Top 3 OSINT Myths

OSINT is not doxxing

When I speak to other people who do OSINT in their everyday work, they tell me that outsiders think OSINT is doxxing! That’s a terrible myth, because doxxing is a cyber threat and often illegal.

What is doxxing? Doxxing, or “to dox” is a term that emerged in the 21^st century. It’s a pretty new word, but thankfully Merriam-Webster stays on top of the evolution of the English language. Here is their official definition:

Definition of dox

transitive verb

informal

: to publicly identify or publish private information about (someone) especially as a form of punishment or revenge

… Facebook, like other platforms, wants to prevent users from being doxed or otherwise targeted for harassment …— Karissa Bell

On general principles, I support Internet anonymity and look askance at people's efforts to "out" or "dox" anonymous Web commenters whose views they disagree with, much less for simple sport.— Damon Poeter

This isn't the first time the LAPD has been doxxed. In 2011, a group affiliated with the online hackers Anonymous claimed responsibility for posting personal information of more than 40 officers, including their home addresses, campaign contributions, property records, and names of family members after they claimed the LAPD oppressed them by shutting down the Occupy L.A. Movement.— Christine Pelisek

Other Words from dox

doxing or doxxing noun, plural doxings or doxxings informal

So doxxing involves exposing information on targets you aren’t allowed access to. Posting someone’s credit card numbers and government identification numbers in a public forum is both illegal and immoral. It constitutes an information security attack, because confidentiality is a central pillar of the CIA Triad of infosec.

OSINT is finding information that you're allowed to have access to without breaking the law. Did you know that back in the 20^th century, it was common for almost everyone’s phone number to be published in a publicly distributed book? In the United States and Canada, pretty much every city or municipality had its own annual Yellow Pages (commercial) and White Pages (residential) book. The only known phone numbers that wouldn’t be published were from people and organizations that specifically contacted Yellow Pages or White Pages to opt out. As a child, I also remember that White Pages published everyone’s street address! From a 21^st century vantage, this seems kind of risky.

My point is if it was 1992 and you found my phone number and address because it was in the Toronto White Pages, that would be OSINT. OSINT is a process of gathering information without violating rights, with the intention of keeping private information secret. Doxxing is the publication of information for the purpose of harming a person, company or reputation, and the information published need not be based on fact. And as doxxing is unethical and usually illegal, it isn’t OSINT.

Google searches are OSINT

Another popular misconception is that using Google search isn’t OSINT. I think that’s because Google searching is something pretty much everyone does these days. It’s not a niche hacker skill.

But Google and other search engines are tools for finding publicly available information across billions of webpages. That’s information that’s “open source,” and you can acquire intelligence from it. Therefore, Google searches can be OSINT!

There are also other search engines that cybersecurity professionals frequently use when doing OSINT:

Shodan to explore publicly exposed networking devices and servers

Startpage as another way to use Google’s search engine, but without tracking

Ahmia.fi, to search websites on the Tor Network

Maltego, to acquire OSINT from a variety of sources, complete with graphical analysis

Recon-ng as a web reconnaissance tool

OSINT can be done offline!

Because OSINT is a term used in the hacker community, people sometimes assume that OSINT always uses computers and the internet. But that’s not true, OSINT can be done offline using good old fashioned research sources and techniques!

I already mentioned the possibility of using White Pages and Yellow Pages books in the 1990s. Do you know where the teenage 1990s’ version of me would go if I wanted to find a phone number that’s outside of my Toronto hometown? I’d head to the Mississauga Public Library (Central Branch), and scour the building’s five floors to find the shelves that had all of their White Pages and Yellow Pages books. That section of the library not only had White Pages and Yellow Pages books from all over Canada, but also most of the fifty US states.

Which segues into the fact that public and academic libraries are still excellent OSINT sources, in 2021 and beyond. Even with the internet, there is information in old books that might not be available online. Not all of those old books have been digitized. There may also be newspapers and magazines going back several decades or more, with offline-only information that you can find in a library’s microfiche catalogue. Using those old fashioned microfiche machines is a comforting memory to me. A librarian can be your friend and ally in your OSINT work, helping you to explore all of the “open source” information at the library through the many mediums it manifests in.