Definitions Flashcards
(86 cards)
1
Q
Open Source Data
A
Rawprint, broadcast, oral debriefing or other form of information from a primary source
2
Q
Open source information
A
Comprised of data that is put together by an editorial process that provides some filtering and validation and includes some presentation management that is widely disseminated
3
Q
OSINT
A
- Information discovered, discriminated, distilled, and disseminated to a select audience to address a specific question
-Applies the proven process of intelligence to the broad diversity of open sources of information, and creates intelligence
4
Q
Validated OSINT (OSINT-V)
A
- Entails a high degree of certainty, usually from an intelligence professional that has classified intelligence sources
- Can also come from an open source where there is no question concerning the validity (i.e. live stream of plane arriving at an airport)
5
Q
SOCMINT (social media intelligence)
A
- Collective tools and solutions that allow organizations to monitor social channels and conversations, respond to social signals and synthesize social data points into meaningful trends and analysis
6
Q
HUMINT (human intelligence)
A
- Any information from human sources
Example: social engineering, photos, documents, other materials
7
Q
Definition of OSINT
A
- Form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources to produce actional intelligence
8
Q
ISTAR Method
A
Intake & Orientation
Strategy, Search, Store
Technical Capabilities
Analysis
Refine, Recycle, Reporting
9
Q
What is north america’s IP block
A
ARIN
10
Q
What is south america’s IP block
A
LACNIC
11
Q
What is asia pacific’s IP block
A
APNIC
12
Q
What is Europe’s IP Block
A
RIPE NCC
13
Q
What is Africa’s IP Block
A
AfriNIC
14
Q
What are the information needs for Data Collection
A
Event (incident, accident, disaster)
Thematical (drugs on internet, online gambling, soccer)
Organization (company, group, organization)
Person (suspect, profiling, location)
15
Q
What is SIS method
A
Short internet scan
- quick and dirty method of searching for information
- minimum amount of time
- no plan
16
Q
What is the through search method
A
ISTAR
17
Q
What is the I in ISTAR
A
Intake
-who, what, where, when, why, what way, with what
18
Q
What is the S in ISTAR
A
Search
- use different building blocks to search, build off what is found
19
Q
What is precision
A
measure of exactness
20
Q
What is recall
A
measure of completeness
21
Q
What is the relationship between recall and precision
A
inversely related (increase of precision, decreases recall/results)
22
Q
What can influence recall/search results
A
Avoid using words with double meanings
insufficiently specific keywords
synonyms
variations of spelling
23
Q
What techniques/tools be used for documentation?
A
use automation
store data so visible offline/later date
remember risk factors during searches
24
Q
What is the R in ISTAR
A
Refine, Recycle, Report
-refine keyword list
-recycle GUIDs
-report on all stored data
25
What is the A in ISTAR
Analysis
-identify GUIDs
-check for new insights
-confirm reliability of findings
26
What can be considered GUIDs
Full name
address
nickname
email address
IP address
phone number
27
What are some keys for effective searching
Get to know the subject
Find synonyms
Variant spelling
Learn the right terminology
Use the ‘OR’ statement
28
What is intitle
Must be in the title of the website
29
Allintitle
All words in title of website
30
Inurl
Must be in the URL of the website
31
Allinurl
All words in the URL of the website
32
Site
Only a domain name: all parts of a domain name
33
Filetype
Search on file types
34
Periods ...
Search within a range
35
URL Analysis
check for which country it's from
.gov/.com/.int
36
What are common mistakes in searching
Using common words
Typo’s (though may sometimes be helpful)
Wrong syntax (& instead of + or AND)
Using colloquial (where is isn’t allowed)
Not use Operators
Using a singular word
Not use translations
Getting distracted by all those online goodies
37
What is a search engine
a software program that searches the world wide web or a portion of it for information, typically by searching for keywords or phrases
38
What are the RIRs
Afrinic, apnic, arin, lacnic, ripe cc
39
What can be used to get more information about IP/domains
ripe.net
domaintools
viewdns.info
40
What are some data storage/web capture tools
HTtrack
wget
snipping tool
robots.txt
whois
41
What should be done with downloaded data
Save to USB or burn on CD/DVD
Give directions for viewing
Be sure the right codecs are used
Never view on PC with Internet connection
Check for malware
42
What are cookies
small text files that are used to help servers recognize visitors
contains identification code (ID) to identify user systems
43
What are some legal considerations for OSINT
Privacy policies of social media platforms (end user agreement)
Right to be forgotten
Human Rights Act
GDPR
44
Why should our reasonable expectation of privacy change?
People make a free decision to publish information about themselves on the internet
45
What are some international laws
Council of Europe
Convention on Cybercrime
GDPR
European convention on Human rights
46
What are some international laws
Article 8 Right to respect for private and family life
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or
for the protection of the rights and freedoms of others.
47
Universal Declaration of Human Rights
Article 12: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks
48
Convention on Cybercrime
The Convention is the first international treaty on crimes committed via the Internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security. It also contains a series of powers and procedures such as the search of computer networks and interception
49
What is some data that leave traces behind
IP address
Host Name
Geolocation
Browser fingerprints
Referrers
Cookies
Server Logs
Stats
Google Analytics
50
What are ways to hide an IP Address
VPN
Proxy server
Tor
SSH Tunneling
prepaid mobile internet
open wifi access point
51
How does a proxy server work
All communication is going through a proxy server, and you don't know who owns that proxy server
52
How does a VPN work
User system is assigned an IP address and communication with VPN server is encrypted
53
How does SSH tunneling work
- Port forwarding to SSH tunnel
- Need: shell account on a server (remote server)
- Open a listening port on local workstation
- Use server as a proxy server
-Connect to server via SSH
54
What are some counter measures that can be used
- Keep workstation up to date, with most recent versions of software/operating system
- Scan for malware
- Use throw away emails
- Use 'CTRL + F' instead of searching using website
- Keep in mind the language, screen resolution
- Don't check webpages at the same exact time every day, blend in with the masses
- Download website from IP that can't be tied to LE, and then make copies so that multiple people can review
- Source code obfuscation may prevent offline reviewing
55
What is the successive fractions search method
Begin with a large search about a common subject which gives big results. Sucessfully reduce the results by adding specific key words to end up high prescision set of search results
56
What is the berry picking search method
Common search strategy. Start search with just one key word on variety of sources. Each search gives new pieces of info, which gives you new ideas and directions to follw and therfore new conceptions of the query (new key words found from the previous one).
57
What is the building blocks search meghod
Most widely used. Combine serach terms then analyse relevance of results and produce more sets of queries that are more relevant
58
What is the pearl growing search method
Begin with specific set of documents or document that we know is relevant (the pearl) then use characteristics of that document like titles, chapters, quotes, references etc to grow a set of queries.
59
What is the interactive scanning search method
Mostly used when the researcher has not yet got a good understanding of the subject. Begin with a comprehensive set of docs generally related to the problem area. By scanning these documents we note key features of the problem area. Then use these to formulise sucessive queries, quickly scan these results to ID the most important phrases and key words, then use these to create new search queries.
60
What is ICANN
Internet corporation for assigned names and numbers
Coordinates IANA functions (manages global DNS)
61
What is IANA
Internet assigned numbers authority
Maintains registries for critical resources / allocates IP addresses to RIRs
62
What is a RIR
Regional Internet registry
They are responsible for allocating and registering IP addresses within geographical region
63
How to IANA, ICANN, RIRs work together
IANA sets global resources for DNS/IP ranges
ICANN coordinates between IANA and RIR
RIRs manage resources for specific regions
64
What is the definition of OSINT
information that has been deliberately discovered, discriminated, distilled, and disseminated to a select audience, generally the commander and their immediate staff, in order to address a specific question. In other words, OSINT applies the proven process of intelligence to the broad diversity of open sources of information and creates intelligence
65
What is the definition of OSINT-V
OSINT-V is information to which a very high degree of certainty can be attributed. It can be produced by an all-source intelligence professional with access to classified intelligence sources, whether working for a nation or for a coalition staff. It can also come from an assured open source to which no question can be raised concerning its validity (e.g., images of an aircraft arriving at an airport that are broadcast over the media)
66
What is definition of Open Source
Any publicly available information (e.g., media, internet, public data).
67
What are the four distinct categories of open information and intelligence
Open source data (OSD)
open source information (OSIF)
Open source intelligence (OSINT)
Validated OSINT (OSINT-V)
68
What is open source data
raw print, broadcast, oral debriefing or other form of information from a primary source (photograph, tape recording, satellite image, personal letter)
69
What is open source information (OSIF)
Comprised of data that can be put together generally by an editorial process that provides some filtering and validation as well as presentation management (generic information that is widely disseminated: Newspapers, books, broadcast)
70
What is the definition of SOCMINT
. These are the collective tools and solutions that allow organisations like law enforcement to monitor social channels and conversations, respond to social signals and synthesise social data points into meaningful trends and analysis based on the user's needs
71
What are the two types of ways to perform open source research
Monitoring internet information
identifying people, groups, objects, and locations
72
What was the exercise that allowed OSINT to be known as valuable data collection
Burundi exercise from Robert Steele (former CIA) where they compared results from CIA research and open source information gathering
73
What are some examples of deep web information
IRC, Usenet, dark web, peer-to-peer, in-game chats
74
What does GUID stand for
Globally unique identifier
75
What are the four types of kinds of information in an OSINT search
Events
Theme
Organization
Person
76
What does a recall score of 1.0 mean
all relevant documents that exist on the internet were retrieved by the search
77
What words are ignored by search engines
the
a
78
What are some ways to validate data in open sources
-find primary source
-never trust a single source and verify as many facts as possible with other sources
-check link popularity/check comments
-check if its a real source or republished
-check if same information is mentioned elsewhere
-check if url/website is registered/belongs to a big company
-see if website looks professional
79
What is a search engine
software program that searches the World Wide Web or a portion of it for information
80
What factors determine a websites ranking
Relevance and quality of content (websites that provide valuable and relevant information for users)
Keyword usage another important factor is the use of keywords in the website's content
Link popularity. Search engines use the number and quality of links pointing to a website as a measure of its popularity and relevance
User experience (easy to navigate, load quickly and provide a positive user experience)
Mobile optimization with an increasing number of users accessing the internet on mobile devices
Social signals the presence and activity on social media platforms
Technical optimization. Finally the technical aspects of a website such as the URL structure, meta tags and header tags can also influence its ranking and search results
81
What are popular search engines
Google
Bing
Yahoo
Baidu (china)
Yandex (russia)
82
What information is collected by search engines
search queries, IP addresses and browser information
cookies and web beacons to track users' online behaviour. This information can be used to personalise results and advertisements.
83
What are some security concerns
Data security. Search engines store vast amounts of sensitive personal information about users making them attractive targets for cyber criminals. Search engines may be vulnerable to data breaches which can result in sensitive information being stolen or misused.
Misleading information. Search engines can provide users with misleading or incorrect information.
Phishing and malware. Search engines can be used by cyber criminals to distribute phishing scams or malware. You should be cautious when clicking on links and search results and you should always verify the authenticity of a website before entering any personal information.
The filter bubble. This is a term used to describe the phenomenon of personalised search results in which search engines
84
What does the dig command do
Gets a list of root servers (from ICANN)
Mac only
nslookup is windows equivalent
85
What is a GTLD
generic top level domain (.com, .edu)
86
