Use and Abuse of Personal Information, Part I: Design of a Scalable OSINT Collection Engine-Reference-Cited by-同舟云学术

Use and Abuse of Personal Information, Part I: Design of a Scalable OSINT Collection Engine

Published:2024-08-13 Issue:3 Volume:4 Page:572-593
ISSN:2624-800X
Container-title:Journal of Cybersecurity and Privacy
language:en
Short-container-title:JCP

Author:

Rheault Elliott¹,Nerayo Mary¹,Leonard Jaden¹,Kolenbrander Jack¹^ORCID,Henshaw Christopher¹^ORCID,Boswell Madison¹,Michaels Alan J.¹^ORCID

Affiliation:

1. Virginia Tech National Security Institute, Blacksburg, VA 24060, USA

Abstract

In most open-source intelligence (OSINT) research efforts, the collection of information is performed in an entirely passive manner as an observer to third-party communication streams. This paper describes ongoing work that seeks to insert itself into that communication loop, fusing openly available data with requested content that is representative of what is sent to second parties. The mechanism for performing this is based on the sharing of falsified personal information through one-time online transactions that facilitate signup for newsletters, establish online accounts, or otherwise interact with resources on the Internet. The work has resulted in the real-time Use and Abuse of Personal Information OSINT collection engine that can ingest email, SMS text, and voicemail content at an enterprise scale. Foundations of this OSINT collection infrastructure are also laid to incorporate an artificial intelligence (AI)-driven interaction engine that shifts collection from a passive process to one that can effectively engage with different classes of content for improved real-world privacy experimentation and quantitative social science research.

Funder

Commonwealth Cyber Initiative

Publisher

MDPI AG

Link

https://www.mdpi.com/2624-800X/4/3/27/pdf

Reference33 articles.

1. Roesner, F., Kohno, T., and Wetherall, D. (2012, January 3–5). Detecting and Defending against Third-Party Tracking on the Web. Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12), San Jose, CA, USA. Available online: https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/roesner.

2. Nguyen, T., Yeates, G., Ly, T., and Albalawi, U. (2023). A Study on Exploring the Level of Awareness of Privacy Concerns and Risks. Appl. Sci., 13.

3. Kost, E. (2024, May 31). 10 Biggest Data Breaches in Finance. Available online: https://www.upguard.com/blog/biggest-data-breaches-financial-services.

4. Shoop, T. (2024, March 31). OPM To Send Data Breach Notifications to Federal Employees Next Week, Available online: https://www.govexec.com/technology/2015/06/opm-send-data-breach-notifications-federal-employees-next-week/114556/.

5. Ekran System (2024, July 09). 7 Examples of Real-Life Data Breaches Caused by Insider Threats. Available online: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches.