Basic tools for Open Source Intelligence (OSINT) and Cybersecurity

-
With increasing application of technology across different domains world over, information has become the new oil upon which organizations base their business strategies. Alongside the proliferation of technology and a myriad of increasingly significant fields such as data science, more and more organizations are becoming cognizant of the enormous advantages data and information can present. While organizations will feel the need to protect their assets with greater urgency, even the least of tech savvy individuals can make use of tools and technologies that make it easy to at least  muster the basics of information acquisition. 

This article is for groups of people who may want to know the general basics of information gathering from freely accessible sources (OSINT). Whether you are a doctor or a mason, information gathering will ultimately be important in building a knowledge base vital for both personal and professional use. By extension, any individual would naturally be interested in staying safe by learning tips and tricks on cybersecurity without having to delve into inherently technical details.  

While there are many tools to gather information and to improve one's cybersecurity awareness, these are some that I find useful and immediate to daily life. Click the links within the subheadings to access the tools.  

All my Tweets 

We all love Twitter for one reason; the vast amount of information we can gather on an instant. Based on followers and topics followed, Twitter can provide tailored and trending information while acting as an archive for tweets issued since the beginning of the platform. Going through Twitter may sometimes be overwhelming, especially if looking for particular information, say, from a particular user. While there are may tricks to extract highly customized results (similar to google dorks) one significant tool I use for focused search on a particular user is allmytweets.net. This tools collects all Twitter activity from a single user and displays them in a continuous page where you can read seamlessly while investigating their tweeting history. 

For example, all tweeting history from Standard Kenya would show as follows, giving an opportunity to sort according to tweets, likes, followers, and users a particular account is following. 

The below screenshot shows accounts that Standard Kenya is following. 


Gathering all this information centrally helps save time while focusing on what is important, especially when you want to gain insights about a particular user. Note that to use allmytweets.net, you have to log into an active Twitter account. 

Truecaller 

Most of you have heard and used this tool at some point in their lives to look up unknown caller IDs. Truecaller has grown into one of the go-to tools used to gather information about a caller to determine if they are legitimate or known. I use Truecaller to check up numbers whenever I get calls from unknown numbers. While some calls may be important, it may be prudent to miss the first call, check up the number, and return the call after determining the necessity. However, if you have been expecting such calls or your line of business involves dealing with strange numbers, you may find it unnecessary to use Truecaller. 

Truecaller works by collecting and providing partial information regarding caller identity information from phone directory providers and partners as well as from social networks. It may however be possible that a number doesn't exist from these sources yet or little to no information is relayed from the source. Regardless, this tool can provide valuable information regarding any caller globally.  Searching up any caller information requires a sign in, something you might do using any email account you own. However, beware that a user subscribing to Truecaller may get the identity of those searching for their phone information. To conceal real identity, prefer the use of junk email addresses to sign up, or omit some information.  


Have I been Pwned

Have I been Pawned is a tool that can be used to check whether an account associated with an email address was involved in a data breach. The site works by collecting information from provided databases of breached data. The tool verifies that the email address has been involved in a data breach since cybercriminals deliberately give this data to Have I Been Pwned and asks them to confirm the legitimacy of  the breach. This unlikely collaboration between data thieves for commercial purposes almost always yields accurate results about data breaches with which an email address is associated. However, not all data breaches may be captured since criminals may choose not to share data leaks they discover. 




A sample of a data breach associated with one of my junk email addresses points that my Canva account was involved in a data breach. It gives detailed explanation of the breach including the date and description of the breach.  


Get Notify - Email Tracking

This is one of the best email tracking tools one can use to discover the status of a sent email. With this tool, it is possible to determine whether your sent email has at least, been opened by the receiver. This tool is particularly useful in tracking the progress of applications where you keep wondering whether your email is going cold in the recipient's inbox or someone on the other end took their time to recognize your efforts by reading its contents. This tool, as many other email tracking tools use tiny image pixels inserted within the sent email to detect if the the email has been opened or clicked. 

To use getnotify, you would be required to sign up to the service with your primary address, after which every email you sent will be suffixed by getnotify.com. For example, to track an email sent to abc@gmail.com, you would need to input abc@gmail.com.getnotify.com at the recipient's field. The tool will consequently forward the email through its servers to insert the tracking mechanisms before routing it to the recipient. When the recipient opens or clicks on the email, you will consequently get notified. 

As seen below, getnotify will deliver the details of the opening of the email including when it was first opened, the service provider, IP address, operating system, and so on. 


As a measure of security, you can however avoid this and other types of tracking by disabling images from loading by default in email settings. 

TinEye -Reverse Image Search

Many times, you will browse the internet to look for information, including images. You might come across images from different platforms including Instagram, Facebook, and Twitter, and wonder whether they legitimately belong to the account owners. Tiny Eye will help by conducting a reverse image search on the internet to find out if the picture appears in other places as well. Most people, and especially scammers, will paste pictures from the internet to mislead others, hide their identity, and remain unknown. This tactic is used to create sock puppets (ghost individuals) to represent the owners of an account. You may for example, be misled to think that you are communicating in an online forum with a lady represented by a well-appearing profile image while all along, a male counterpart is in fact, pulling the strings. If you feel unsure about the identity of an individual online, conducting a reverse image search will always come in handy. If a search yields no matches, it probably is authentic and belongs to the supposed account owner. 


The above tools are just a few of many others that can be used to gather and comprehend freely available information. Many more can be used to gather more information including IP addresses, usernames, geolocation, and so on. While some will be more technical than others, there will always be tools that are easy to use for any Tom, Dick, and Harry who isn't necessarily tech savvy. As more advances are made in technology, and as more tools are built and packaged into web apps, every individual should be able to gather rudimentary information essential for basic knowledge. 

Comments

Post a Comment

Impressed? Leave a comment!

Was that insightful? Read more articles below

Enough with Numbers and Versions!

-
Image
It is now emerging that Apple will release iPhone 12 in the coming months, much to the delight of those able to afford and of course, to the envy of those who can't or have never owned an iPhone in their lives (me included). But that's not the point. The point is, this next release will be iPhone 12. That is about 12 years since the release of the first iPhone, iPhone 1 (iPhone 2G). That is roughly an iPhone every year. Very impressive. By 2050, assuming we go by the 'an iPhone a year' trend, we should see iPhone 42. Right?  iPhone is just one example. Other phone makers are hot on this trail. Since an emphatic re-entry into the android market, Nokia has released a whole range of flagship devices, from Nokia 1 to Nokia 9 pureview. In between, there are insane devices and versions. Number 6, for example, is taken by Nokia 6, Nokia 6.1, Nokia 6.1 plus, and Nokia 6.2. Isn't this overwhelming? This is the trend for just about any Nokia released recently.  Now consider ...
Read more

Password Attacks: How Much do you Know?

-
Image
source:lifars.com There are a variety of ways hackers can get hold of your passwords to compromise the confidentiality, integrity, and availability of your system/accounts. The type and severity of the attacks will depend on the willingness to get hold of your accounts and whether you present anything of value to the attacker's course. Nonetheless, everyone needs to know the methods hackers can use to get breach the integrity of their passwords. Whether you are a clueless toddler with a tablet or a tech-savvy CEO, understanding password attacks will better help you know how to protect yourself.  Non-Electronic Password Attacks Non-electronic password attacks are a common tool for attackers without any deep technical knowledge. Such malicious actors will use subtle ways to get wind of your passwords, more so without your knowledge. One such way is through social engineering , where the individual will manipulate and trick you into revealing your password. The attack might for exampl...
Read more

Top 5 Things you are probably doing wrong with your phone - A cybersecurity perspective

-
Image
Since the invention of the first smartphone in 1992 , humanity has raced to acquire the latest gadgets on the market. Smartphone makers have equaled the challenge to satisfy a technology-hungry population that now accounts for over 6.5 billion smartphones globally. While this technology adoption has largely been beneficial to globalization and economic development, it has become a source of security risk.  I previously wrote an article about the proliferation of mobile phone viruses and how to take care of them . Even so, old habits die hard. You still need to consider whether some of your tendencies make it easy for attacks and unauthorized access. Below are what I consider the most common mistakes people do with their smartphones to the delight of the bad guys; 1. Implementing easy device security settings The first entry point to a smartphone is the screen lock that requires a pattern/pin/fingerprint/password to unlock. People assume that since they have little to lose or hid...
Read more