People OSINT: Finding Information Ethically (Part 2)

Disclaimer:

All the tools and methods discussed in this blog are part of what I am learning in a safe and legal environment. This content is strictly for educational purposes only and is not intended to harm any individual or organization. 

In our previous post, we discussed about fundamental of OSINT.

 From this post onwards, we will be begin applying those ideas- starting with People OSINT.

 What is People OSINT ? 

People OSINT refers to use of OPEN SOURCE INTELLIGENCE techniques to gather information about individuals using publicly available data. 

It is a critical skill for: 

  • investigators, 
  • journalist, 
  • security professionals, 
  • recruiters, 
  • and even individuals looking for their own digital footprint.

People OSINT does not involve hacking. It focuses on information people Knowingly or unknowingly expose online. 

The Core Philosophy: The "Cascade Effect"

Start with a small piece of data (a username , email, phone number, or name + location) and use it to find more data points across different platforms creating a fuller picture. 

1. Starting Points ( What you need to begin )

You need to have at least one of these identifiers:

  • Username/Handle : A unique alias
  • Email Address: Often the most powerful starting point
  • Phone number: Can reveal name, carrier, and linked accounts.
  • Full Name & Location: Especially for a common name, location is key.
  • Image/Photo: For reverse image search.
  • Social Security Number or National ID: Extremely sensitive and heavily restricted; use only in highly authorized contexts.

2. Core Methodology & Key Tools

A. Username & alias search
People often reuse usernames across platforms.
  • Tools: WhatsMyName, Namechk, Sherlock( CLi tool), UserSearch.
  • Manual Search: Simple Google "username" in quotes. Check sites like Reddit, GitHub, X, Instagram, Steam.
B. Email Address Investigation
  • Breach Data: HaveIBeenPwned( checks if email was in known breaches). 
  • Account Discovery: 
    • Google Dork: Intext:"email@example.com"
    • Tools: Epios ( free tier), Hunter.io( for corporate emails) , Phonebook.cz ( from the theHarvester project).
  • Password Reset Trick: On a major site , attempt a password reset with email. Often, the site will reveal a masked version of associated name. This confirms account ownership.
C. Phone Number Lookup
  • Carrier Identification: FreeCarrierLookup.com.
  • Messaging App Link: Check if the number is registered on WhatsApp, Telegram, or Signal ( these apps often reveal a profile name/pic )
  • Reverse Lookup: Truecaller , Whitepages, SpyDialer (leaves voicemail probes). Results vary by country. 
D. Social Media Analysis
  • Platform-Specific Search: Use the native search on Facebook, Linkedin , Instagram , X etc.
  • Advanced Facebook Search: Use graph search-like queries ( though limited now) . e.g., "People named John Smith who live in Seattle and work at Amazon". 
  • LinkedIn: A goldmine for emplyment, education, connections and data. Use Boolean search in the search bar.
  • Data Aggregators: Social Seacher ( real-time multi-network search)
E. Image & Face Search
  • Reverse Image Search: Upload a profile picture to:
    • Google Images or Google lens.
    • Yandex Images ( often superior for faces and non-Western content).
    • TinEye.
  • Facial Recognition ( Use with extreme caution & legality) : PimEyes, face-check.id. ( These tools not privacy invasive).
F. Geospatial & Hobbies:
  • Geotagged Photos: Check Exif data from original photos.. Use exiftool or online viewers.
  • Hobby Platforms: Forums for specific hobbies, Starva , Untapped, goodreads.

3. The Analyst's Mindset: Connecting the Dots

  1. Corroborate: Never rely on a single source. Cross-check facts across multi platforms.
  2. Contextualize: A photo at a landmark gives location. A post about : work anniversaries" gives employer info.
  3. Patter Analysis: Do they post a specific times? ( It gives timezone). Do they tag the same people repeatedly ? ( It give close relationships).
  4. Metadata is gold: Document timestams, location tags, device information ( often in image metadata or Twitter client info).
4. Defensive OSINT : Protecting Yourself 
  • Audit Yourself: Regularly search for your own data using the above methods.
  • Use Unique Usernames: Don't reuse handles for sensitive vs. casual accounts.
  • Limit Data Sharing: Be cautious with quizzes, apps, and surveys that harvest data.
  • Review Privacy Settings: Lock down social media to Friends Only, disable facial tagging.
  • Opt-Out: Manually request removal from major data broker sites ( Spokeo , Whitepages , etc). Services like DeteletMe can automate this ( for a fee) .
Last Reminder: With great power comes great responsibilities. So, use all tools and methods shared in this blog for security purpose only , and to uncover the truth in ethical way. 

Comments

Post a Comment

Popular posts from this blog

Obfuscation and Deobfuscation

I was on Hack The Box Academy, happily reading along when the first word of the module popped up: understanding . Good. Next word: code . Still good. Then the third word appeared: deobfuscation . And I just stared at it like, “How many alphabets did they use to make this word?” I tried pronouncing it five or six times. For a moment, I genuinely believed Shashi Tharoor writes simpler words 😂. Eventually, yes, I managed to say it without hurting my tongue. Anyway, let’s move to the topic. Obfuscation  As the name suggest , it is process of converting simple things ( notes , words , sentences ) into complex form 😂.  More precisely , it is the process of taking a simple , clear sentence and writing it in a complex cipher, using synonyms from a dead language, and adding alot of irrelevant words. The meaning remains preserved, but it is extremely hard to understand ( same as the name of topic obfuscation) .  Defuscation It is simply opposite of obfuscation. It is the proc...
Read more

OSINT Basics: Introduction, Scope, and Ethical Boundaries (Part 1)

Image
Disclaimer: All the tools and methods discussed in this blog are part of what I am learning in a safe and legal environment . This content is strictly for educational purposes only and is not intended to harm any individual or organization. Even though we all know that theoretical knowledge alone is not enough, most of my learning so far has been on the theory side. From now on, I’ll try to balance both theory and practical understanding — slowly and responsibly. That brings us to today’s topic: OSINT . What is OSINT? OSINT stands for Open Source Intelligence . As the name suggests, it is about gathering information from publicly available sources such as: the internet social media news articles public records OSINT has nothing to do with hacking . It focuses on collecting and analyzing information that is already exposed — often unintentionally. Why OSINT matters in cybersecurity OSINT helps us understand the human attack surface , which is often the weakest link in sec...
Read more

Cybersecurity Devices and Technologies Part 1

There is no single device or technology that can solve all the security needs of an organization on its own. A secure network is built by choosing the right tools for the right purpose. This blog covers some of the basic devices and technologies used in the field of network security. Security Appliances Security appliances can be physical devices like routers, or software tools running on those devices. They generally fall into six categories: Routers : Routers primarily connect different network segments, but they also offer basic traffic-filtering features. This helps decide which devices can connect and which networks they’re allowed to communicate with. Firewalls : Firewalls are the guardians of a network. They inspect traffic more deeply and can detect suspicious or harmful behaviour. Firewalls enforce security policies on every packet that passes through them. Intrusion Prevention System (IPS) : An IPS uses traffic signatures to detect and block malicious activities i...
Read more