OSINT blog: Exposed PII
“Information does not have to be secret to be valuable. Whether in the blogs we browse, the broadcasts we watch, or the specialized journals we read, there is an endless supply of information that contributes to our understanding of the world. The Intelligence Community generally refers to this information as Open Source Intelligence (OSINT)” - Central Intelligence Agency, United States of America The story for this blog is based on true events surrounding an OSINT investigation I undertook. The mission included two companies, one software developer, and over 100 employees who had their personally identifiable information ( PII ) exposed online. This was an investigation on behalf of a large company that has been a victim of Emotet attack campaigns, and has been targeted by state-level threat actors (also known as APTs). For the purpose of this blog, let us call this large company: “Company A” Part of my work involves monitoring for threats that face Company A a