How does OSINT contribute to eCrime Prevention?

Open-Source Intelligence (OSINT) is slowly becoming a vital ally in the war against eCrime[1]. It can enable law enforcement and cybersecurity professionals to keep track of illegitimate activities based on publicly available information, provide early warnings against threats, and help create an effective preventive plan against them[2]. It allows investigators to gain better intelligence through OSINT by adding context to the data, discovering new trends that connect individuals for suspect identification, and monitoring illegal activity online. With this approach, companies can analyse risk, identify and mitigate cybersecurity threats in advance, and accelerate incident response. OSINT exploits traditional and non-traditional sources for intelligence, including dark web marketplaces and social media, to provide the information needed to understand how criminals operate.

Threat Intelligence Gathering

By applying OSINT techniques, investigation teams can gather and analyse information from numerous online sources to discover potential threats before they become a reality. This includes deep-web forums and market monitoring to discuss new attacks or vulnerabilities. By observing these underground communities, analysts may learn of emerging threats earlier, providing more time to modify defences. This technique will also allow for tracking new malware patterns and cybercriminal tactics. Understanding the ever-changing threat landscape and adapting security to counter new attack types relies on information like this. Additionally, unprotected passwords or sensitive data that could be exploited can be found via OSINT. By identifying breaches earlier, organisations can more quickly minimise possible harm and reputational damage and safeguard their assets[3].

Attack Surface Mapping

With OSINT, identifying exposed digital assets such as websites, subdomains, and IP addresses enables organisations to understand their digital footprint better and discover points of vulnerability[4]. This inventory helps security professionals ensure that everything is adequately secured and monitored. Moreover, these OSINT techniques can be leveraged to unearth those systems which are either incorrectly configured or perhaps forgotten and hence would have never been detected in typical security audits. It is essential to find these underused assets when aiming for a strong security posture since these are often the easy targets that an attacker prefers. This approach can give public and private organisations a comprehensive view of potential weaknesses from the adversary's point of view by assessing the whole external attack surface. It can also make an organisation better understand where and how to manage and prioritise its efforts concerning exposure areas effectively[5].

Cybercriminal Profiling

OSINT techniques are also effective in the identification of cybercriminals. This typically involves analysis that combines identities and behaviours from several online platforms to form a complete picture of the threat actors. By tracking their digital footprints, investigators can view a bigger picture of what those people or groups are doing, how they operate, and who could be their potential targets. This means that OSINT can tie online personas to real-world identities and is especially useful to law enforcement organisations seeking to catch these cybercriminals[6]. Identification of significant platforms, individuals and their associates inform judicial case-building and disruption activity – evidenced recently when law enforcement, supported by Europol, recently dismantled ‘Cracked*io’ and ‘Nulled*to’, the two largest cybercrime forums in the world. These platforms fueled the rise of cybercrime-as-a-service, providing tools, AI-powered scripts, and tutorials for phishing, malware creation, and security exploitation[7].

This takedown is a significant win, but the fight continues. As cybercrime becomes more accessible and aggressive, cross-border cooperation and partnerships remain crucial[8].

Proactive Defence Strategies

OSINT can help organisations prepare more effectively against cybercrime. One of the most critical use cases is the rapid deployment of security updates for newly found vulnerabilities. Using OSINT, patching efforts can be prioritised according to the urgency of the threat and keep pace with the newest security vulnerabilities. Enhanced training among personnel is increasingly essential, especially considering the changing nature and volume of the security threats that companies are exposed to. By being aware of the most recent strategies hackers have been using, organisations can tailor their security awareness programs to address those risks and train employees to identify and address possible attacks. Additionally, OSINT findings can help security teams adapt policies to mitigate new threats, keeping the organisation's defences robust and current against evolving cyber threats[9].

Enhanced Incident Response

OSINT can provide an incident response team with valuable context around cybercrime. It can generate insights into the nature and scale of an attack, which can help responders understand the full scope of a breach and develop an appropriate response plan[10]. By leveraging OSINT techniques, organisations can take swift action to reduce losses and meet any legal obligations of data protection by identifying potential data exposure or leakage from the incident[11]. Additionally, OSINT helps with attribution and understanding the motives of the attacker, which is critical for immediate incident management and long-term strategic planning to prevent similar types of attacks in the future[12].

Collaboration and Information Sharing

OSINT helps law enforcement and other cybersecurity teams work more effectively. It thus allows partnerships to share threat intelligence, enabling a coordinated defence against shared perils. This cooperative approach is effective in combating large-scale cybercrime activities because combining resources and information often leads to more complete and successful investigations. These investigations benefit the entities cooperating in them by providing deeper insights into complex criminal networks as each contributes by adding different knowledge. Further, collaboratively using OSINT helps build a greater understanding of the global threat landscape and enables more effective and better-coordinated responses against new cyber threats on a broader scale. With OSINT technologies and methodologies, it becomes possible to substantially enhance the capabilities of public and private cybersecurity experts in preventing, detecting, and responding to eCrime threats. In the constantly changing world of cybercrime, OSINT is and will remain instrumental in this fight, offering access to new insights and capabilities to help keep complex cyber adversaries at bay.

Authored by: The Coalition of Cyber Investigators

© 2025 The Coalition of Cyber Investigators. All rights reserved.

The Coalition of Cyber Investigators is a collaboration between

Paul Wright (United Kingdom) - Experienced Cybercrime, Intelligence (OSINT & HUMINT) and Digital Forensics Investigator; and

Neal Ysart (Philippines) - Elite Investigator & Strategic Risk Advisor, Ex-Big 4 Forensic Leader.

With over 80 years of combined hands-on experience, Paul and Neal remain actively engaged in their field.

They established the Coalition to provide a platform to collaborate and share their expertise and analysis of topical issues in the converging domains of investigations, digital forensics and OSINT. Recognising that this convergence has created grey areas around critical topics, including the admissibility of evidence, process integrity, ethics, contextual analysis and validation, the coalition is Paul and Neal’s way of contributing to a discussion that is essential if the unresolved issues around OSINT derived evidence are to be addressed effectively. Please feel free to share this article and contribute your views.

[1] JosephMiller. (2023, December 4). The evolving role of open-source intelligence for policing - Policing Insight. Policing Insight. https://policinginsight.com/feature/advertisement/the-evolving-role-of-open-source-intelligence-for-policing/ (Accessed 01 February 2025)

[2] Clarke, S. (2024b, February 21). Applying open source intelligence to cyber crime investigations. Blackdot Solutions Videris. https://blackdotsolutions.com/blog/cyber-crime-investigation/ (Accessed 01 February 2025)

[3] What is OSINT Open Source Intelligence? | CrowdStrike. (n.d.). https://www.crowdstrike.com/en-us/cybersecurity-101/threat-intelligence/open-source-intelligence-osint/ (Accessed 01 February 2025)

[4] MacInnis, J. (n.d.). Using open source intelligence (OSINT) for attack surface analysis. Truvantis. https://www.truvantis.com/blog/using-open-source-intelligence-osint-for-attack-surface-analysis (Accessed 01 February 2025)

[5] Schneider, C. (n.d.). Attack surface mapping. Christian Schneider. https://christian-schneider.net/service/attack-surface-mapping/ (Accessed 01 February 2025)

[6] Allan, K. (2024, September 11). How Open Source Intelligence is helping police tackle crime now more than ever. Altia Intel. https://altiaintel.com/how-open-source-intelligence-is-helping-police-tackle-crime-now-more-than-ever-2/ (Accessed 01 February 2025)

[7] Law enforcement takes down two largest cybercrime forums in the world | Europol. (n.d.). Europol. https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-takes-down-two-largest-cybercrime-forums-in-world (Accessed 01 February 2025)

[8] Solutions, B. (2024, September 4). Leveraging OSINT for Public-Private partnerships. Blackdot Solutions Videris. https://blackdotsolutions.com/blog/leveraging-osint-for-public-private-partnerships/?utm_content=322642520&utm_medium=social&utm_source=linkedin&hss_channel=lis-PofDpju5oX (Accessed 01 February 2025)

[9] Team, Z. (2024b, July 22). How Open-Source intelligence can be used in cyber threat hunting. ZeroFox. https://www.zerofox.com/blog/how-open-source-intelligence-can-be-used-in-cyber-threat-hunting-zerofox/

[10] Xiph Cyber - Using open-source intelligence (OSINT) in cyber security. (n.d.). https://xiphcyber.com/articles/open-source-intelligence (Accessed 01 February 2025)

[11] Ip, C., & Ip, C. (2023, October 31). Detect personal information leakage with OSINT Attack Surface Management. CIP Blog. https://blog.criminalip.io/2023/05/09/information-leakage/ (Accessed 01 February 2025)

[12] McLaughlin, M. (2024, April 5). Stay a step ahead with the missing link in cybercrime defense: OSINT. Security Magazine. https://www.securitymagazine.com/articles/100561-stay-a-step-ahead-with-the-missing-link-in-cybercrime-defense-osint (Accessed 01 February 2025)