You don't need to have super technical knowledge to conduct open-source investigations on the Internet.
Previously, such investigations were only available to large corporations. Nowadays, small businesses and in general anyone with the Internet can take advantage of the benefits of open data.
Companies are using open data to make critical decisions, gain competitive advantage, and maintain security. Open information is cheaper to collect and research, it is available - all you need is the Internet and a computer, and most of the tools are free to use. Such data is easy to disseminate: it is open, everyone will have immediate access to it. In addition, OSINT speeds up searches and enables real-time research.
In this article, we provide some simple examples of how you can use OSINT in your work. Perhaps you are already actively using some of the things described below, but something will seem to you an interesting idea and will push you to new ones.
Human Resources (HR)
Eichars use OSINT when searching for candidates, checking them, and when they are already working. With the development of social media, this is getting easier.
Application: search for employees via Telegram (TG)
In this article, we will look at how you can search for different specialists in the Telegram search engine - Telegago. You can read about Telegram's OSINT capabilities for finding information about people in one of our previous articles.
1. Resume search in open groups. If you enter "specialty" + "# resume" in Telegago[/I], you can find people who are interested in finding a job. You will receive results with posts from different groups with vacancies and not only. Everything is in one place, fresh, and there is no need for a long and dreary wandering through the canals.
2. Search by specialty among the profiles. Some users write in bio their profession / position, country, city, and some even attach a resume and portfolio. Most likely, they do it for a reason. It is likely that for job offers as well.
You can search for potential candidates on the same resource as follows. You drive the specialist you need into the search engine. And then click on "contacts". We get almost 3000 contacts.
Now you can add a city to the search bar and try to find a specialist from the desired region. We get 9 results.
We managed to find most of the people from the search results by their name on LinkedIn. And then you think, why don't we just go to LinkedIn? But the fact is that if programmers are often registered on this resource, then, for example, marketers are far from always, especially from Russian-speaking countries. And having data from the TG, you can search for more information about a person in search engines and social networks. Let's look at an example.
Here, we have found a designer.
We go to his profile in the TG. From there we find out how old he is, his name, and what he (supposedly) looks like.
Now we want to find out his additional contacts and, in general, what kind of person is in front of us. It has long been known that people often use the same username on different resources. And this plays into our hands. You can use this Google dork to search for Vitaly on other platforms and social networks:
Vitaliy inurl: <username> site: instagram.com | twitter.com | facebook.com | ticktock.com | linkedin.com
At the very beginning of the request, you can add the keywords that the candidate uses in their profile. This can be not only the name, but also the company where he works, age, place of residence, etc. Usually the username goes in the link, so we use the "inurl" dork to find out if such a nickname is found on other sites.
Two different surnames appeared in the SERP on Twitter and Instagram. It is difficult to understand on Twitter whether this is Vitaly, but on Instagram in the photo he is quite similar and he has different designers in his subscriptions.
In addition to Google, there are resources - Namechk, Instant Username and others, which show on which platforms there are registered users with a certain nickname. But there we will not be able to add additional characteristics of a person in the search, and there is a risk of being among the many inappropriate accounts. Especially if the nickname is quite common, and not some unusual one.
To do this, you need to log in to Facebook and have your employees as friends. And so, enter the name of your company into the search box, click on "posts" and filter by published only by your friends.
Not only what the employees posted on their page is highlighted, but also the mention of the brand in posts and comments, where your employee somehow noted, as well as in the links to which he somehow reacted.
And then you can filter by time: for example, check every month.
By the way, there are recruiting companies that specialize in OSINT. For example, the British Agenda. They screen candidates by examining their digital footprint. This allows you to determine the values and characteristics of the candidate's behavior.
Legal affairs
Lawyers work not only with legislation. It happens that there is simply no answer to a client's or a manager's question among the laws and cases. Then the lawyer turns into an OSINT researcher, because his job is to find the answer to the question.
For example, open data helps to verify a counterparty, avoid violations of laws, or find the necessary evidence for a claim. Yes, and the research of legal bases can be attributed to open data search. For example, when OSINT tools are used to keep track of updates to legislation.
Application: punching a company
Let's take a look at a few steps to help you get a more detailed understanding of the company.
1. We are looking for the official data of the company. If you initially do not know the name of the legal entity or TIN (for example, from the contract), then you can search for it on the website - sometimes it happens in the footer.
Sometimes in contacts.
You can also try to enter names with transliteration from the Latin alphabet (if the name is in English) into the Unified Register of Legal Entities. And in the search results, look for an address that matches the location of the company or a familiar name in the place of the CEO.
2. When you have the official name of the company, TIN or address, then more detailed details can be found on this resource. Here you will find the financial report, and there is a lot of information about the company as a whole in it. For example, in the "Explanation of the balance sheet and the statement of financial results" (it is at the very bottom of the page that the platform will give you on request about the company) you can find the following information:
- about branches.
- data on the members of the group of companies - companies in different countries and regions that belong to the studied organization.
- company investments.
- information about the property - for example, the availability of real estate and land.
- about rented objects.
- about the debtors of the company (and therefore about clients and partners).
- about debts.
- about the main sources of revenue.
- and sources of expenses. You can find information about donations to charity and the amount of fines.
- banks where the company has accounts.
3. On the previous resource, you can study only the current report for the last year. Some historical data on finance for 2012-2018 can be viewed here.
4. Now you can find out if the company has debts that are collected through the court. This information can be searched among enforcement proceedings. To do this, you need to enter the name and approximate location of the company. Case data are publicly available until production is discontinued.
5. Whether the company's current account is blocked can be checked here. You need a TIN and BIC. This is important because the tax authority blocks the company's account in the following cases (according to article 76 of the Tax Code of the Russian Federation):
- The company did not pay taxes and fees and did not respond to tax requirements.
- Declaration or reporting not submitted on time. If within 10 days of delay the company has not handed it over, the tax office may block the account.
- As a result of the audit, the tax authorities charged a fine. If the company does not have property that can ensure the execution of the decision, then the tax authority has the right to block the account.
Application: Intellectual Property Search
Protect your copyrights and not violate others.
1. We are looking for copies of our works. OSINT will help you find those who, absolutely without bothering, use your creation. Original text, photo, video, melody, etc. For example, this is how it works with pictures.
Media Srsly.ru in May 2020 released in a series of Instagram pictures.
Let's try to search for one of them in a Yandex search engine (it searches for similar images better than Google). This is what he gives us. There are a lot of copies.
Some brands simply copied a picture with an interesting idea to their social networks without changing anything.
And some even put their signature at the bottom of the spirits.
The very idea of this kind of pictures was copied by even more companies. But this is no longer about copyright.
2. We do not violate the copyright of others . It may be the other way around - you yourself want to use a picture or video and you doubt how legal it is. There are simple solutions for this. Google Images can filter images by license type.
In
And the InVID extension through the “video rights” function will help determine the license for videos from Twitter and Youtube. From Twitter, just copy the link to the post. Well, on YouTube - a link to the video.
What can be learned through trademarks.
1. What name for a company, brand or product you can register . Open trademark registries will help you check if there are similar or similar names somewhere. And if so, in which country they are registered, for what goods and services, whether they have expired. All this can be checked in international databases, such as the European one and the WIPO base, as well as in national ones - the USA, the United Kingdom, and Russia. Here you can find national bases and other countries. It all depends on which country (s) you want to get your trademark protection.
2. Additional information about your counterparty . By searching for trademarks, you can find out which company it belongs to, and then what other brands this organization owns. Many registries allow you to search both by image (logo) and by name.
For example, let's find the Oracle company in the British database. Search for "keyword, phrase or image". Here we see that it is officially called "Oracle International Corporation" and the trademark "Oracle" is registered for 7 classes of services and goods. And this is not only software, but also printed materials, educational services in the field of computers and software, etc.
Once we have the name of the company that owns the trademark, we can search the registries "by owner". Now let's try to see in the American database which trademarks belong to Oracle in the USA. We go to the simplest search option that the platform offers us. In the "field" select "Owner name and address". We must enter the official name in quotation marks so that the issue is with the owner we need.
And we get 50 trademarks registered by this company in the United States. They also have a sports park!
Information Security
In this area, the specialist uses OSINT research tools to determine if it is easy to harm the company. The search for vulnerabilities can be carried out for the company as a whole and for individual individuals. Devices connected to the Internet are checked; documents that are in the public domain; Personal Information. All this is done in order to at least minimize the risk of cyberattacks.
And so, we try to search on different platforms.
On Google.
We enclose the URL in quotation marks, not forgetting to exclude the site miro.com itself.
And of course the search can be narrowed down to the resources you need. In particular, YouTube, Instagram, Twitter, Facebook, LinkedIn, VK, Medium, Habr, Trello.
In Telegram.
1) We use the already familiar search engine Telegago.
2) Tgstat.ru is similar to the previous tool, but there is an "advanced search" by country, language, topic of the channel. In the example: we are looking for a specific link.
On Twitter.
Don't forget to hit "last" if you want the most recent results. You can read about additional OSINT features on Twitter here. In the example: looking for posts with a link to a whiteboard and a mention of a company.
On Facebook.
We are looking for in the "posts" section.
Marketing and PR
In the sales and advertising environment, OSINT is used to analyze the market and consumer opinions, and monitor competitors. For example, using open data, you can find customer reviews on a website or profile on social networks; automate monitoring of competitors; find a suitable platform for promotion and advertising.
Google dork "related" in the general search results shows us LIKE resources, and in the "pictures" - mostly pages related to the name of the site. Therefore, this dork can be useful for two purposes.
1. Search for unobvious competitors.
The secret is that usually this dork is positioned as a search for similar pages when you are looking for something as a consumer. This gives us the ability to know which resources the algorithms believe satisfy the same need as your company.
And so, we enter into the search engine a link to the website of your organization or one of your competitors. We get good results.
But sometimes, in response to requests for some sites, Google says that he does not know anything. In this case, you can delve into the "pictures", and there is a chance to stumble upon some unexpected competitor. You can narrow your search to specific social networks and platforms by adding, for example, "site: facebook.com" to the search bar.
2. Search for brand mentions. Both your company and your competitors.
There will be a search only by "pictures". The following dork is suitable for this purpose: related: "company site" -site: "company site" . Here, too, you can try to filter by different platforms and social networks.
It is worth noting that other dorks can also be used for this purpose:
info: "company site / company name" -company site
inurl:
"company name" intext: "company name" -company site
link: "company site" -site: " company site "
However, the results are different. Sometimes it is strong, sometimes not very much.
Code:
"niche / sphere" intext: "affiliate"
"niche / sphere" intext: "affiliate" inurl: promo
"niche / sphere" intext: "affiliate material"
" niche / sphere "intext: special project inurl: special
" niche / sphere "intext:" material prepared with the support "
If in English, then these:
Code:
"niche" intext: "paid post"
"niche" intext: "sponsored by"
"niche" intext: "sponsor content" inurl: sponsored
"niche" intext: "sponsored"
"niche" intext: "Sponsored content"
"niche" intext: "sponsored post" inurl: "sponsored-post"
Different combinations of these dorks can produce different results. So experiment.
Techniques and tools like OSINT are actively used by companies that, using open sources, help brands to more effectively promote their services and products. Here are just a few of them: BrandWatch, TalkWalker, Brand24, AnswerThePublic, BuzzSumo.
These companies analyze social networks, forums, blogs, videos, reviews, search queries and provide companies with the opportunity to find out what is being said about it in society or to study customers in more detail - what they need, what they are interested in, what they watch, read, where they go.
All these are just small examples, proving that OSINT is already actively used in many companies, and b hi huhasic knowledge will be useful not only for technical specialists.
Previously, such investigations were only available to large corporations. Nowadays, small businesses and in general anyone with the Internet can take advantage of the benefits of open data.
Companies are using open data to make critical decisions, gain competitive advantage, and maintain security. Open information is cheaper to collect and research, it is available - all you need is the Internet and a computer, and most of the tools are free to use. Such data is easy to disseminate: it is open, everyone will have immediate access to it. In addition, OSINT speeds up searches and enables real-time research.
In this article, we provide some simple examples of how you can use OSINT in your work. Perhaps you are already actively using some of the things described below, but something will seem to you an interesting idea and will push you to new ones.
Human Resources (HR)
Eichars use OSINT when searching for candidates, checking them, and when they are already working. With the development of social media, this is getting easier.
Application: search for employees via Telegram (TG)
In this article, we will look at how you can search for different specialists in the Telegram search engine - Telegago. You can read about Telegram's OSINT capabilities for finding information about people in one of our previous articles.
1. Resume search in open groups. If you enter "specialty" + "# resume" in Telegago[/I], you can find people who are interested in finding a job. You will receive results with posts from different groups with vacancies and not only. Everything is in one place, fresh, and there is no need for a long and dreary wandering through the canals.
2. Search by specialty among the profiles. Some users write in bio their profession / position, country, city, and some even attach a resume and portfolio. Most likely, they do it for a reason. It is likely that for job offers as well.
You can search for potential candidates on the same resource as follows. You drive the specialist you need into the search engine. And then click on "contacts". We get almost 3000 contacts.
Now you can add a city to the search bar and try to find a specialist from the desired region. We get 9 results.
We managed to find most of the people from the search results by their name on LinkedIn. And then you think, why don't we just go to LinkedIn? But the fact is that if programmers are often registered on this resource, then, for example, marketers are far from always, especially from Russian-speaking countries. And having data from the TG, you can search for more information about a person in search engines and social networks. Let's look at an example.
Here, we have found a designer.
We go to his profile in the TG. From there we find out how old he is, his name, and what he (supposedly) looks like.
Now we want to find out his additional contacts and, in general, what kind of person is in front of us. It has long been known that people often use the same username on different resources. And this plays into our hands. You can use this Google dork to search for Vitaly on other platforms and social networks:
Vitaliy inurl: <username> site: instagram.com | twitter.com | facebook.com | ticktock.com | linkedin.com
At the very beginning of the request, you can add the keywords that the candidate uses in their profile. This can be not only the name, but also the company where he works, age, place of residence, etc. Usually the username goes in the link, so we use the "inurl" dork to find out if such a nickname is found on other sites.
Two different surnames appeared in the SERP on Twitter and Instagram. It is difficult to understand on Twitter whether this is Vitaly, but on Instagram in the photo he is quite similar and he has different designers in his subscriptions.
In addition to Google, there are resources - Namechk, Instant Username and others, which show on which platforms there are registered users with a certain nickname. But there we will not be able to add additional characteristics of a person in the search, and there is a risk of being among the many inappropriate accounts. Especially if the nickname is quite common, and not some unusual one.
Application: Facebook for monitoring which employees and what writes about the company
To track the spread of confidential information or negative feedback from employees about the company, you can do the following:To do this, you need to log in to Facebook and have your employees as friends. And so, enter the name of your company into the search box, click on "posts" and filter by published only by your friends.
Not only what the employees posted on their page is highlighted, but also the mention of the brand in posts and comments, where your employee somehow noted, as well as in the links to which he somehow reacted.
And then you can filter by time: for example, check every month.
By the way, there are recruiting companies that specialize in OSINT. For example, the British Agenda. They screen candidates by examining their digital footprint. This allows you to determine the values and characteristics of the candidate's behavior.
Legal affairs
Lawyers work not only with legislation. It happens that there is simply no answer to a client's or a manager's question among the laws and cases. Then the lawyer turns into an OSINT researcher, because his job is to find the answer to the question.
For example, open data helps to verify a counterparty, avoid violations of laws, or find the necessary evidence for a claim. Yes, and the research of legal bases can be attributed to open data search. For example, when OSINT tools are used to keep track of updates to legislation.
Application: punching a company
Let's take a look at a few steps to help you get a more detailed understanding of the company.
1. We are looking for the official data of the company. If you initially do not know the name of the legal entity or TIN (for example, from the contract), then you can search for it on the website - sometimes it happens in the footer.
Sometimes in contacts.
You can also try to enter names with transliteration from the Latin alphabet (if the name is in English) into the Unified Register of Legal Entities. And in the search results, look for an address that matches the location of the company or a familiar name in the place of the CEO.
2. When you have the official name of the company, TIN or address, then more detailed details can be found on this resource. Here you will find the financial report, and there is a lot of information about the company as a whole in it. For example, in the "Explanation of the balance sheet and the statement of financial results" (it is at the very bottom of the page that the platform will give you on request about the company) you can find the following information:
- about branches.
- data on the members of the group of companies - companies in different countries and regions that belong to the studied organization.
- company investments.
- information about the property - for example, the availability of real estate and land.
- about rented objects.
- about the debtors of the company (and therefore about clients and partners).
- about debts.
- about the main sources of revenue.
- and sources of expenses. You can find information about donations to charity and the amount of fines.
- banks where the company has accounts.
3. On the previous resource, you can study only the current report for the last year. Some historical data on finance for 2012-2018 can be viewed here.
4. Now you can find out if the company has debts that are collected through the court. This information can be searched among enforcement proceedings. To do this, you need to enter the name and approximate location of the company. Case data are publicly available until production is discontinued.
5. Whether the company's current account is blocked can be checked here. You need a TIN and BIC. This is important because the tax authority blocks the company's account in the following cases (according to article 76 of the Tax Code of the Russian Federation):
- The company did not pay taxes and fees and did not respond to tax requirements.
- Declaration or reporting not submitted on time. If within 10 days of delay the company has not handed it over, the tax office may block the account.
- As a result of the audit, the tax authorities charged a fine. If the company does not have property that can ensure the execution of the decision, then the tax authority has the right to block the account.
Application: Intellectual Property Search
Protect your copyrights and not violate others.
1. We are looking for copies of our works. OSINT will help you find those who, absolutely without bothering, use your creation. Original text, photo, video, melody, etc. For example, this is how it works with pictures.
Media Srsly.ru in May 2020 released in a series of Instagram pictures.
Let's try to search for one of them in a Yandex search engine (it searches for similar images better than Google). This is what he gives us. There are a lot of copies.
Some brands simply copied a picture with an interesting idea to their social networks without changing anything.
And some even put their signature at the bottom of the spirits.
The very idea of this kind of pictures was copied by even more companies. But this is no longer about copyright.
2. We do not violate the copyright of others . It may be the other way around - you yourself want to use a picture or video and you doubt how legal it is. There are simple solutions for this. Google Images can filter images by license type.
In
You do not have permission to view link
Log in or register now.
, too, like to eat.
And the InVID extension through the “video rights” function will help determine the license for videos from Twitter and Youtube. From Twitter, just copy the link to the post. Well, on YouTube - a link to the video.
What can be learned through trademarks.
1. What name for a company, brand or product you can register . Open trademark registries will help you check if there are similar or similar names somewhere. And if so, in which country they are registered, for what goods and services, whether they have expired. All this can be checked in international databases, such as the European one and the WIPO base, as well as in national ones - the USA, the United Kingdom, and Russia. Here you can find national bases and other countries. It all depends on which country (s) you want to get your trademark protection.
2. Additional information about your counterparty . By searching for trademarks, you can find out which company it belongs to, and then what other brands this organization owns. Many registries allow you to search both by image (logo) and by name.
For example, let's find the Oracle company in the British database. Search for "keyword, phrase or image". Here we see that it is officially called "Oracle International Corporation" and the trademark "Oracle" is registered for 7 classes of services and goods. And this is not only software, but also printed materials, educational services in the field of computers and software, etc.
Once we have the name of the company that owns the trademark, we can search the registries "by owner". Now let's try to see in the American database which trademarks belong to Oracle in the USA. We go to the simplest search option that the platform offers us. In the "field" select "Owner name and address". We must enter the official name in quotation marks so that the issue is with the owner we need.
And we get 50 trademarks registered by this company in the United States. They also have a sports park!
Information Security
In this area, the specialist uses OSINT research tools to determine if it is easy to harm the company. The search for vulnerabilities can be carried out for the company as a whole and for individual individuals. Devices connected to the Internet are checked; documents that are in the public domain; Personal Information. All this is done in order to at least minimize the risk of cyberattacks.
Whiteboards can be found on the Internet and attackers can take advantage of this. Therefore, it would be nice to check if any of the employees shared a board with insider information in an open group in Telegram or on their page in FB. Take Miro boards as an example. This is how the whiteboard URL structure looks like: miro.com/app/board/.
And so, we try to search on different platforms.
On Google.
We enclose the URL in quotation marks, not forgetting to exclude the site miro.com itself.
And of course the search can be narrowed down to the resources you need. In particular, YouTube, Instagram, Twitter, Facebook, LinkedIn, VK, Medium, Habr, Trello.
In Telegram.
1) We use the already familiar search engine Telegago.
2) Tgstat.ru is similar to the previous tool, but there is an "advanced search" by country, language, topic of the channel. In the example: we are looking for a specific link.
On Twitter.
Don't forget to hit "last" if you want the most recent results. You can read about additional OSINT features on Twitter here. In the example: looking for posts with a link to a whiteboard and a mention of a company.
On Facebook.
We are looking for in the "posts" section.
Marketing and PR
In the sales and advertising environment, OSINT is used to analyze the market and consumer opinions, and monitor competitors. For example, using open data, you can find customer reviews on a website or profile on social networks; automate monitoring of competitors; find a suitable platform for promotion and advertising.
We've already written a detailed article on Using Google for Open Data Search, but we continue to cover different use cases.
Google dork "related" in the general search results shows us LIKE resources, and in the "pictures" - mostly pages related to the name of the site. Therefore, this dork can be useful for two purposes.
1. Search for unobvious competitors.
The secret is that usually this dork is positioned as a search for similar pages when you are looking for something as a consumer. This gives us the ability to know which resources the algorithms believe satisfy the same need as your company.
And so, we enter into the search engine a link to the website of your organization or one of your competitors. We get good results.
But sometimes, in response to requests for some sites, Google says that he does not know anything. In this case, you can delve into the "pictures", and there is a chance to stumble upon some unexpected competitor. You can narrow your search to specific social networks and platforms by adding, for example, "site: facebook.com" to the search bar.
2. Search for brand mentions. Both your company and your competitors.
There will be a search only by "pictures". The following dork is suitable for this purpose: related: "company site" -site: "company site" . Here, too, you can try to filter by different platforms and social networks.
It is worth noting that other dorks can also be used for this purpose:
info: "company site / company name" -company site
inurl:
"company name" intext: "company name" -company site
link: "company site" -site: " company site "
However, the results are different. Sometimes it is strong, sometimes not very much.
Application: finding sites where you can place native ads
To save time and not reinvent the wheel, you can look at where sponsored articles have already been published on your topic. If you are counting on a Russian-speaking audience, then the following Google dorks are suitable for search:Code:
"niche / sphere" intext: "affiliate"
"niche / sphere" intext: "affiliate" inurl: promo
"niche / sphere" intext: "affiliate material"
" niche / sphere "intext: special project inurl: special
" niche / sphere "intext:" material prepared with the support "
If in English, then these:
Code:
"niche" intext: "paid post"
"niche" intext: "sponsored by"
"niche" intext: "sponsor content" inurl: sponsored
"niche" intext: "sponsored"
"niche" intext: "Sponsored content"
"niche" intext: "sponsored post" inurl: "sponsored-post"
Different combinations of these dorks can produce different results. So experiment.
Techniques and tools like OSINT are actively used by companies that, using open sources, help brands to more effectively promote their services and products. Here are just a few of them: BrandWatch, TalkWalker, Brand24, AnswerThePublic, BuzzSumo.
These companies analyze social networks, forums, blogs, videos, reviews, search queries and provide companies with the opportunity to find out what is being said about it in society or to study customers in more detail - what they need, what they are interested in, what they watch, read, where they go.
All these are just small examples, proving that OSINT is already actively used in many companies, and b hi huhasic knowledge will be useful not only for technical specialists.