Open Source Intelligence (OSINT) in Fraud Investigations

Written By Admin

We identified how investigators were able to obtain personal information that was used as evidence against different employees here, raising issues within data protection regulation in the Kenyan jurisdiction.

What about publicly accessible information for investigation purposes? How can investigators obtain such information?

Open Source Intelligence (OSINT) is a useful tool that is used for various purposes and can be utilized by fraud analysts and investigators. Some of the OSINT tools available are HaveIbeenPwned, Grayhatwarfare, Spyce and Maltego.

In essence, many files are publicly accessible, some by design, and some by oversight in data protection safeguards. These files may also contain very sensitive information that may not be easily accessible through search engines. OSINT makes use of advanced technology to analyze data from social media and the deep web. The techniques used in OSINT include: web scraping, social media analysis, search engine techniques, network analysis, data analysis and correlation, and sharing the reporting findings with stakeholders for decision-making.

Impact on organizations

OSINT is a form of hacking that may be used by both attackers and defenders. For example, attackers can access public information about employees and can target individual employees to gain privileged access in company resources. Investigators and fraud analysts can design training modules to create awareness in data protection and fraud mitigation in their organizations. In fraud mitigation, OSINT may be used to test vulnerabilities, preventing adverse effects that may be caused by data breaches. 

What is the future of OSINT? With the advancement of Artificial Intelligence (AI) and Machine Learning (ML) OSINT tools will be improved from data collection, analysis, and drawing actionable insights, therefore, improving efficiency in businesses and organizations.

It is also imperative that investigators remain ethical as this information has impact on people and organizations.

Admin
Next

The right to privacy is not absolute.