Open Intelligence in Industry: An Analysis of OSINT

Posted date
Inteligencia abierta en la industria: un análisis sobre el OSINT

The collection of data in open forts (OSINT) is experiencing high growth in the last decade, as more and more cybercriminals and cybersecurity professionals are taking advantage of these techniques that provide so much value. As the amount of information available on the Internet grows exponentially, the OSINT (Open-Source Intelligence) technique becomes more and more powerful and effective. Some of the purposes for which these techniques are used may be:

  • Analyze market projections.
  • Company audits.
  • Compilation of personal data.
  • Collection of technical data (technical manuals, for example).
  • Geolocation of assets.
  • Sensitive information on social media.

The work process could be summarized in five steps:

  • Set goals: In this first step, you precisely define the specific information you want to obtain, such as personal information, asset information, location, etc.
  • Collection: at this point, various open Internet sources are inquired and all possible information about the target is collected.
  • Filtering: with all the information obtained, the information that may be useful will be selected.
  • Evaluation: at this time, with the necessary information already filtered, the patterns and relationships will be analyzed and above all interpreted to shape the research.
  • Presentation: in this final phase, the results of the research are presented to the interested parties, through a detailed presentation of the reports and conclusions obtained.

Basic introduction to OSINT applied in the industrial sector

In an increasingly interconnected world, obtaining accurate and relevant information has become crucial in the industrial sector. Open-Source Intelligence (OSINT) emerges as a fundamental tool in this process, especially with the exponential growth of technical information available in forums and specialized queries.

As indicated above, the use of sock puppets (creation of fake profiles with the purpose of deception or manipulation) is one of the most widely used methods. This is because it allows you to interact directly with technical staff, being able to extract sensitive information, misinform, or even influence decision-making.

Ejemplo de foro industrial sensible

- Example of a sensitive industrial forum. Source. -

Some of the most widely used tools for this research would be, for example, Shodan, which allows you to obtain information on all kinds of devices connected to the Internet. On the other hand, Maltego, a software that shows different search objectives in a very visual way and allows you to identify all kinds of relationships between them.

LinkedIn was not created for this purpose, but for these investigations it offers insider information, as it can identify experts in particular technologies, business relationships and their contacts. The use of Google Dorking allows you to find information that does not appear in simple Google searches, using "dorks" you can obtain that information in a simple way (advanced search string). Such as: filetype:pdf "información sensible"

This specific search command will display the results of PDF files on the "example"" and contain the phrase "sensitive information".

Information collection disciplines

Some of the most used disciplines in relation to the OT sector would be: 

  • IMINT (Image Intelligence): This is defined as the extraction of information from various types of images or photographs, including locations, configurations, and technologies used. As you can see in the image below.

    Ejemplo de extracción de información sensible, ocurrida en la estación de emergencias de Hawái.

    - Example of sensitive information extraction at the Hawaii emergency station. Source. -

  • SIGINT (Signals Intelligence): this discipline is based on the capture of all kinds of signals including radio, bluetooth or even telephony with the aim of detecting the technologies used.
  • GEOINT (Inteligencia Geoespacial): geospatial intelligence is based on the study and analysis of information related to the geographical and topographical situation of the target, being able to extract key information such as connectivity by area, access, locations, etc.
  • SOCMINT (Social Intelligence): social intelligence could easily be confused with social engineering, but in reality, they are very different terms. While social engineering involves some psychological manipulation or deception to obtain information, social intelligence is defined as obtaining information from open sources, i.e. social networks, forums and other means of communication.
  • HUMINT (Human Intelligence): finally, human intelligence refers to obtaining information from human sources, i.e. interacting with individuals, e.g. through interviews, attending seminars or being part of groups of people related to our target.

Advantages and disadvantages

The use of OSINT is possibly one of the fastest and most cost-effective techniques in economic terms, making it a very attractive investigation solution in the case of a crucial investigation that requires a certain degree of agility.

Being open sources provides extra security, since there is no risk of raising alarms during the investigation, and, in addition, allows a continuous updating of all this information.

On the other hand, the main disadvantage is the excess of information that can be extracted, therefore, the importance of filtering information is emphasized. Likewise, this type of technique exposes the researcher to the compilation of erroneous information, since it can be manipulated and cause the opposite effect, i.e., disinformation.


In conclusion, OSINT is positioned as a valuable tool in the field of industrial cybersecurity. Its exponential growth in the last decade highlights its relevance for security professionals. The effectiveness of OSINT lies in its ability to gather information, although it also requires a rigorous filtering and evaluation process. It should not be forgotten that open sources can provide us with a lot of information to make strategic and operational decisions and help us make decisions.

A correct internal data management policy and good internal training for employees will be key points to avoid leaks and be less exposed to these threats.

The correct cross use of the mentioned tools such as Maltego, Google Dorks or Shodan, together with different disciplines, will allow us to obtain much more accurate results in the investigations.

botón arriba