The Value of OSINT for Business Decisions

839fc2503083a6d6bff4aebdf87a5e1d?s=47 Tazz
October 10, 2019

The Value of OSINT for Business Decisions

This presentation was presented at the 2019 South Carolina Information Security Awareness Symposium, and it is the same presentation that was provided at Tampa Bay ISSA.

839fc2503083a6d6bff4aebdf87a5e1d?s=128

Tazz

October 10, 2019
Tweet

Transcript

  1. Value of Open Source Intelligence (OSINT) Tazz, Divine Intel LLC,

    http://divineintel.ninja MATURING SECURITY CULTURES WITHIN YOUR ORGANIZATION TO SUPPORT CRITICAL BUSINESS DECISIONS
  2. Conversation Schedule  Intro  Decision making process – when

    to leverage OSINT  Six (6) major business decisions benefiting from OSINT  Six (6) OSINT research areas for ten (10) business decision influencers  Real World OSINT research, data sources, and examples  Summary 2
  3. Decision Making Process: When to Leverage OSINT Ack Task Analysis

    Plan COA Drills Comparison Decision Execution 3
  4. Business Decisions Benefiting from OSINT 1. Partnerships 2. Vendor Selection

    3. Mergers / Acquisitions 4. Key Personnel Hiring 5. Office Location Selection 6. Marketing Strategies 4
  5. OSINT topics (A-F) for Business Decision Influencers (1-10) (1 of

    2) A. Growth History & Potential 1. Market Conditions and Competition 2. Brand Messaging / Impact 3. Value Creation B. Leadership 4. Experience / Track Record 5. Culture Fit C. Business Records, Filings, & Legal 6. Legal Issues 7. Non-compete Restrictions 5
  6. OSINT topics (A-F) for Business Decision Influencers (1-10) (1 of

    2) D. Financials – without seeing the books 8. Operating Costs 9. Debt / Assets E. Community Ties 10. Company Values F. Technical Risks 6
  7. Real-World OSINT DATA SOURCES AND EXAMPLE REPORT SUMMARIES 7

  8. OSINT Areas, Data Sources, & Examples 1. Growth History &

    Potential 2. Leadership 3. Business Records, Filings, & Legal 4. Financials – without seeing the books 5. Community Ties 6. Technical Risks 8
  9. Growth History & Potential Data Sources  Website  Business

    Filings  Business Journals  Press Releases  Corporate Values, Strategy, Objectives  Stock Market performance  Google Fu: ext:pdf|doc|docx|xls|xlsx “Acme Inc|Acme CEO” 9
  10. Example: Growth History & Potential ❖ The company’s fleet growth

    is well above average; however, the underlying sources of funding cannot be identified and have indicators suggesting they may be illegitimate [website] ❖ The history of SIC codes indicating expansion and authorized operations does not align to their corporate history as reflected on their website [business filings] ❖ The recent [aircraft] was purchased to [ensure] the company’s growth, but their air worthiness certificate does not authorize passengers, only freight [newspaper, PDF search] 10
  11. Leadership Data Sources  Linked In  Peerlyst  Alumni

    Pages  ZoomInfo  Bloomberg  Forbes  OpenCorporates.com  Google Scholar (scholar.google.com) 11
  12. Example: Leadership ❖ The current CEO does not have any

    prior C-suite or executive-level experience [social media] ❖ Current CEO went from being a Sort Coordinator at a shipping company to an aviation company CEO in 8 years, with a 3-year gap in his resume [photos, social media, professional networking site] ❖ One of Acme’s Directors is also a key leader of a competitor [historical conference attendee rosters] 12
  13. Business Records, Filings & Legal Data Sources  OpenCorporates.com 

    European: https://e-justice.europa.eu (click “en” for English)  Canadian: http://govdataca.com/  Secretary of State (SoS)  PACER.gov & https://pcl.uscourts.gov  Off-shore leaks: https://offshoreleaks.icij.org/  Investigative Dashboard: https://investigativedashboard.org/ 13
  14. Example: Business Records  2012 initial investments establishing Acme Inc.

    is less than $55K; this appears to be extremely low for starting an aviation business [tax records, business filings, records inquiries]  There are no reported additional capital calls reflected in the 13-year history of the parent company or 6-year history of Acme Inc. 14
  15. Financial Data Sources  Public Relations Announcements  Job Postings

    / Career Fair Flyers  Service Level Agreements  Purchase Orders  Conference Attendance  Executive Travel  Personal Purchases (vehicles, real estate, boats, exotic pets)  Corporate Parties  Off-sites 15
  16. Example: Financials ❖ The parent company and its two subsidiaries

    were established with an extremely low total investment of $318K ❖ Acme Inc. had the smallest portion ~$53K ❖ After existing less than 3 years and operating for only 2 years, Acme Inc. made an estimated $5M+ investment in customized assets, despite having no capital calls ❖ Benchmark Example: In 1967 Southwest was established with $500K equivalent to $4.2M today (https://www.swamedia.com/pages/1966-to-1971) 16
  17. Community Ties Data Sources  Religious Services  Chamber of

    Commerce  League/Club Membership  MeetUp.com  Charity Events  Real Estate Purchase  Local Business Partnering  Voter Registration  Event Attendance Rosters 17
  18. Example: Community Ties ❖ Photos, conference records, and geospatial evidence

    indicate a longstanding relationship with [Mad Scientist Aviation]. However, the affiliation is not reported in any public news or on their websites. [Mad Scientist Aviation] is a significant player in the host nation’s aviation market and this could indicate tensions between the two. 18
  19. Technical Risk / Data Protection Practices ❖ Censys.io ❖ Shodan.io

    ❖ ThreatCrowd.com ❖ Pastebins ❖ Domain Tools ❖ Virus Total ❖ Alien Vault OTX ❖ Google Fu 19
  20. Example: Technical Risk / Data Protection ❖ [IP address] has

    a vulnerability related to CVE with a raw risk score of 10 out of 10 ❖ Acme Inc. has 30 vulnerable hosts out of 300 hosts discovered to have their domain reflected in security certificates. ❖ Router configuration files for [IP address/hostname] were posted at [paste site name], on [date] 20
  21. Summary  Company Values  Operation Costs  Culture Fit

     Brand Messaging / Impact  Financials  Legal Issues  Market Conditions and Competition  Non-compete Restrictions  Value Creation  Social Media  State, County, Federal Records  Google Dorks  Photos / Geospatial Datasets  “Rate my employer” sites  Independent Bloggers  Website Crawling  Open Source Security Tools  Pastebins / Data Dumps  Academic / Research Data Sets 21
  22. Questions Organization  Twitter: @divineintel  www. Personal  Twitter:

    @GRC_Ninja  Email tazz @  Blog: https:// 22