Redefining Due Diligence - OSINT for Critical Business Decisions

Transcript

1. Tampa Bay ISSA: Redefining Due Diligence OSINT FOR CRITICAL BUSINESS

   DECISIONS

2. Conversation Schedule  Intro  Decision making process – when

   to leverage OSINT  Six (6) major business decisions benefiting from OSINT  Six (6) OSINT research areas for ten (10) business decision influencers  Real World OSINT research, data sources, and examples  Summary 2

3. Decision Making Process: When to Leverage OSINT Ack Task Analysis

   Plan COA Drills Comparison Decision Execution 3

4. Business Decisions Benefiting from OSINT 1. Partnerships 2. Vendor Selection

   3. Mergers / Acquisitions 4. Key Personnel Hiring 5. Office Location Selection 6. Marketing Strategies 4

5. OSINT topics (A-F) for Business Decision Influencers (1-10) (1 of

   2) A. Growth History & Potential 1. Market Conditions and Competition 2. Brand Messaging / Impact 3. Value Creation B. Leadership 4. Experience / Track Record 5. Culture Fit C. Business Records, Filings, & Legal 6. Legal Issues 7. Non-compete Restrictions 5

6. OSINT topics (A-F) for Business Decision Influencers (1-10) (1 of

   2) D. Financials – without seeing the books 8. Operating Costs 9. Debt / Assets E. Community Ties 10. Company Values F. Technical Risks 6

7. Real-World OSINT DATA SOURCES AND EXAMPLE REPORT SUMMARIES 7

8. OSINT Areas, Data Sources, & Examples 1. Growth History &

   Potential 2. Leadership 3. Business Records, Filings, & Legal 4. Financials – without seeing the books 5. Community Ties 6. Technical Risks 8

9. Growth History & Potential Data Sources  Website  Business

   Filings  Business Journals  Press Releases  Corporate Values, Strategy, Objectives  Stock Market performance  Google Fu: ext:pdf|doc|docx|xls|xlsx “Acme Inc|Acme CEO” 9

10. Example: Growth History & Potential ❖ The company’s fleet growth

    is well above average; however, the underlying sources of funding cannot be identified and have indicators suggesting they may be illegitimate [website] ❖ The history of SIC codes indicating expansion and authorized operations does not align to their corporate history as reflected on their website [business filings] ❖ The recent [aircraft] was purchased to [ensure] the company’s growth, but their air worthiness certificate does not authorize passengers, only freight [newspaper, PDF search] 10

11. Leadership Data Sources  Linked In  Peerlyst  Alumni

    Pages  ZoomInfo  Bloomberg  Forbes  OpenCorporates.com  Google Scholar (scholar.google.com) 11

12. Example: Leadership ❖ The current CEO does not have any

    prior C-suite or executive-level experience [social media] ❖ Current CEO went from being a Sort Coordinator at a shipping company to an aviation company CEO in 8 years, with a 3-year gap in his resume [photos, social media, professional networking site] ❖ One of Acme’s Directors is also a key leader of a competitor [historical conference attendee rosters] 12

13. Business Records, Filings & Legal Data Sources  OpenCorporates.com 

    European: https://e-justice.europa.eu (click “en” for English)  Canadian: http://govdataca.com/  Secretary of State (SoS)  PACER.gov & https://pcl.uscourts.gov  Off-shore leaks: https://offshoreleaks.icij.org/  Investigative Dashboard: https://investigativedashboard.org/ 13

14. Example: Business Records  2012 initial investments establishing Acme Inc.

    is less than $55K; this appears to be extremely low for starting an aviation business [tax records, business filings, records inquiries]  There are no reported additional capital calls reflected in the 13-year history of the parent company or 6-year history of Acme Inc. 14

15. Financial Data Sources  Public Relations Announcements  Job Postings

    / Career Fair Flyers  Service Level Agreements  Purchase Orders  Conference Attendance  Executive Travel  Personal Purchases (vehicles, real estate, boats, exotic pets)  Corporate Parties  Off-sites 15

16. Example: Financials ❖ The parent company and its two subsidiaries

    were established with an extremely low total investment of $318K ❖ Acme Inc. had the smallest portion ~$53K ❖ After existing less than 3 years and operating for only 2 years, Acme Inc. made an estimated $5M+ investment in customized assets, despite having no capital calls ❖ Benchmark Example: In 1967 Southwest was established with $500K equivalent to $4.2M today (https://www.swamedia.com/pages/1966-to-1971) 16

17. Community Ties Data Sources  Religious Services  Chamber of

    Commerce  League/Club Membership  MeetUp.com  Charity Events  Real Estate Purchase  Local Business Partnering  Voter Registration  Event Attendance Rosters 17

18. Example: Community Ties ❖ Photos, conference records, and geospatial evidence

    indicate a longstanding relationship with [Mad Scientist Aviation]. However, the affiliation is not reported in any public news or on their websites. [Mad Scientist Aviation] is a significant player in the host nation’s aviation market and this could indicate tensions between the two. 18

19. Technical Risk / Data Protection Practices ❖ Censys.io ❖ Shodan.io

    ❖ ThreatCrowd.com ❖ Pastebins ❖ Domain Tools ❖ Virus Total ❖ Alien Vault OTX ❖ Google Fu 19

20. Example: Technical Risk / Data Protection ❖ [IP address] has

    a vulnerability related to CVE with a raw risk score of 10 out of 10 ❖ Acme Inc. has 30 vulnerable hosts out of 300 hosts discovered to have their domain reflected in security certificates. ❖ Router configuration files for [IP address/hostname] were posted at [paste site name], on [date] 20

21. Summary  Company Values  Operation Costs  Culture Fit

     Brand Messaging / Impact  Financials  Legal Issues  Market Conditions and Competition  Non-compete Restrictions  Value Creation  Social Media  State, County, Federal Records  Google Dorks  Photos / Geospatial Datasets  “Rate my employer” sites  Independent Bloggers  Website Crawling  Open Source Security Tools  Pastebins / Data Dumps  Academic / Research Data Sets 21

22. Questions Organization  Twitter: @divineintel  www. Personal  Twitter:

    @GRC_Ninja  Email tazz @  Blog: https:// 22