• Korean Security Journal
• /
• no.34
• /
• pp.259-278
• /
• 2013

With advances of information technology (IT) and the Internet, it became much easier to search and collect information through many different types of web search engine. Such information only restricted to the intelligence services became available to the public, and the increased open source changed the intelligence collection activities of governments. Open Source Intelligence (OSINT) was introduced to organize and analyze the large volumes of information. OSINT is actively used after the 9/11 terrorist attack, and the United States government invest a huge amount of budget to conduct research and develope technology about OSINT. Although many Western countries recognize the importance of OSINT and deal with open source as priority, South Korea has not fully understand the important role of OSINT. Therefore, this study introduces the fundamental principles of OSINT and provides practical examples of OSINT usage. OSINT is an effective source to prevent terrorist attacks as well as a variety of crimes. Extensive discussion and suggestions for future usages are provided.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.41-55
• /
• 2003

Today the traditional national intelligence activities which are mainly based on classified informations are confronted with several problems. These are excessive collection cost, morality of intelligence activity, objectivity of intelligence, intelligence dead zone and timeliness of intelligence etc. On the other hand, circumstances of national intelligence activity are rapidly changed. Those are rapid growth of internet, transformation of classified information into open one and rapid growth of intelligence capabilities of private sector. To cope these problems and circumstances, we reevaluated OSINT(Open Source INTelligence) which is collected from all kinds of open source informations on the internet. First, we classified OSINT into four categories corresponding to the traditional classified collection methods i.e., IMINT, SIGINT, HUMINT and MASINT. And we evaluate the value of OSINT in comparison with classified collection methods. Finally a system for national intelligence activity based on all kinds of open source intelligence on the internet is proposed, described and compared with the system of traditional national intelligence activity.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.113-121
• /
• 2019

With the development of the Internet and Information Communication Technology, there has been an increase in the amount of Open Source Intelligence(OSINT). OSINT can be highly effective, if well refined and utilized. Recently, it has been assumed that almost 95% of all information comes from public sources and the utilization of open sources has sharply increased. The ISVG and START programs, for example, collect information about open sources related to terrorism or crime, effectively used to detect terrorists and prevent crime. The open source information related to the cyber attacks is, however, quite different from that in terrorism (or crime) in that it is difficult to clearly identify the attacker, the purpose of attack, and the range of damage. In addition, the data itself of cyber attacks is relatively unstructured. So, a totally new approach is required to establish and utilize an OSINT database for cyber attacks, which is proposed in this paper.

• Journal of Digital Convergence
• /
• v.20 no.4
• /
• pp.367-376
• /
• 2022

In traditional criminal cases, there is a limit to information collection because information on the subject of investigation is provided only with personal information held by the national organization of legal. Surface web-based OSINT(Open Source Intelligence), including SNS and portal sites that can be searched by general search engines, can be used for meaningful profiling for criminal investigations. The Korean-style OSINT workflow can effectively profile based on OSINT, but in the case of individuals, OSINT that can be collected is limited because it begins with "name", and the reliability is limited, such as collecting information of the persons with the same name. In order to overcome these limitations, this paper defines information related to individuals, i.e., equivalent information, and enables efficient and accurate information collection based on this. Therefore, we present an improved workflow that can extract information related to a specific person, ie., equivalent information, from OSINT. For this purpose, different workflows are presented according to the person's profile. Through this, effective profiling of a person (individuals) is possible, thereby increasing reliability in collecting investigation information. According to this study, in the future, by developing a system that can automate the analysis process of information collected using artificial intelligence technology, it can lay the foundation for the use of OSINT in criminal investigations and contribute to diversification of investigation methods.

• Review of KIISC
• /
• v.31 no.5
• /
• pp.39-45
• /
• 2021

인터넷이 발달되고 소셜미디어의 사용이 증가함에 따라 공개정보와 소셜네트워크를 통해 국제 범죄조직, 테러리스트 그룹, 주변 국제 안보환경, 사이버 범죄에 대한 정보 분석의 요구가 늘어나고 있다. 하지만 아직 국내에서 OSINT와 SOCMINT 활동에 대한 공개된 정보가 많지 않아 이에 대한 연구가 많지 않다. 저자는 OSINT와 SOCMINT 조사 분석을 실제 수행하면서 알게 된 문제점과 이를 극복하는 방안을 제시하고자 한다. 다만 Intelligence 업무의 특성상 정보 보안이 매우 중요하여 구체적인 내용에 대해서 제시하기 보다는 업무에서 발생되는 문제를 보편화하여 작성하였다.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.115-123
• /
• 2020

Cyber Attack have evolved more and more in recent years. One of the best countermeasure to counter this advanced and sophisticated cyber threat is to predict cyber attacks in advance. It requires a lot of information and effort to predict cyber threats. If we use Open Source Intelligence(OSINT), the core of recent information acquisition, we can predict cyber threats more accurately. In order to predict cyber threats using OSINT, it is necessary to establish a Database(DB) for cyber attacks from OSINT and to select factors that can evaluate cyber threats from the established DB. We are based on previous researches that built a cyber attack DB using data mining and analyzed the importance of core factors among accumulated DG factors by AHP technique. In this research, we present a method for quantifying cyber threats and propose a cyber threats prediction model based on artificial neural networks.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.49-57
• /
• 2020

It is no exaggeration to say that we live with cyber threats every day. Nevertheless, it is difficult for us to obtain objective information about cyber threats and attacks because it is difficult to clearly identify the attacker, the purpose of attack, and the range of damage, and rely on information from a single source. In the preceding research of this study, we proposed the new approach for establishing Database (DB) for cyber attacks using Open Source Intelligence(OSINT). In this research, we present the evaluation factors for cyber threats among cyber attack DB and analyze the priority of those factors in oder to quantify cyber threats. We select the purpose of attack, attack category, target, ease of attack, attack persistence, frequency of OSINT DB, and factors of the lower layer for each factor as the evaluation factors for cyber threats. After selection, the priority of each factor is analyzed using the Analytic Hierarchy Process(AHP).

• Journal of Digital Convergence
• /
• v.19 no.3
• /
• pp.187-194
• /
• 2021

OSINT(Open Source Intelligence), rapidly increasing on the surface web in various forms, can also be used for criminal investigations by using profiling. This technique has become quite common in foreign investigative agencies such as the United States. On the other hand, in Korea, it is not used a lot, and there is a large deviation in the quantity and quality of information acquired according to the experience and knowledge level of investigator. Unlike Bazzell's most well-known model, we designed a Korean-style OSINT-based profiling technique that considers the Korean web environment and provides timeline information, focusing on the improved workflow. The database schema to improve the efficiency of profiling is also presented. Using this, we can obtain search results that guarantee a certain level of quantity and quality. And it can also be used as a standard training course. To increase the effectiveness and efficiency of criminal investigations using this technique, it is necessary to strengthen the legal basis and to introduce automation technologies.

• Review of KIISC
• /
• v.29 no.6
• /
• pp.75-80
• /
• 2019

2018년까지 알려진 표적공격 그룹은 꾸준히 증가하여 현재 155개로 2016년 대비 39개가 증가하였고, 침해사고의 평균 체류시간(dwell-time)은 2016년 172일에서 2018년 204일로 32일이 증가하였다. 점점 다양해지고 심화되고 있는 APT(Advanced Persistent Threat)공격에 대응하기 위하여 국내외 기업들의 사이버 위협 인텔리전스(CTI; Cyber Threat Intelligence) 활용이 증가하고 있는 추세이다. 현재 KISA에서는 글로벌 동향에 발맞춰 CTI를 활용할 수 있는 시스템을 개발 중에 있다. 본 논문에서는 효율적인 CTI 활용을 위한 OSINT(Open Source Intelligence)기반 사이버 위협 정보 수집 및 연관관계 표현 시스템을 소개하고자 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.12
• /
• pp.127-134
• /
• 2020

Recently, Harmful sites, including pornographic videos, drugs, personal information and hacking tool distribution sites, have caused serious social problems. However, due to the nature of the Internet environment where anyone can use it freely, it is difficult to control the user effectively. And the site operator operates by changing the domain to bypass the blockage. Therefore, even once identified sites have low persistence. In this paper, we propose multi-channel domain tracking technology, a technique that can effectively track changes in the domain addresses of harmful sites, including the same or similar content, by tracking changes in these harmful sites. Proposed technology is a technology that can continuously track information in a domain using OSINT technology. We tested and verified that the proposed technology was effective for domain tracking with a 90.4% trace rate (sensing 66 changes out of 73 domains).