ACFCS Special Report: The Front Lines – The Survey Series: Information Overload – What is OSINT, Part 1 of 2 – CFCS
What is open source intelligence?
According to OSINT’s Wikipedia page, it is “a multifactorial methodology for collecting, analyzing and making decisions about data accessible in publicly available sources for use in an intelligence context.”
In the intelligence community, the term “open” refers to open and publicly accessible sources, as opposed to secret or clandestine sources. “
For the private sector, such as a financial institution (FI) investigator, it is rare to be in possession of clandestine or secret sources / information.
That said, where does an FI investigator start their OSINT search and how much research should be conducted outside of the review of transaction activities?
The answer is at your fingertips: Your computer and the web browser you choose to use is the place to turn for an OSINT exam as part of your investigation.
OSINT also has many dimensions, offensively for the AML professional in order to better find hidden and lesser-known risks on individuals and entities, but also defensively.
The idea: to better understand what criminals, fraudsters and hackers already have at their disposal that could be used to steal someone’s identity, hack their systems, or open the door to a devastating ransomware attack – a a scourge that has reached epidemic proportions in the virtual world as the pandemic has bludgeoned our common bodily reality.
Some examples, according to the media reports, include:
Discover the public assets: the depth, the extent of the attack surface
Their most common function for many OSINT surveys is to help IT teams discover public assets – these can be corporate websites, employee portals, and online gateways that allow users to manipulate data outside of a physical room – and map the information each one has that could contribute to a potential attack surface, according to CSO Online.
Usually, they don’t try to check for things like program vulnerabilities or perform penetration testing, the domain of the cybersecurity manager. Their main task is to record information that a person could find publicly about or about company assets without resorting to hacking.
Although, ironically, in many cases, hackers have already released some or all of their stolen information treasures as proof of their skills, to build their reputation, or even, just for bragging rights.
Discovering relevant information outside the organization: Socially acceptable?
A secondary function performed by some OSINT tools is to search for relevant information outside of an organization, such as in social media posts or in areas and locations that might be outside of a narrowly defined network, depending on the organization. the CSO.
Organizations that have made a lot of acquisitions, bringing with them the IT assets of the company they are merging with, might find this feature very useful.
IT assets can be not only the systems used to run a particular business, but also detailed lists of names, passwords, intellectual property, and other information. In the sometimes rushed period of merger closing, some information may be left out and not removed, leaving a residual risk of breach.
With the extreme growth and popularity of social media, searching for sensitive information outside of the corporate perimeter is likely useful for just about any group.
The form the media takes can also play a role in the tools that a determined and skillful criminal can use against an individual or an organization.
For example, if a person is prolific in their social media posts, the bad guys might tinker with these images into a believable “deepfake” of the individual, which is all the more likely the higher the level of the big-witted is. higher.
It can go even further with recordings and videos of a person – all of which can give criminals more ammunition to create seemingly alive and breathable digital copies designed to meet their expectations.
Bring together the information discovered in an actionable form: asset discovery, recovery
Finally, some OSINT tools help pull together and consolidate all the information discovered into useful and actionable information, according to the article.
Running an OSINT analysis for a large enterprise can generate hundreds of thousands of results, especially if internal and external assets are included.
Putting all of this data together and being able to deal with the most serious issues first can be extremely helpful.
At the same time, from a financial crime compliance professional’s perspective, the most remarkable details found during an investigation may both better flesh out a client’s actual risk, it could also flesh out a client’s real risk. preview if that individual or corporate account could be at a higher risk being compromised.