadcasts, etc.)
Unclassified datasets or reports by governments or corporations
While traditional media remains one of the most accessible sources of public information, new media has quickly developed into an OSINT treasure trove. Not only is new media and social media accessible from anywhere, it is also easily shared. This means it enters the collective consciousness of the general populace more rapidly and in a more uncontrollable way. Once something has gone viral online, it’s near impossible to scrub and remove all traces of it from existence.
How do I perform OSINT?
Search engines and social media sites are perhaps the most straightforward means of carrying out OSINT. Simply by keying in the name of an individual or organisation, one can learn what the public knows about the said party.
Signs that your information might be leaked
Wondering if your own data has been leaked? Early signs of information leakage can include:
Unusual website activity: Unexpected traffic, spikes in login attempts, or unexpected changes to website content could indicate unauthorised access
Publicly available private data: Sensitive information such as employee credentials, internal documents, or customer data should never be publicly accessible
Mentions on leaking websites or in data breach reports: Websites that aggregate data breach information, as well as specialised data leak checker services, can provide valuable insights on potential data breaches
Unexpected financial transactions: Be aware of unexplained credit card statements or bank accounts
Changes in search engine results: Unexpected or negative results could indicate that sensitive information has been leaked and is being indexed by search engines
Why OSINT tools are crucial for data security
OSINT plays several key functions in proactive cybersecurity:
Vulnerability identification: By identifying vulnerabilities before they are exploited, organisations can significantly reduce their risk of data breaches. This includes identifying exposed credentials, misconfigured servers, and outdated software. For example, by monitoring public code repositories like GitHub, organisations can detect if developers have inadvertently committed sensitive information to the repository.
Threat intelligence gathering: Through monitoring hacker forums, social media, and other online sources, organisations or law enforcement agencies can gather information on potential security threats.
Digital footprint analysis: OSINT helps organisations understand their digital footprint, which is the sum of all online information about them. This can encompass uncovering leaked credentials of high-value targets such as C-suite personnel as well.
Reputation management: By monitoring online discussions and mentions of their brand, organisations can identify and address negative sentiment or misinformation.
Supply chain security: Organisations can use OSINT to assess the security posture of their suppliers and partners and avoid cascading negative effects.
Insider threat detection: By monitoring employee activity on social media and other online platforms, organisations can detect signs of disgruntlement or malicious intent.
Having a comprehensive OSINT protocol in place could help plug such vulnerability or loopholes before they are exploited by hostile groups. It’s also important to maintain scam prevention protocols and heighten awareness of phishing scams in Singapore to help avoid data leakages.
Best OSINT tools to find information leaks
To go deeper, organisations can use advanced search engines like:
Google Hacking Database – for finding exposed information
The Google Hacking Database (GHD) is a repository of custom Google search terms for files containing sensitive information such as usernames, vulnerable servers, and even passwords, also known as ‘Google Dorks’. Attackers can use this database to identify search strings that may uncover vulnerabilities and sensitive information on affected websites.
For example, the following search string would produce a list of directories within with directory listing enabled, and these files are publicly accessible:
site: intitle: “index of”
Hence, organisations may use GHD to check whether any of their sensitive information is inadvertently exposed via these custom search strings.
Wayback Machine – for recovering exposed data
The Wayback Machine is like a digital time capsule for the internet. It stores snapshots of websites from different points in time. This can be useful for attackers looking for older versions of a website that might contain vulnerabilities or exposed data. For example, an older version of a company's website might have a contact form that doesn't properly sanitise inputs, allowing for a potential SQL injection attack.
Defensively, organisations may use Wayback Machine to ensure that no sensitive data exists in legacy editions of its webpages.
Sploitus – for identifying exploitable data
Sploitus is a search engine for publicly-available exploits for vulnerable software. Think of it as a library of known weaknesses in different software programmes. Attackers may use these exploits to launch attacks against organisational assets. For example, if a company is running an outdated version of a web server with a known vulnerability, Sploitus can help an attacker find the code needed to exploit that vulnerability.
On the other hand, organisations may use Sploitus to find out if exploits for the specific software versions they are using are publicly available. Organisations can then remediate these exploits to pre-empt a breach.
For example, if an organisation server is using Drupal 8.6.10 (a Content Management System, or CMS), a search in Sploitus could reveal if a public exploit exists to compromise the CMS.
HaveIBeenPwned – checking for compromised accounts
HaveIBeenPwned is a search engine for compromised email addresses. It's like a "check engine" light for your online accounts. Anyone can use it to check if their email addresses have been hijacked for malicious purposes and identify which breaches the email addresses were involved in. If an employee learns that his or her email address has been compromised, they can be advised to change their passwords or to enable 2-factor authentication.
Other popular OSINT tools and what they do
Here are some of the best popular OSINT tools (with free options) for organisations and individuals:
Table of OSINT tools
OSINT tool | Purpose |
Spiderfoot | Automates OSINT collection from various sources like domains, IP addresses, and email addresses to map relationships between entities |
Whois | Retrieves registration details of domain names and IP addresses to reveal ownership and contact information |
nlookup | Network lookup tool that provides information about domains, IP addresses, and DNS records |
Social-Searcher | Monitors social media platforms for mentions of keywords, brands, or individuals |
Shodan | Searches for internet-connected devices and systems to reveal potential vulnerabilities and exposed services |
How to use OSINT tools to protect yourself & your organisation
To effectively protect your data using OSINT tools, consider these best practices:
Regularly monitor for leaks
Set up alerts for mentions of your organisation, employees, or sensitive data on relevant platforms. Use data leak checker services to stay informed about potential breaches.
Integrate OSINT with your cybersecurity strategy
Incorporate OSINT into your vulnerability management process. Use OSINT tools to identify potential attack vectors and prioritise remediation efforts.
Leverage OSINT for risk mitigation
Conduct regular OSINT assessments to evaluate your organisation's digital footprint and identify potential risks. Use the insights gained to continuously strengthen your security posture.
Real-world applications
Case Study 1: Preventing data breaches in a corporate environment
Mass data breaches in corporations and companies have, unfortunately, become more prevalent recently as hackers and cyberterrorists hone their data breaching abilities. However, some organisations have taken proactive steps to plug such leaks and limit the damage done. In November 2024, University of Toronto-based Citizen Lab identified vulnerabilities in Apple devices that allows the Pegasus spyware to be covertly installed. Incidents of Pegasus spyware infections were found in 45 countries including Singapore and Apple cooperated immediately with Citizen Lab to launch an investigation. Citizen Lab also urged Apple device owners to update their devices or enable Lockdown Mode to protect against future infections.
Case Study 2: OSINT in government and national security
Government and national security agencies in Singapore use OSINT to protect the nation by detecting potential leaks of classified or sensitive information. In a profile in the Straits Times, an officer from the Digital and Intelligence Service’s (DIS) Counter Terrorism and Intelligence Group (CTIG) describes sifting through OSINT on mainstream and social media platforms to piece together ‘clues’ in anticipating non-traditional threats. This helps in preemptive actions against espionage or cyberattacks, securing digital assets.
Protect your data with OSINT tools
In our highly digital world, the risk of information leakage is a growing concern for individuals, businesses, and government entities alike. By understanding what open source intelligence is and leveraging the power of OSINT techniques and tools, you can take proactive steps to safeguard your valuable data.
As a key player in ensuring data security on a national level, GovTech is committed to empowering Singaporeans with the knowledge and tools they need to navigate the digital landscape safely. Explore the OSINT tools and best practices mentioned in this article, sign up for relevant services, and integrate them into your security practices.
Remember, vigilance and proactive monitoring are crucial in preventing data breaches and protecting your online presence.
Take action now to prevent vulnerabilities from being exploited.