The concept of OSINT.
Telegram channel: https://t.me/protectioninformation
Telegram Group: https://t.me/informationprotection1
Website: https://legascom.ru
Email: online@legascom.ru
OSINT (open-source intelligence, open–data intelligence) is the collection of information about a person or organization from open sources and its subsequent analysis.
Intelligence based on open data was actively used during the Second World War in Britain and the United States: special units monitored enemy broadcasts. Currently, OSINT methods are used not only in foreign policy, but also in the field of information security.
As a result of such information collection, it is possible to reach the right people responsible for performing certain tasks for the subsequent implementation of attacks using social engineering.
Of course, OSINT is a big topic in its own right, and more than one book could be written about it. But, among other things, collecting information about other people is not a legitimate activity, as it violates the law on personal
data. Therefore, we will not delve into this topic, but we will look at the main points related to "punching", which is what OSINT methods are called in jargon.
So, the main identifier by which you can search for data about a person is, of course, his mobile phone number. You can also use a landline phone number to search, but in my opinion, most people now use mobile numbers for communication, and it's much more interesting to search for them. The most powerful and interesting tool for punching is the Telegram messenger. Unlike the traditional web, everything changes very quickly on Telegram, and if one channel is blocked, the owners instantly create clones of it.
Telegram has special bots for searching by phone number. Usually, working with these bots is based on a paid subscription basis, but in some cases quite a lot of information can be obtained for free. On my channel, I will not provide the names of channels in which data requests can be made for several reasons. First of all, it's not completely legal. In addition, a lot of time has passed since these lines were written, and the channels are likely to change during this time. Well, those who really need these tools will easily find the right channels themselves.
A reasonable question is: where do these bots get their information from? The sources of information are usually databases that leaked online at one time. An attacker can prepare a search query by phone number, which will result in finding information from the customer base of one popular food delivery service.
Bots usually aggregate information from several sources, such as traffic police databases, taxi services, delivery of goods and food, social networks, etc.
Almost every source has a year specified. This means that the data in this database is relevant for this period, in other words, they were stolen in this particular year. That is, the information provided by these bots is not fully up-to-date, and this must be taken into account when using it.
However, the search is possible not only by phone number, for example, by last name, first name, patronymic, car number, address, etc.
Of course, telegram bots are not the only means of finding information about a person. Sometimes you can find out a lot of interesting things by searching in a search engine. It is also useful to search in social networks.
Well, for those who are seriously interested in this topic, there are some not quite standard methods. For example, some online banking applications, when trying to transfer by phone number, show the recipient's first name, patronymic, and first letter of last name, as well as the banks they use. Sometimes such information can also be useful.
