Redefining Due Diligence - OSINT for Critical Business Decisions

839fc2503083a6d6bff4aebdf87a5e1d?s=47 Tazz
April 16, 2019

Redefining Due Diligence - OSINT for Critical Business Decisions

This slide deck includes:
Diagram of business decision making process & when to leverage OSINT
Six (6) major business decisions benefiting from OSINT
Six (6) OSINT research areas for ten (10) business decision influencers
Real World OSINT research, data sources, and examples

839fc2503083a6d6bff4aebdf87a5e1d?s=128

Tazz

April 16, 2019
Tweet

Transcript

  1. Tampa Bay ISSA: Redefining Due Diligence OSINT FOR CRITICAL BUSINESS

    DECISIONS
  2. Conversation Schedule  Intro  Decision making process – when

    to leverage OSINT  Six (6) major business decisions benefiting from OSINT  Six (6) OSINT research areas for ten (10) business decision influencers  Real World OSINT research, data sources, and examples  Summary 2
  3. Decision Making Process: When to Leverage OSINT Ack Task Analysis

    Plan COA Drills Comparison Decision Execution 3
  4. Business Decisions Benefiting from OSINT 1. Partnerships 2. Vendor Selection

    3. Mergers / Acquisitions 4. Key Personnel Hiring 5. Office Location Selection 6. Marketing Strategies 4
  5. OSINT topics (A-F) for Business Decision Influencers (1-10) (1 of

    2) A. Growth History & Potential 1. Market Conditions and Competition 2. Brand Messaging / Impact 3. Value Creation B. Leadership 4. Experience / Track Record 5. Culture Fit C. Business Records, Filings, & Legal 6. Legal Issues 7. Non-compete Restrictions 5
  6. OSINT topics (A-F) for Business Decision Influencers (1-10) (1 of

    2) D. Financials – without seeing the books 8. Operating Costs 9. Debt / Assets E. Community Ties 10. Company Values F. Technical Risks 6
  7. Real-World OSINT DATA SOURCES AND EXAMPLE REPORT SUMMARIES 7

  8. OSINT Areas, Data Sources, & Examples 1. Growth History &

    Potential 2. Leadership 3. Business Records, Filings, & Legal 4. Financials – without seeing the books 5. Community Ties 6. Technical Risks 8
  9. Growth History & Potential Data Sources  Website  Business

    Filings  Business Journals  Press Releases  Corporate Values, Strategy, Objectives  Stock Market performance  Google Fu: ext:pdf|doc|docx|xls|xlsx “Acme Inc|Acme CEO” 9
  10. Example: Growth History & Potential ❖ The company’s fleet growth

    is well above average; however, the underlying sources of funding cannot be identified and have indicators suggesting they may be illegitimate [website] ❖ The history of SIC codes indicating expansion and authorized operations does not align to their corporate history as reflected on their website [business filings] ❖ The recent [aircraft] was purchased to [ensure] the company’s growth, but their air worthiness certificate does not authorize passengers, only freight [newspaper, PDF search] 10
  11. Leadership Data Sources  Linked In  Peerlyst  Alumni

    Pages  ZoomInfo  Bloomberg  Forbes  OpenCorporates.com  Google Scholar (scholar.google.com) 11
  12. Example: Leadership ❖ The current CEO does not have any

    prior C-suite or executive-level experience [social media] ❖ Current CEO went from being a Sort Coordinator at a shipping company to an aviation company CEO in 8 years, with a 3-year gap in his resume [photos, social media, professional networking site] ❖ One of Acme’s Directors is also a key leader of a competitor [historical conference attendee rosters] 12
  13. Business Records, Filings & Legal Data Sources  OpenCorporates.com 

    European: https://e-justice.europa.eu (click “en” for English)  Canadian: http://govdataca.com/  Secretary of State (SoS)  PACER.gov & https://pcl.uscourts.gov  Off-shore leaks: https://offshoreleaks.icij.org/  Investigative Dashboard: https://investigativedashboard.org/ 13
  14. Example: Business Records  2012 initial investments establishing Acme Inc.

    is less than $55K; this appears to be extremely low for starting an aviation business [tax records, business filings, records inquiries]  There are no reported additional capital calls reflected in the 13-year history of the parent company or 6-year history of Acme Inc. 14
  15. Financial Data Sources  Public Relations Announcements  Job Postings

    / Career Fair Flyers  Service Level Agreements  Purchase Orders  Conference Attendance  Executive Travel  Personal Purchases (vehicles, real estate, boats, exotic pets)  Corporate Parties  Off-sites 15
  16. Example: Financials ❖ The parent company and its two subsidiaries

    were established with an extremely low total investment of $318K ❖ Acme Inc. had the smallest portion ~$53K ❖ After existing less than 3 years and operating for only 2 years, Acme Inc. made an estimated $5M+ investment in customized assets, despite having no capital calls ❖ Benchmark Example: In 1967 Southwest was established with $500K equivalent to $4.2M today (https://www.swamedia.com/pages/1966-to-1971) 16
  17. Community Ties Data Sources  Religious Services  Chamber of

    Commerce  League/Club Membership  MeetUp.com  Charity Events  Real Estate Purchase  Local Business Partnering  Voter Registration  Event Attendance Rosters 17
  18. Example: Community Ties ❖ Photos, conference records, and geospatial evidence

    indicate a longstanding relationship with [Mad Scientist Aviation]. However, the affiliation is not reported in any public news or on their websites. [Mad Scientist Aviation] is a significant player in the host nation’s aviation market and this could indicate tensions between the two. 18
  19. Technical Risk / Data Protection Practices ❖ Censys.io ❖ Shodan.io

    ❖ ThreatCrowd.com ❖ Pastebins ❖ Domain Tools ❖ Virus Total ❖ Alien Vault OTX ❖ Google Fu 19
  20. Example: Technical Risk / Data Protection ❖ [IP address] has

    a vulnerability related to CVE with a raw risk score of 10 out of 10 ❖ Acme Inc. has 30 vulnerable hosts out of 300 hosts discovered to have their domain reflected in security certificates. ❖ Router configuration files for [IP address/hostname] were posted at [paste site name], on [date] 20
  21. Summary  Company Values  Operation Costs  Culture Fit

     Brand Messaging / Impact  Financials  Legal Issues  Market Conditions and Competition  Non-compete Restrictions  Value Creation  Social Media  State, County, Federal Records  Google Dorks  Photos / Geospatial Datasets  “Rate my employer” sites  Independent Bloggers  Website Crawling  Open Source Security Tools  Pastebins / Data Dumps  Academic / Research Data Sets 21
  22. Questions Organization  Twitter: @divineintel  www. Personal  Twitter:

    @GRC_Ninja  Email tazz @  Blog: https:// 22