What is OSINT?
Open Source Intelligence refers to the process of collecting information from open and publically available sources. The process is legal, and does not require hacking. The information is already present in different forms like file, text, image, audio etc, but scattered over the internet. OSINT process stitches them up together for different ends.
OSINT is buzz word among amateurs to professionals alike. The collection of data helps in making an informed decision, for brand management, area analysis and much more. In this write up, we shall discuss few examples, to show real life utility of OSINT.
Aadhar Card Details:
The details listed on a Aadhar card includes:
To gather OSINT Information:
Step 1: Navigate to https://resident.uidai.gov.in/verify
Step 2: Enter the Aadhar number and clear the re-catpcha process
Details Gathered:
Utility:
To catch fraudsters:
Voter ID Cards:
Information Contained in Voter ID Card includes:
To gather OSINT information:
Step 1: Navigate to the website - https://electoralsearch.in/
Step 2: Fill in the mandatory fields – Name, Father’s/ Husband’s Name, Age/ DoB and State of the target/ suspect.
Step 3: Filter the target’s/ suspect’s profile and view the desired information.
Additional OSINT Information Found:
Real Life Misuse:
Criminals use the process, to know approximate physical address. So, make sure not divulge Voter ID card details.
PAN Card Information:
PAN is a 10 digit alpha numeric number, where the first 5 characters are letters, then next 4 characters are numbers and the last one is a letter again.
These 10 characters are divided into five parts as shown below:
C – Company
P — Person
H — HUF (Hindu Undivided Family)
F — Firm
A — Association of Persons (AOP)
T — AOP (Trust)
B — Body of Individuals (BOI)
L — Local Authority
J — Artificial Juridical Person
G — Government
Now a days, the date of issue of PAN card is mentioned at the right (vertical) hand side of the photo on the PAN card.
How PAN Cards can be Mis-used?
How to find OSINT Information:
Step 1: Navigate to the website - https://www1.incometaxindiaefiling.gov.in/e-FilingGS/Services/VerifyYourPanDeatils.html?lang=eng/
Step 2: Fill in the mandatory fields – PAN, Full Name, DoB, Status
Step 3: Complete the captcha code.
It enables verify the correctness of the details, that you fill up, in the previous step. For correct entries, the website shows - PAN is active and the details are matching with PAN database.
Driving License:
To gather OSINT information:
Step 1: Navigate to the website - https://parivahan.gov.in/rcdlstatus/?pur_cd=101
Step 2: Fill in the mandatory fields – DL number and DoB
Step 3: Complete the re-captcha process
Additional OSINT Information Gathered:
Registration Certificate:
To gather details about a Registration Certificate
Step 1: Navigate to the website - https://vahan.nic.in/nrservices/faces/user/searchstatus.xhtml
Step 2: Fill in the mandatory fields – Vehicle number
Step 3: Complete the re-captcha process
Additional OSINT Information Gathered:
Utility:
The above examples show the extent of information available online about us. And, this is only the tip of the iceberg. In reality, far more detailed information can be gathered about an individual with better and more specific searches.
For example,
inurl:.gov.in “target_name” may show some interesting information about an individual, stored in the government database.
Cyber Cops Services Website: services.cyber-cops.com
Conclusion:
Therefore, we must take care, not to post additional sensitive information online. Otherwise, it may become a starting point for doxing, identity theft, financial fraud etc.
It has been predicted that given the growth of internet, it will become increasingly difficult to prevent online profiling and accumulation of information. With a constant (and possibly un-severable) connection to the internet and more apps that run our lives, privacy will become an even bigger concern. It may even be commoditized to the point where only the rich can afford to be off the grid.