A talk originally prepared for the SouthWest Cyber Security Forum, October 3, 2022 meeting.
Slides available at:
We’re entering the golden age of OSINT as social technologies, remote sensing, and data engineering become pervasive.
Keeping your information private is getting harder.
Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.
Information asymmetry is enables those with more information to manipulate those with less to great effect.
Just because it doesn’t look intimidating doesn’t mean that it’s not incredibly dangerous.
What appears to be a small stream one could easily jump across hides unfathomable depths of around 65 meters.
The information you leak can and will be used against you.
Sometimes you aren’t the target, but merely a stepping stone on the way to the true target.
Multiple information sources can be combined to enrich data and give a more complete overall picture.
Intelligence that can be collected from publicly shared and available data.
Any publicly available data source
Did you actually remove the info?
Data has a unique “shape” and can thus be fit back togeher like the pieces of a puzzle.
Even with just the picture and no additional data, there are ways of matching landmarks in the picture to determine where it was taken.
LinkedIn showed me this photo because they work with someone I know.
They mentioned the name of the mountain in the picture. Even without EXIF data I was able to find out their exact address.
The analysis of writing styles to determine authorship e.g. word frequency, adjacency, punctuation, misspellings, etc.
There are lots of ways to get data from systems without actually attacking the security of the system.
Even sensors that can only read info from nearby, can now be remotely accessed or moved into proximity via a drone.
How easy is it for some in Russia/China/India to pretend to be you, or pretend to be a client, and send very convincing fake instructions?