Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
156 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Systematically Searching for Identity-Related Information in the Internet with OSINT Tools (2407.16251v1)

Published 23 Jul 2024 in cs.CR

Abstract: The increase of Internet services has not only created several digital identities but also more information available about the persons behind them. The data can be collected and used for attacks on digital identities as well as on identity management systems, which manage digital identities. In order to identify possible attack vectors and take countermeasures at an early stage, it is important for individuals and organizations to systematically search for and analyze the data. This paper proposes a classification of data and open-source intelligence (OSINT) tools related to identities. This classification helps to systematically search for data. In the next step, the data can be analyzed and countermeasures can be taken. Last but not least, an OSINT framework approach applying this classification for searching and analyzing data is presented and discussed.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. Open source intelligence investigation: From strategy to implementation. Springer.
  2. Named Entity Extraction for Knowledge Graphs: A Literature Overview. IEEE Access, 8:32862–32881.
  3. PURE: Generating Quality Threat Intelligence by Clustering and Correlating OSINT. In 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pages 483–490.
  4. Under and over the surface: a comparison of the use of leaked account credentials in the Dark and Surface Web. Crime Science, 7(1):17.
  5. Open Source Intelligence Tools and Resources Handbook 2020. https://i-intelligence.eu/uploads/public-documents/OSINT˙Handbook˙2020.pdf. Accessed 10-10-2022.
  6. REAPER: an automated, scalable solution for mass credential harvesting and OSINT. In 2016 IEEE APWG Symposium on Electronic Crime Research (eCrime), pages 1–10.
  7. Cyber Detective (2022). OSINT tools collection. https://github.com/cipher387/osint˙stuff˙tool˙collection. Accessed 10-10-2022.
  8. ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detection tool or what Internet of Things Search Engines know about you. In Proceedings of the 2nd IEEE International Conference on Intelligent Data Science Technologies and Applications (IDSTA), pages 38–45.
  9. Analyzing and Identifying Data Breaches in Underground Forums. IEEE Access, 7:48770–48777.
  10. Gibson, H. (2016). Acquisition and Preparation of Data for OSINT Investigations. In Akhgar, B., Bayerl, P. S., and Sampson, F., editors, Open Source Intelligence Investigation: From Strategy to Implementation, pages 69–93. Springer International Publishing, Cham.
  11. Google (2022a). Natural Language API. https://cloud.google.com/natural-language. Accessed 10-10-2022.
  12. Google (2022b). Vision AI. https://cloud.google.com/vision. Accessed 10-10-2022.
  13. Open Source Intelligence Gathering, pages 55–86. Wiley Data and Cybersecurity.
  14. Hunt, T. (2022). Have I Been Pwned: Check if your email has been compromised in a data breach. https://haveibeenpwned.com. Accessed 10-10-2022.
  15. IBM Developer (2022). Watson APIs - Resources and Tools. Accessed 10-10-2022.
  16. Smarter Password Guessing Techniques Leveraging Contextual Information and OSINT. In 2020 International IEEE Conference on Cyber Security and Protection of Digital Services (Cyber Security), pages 1–2.
  17. A Novel Dictionary Generation Methodology for Contextual-Based Password Cracking. IEEE Access, 10:59178–59188.
  18. LastPass (2021). The 2021 Password Security Report. https://www.lastpass.com/de/resources/ebook/psychology-of-passwords-2021. Accessed 10-10-2022.
  19. CoAuthor: Designing a Human-AI Collaborative Writing Dataset for Exploring Language Model Capabilities. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI).
  20. Generating Quality Threat Intelligence Leveraging OSINT and a Cyber Threat Unified Taxonomy. ACM Trans. Priv. Secur., 25(3).
  21. Microsoft (2022a). Face API. https://azure.microsoft.com/en-us/products/cognitive-services/face/. Accessed 10-10-2022.
  22. Microsoft (2022b). Text analytics. https://azure.microsoft.com/en-us/products/cognitive-services/text-analytics. Accessed 10-10-2022.
  23. MISP Project (2022). MISP taxonomies and classification as machine tags. https://www.misp-project.org/taxonomies.html#˙osint. Accessed 10-10-2022.
  24. Nordine, J. (2022). OSINT Framework. https://osintframework.com. Accessed 10-10-2022.
  25. Evaluation of Sentiment Databases: A Comparison of Sentiment Databases through Social Listening Statements and Azure Machine Learning Studio. In Proceedings of the 3rd ACM International Conference on E-Business and Internet (ICEBI), page 8–12.
  26. Nlp as an essential ingredient of effective osint frameworks. In Proceedings of the IEEE Military Communications and Information Systems Conference (MILCIS), pages 1–7.
  27. The Not Yet Exploited Goldmine of OSINT: Opportunities, Open Challenges and Future Trends. IEEE Access, 8:10282–10304.
  28. What Happens After You Leak Your Password: Understanding Credential Sharing on Phishing Sites. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (Asia CCS), page 181–192.
  29. Torsion: Web Reconnaissance using Open Source Intelligence. In Proceedings of the 2nd IEEE International Conference on Intelligent Technologies (CONIT), pages 1–4.
  30. Sherlock Project Team (2022). Sherlock Project. https://sherlock-project.github.io. Accessed 10-10-2022.
  31. PeopleXploit : A hybrid tool to collect public data. In Proceedings of the 4th IEEE International Conference on Computer, Communication and Signal Processing (ICCCSP), pages 1–6.
  32. Verizon (2022). Data Breach Investigations Report 2022. https://www.verizon.com/business/resources/reports/2022/dbir/2022-data-breach-investigations-report-dbir.pdf. Accessed 10-10-2022.
  33. Investigating Leaked Sensitive Information in Version Control Systems with the Kraulhorizon Framework. In Sicherheit in vernetzten Systemen: 29. DFN-Konferenz, pages C1–C21. Books on Demand.
  34. Mining open source text documents for intelligence gathering. In Proceedings of the International IEEE Symposium on Information Technologies in Medicine and Education (ITiME), volume 2, pages 969–973.
  35. The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), pages 176–186.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now