OSINT ‐ Inside About Data Breach

Data Breach in OSINT

NOTES: This is for education, if there is any misuse I am not responsible. Take your own risk I also do not fully understand the laws especially around the world, but here I try to explain with my understanding as well as the materials and experiences I have learnt before.

Many people ask about the role of data breaches within the scope of OSINT, such as whether it is legal or illegal. Well before that OSINT was a 'grey area' If you belong to a law enforcement agency or a company that has a clear purpose and, legal protection (legal umbrella), these licences and legalistas are a licence

Understand Commercial OSINT Tools

Many OSINT tools around the world like Maltego, Intel471, Stealmole, Have i pwnd and etc. Are commercial tools for OSINT that can be used for law enforcement, companies or enterprises and banks and others. Companies like these have clear permissions and licences and objectives. Tools like this from what I have tried and know they can collect information such as dark web indexing, data leaks, ilegal market, telegram dump, malware stealers and threat intel, they will process this information to be correlated and given a risk rate which will later be used for the delivery or reporting of information, tools like this are similar to those on Github or homemade but there are differences such as data collected in clear text, not processed and there is a lack of data and certainly different from the commercial version. But why are they still operating and not being prosecuted? The answer is in three words: 'legal loophole + licence + plausible deniability.' Here is an example:

Metadata commercial tool was collected:

  • Title dump or post

  • Post content (without full data)

  • Hash reference

  • Number of records

  • Timestamp, source, context (archive)

What they do from the platform

  • They don't hack or upload data

  • They just collect what is already published publicly or semi-publicly

  • Just like Google indexes content without creating it

  • Client Restrictions (EULA)

  • Cooperate with law enforcement

  • Legal Protection

Do they have risks too?

The short answer is 'Definitely Yes' I don't know exactly but if you think about it like. Take facial data from Facebook & IG without permission, scrapping posts or groups, there is a possibility of being misused by certain parties or used by criminals as well, but if something like this is out of control let's make an analogy, there are people or companies making guns or knives, then sold, customers buy the goods to be misused such as murder or threats then this should be the fault of the user or customer, because any product depends on who the user is and for what purpose

How is it different from an individual?

How is that different from an individual? No legal protections, licences, or legal contracts protecting that activity - even if your intentions are investigate

How is it different from free tools?

For example, tools circulating on Github or your own creation. the function is the same, but the legality is different, in short ‘the game is different’ they have permission while activists or individuals don't have it, this I don't know if in the eyes of the law, if we make tools with good intentions it will still be caught by the law or not. For example, consider legality

  • Who is using

  • What is the intention & purpose

  • What form of data is being accessed

  • Whether or not there is legal permission/responsibility

How to be safe?

Hmmmm, I think try to buy a legal OSINT tool or you join a legal agency or committee for security (law) reasons. It's true, the world of OSINT and cyber security can often feel unfair, especially when it comes to laws and licences. Sometimes, the gap between what individuals can do versus large institutions is very pronounced, and that's a big challenge in a world that relies more and more on data and information. Regardless, although it sounds unfair, there must be a reason and purpose why this is done, so I don't understand the details of this issue

Understand Law Enforcement

I think this is why every country has law enforcement. Because they are legal and legitimate agencies and have the authority and permission, for example, like the FBI arrested the admin of the breach forums aka pompurin, from what articles I read there are OPSEC leaks such as crypto exchanges using KYC, not using VPN, and there is the use of breach data as a clue for investigation. Then they take down (seizure) the site by giving a warrant to the relevant domain platform or domain register such as google domains, namecheap etc. To take down (seizure) and then change the NS, page, see below

Before seizure breachforums.is. IN A 104.21.52.204 ; Cloudflare or original VPS

After seizure breachforums.is. IN A 185.220.101.6 ; IP DOJ/FBI

Why do they get rich data? And what are some of the uses of leaked data? I think they get it from OSINT (open source) and because they are legitimate law enforcement and the way it is done is also legitimate based on the law and there is an order alias the purpose of the agency is established

Is Data Breach Useful for Investigation?

From what I know and some of the articles I have read the answer is “YES” Because with this data breach and can be accessed by the public or OSINT this can be used as a clue to the investigation, for example there is a leaked email address whose contents are username, email address, IP, geolocation, order or chat history. Then from the data it will be traced back to look for search points and conclude a case, how about the rule of law? Hmmmm in my opinion OSINT is indeed a gray area so this is difficult to conclude, in my opinion it will be different in the eyes of the law and in the eyes of civilians or professionals for research for example, but from the articles I have read some have used data breaches for their investigations but with notes not clear text and censored, still comply with applicable ethics and laws, many articles you can read there are those who use data brokers, telegram bots or related commercial tools

Conclusions

In my opinion and some articles that I read, indeed this data breach can be useful to be used as a search clue or information to be collected, but there is a foundation, for example OSINT tools, media or journalists, cyber investigators or forensics that have clear objectives and are protected by existing laws, from the articles I read there are some such as communities or organizations that use data breaches for their analysis, but I don't know for sure in the eyes of the law what it is like, but I think with this we can understand the flow of investigation and the data they have collected and analyzed why can it be caught? What is the cause especially for threat actors (TA), some of them use commercial tools that are fully supported and rich data. If you want to make any corrections about legal issues or this article I would welcome it, let me know.

i will added more soon, be pattient

PreviousOSINT Where OSINT Data FromNextOSINT ‐ Tips Investigations & Analysis

Last updated