What Is OSINT? How it is Used in Real Life in India 2020?

What Is OSINT? How it is Used in Real Life in India 2020?

What Is OSINT? How it is Used in Real Life in India 2020?

What is OSINT?
Open Source Intelligence refers to the process of collecting information from open and publically available sources. The process is legal, and does not require hacking. The information is already present in different forms like file, text, image, audio etc, but scattered over the internet. OSINT process stitches them up together for different ends. 

OSINT is buzz word among amateurs to professionals alike. The collection of data helps in making an informed decision, for brand management, area analysis and much more. In this write up, we shall discuss few examples, to show real life utility of OSINT. 

Aadhar Card Details:
The details listed on a Aadhar card includes:

  • Full name, father’s name, complete postal address, linked number, DoB, gender and photo

To gather OSINT Information:
Step 1: Navigate to https://resident.uidai.gov.in/verify
Step 2: Enter the Aadhar number and clear the re-catpcha process

Details Gathered:

  1. Whether the given Aadhar card exists 
  2. Age band
  3. Gender 
  4. State and
  5. Redacted phone number i.e., last three digits

Utility:
To catch fraudsters: 

  • Fraudsters are known to forge Aadhar cards, at times, by simply replacing a given Aadhar card number with another random Aadhar number. 
  • The details of the fake Aadhar number (randomly selected) may be vastly different from the original one. For example, age band, state, redacted phone number or even gender of the forged Aadhar card may be different. 
  • So, it can be used by Law Enforcement Authorities to find forged Aadhar cards, by following the aforesaid mentioned steps. 

Voter ID Cards:

Information Contained in Voter ID Card includes:

  • Elector’s full name, father’s/ husband’s full name, sex, age as on specific date, photo, EPIC number, complete address and constituency details  

To gather OSINT information:
Step 1: Navigate to the website - https://electoralsearch.in/
Step 2: Fill in the mandatory fields – Name, Father’s/ Husband’s Name, Age/ DoB and State of the target/ suspect. 
Step 3: Filter the target’s/ suspect’s profile and view the desired information.

Additional OSINT Information Found:

  1. EPIC number
  2. State, district, polling station  
  3. Assembly Constituency and Parliamentary Constituency 

Real Life Misuse:
Criminals use the process, to know approximate physical address. So, make sure not divulge Voter ID card details. 

PAN Card Information:
PAN is a 10 digit alpha numeric number, where the first 5 characters are letters, then next 4 characters are numbers and the last one is a letter again. 

These 10 characters are divided into five parts as shown below: 

  • First three characters are alphabetic series running from AAA to ZZZ 
  • Fourth character of PAN represents the status of the PAN holder, where

C – Company 
P — Person 
H — HUF (Hindu Undivided Family) 
F — Firm 
A — Association of Persons (AOP) 
T — AOP (Trust) 
B — Body of Individuals (BOI) 
L — Local Authority 
J — Artificial Juridical Person 
G — Government 

  • Fifth character represents the first character of the PAN holder’s last name/ surname. 
  • Next four characters are sequential number running from 0001 to 9999. 
  • Last character in the PAN is an alphabetic check digit. Alphabetic check digit is generated by applying a formula to the preceding nine letters and numbers and acts as a checksum digit. 

Now a days, the date of issue of PAN card is mentioned at the right (vertical) hand side of the photo on the PAN card. 

How PAN Cards can be Mis-used? 

  • Income Tax Returns:By collecting data, using several other OSINT sources, the fraudsters may gather sufficient details, to register on Income Tax website and file IT returns by using another person’s PAN number. Several scams of fraudulent Income Tax refunds have surfaced, which involved PAN Card mis-use. 
  • Your PAN card details, can be scrapped by criminals to furnish tax collected details. For examples, jewelers were misusing it while selling jewellary of high value to HNIs, who did not wish to produce their PAN details.

How to find OSINT Information:
Step 1: Navigate to the website - https://www1.incometaxindiaefiling.gov.in/e-FilingGS/Services/VerifyYourPanDeatils.html?lang=eng/
Step 2: Fill in the mandatory fields – PAN, Full Name, DoB, Status 
Step 3: Complete the captcha code. 

It enables verify the correctness of the details, that you fill up, in the previous step. For correct entries, the website shows - PAN is active and the details are matching with PAN database. 

Driving License:
To gather OSINT information:

Step 1: Navigate to the website - https://parivahan.gov.in/rcdlstatus/?pur_cd=101
Step 2: Fill in the mandatory fields – DL number and DoB
Step 3: Complete the re-captcha process

Additional OSINT Information Gathered:

  1. Current status
  2. Holder’s name
  3. Date of issue
  4. DTO
  5. Old / New DL number
  6. Driving License validity details 
  7. Class of Vehicle details

Registration Certificate:
To gather details about a Registration Certificate

Step 1: Navigate to the website - https://vahan.nic.in/nrservices/faces/user/searchstatus.xhtml
Step 2: Fill in the mandatory fields – Vehicle number
Step 3: Complete the re-captcha process

Additional OSINT Information Gathered:

  • Registering Authority/ DTO details 
  • Registration date
  • Owner Name
  • Engine Number
  • Chasis Number 
  • Vehicle Class 
  • Maker / Model 
  • RC Status
  • Fuel Type
  • Others - Insurance upto, PUCC upto, RC status, MV tax upto, emission norms and fitness/ registration upto.  

Utility:

  • DL details can be cross checked against the physical DL shown by a person. It will help police to rule out forged DL during the process of checking.
  • RC details cross checking, will help weed out fake number plates, and thus enable police to catch stolen vehicles. 

The above examples show the extent of information available online about us. And, this is only the tip of the iceberg. In reality, far more detailed information can be gathered about an individual with better and more specific searches.

For example, 
inurl:.gov.in “target_name” may show some interesting information about an individual, stored in the government database. 

Conclusion:
Therefore, we must take care, not to post additional sensitive information online. Otherwise, it may become a starting point for doxing, identity theft, financial fraud etc. 

It has been predicted that given the growth of internet, it will become increasingly difficult to prevent online profiling and accumulation of information. With a constant (and possibly un-severable) connection to the internet and more apps that run our lives, privacy will become an even bigger concern. It may even be commoditized to the point where only the rich can afford to be off the grid.