Systematically Searching for Identity-Related Information in the Internet with OSINT Tools
Marcus Walkow, Daniela Pöhn
TL;DR
The paper tackles the problem of proliferating digital identities and the resulting exposure of identity-related data that can threaten security. It introduces a taxonomy for identity-related data and OSINT tools, and presents an open-source OSINT framework that applies this classification to guide systematic data collection, analysis, and knowledge extraction. A case study on Olaf Scholz demonstrates the workflow and highlights potential password-related risks derived from social and media data, as well as infrastructure fingerprints. The work offers a structured approach to identify attack surfaces, informs defense strategies, and outlines future directions for usability studies and organizational deployment.
Abstract
The increase of Internet services has not only created several digital identities but also more information available about the persons behind them. The data can be collected and used for attacks on digital identities as well as on identity management systems, which manage digital identities. In order to identify possible attack vectors and take countermeasures at an early stage, it is important for individuals and organizations to systematically search for and analyze the data. This paper proposes a classification of data and open-source intelligence (OSINT) tools related to identities. This classification helps to systematically search for data. In the next step, the data can be analyzed and countermeasures can be taken. Last but not least, an OSINT framework approach applying this classification for searching and analyzing data is presented and discussed.