![d0ctrine](https://pic-cc.com/data/avatars/m/139/139804.jpg?1703720680"){kind=avatar}
- Joined
- 26.12.23
- Messages
- 194
- Reaction score
- 2,095
- Points
- 93
An introduction to Open Source Intelligence (OSINT) In today's digital world, there's a ton of information out there just waiting to be found. This treasure trove of data, known as OSINT (Open-source Intelligence), can be incredibly useful for anyone who knows how to dig through it. It's one of the most amazing resources you can utilize as a hacker when targeting someone. By gathering and analyzing information from publicly available sources, you can create detailed profiles of your targets to identify vulnerabilities, credential leakage, and craft more effective attacks. This approach is especially effective for targets with a long history of online activity and service usage.
Data Breaches
At the heart of OSINT is what's called data breaches. These breaches involve the unauthorized disclosure of vast amounts of sensitive information, often containing millions or even billions of records. Hackers or individuals within hacking communities frequently compile and share these breached databases, creating a valuable resource for us if we are to do a targeting campaign. A lot of leaked data from ransomware attacks also get compiled together here.
To understand the scope and impact of data breaches, it's important to note how these incidents have become increasingly common over the past decade. The rise of digital transformation has led organizations to store vast amounts of data online, making them lucrative and beneficial for us. The financial incentives, black-market trading of data, and the relatively low risk of getting caught have all contributed to the surge in data breaches.
Data breaches are a goldmine when it comes to digging up dirt on someone or gaining access to their email and banking. With some of these breaches going back years, you can get a pretty good idea of what your target has been up to online, and have access to a trail of passwords they've used. And let's be real, most people are guilty of using the same password for everything. So, if you know where to look and how to search through these leaked databases, you can uncover all sorts of juicy info about your target, and possibly get just the perfect password you need to gain access to other private information (banks, cryptowallets, etc.) you're trying to access.
History
Before we proceed with actually scraping through data, one must first have a grasp of where the data originates from, and where else could it be but hacking/leaking forums. One of the most popular sources of leaked databases for some time was BreachForums. It was the successor to RaidForums (how original their names were!) after its 2022 shutdown. Founded by Conor Brian Fitzpatrick, aka "pompompurin," (yes, like the cute Sanrio Character) it became a haven for hackers to share data breaches and hacking tools. The site got so popular so fast the Feds came knocking. The best part about these leak forums is that once the breached databases have been posted, as it is the internet, there's just no turning back, it will be immediately available to everyone from then on; so none of the leaks that were posted on the forum (and all other forums before it) were ever removed from the web.
Over time, the entire data breach industry evolved and streamlined into search engine services and breach notification services. Not only did those pretending to be 'moral' individuals and companies ensure that those who leaked the breaches were prosecuted, but they also seized every opportunity to monetize the leaks for their own gain. They got the leakers and hackers behind bars, and profited off of the 'crimes' they committed by spooking normal people and offering them 'protection' from the breaches.
Who utilizes OSINT for hacking/carding?
Primarily cryptoscammers, blackhat hackers, and more sophisticated carders. A cryptoscammer will use a variety of OSINT tools to get as many details as they can on their victim. Blackhat hackers and pentesters run OSINT tests on any site/domain they are targeting, that includes but is not limited to: running analyses on the domain's historical records, possible leaked information, and digging on the emails of the employees. OSINT is also widely used by law enforcement to cybercriminals without proper OPSEC (operational security); studying both OSINT and OPSEC (which I will also write a guide on) will help a would-be criminal have a deeper understanding on his shortcomings and ways of improving his security.
One amazing way we can utilize OSINT is by getting privileged access to a holder's accounts. Instead of willy-nilly using your cards, if you have cards that have the holder's email address, you can run an OSINT campaign on the cards and see if you will get a hit. Once you get a hit, you should, in the most optimal way possible, find a way to emulate the holder's browser fingerprint to maintain access. While these tools tend to have not the most optimal success rate, this will undeniably help someone who has hundreds and thousands of cards; just plug in your database of emails on an OSINT automator, and extract all possible passwords for most of the cardholders.
How can we use this then?
There are a gazillion different ways use OSINT, from investigating license plates and IP addresses to analyzing social media profiles and public records. For instance, you can use OSINT techniques to:
- Dig up some details on an IP address. Just throw it into a WHOIS lookup, IP geolocation, or reverse DNS lookup tool, and voila! You'll get the lowdown on who owns it, where it's located, and any associated domains. You can get a historical record of it, with just a few clicks.
- Track down a vehicle's owner with nothing more than a license plate number. Plug it into a public records database like the ones run by the DMV or some third-party services, and you'll be playing private eye in no time.
- Snoop on someone's online presence by searching their name, email, or phone number on social media and people search engines. It's amazing what you can uncover with a few strategic searches.
- Scope out a company by poring over their public filings, like SEC reports, patent applications, and court records. And don't forget to check out their website and social media pages for even more juicy details.
In addition to these techniques, OSINT can be used for personal investigations. The applications are virtually limitless, making it a versatile tool for various purposes, you can even use it if you suspect that your wife's cheating!
However, since this writeup is more about introducing the concept--I will write a more in-depth article in the future, including a guide on how to build your own database!--we will be focusing on its more rudimentary and straightforward form, and something that will most benefit a carder: leak search engines.
In this area there are a bunch competing for the top-spot. While there are free search engines, they tend to always be hit with legal troubles and they never last long.
It makes you wonder how is it that free and open-access is deemed illegal but paid search engines who bring in thousands to millions in profit are allowed to operate with total impunity? So if you value your time don't waste it on free services, as they tend to come and go, and you can easily card most of these search services if you wanted to anyway!
For the top-spot we have two paid services (they also have APIs): Snusbase.com and Dehashed.com; The closest competitor that is free is probably: Breachdirectory.org
Dehashed.com - 1 week - 5.49$ - 14 Billion Entries
SnusBase - 1 week - 6.49$ - 12 Billion Entries
BreachDirectory - Free - 18 Billion (but I think this is inaccurate, as most of my own searches here don't yield any meaningful result)
To guide you properly, I will be doing an actual OSINT hack with one of my cards:
4539xxx0xxx3xxxx|xx|2x|xxx|Elin Karlsson|Föreningsgatan 16C|Gothenburg|Gothenburg|41127|SE|0046737012589|elin.k@hotmail.com
Searching the email on Dehashed.com yields us plenty of results:
Now you need to understand that a lot of the passwords in these breaches are hashed, which is great for us, because if they were all plaintext passwords, it would take just a week and a bunch of dedicated servers for someone with a minor coding ability to comb through all of them, making them useless to us.
Now when presented with a hashed password, you can try cracking it with public tools, like crackstation.net, etc, or you can use paid tools like CMD5:
Once you get the password, try gaining access to their emails, bank accounts, etc. Pivot to elevate your access from then on out. Your success may very well vary with a multitude of factors, and since most of these breaches are centered primarily around US companies, trying to hack an email via OSINT works better on US victims than other countries.
Last edited:
