Data leaks and breaches seem like a common occurance in 2021. Open source intellegence techniques can be one of the best strategies to manage and respond to leaks. In this article, we’ll cover types of data leaks and effective monitoring techniques with OSINT. When confidential information is leaked it can damage a company or individual in many ways:
Economic consequences: if the stolen data has to do with new products or strategies that the company is developing, competitors can use this information to take the lead.
Legal problems: personal data is covered by the General Data Protection Regulation (GDPR) and other national and federal laws.
Brand damage: A data leak can damage a company’s reputation and cause it to lose credibility.
Data leaks can occur intentionally, as is the case with cyber espionage (among other cybercrimes). However, most data leaks are the results of human error and accidents.
Types of Data Leaks
We can distinguish between leaks:
Internal: these occur from within the company. For example: when an employee sells information to a competitor or an ex-business partner attempts information sabotage.
External: when someone outside the organization gets the data. For example, through a file infected with malware or social engineering.
In addition to external and internal leaks, you must then classify it into two subtypes: intentional or accidental.
Intentional: there is planning and a goal behind it. An example is social engineering, which uses various techniques (such as emails infected with malware) to steal data from employees without them being aware of it.
Unintentional: these occur when, for example, an employee loses a laptop or their company password is brute-forced due to lack of strength.
Ultimately, the result of a data leak is the same: confidential information ends up in someone else’s hands or publicly disseminated.
How to Detect Data Leaks by Utilizing OSINT
Once the leak has occurred, it is crucial to detect it as soon as possible to measure the extent of the damage and take appropriate action.
Perform searches to find the filtered data: the first step is to determine what specific data of the person or company is circulating on various online platforms and whether it is sensitive information.
The general data points needed to monitor cyberspace after a data leak:
- Name of the entity we are investigating
- Email addresses
- Names of documents
- Names of employees/entities
- Phone numbers
- Last four credit card digits
The main techniques used to monitor and search for data leaks:
Keyword search in generic search engines.
You can use search engines like Google, Bing, Yandex, or Yahoo to see what data is circulating on the web. Make sure to familiarize yourself with the advanced search operators of each search engine.
OSINT Using Have I Been Pwned (HIBP)
There are also specific (and free) tools such as HIBP (Have I Been Pwned?). HIBP provides a database of leaks that have been made public, and it contains password and email data from hundreds of database dumps and breaches. Currently, HIBP contains roughly 8 billion rows of account data as of September 2021.
Once you have identified leaked data, the scope of the leak, and data sensitivity, you can now make an informed decision as to how to respond.