Skip to content

The 7 Deadly Sins of OSINT

OSINT investigations can range from simple, containing one target on one account, to very complex, such as multiple targets spanning various platforms and locations. Likewise, a target of an OSINT investigation can take extreme measures to conceal their real identity, or they may unknowingly leave an extensive trail of breadcrumbs that lead an investigator straight to their doorstep.

These breadcrumbs can often be grouped into just a handful of categories that encompass some of the most common mistakes users make, which increase their vulnerability to OSINT-based techniques. Remember that, in most cases, practicing good overall operational security (OPSEC) will mitigate many risks a good OSINT investigator exploits. Are you Curious about many of these 7 Deadly OSINT Sins you are guilty of committing online?

Look at the complete list and how to mitigate their effects below.

ENVY

Envy is the driving force behind many other OSINT sins: including Greed, Wrath, and Pride, though it might occasionally manifest on its own. Users who envy others, whether their achievements, social status, follower count, wealth, etc., may participate in riskier behavior that increases their OSINT attack surface to obtain validation or increase their perceived worth in one of the aforementioned traits. This might occur by oversharing or posting more frequently to gain more followers or notoriety, or perhaps the user will attempt to discredit or attack one or more users that they consider “unworthy” of being in such a position.

Mitigation Methods: Take the time to unplug. Don’t let others’ successes reduce the validity of your own; life (and social media) isn’t a competition.

LUST

Even accounts locked down to outside users are not fully protected from OSINT practitioners. Exploiting the sin of Lust is often one of the ways to penetrate accounts otherwise closed to outsiders. Users may quickly accept a friend or connection request from an account crafted to appear like an attractive member of the sex the target is interested in.

A sock account can therefore be used to dupe a user into accepting a connection allowing an investigator to view all their content. In many instances, users that restrict viewing their accounts are more open to sharing information with users who have been granted such access.

Mitigation Methods: Learn to spot sock-puppets and be wary of unusual and unsolicited connection requests, especially if your account is private or locked. This is particularly true for requests crafted as a perfect match for you.

GLUTTONY

Despite the number of relevant posts filling social media, Gluttony is the most under-exploited of the OSINT sins. It is often exhibited via a photo of a meal or a check-in to a restaurant. Depending on if the restaurant is tagged or if the food is specialized, an investigator may be able to identify, at the very least, the chain in question. Any unique background information (signs, decor, tabletops, floor tiles) can assist in narrowing down locations to a specific instance of the restaurant chain. It may also be possible to establish a pattern of life for users that post numerous meals on social media. This can be done by averaging the times posted for each meal and might help narrow down a range of time zones a target might reside in.

Mitigation Methods: For those who must share photos of your meals, try to include as little information about your location as possible. For especially higher-risk persons, staggering the times of posting your scheduled meals makes it more challenging to fingerprint your time zones based on common patterns.

GREED

The OSINT sin of Greed is very similar to the real-world version, and I often see it in giveaways of real or virtual items or currency. Search any social media site for “cash. app” or “gofundme,” and look at how many people are quick to share their link to those purporting to give away money in exchange for likes and shares of their posts. While linking other accounts always poses a risk of an investigator finding the connection, these payment platforms are high-value targets for an investigator as they more often include a target’s accurate information than their social media handle. Similarly, users that share local giveaways might inadvertently be giving up location information. After all, do you think a doughnut shop in New Jersey will ship the dozen doughnuts prize to someone in Indonesia?

Mitigation Methods: Don’t mix business and pleasure (accounts). Keep your cash transfer apps and fundraisers to your accounts or in private messages only.

SLOTH

In OSINT, Sloth can take many forms. However, it primarily occurs when a target reuses something due to laziness or lack of creativity, such as passwords, photographs, usernames, biographical data, etc. Numerous tools and techniques exist for locating usernames on other platforms, and basic Google Dorks allow investigators to find biographic data, headlines, images, and commonly used hashtags that a user shares across platforms. Additionally, tools like Dehashed enable linking accounts belonging to users with unique (to them) passwords that are reused on other platforms. Even a user who employs different usernames can therefore be linked if their accounts have shared passwords and both have been involved in data breaches.

Mitigation Methods: Don’t reuse passwords, ever. Treat accounts that share the same username, email, profile photo, etc., as the same account, meaning that if you wouldn’t share information on one account with that name, you shouldn’t do so on any of them. Remove any leaked data from old accounts that may use the same username or password to prevent historical information from being used against you.

WRATH

Wrath is one of the more unusual sins and does not occur as often as the others. This OSINT information often occurs due to an online argument that escalates to the point of driving another user to doxx your target. Although this can lead to more rapid results by leveraging information found in places like Pastebin or Doxbin or in the interaction between the users during the argument, be sure to verify such information, as the results can vary wildly. At the very least, such occurrences may provide additional leads for branching out the investigation or cross-referencing what you already assume you know about a target.

Mitigation Methods: Do not engage in heated arguments online, particularly with users that know information that may be used against you. Remove any information about yourself online to reduce the chance of others locating and combining it into a single source for others to find.

PRIDE

People like to share their accomplishments and success. For OSINT, I equate the sin of Pride to oversharing, mainly when it involves identifiable material in the form of significant life accomplishments. This can take many forms, with some of the most notable examples including a target sharing a photo of their newly awarded driver’s license (search the hashtag gotmylicense), diploma (#classof####), certification (#gotcertified), workplace award (#workaward), etc. Often they fail to redact these images, and their full name, state/province, country, license plate, workplace ID, etc., are on full view. This makes it very easy for an investigator to unmask the user behind the social media account in record time.

Mitigation Methods: Double-check your photos and posts before posting to be sure you have sanitized all personal information. Refrain from unnecessarily oversharing, particularly things that make identifying or narrowing down who you are accessible.