Expanding the meaning and toolkit of OSINT in the United States

OSINT (Open Source Intelligence) is intelligence based on open sources of information. In the US, OSINT plays an important role in the intelligence community, including organizations such as the CIA, FBI and the National Security Agency (NSA). OSINT main goals:

Collection of information from open sources: Media, social networks, public databases, forums, government reports and other publicly available resources.
Data analysis and correlation: Transforming collected information into useful intelligence through analysis, comparison and pattern identification.
Decision support: Providing up-to-date information for strategic and tactical decisions in the field of national security.

Tools and Techniquesused in OSINT:

1. Social networks and media monitoring:

Maltego – https://www.maltego.com
TweetDeck – https://tweetdeck.twitter.com
Hootsuite – https://hootsuite.com
Social Searcher – https://www.social-searcher.com
CrowdTangle – https://www.crowdtangle.com
BuzzSumo – https://buzzsumo.com
Brandwatch – https://www.brandwatch.com
Talkwalker – https://www.talkwalker.com
Mention – https://mention.com
Netvibes – https://www.netvibes.com
Meltwater – https://www.meltwater.com
Dataminr – https://www.dataminr.com
Twint – https://github.com/twintproject/twint
Screaming Frog – https://www.screamingfrog.co.uk
Tineye – https://tineye.com
OSINT Framework – https://osintframework.com
Spyse – https://spyse.com
Pipl – https://pipl.com
Shodan – https://www.shodan.io
Foca – https://elevenpaths.com

2. Search engines and specialized platforms:

Google Dorks – https://www.exploit-db.com/google-hacking-database
Bing – https://www.bing.com
DuckDuckGo – https://duckduckgo.com
Yandex – https://www.yandex.com
ZoomInfo – https://www.zoominfo.com
Crunchbase – https://www.crunchbase.com
Whois Lookup – https://whois.domaintools.com
Censys – https://censys.io
Hunter.io – https://hunter.io
BuiltWith – https://builtwith.com
Wayback Machine – https://archive.org/web
Exalead – https://www.exalead.com/search/
Intelligence X – https://intelx.io
PublicWWW – https://publicwww.com
PeepL – https://www.peepl.us
AlienVault Open Threat Exchange – https://otx.alienvault.com
GrayHatWarfare – https://grayhatwarfare.com
Creepy – https://www.geocreepy.com
Shodan – https://www.shodan.io
Ahmia (for Tor) – https://ahmia.fi

3. Geospatial analysis:

Google Earth – https://earth.google.com
OpenStreetMap – https://www.openstreetmap.org
Mapillary – https://www.mapillary.com
GeoNames – http://www.geonames.org
ArcGIS Online – https://www.arcgis.com
Sentinel Hub – https://www.sentinel-hub.com
GPS Visualizer – http://www.gpsvisualizer.com
Geofeedia – https://www.geofeedia.com
GeoIQ – https://geoiq.io
CartoDB – https://carto.com
Geocode.xyz – https://geocode.xyz
Terraserver – https://www.terraserver.com
QGIS – https://qgis.org
HERE Maps – https://www.here.com
Wikimapia – http://wikimapia.org
Zoom Earth – https://zoom.earth
Gaia GPS – https://www.gaiagps.com
Bing Maps – https://www.bing.com/maps
LandViewer – https://eos.com/landviewer
SAS Planet – http://www.sasgis.org/sasplaneta/

4. Analytical platforms:

Palantir – https://www.palantir.com
IBM i2 Analyst's Notebook – https://www.ibm.com/products/i2-analysts-notebook Splunk – https://www.splunk.com
Recorded Future – https://www.recordedfuture.com
Dataiku – https://www.dataiku.com
Microsoft Power BI – https://powerbi.microsoft.com
Tableau – https://www.tableau.com
KNIME – https://www.knime.com
DataRobot – https://www.datarobot.com
Cybersixgill – https://www.cybersixgill.com
Socrata – https://socrata.com
Farsight Security – https://www.farsightsecurity.com
Crimson Hexagon – https://www.crimsonhexagon.com
Alteryx – https://www.alteryx.com
Datadog – https://www.datadoghq.com
Qlik – https://www.qlik.com
SAS – https://www.sas.com
Neo4j – https://neo4j.com
Anodot – https://www.anodot.com
Sift Science – https://sift.com

5. Cyber ​​intelligence:

Chainalysis – https://www.chainalysis.com
Elliptic – https://www.elliptic.co
CipherTrace – https://www.ciphertrace.com
Crystal Blockchain – https://crystalblockchain.com
TRM Labs – https://www.trmlabs.com
Coinfirm – https://www.coinfirm.com
Bitfury Crystal – https://crystalplatform.com
Maltego (with crypto plugins) – https://www.maltego.com
Clara – https://clara.io
Xrplorer – https://xrplorer.com
Blockchain Explorer by Blockcypher – https://live.blockcypher.com
Etherscan – https://etherscan.io
BitcoinWhosWho – https://www.bitcoinwhoswho.com
Neutrino – https://neutrino.nu
Scorechain – https://www.scorechain.com
Merkle Science – https://www.merklescience.com
KYT (Know Your Transaction) by Chainalysis – https://www.chainalysis.com/kyc-aml Blockchair – https://blockchair.com
Coinpath by Bitquery – https://bitquery.io
Whale Alert – https://whale-alert.io

Three real-life examples of using a set of tools to solve OSINT problems

Case Study 1: Investigating Terrorist Activity via Social Media

Task: Identify and monitor potential threats to national security posed by extremist groups on social networks.

Tools and Techniques:

Social monitoring: Using tools like Hootsuite or Mention to track keywords and phrases related to extremism.
Social Network Analysis: Using Maltego to build graphs of connections between suspected individuals and groups.
Language and content analysis: Using NLP (Natural Language Processing) tools to analyze rhetoric and identify calls to action.

Result: Detection of a group of individuals planning potential attacks, allowing law enforcement to take preventative measures.

Example 2: Identifying human trafficking networks

Task: Identify and expose an international human trafficking network operating through online platforms.

Tools and Techniques:

Web scraping: Automatically collect data from ads on suspicious websites using Python and the Beautiful Soup library.
Geolocation analysis: Using EXIF ​​data from images to determine location.
Analysis of cryptocurrency transactions: Using tools such as Chainalysis to track financial flows.

Result: Providing collected data to international law enforcement agencies, which led to the arrest of key figures in the network.

Case Study 3: Cyber ​​Intelligence and Prevention of Cyber ​​Attacks Task: Prevent a large-scale cyber attack on energy sector infrastructure.

Tools and Techniques:

Darknet monitoring: Using specialized services to track discussions and leaks on the darknet.
Malware analysis: Using tools like IDA Pro or Wireshark to analyze detected malware.
Feedback from the cyber community: Interaction with CERT (Computer Emergency Response Team) to exchange information about identified threats.

Result: Early identification of a planned attack and updating of security systems, which made it possible to avoid compromise of critical infrastructure.

Having broken through

In fact, breaking through is a delicate matter and each country has its own approach, special if it concerns a different language, culture and mentality.
It is also worth considering that if you need to find a person where you do not live, nothing will happen to you, unlike the situation when you are looking for a person in your own country, Comrade Major is always in the next apartment :-).

So, currently in Russia, and in the CIS as a whole, several + – cheap services are popular punching resources, these are userbox, eye of god And chimera. These services are quite enough to remember a friend’s birthday, the place where you last ordered sushi, or maybe you’re really curious about what the Internet knows about you. In no case do I advise using these services for selfish purposes, falling into the hands of justice is much easier than it seems, so all knowledge and skills must be used with an understanding of the consequences, even if you are an altruist and are ready to give your life for the sake of the people, you should not play the hero, That's why law enforcement agencies exist, the world is more complicated than you think.

I've moved away from the topic of conversation, let's continue.
What then about penetration in other countries, and specifically today we are considering the USA? As an example, I will show you some services similar to those in the CIS.

1. Spokeo
It is a people search engine that allows you to find information about people based on various data such as:

– phone number
– email address
– Name
– address

Spokeo collects data from public sources and social networks.
One request costs on average US$1, which is a small price to pay considering that a full OSINT investigation typically costs around US$2,000.

2. Pipl
Pipl is a search engine for finding people that uses information from the Internet, social networks, and closed databases. It is often used for background checks and investigations.
This is a commercial product for business enterprises, so to get it you will need a tidy sum, and a unique approach to convince them that you need their product for genuinely good purposes. If you know another way to get this product, no one is stopping you from using it… I prefer the old proven method of social engineering.

3. BeenVerified
An online service that provides access to public data, including real estate information, court records, addresses, phone numbers and social media profiles.
My personal opinion is that the service is fifty-fifty, nothing unusual, but worth it
try it if there is no information everywhere.

4.TruthFinder
This is another tool for finding people in the US that offers information from public records, including criminal records, residential history, phone numbers and even social media profiles.

5. Intelius
Tool for conducting background checks. Intelius provides access to contact information, addresses, telephone history
calls, as well as criminal and court records.

6. Clearview AI
This is a more specific tool based on facial recognition technology. Clearview AI allows law enforcement agencies and other organizations to search for people in photographs by accessing a huge database of images from social networks and public sources.

And there are a lot of similar services, but the real juice is not in the breakout services, but in the databases, drains, etc.
To find such databases, you need to scour the forums and collect everything bit by bit. And the most important thing is to be able to use search engine doors.
An approximate list of search engines that you should own:

Google
Bing
Yahoo!
Baidu
Yandex
DuckDuckGo
Ecosia
Ask Naver
Seznam

Most have the ability to search by image, maps, panoramas, etc. I think it’s worth making a separate guide on dorks for 2024 for these search engines, but in this we are talking about OSINT in the USA.
As an example, I’ll show you how you can search for small bases in the USA:

Or if you are looking for data on a specific user, you can try to enter his nickname, email, password, if you know, or something else, try different file formats, different search engines and see the result

Of course, this whole thing can be automated, in fact it’s just a data parser from search engines, you buy or receive API keys to search engines, look at the documentation or ask chatGPT and that’s it, consider it in the bag, you’re a mega cool osinter puncher – you’ll think… But no To be a truly sought-after specialist, to be head and shoulders above others, it is not enough to have the ability to Google and write prompts in GPT, you must be able to think.

Actually, that’s why, for the OSINT problem related specifically to the USA, those who are interested will first solve it themselves, and then look at our solution, and those who just want to get some experience and see what types of search there are, will have to wait, i.e. To. The solution will appear in the next issue.

More materials with OSINT tools:
Search by email and nickname
Automation of searching for a telegram account using a number.
Simple search for people via telegram
Analysis of Telegram accounts
Bots and services for data reconnaissance VKontakte
We review and practice popular OSINT tools
OSINT: Intelligence in EUROPE

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *