Open Source Intelligence (OSINT)

How Sensitive Information Can Be Found With Just A Few Clicks.

(Part 3 of 7 in our series “Demystifying Corporate Espionage”)

Open Source Intelligence (OSINT) refers to intelligence gathered from information collected from open, publicly available sources. These sources can include websites, social media platforms, news articles, and more. OSINT can be both free and paid, and it plays a significant role in the reconnaissance phase of corporate espionage.

The same information that informs clients or family can leave you vulnerable to an attack.

In reference to the the previous post, information is currency and should be treated as such. As such, it can be helpful to effectively ‘budget’ your information.

To do this, we must understand the breadth and depth of what is being gathered – both knowingly and unknowingly.

In this article, we will break down
Sources of Open Source Intelligence,
– How OSINT is exploited against you and your organization, and
– How to get ahead and defend against it.


Networking to grow your business is great, but showing your business’s internal network isn’t.

LinkedIn has provided countless RedTeams (teams of operators hired by a CSO or other C-Suite Executive to determine a companies real vulnerabilities) with insider information on corporate structure.

Sources such as Google Maps and Open Street Map provide a treasure trove of information on the physical location surrounding your business, and thats just the free stuff.

There are countless other specialty map and satellite image providers that will show intense detail for a minimal fee.

From traffic data to scheduled maintenance, to finding the best vantage points for long-term surveillance – maps and satellite imagery are chock full of information, and intelligence for those that know how to analyze.

Is your business registered legally?

If so, then your name and address may be tied to it on the open web.

Do you advertise your position openings online?

What information do you put into your help wanted ads? Some companies are very forthcoming with the duties and expectations of potential hires. However, you don’t need to be transparent with the world.

For example, a posting for security staff should be cautious about explaining the chain of command, exhaustive list of responsibilities, and relationship with local law enforcement too thoroughly. (Don’t laugh. Many companies do this.)

Does your organization provide Executive or Staff Profiles?

Telling clients about your experiences, credentials. and expertise is crucial to building a relationship. That same information can provide inroads for social engineering attacks.

If you currently or have ever owned Intellectual Property, it is public record.

Often times, these records list first name, last name, and even home address of the filer.

Does your company put files on the public facing internet for onboarding purposes?

Try searching “inurl:[your company url] filetype:txt”, or “[your company name] filetype:pdf” on google.

These are just a few examples of the information that can be collected from Open Sources.

  • Web searches
  • Your company website
  • Social Media
  • Conferences
  • Youtube Videos
  • Industry Forums
  • SEC Filings
  • Press Releases
  • Dark Web Sales of information
    and on and on…


The above sources provide invaluable information to competitors and saboteurs alike.

From phishing attacks to supply chain disruptions, the above information can be devastating in the wrong hands.

But now that you know how information leaks, you can control the flow.

Employee Training: Educate employees about the potential risks of oversharing on social media and the importance of being mindful of the information they release.

  • TIME as a tool.

When your group goes to a conference or a trade show, implement a 48 hour rule where nothing is posted on social media until two days later.

This gives you time to consider what is being posted, and eliminates several security risks to your organization and its people.

Monitoring and Analysis: Implement tools for monitoring online mentions and activities related to the company, enabling proactive responses to potential threats.

  • Are we ‘trending’?

Using AI and other monitoring tools, its much easier now to keep a pulse on who is talking about you or your company – helping you stay ahead.

Security Awareness Programs: Develop programs that emphasize the importance of information security and encourage a culture of vigilance against potential OSINT exploitation.

  • That pretty girl / handsome guy is interested in me?!

Honeypots are always talked about. Why? Because they happen, and they work. With the latest technology, you don’t even need to get someones password to clone their devices anymore. Simply sit next to them at the bar – their bag touches your bag and boom. Done.

When traveling for business, you should always keep clean tech with you. Nothing personal or sensitive means nothing to be exploited.

Opt-Outs and Legal Protections: Companies can explore legal avenues to limit the amount of information they are required to disclose, and remove unnecessary existing records, protecting sensitive data from being exploited through OSINT.

It isn’t a question of stopping the information completely, but rather controlling when it gets out and how accessible it is.

Join us in our next post about “Social Engineering” and its role in Corporate Espionage.

Each week we will demystify more of the methods and techniques used in corporate espionage and provide you with skills and strategies to fortify your business against these covert threats.

Thanks for reading!

If you liked this post, send me a message at If your organization can benefit from corporate espionage training, check out our offerings at