When you hear the word recon, you may think of some commando(s) sleuthing around the woods, trying to sneak up as close as they can to an enemy position, trying to assess the manpower that they’re against, track their enemy’s equipment, when they rise, when they sleep, who their superiors are, so you’re aware of who’s potentially calling the shots. Or, you may think of your weird uncle Keith, who dresses up in full battle rattle, wears a multicam baseball cap with a Punisher skull patch on it and paints his face to go play air-soft with 13 year old kids on Saturdays. Whatever the case may be, effective intel is by far one of the most important things you can have in your arsenal. This holds true not only in physical warfare-but digital as well. Before starting this party, it’s important to know OSINT. Five little letters that mean more than words can effectively describe. OSINT is data or information, that can be found on publicly available sources- that when collected and focused towards an entity, can be used in an intelligence context. The tactics, techniques, and procedures (TTP) explained & performed in these articles are all considered passive reconnaissance techniques. I’ve fought with how I wanted to structure these articles, writing a few paragraphs, then deleting them, over and over, because I wanted to explain the methodology and reasoning behind performing recon and I also wanted to display just how easy it truly is to glean information on someone simply by using the absolute basics that’s available to you. No extra tools, no need for OS’s, not even a black hoodie. All of this,
… without the removal of my two bottom ribs.
In plain English, OSINT is information gleaned from publicly available sources – Social Media, Online phone-books, social profiles, code repositories… you get the idea. The idea behind passive recon is that you’re not tipping off your target that you’re studying them- you’re only using what they’ve readily (carelessly?) provided you.
I had someone recently ask me if it’s “is it true that when you write something on the internet, it stays there, even if it’s deleted?” The short answer to that question was: Yes. Without arguing semantics, that’s pretty much true. Whether it’s through server logs, logging your connection & interaction(s) with site resources and when, commenting on a public website, creating a profile, hell, there’s even websites dedicated to backing up & archiving public websites to be stored and later viewed at your leisure. These website archivers are extremely useful. Why?
To me, when I think about the internet in regards to someone’s web presence, or sometimes called, “digital footprint”, I think of “The internet” to that of a notebook. When you write in a notebook with your pencil, you’re inscribing symbols, letters, whatever – onto that page – into that notebook. In the most basic of ways, you’re interacting with that notebook, you’re transferring data from your brain, to that page. This is where something very interesting in the field of forensics comes into play: Locard’s Exchange Principle.
Before you nerds send r/iamverysmart police after me, Locard’s Exchange Principle originated in traditional Forensic Investigations, but holds true in Digital as well. It essentially means that when there is contact between two different objects, there’s an exchange or a trace left. Regardless of how microscopic that trace may be – it’s still occurred. If you walk into a room, you’ve left a footprint either in the carpet, or on the floor. You’re constantly shedding dead skin cells, so though microscopic – there’s still a small exchange that was made. If you touched the doorknob to open the door: fingerprints on the doorknob; in our case: graphite on the notebook.
Here’s why I use the notebook example, in my friend’s question they asked, – ‘…even if it’s deleted?’ Think about when you’ve erased a word with your notebook. Unless you’re a goddamn weirdo and write your notes in a number 3 pencil, chances are, you can still discern what word was previously written, whether it’s still via the faint graphite markings, or the imprint left from you death-gripping your pencil and practically etching it into the paper.
The things you write/leave on the internet, are by and large, accessible by just about anybody else, and some are much better than others at finding it. These pieces of information on their own may be negligible, but like our lord and savior Voltron, when pieced together, you could potentially become a goddamn brick shit-house of pure awesome.
With all of this in mind, it’s time to understand how this begins to come together. In my opinion, it’s best to learn by doing: For the rest of these articles, we’re going to be given a ‘target’, and we’re going to dive into the various aspects, and thought-processes that an adversary, (or sexually-frustrated teenager) likely would utilize to get all them sweet, sweet deets. This target, is Randall K. McDiddler.
In the next article, we’ll go step by step and get to know ol’ Randall K. McDiddler and what he’s all about. Explaining techniques, and actually using them on an individual.
*Disclaimer: I’ve made this person up. All likenesses & persona are fictitious. If by some, horribly unfortunate event that your name is actually Randall McDiddler, your fight is not with me, for besmirching your image, but honestly – with your parents.