From the course: Deep Dive into Open-Source Intelligence
Using breach data for OSINT
From the course: Deep Dive into Open-Source Intelligence
Using breach data for OSINT
- [Instructor] In the famous 2014 Sony Pictures breach, a politically motivated hacking group threatened Sony with terabytes of data they claim to have stolen from dozens of Sony servers. When Sony didn't give into the demands of the hacking group, the hackers posted tens of thousands of employees' social security numbers, confidential details of hundreds of internal servers, and embarrassing emails between executives to Pastebin and other websites. When the hackers finished sharing their breach data, over a hundred gigabytes of sensitive data was made public. So what is breach data and how do we use it for OSINT? Breach data is information that is made public by an individual or group who committed the data breach. This typically contains usernames, email addresses, and passwords, but sometimes it can be more extensive with trade secrets or personally identifiable information. While stealing data is considered illegal, obtaining or using public data for OSINT investigations doesn't break any laws that I'm aware of. That said, you should always check with an attorney that's familiar with your local laws and regulations before obtaining possession of breach data. When hackers steal information from organizations or individuals, they sometimes post their loot on platforms such as WikiLeaks, Pastebin, or other sites on the dark web. While large-scale breaches like Sony make the news, just because you don't find any articles talking about your target organization in a data breach, it doesn't mean the data breach is nonexistent. Companies don't like to make breaches public. When I'm tasked with performing OSINT on an organization, I typically start by doing a Google search with the target organization's name and the word breach to see what kind of data may be available. If that doesn't work, the Office of Attorney General is another place you can sometimes find evidence of a breach by getting copies of breach notices sent to consumers. If either method shows evidence that there may have been a breach, sites like Pastebin, GitHub, torrents, or other dark websites can be scraped looking for information to help make your OSINT investigation successful. The chances of an employee at your target organization having personal information exposed as part of a data breach is pretty high. In fact, I'm so confident of this, I encourage you to test it for yourself. Go to have haveibeenpwned.com. Enter your email address and see how many times your email address has been part of a data leak. Hopefully, you can count the number of breaches on just one hand.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.