A computer forensic expert and digital investigator with 16+ years of experience, Roberto Gonzalez talks about the use of OSINT in corporate cybersecurity, unique open-source intelligence challenges in developing economies, and what not to do if you’re a likely target of cybercrime.
Welcome to expert interviews with ANY.RUN. In this column, we delve into pressing cybersecurity topics, discussing them with innovators from the field.
And today’s guest is certainly one of them, helping propel Open-Source Intelligence (OSINT) in Latin America and Europe (though he humbly declines the title).
In addition to being a computer forensic expert, Roberto Gonzalez is a teacher in several diplomas and courses at prestigious universities and academies in countries like Argentina, Spain, and Mexico. He is also a frequent keynote speaker in international congresses.
If this doesn’t qualify one as an expert, we don’t know what does.
Roberto is also a co-founder of Osintomático, a conference dedicated exclusively to OSINT and Social Engineering, which takes place in Madrid every year. In fact, in the last edition, it gathered more than 750 professionals, entrepreneurs, students, and members of law enforcement agencies from many countries in LATAM and Europe.
If you want to connect, you can find Roberto on his LinkedIn.
Roberto, let’s begin on a personal note. Can you tell our readers a little bit about yourself?
Hello, my name is Roberto Gonzalez, I’m Argentinean, a “mate” lover, and a sick fanatic of Boca Juniors football team. nobody is perfect, as a great friend of mine would say!
Throughout my career I have done many things in parallel to my profession, since I consider myself a very restless person, passionate about computers, self-taught, and in love with OSINT and Social Engineering. Also of movies and series of all kinds. I consider that I am an eternal learner, as far as OSINT and Social Engineering are concerned.
Roberto even gave Darth Vader a crash course on intelligence… maybe if the Empire had better OSINT, they wouldn’t have missed that attack on the second Death Star.
On OSINT around the world
Your work gives you a unique perspective on OSINT in both Europe and America. Could you share some insights on how the application or significance of OSINT might differ in the LATAM region compared to others?
I think so, but it happens all over the world. The application of OSINT techniques and tools in digital research depends a lot on the social context, of each culture and the management of each individual in terms of their exposure as well as access to technology.
In LATAM, both the application and the importance of OSINT are in exponential growth both at a business and governmental level. Although it is still far from what can happen in Europe or North America. Businessmen, professionals, and governments are more and more interested in learning, acquiring services or solutions, and hiring professionals specialized in the OSINT field.
Then again, large and medium-sized companies based in Europe, Asia, or North America, for example, have and hire OSINT professionals exclusively to be part of their cybersecurity and cyberintelligence teams. They also have larger budgets for the acquisition of OSINT tools and solutions.
On the other hand, in Latin American or African countries this is still in development. There are companies that are innovative, but unfortunately, it is not yet within the priorities of hiring OSINT professionals and solutions. And the budgets for these areas are much smaller than their counterparts mentioned earlier.
On the benefits of OSINT
What are the key reasons for a company to adopt OSINT methods?
OSINT can be employed not only for a company’s cybersecurity but also for a range of other benefits. Cybersecurity professionals can use OSINT techniques and tools to profile an organization’s online exposure, including that of every single employee. This allows for early detection of vulnerabilities, misconfigurations, malpractices, and so on, effectively safeguarding the company.
OSINT can be implemented in many areas that are also favorable to companies, such as: searching for people (they can be your employees… or not) and tracking them, knowing the online reputation of a competing company or a specific user, performing sociological, psychological or linguistic studies, obtaining documentation for journalistic use, evaluating market trends, performing market analysis to launch marketing campaigns, etc.
One example of OSINT usage that is most repeated and for which I am consulted is the level of exposure of employees and even managers of companies in social media, who publish photos of their credentials, work environments, schedules, and projects in which they are working, travels, etc. This greatly affects the company in which they are located and makes those attackers who want to harm it have everything at hand just by looking at their social media, without too much technical effort.
Roberto recommends being careful with what you post on your social media, especially Linkedin.
On the challenges of OSINT
You mentioned before that OSINT adoption is undergoing exponential growth. It is likely that some of our readers are considering implementing it for their company. With that in mind, could you highlight some of the common hurdles companies encounter when getting started with OSINT, and how these might be addressed?
One of the main challenges companies face when implementing OSINT is answering what do they want to use OSINT for and why do they need OSINT?
The approach to these questions is simple: hire the services of qualified experts who know what they are doing, have experience, and can effectively guide them to hire more professionals and tools that serve the company’s objectives when implementing OSINT.
Another very important issue is not to approach this as an expense but as an investment, the money that is destined for it. It is not only investing in the company’s cybersecurity, but it is also investing in the growth of the company, since OSINT has many uses, as I said earlier, not only to protect and prevent attacks, but it can also be used in areas such as human resources, marketing, and so on.
One common problem those getting started with OSINT might struggle with is information explosion. Can you share a few tips on avoiding it?
A quick intervention: information explosion is a common issue in open-source investigations. It happens when the sheer volume of information is so overwhelming that you don’t know what to focus on. Back to the interview.
First of all, we must have a clear idea of what we are looking for, but mainly what we are looking for. Nowadays there is a lot of information online, the important thing is to focus on the simple, basic questions and what the client or our company needs.
After that it is to follow a methodology and stick to it. Every person is different, thinks differently, therefore every OSINT researcher is different, and of course every methodology will be different.
OSINT tools, tips, and tricks
Speaking of methodologies. Could you discuss some of the techniques and tools you use in your OSINT work?
Each OSINT researcher is different and particular methodologies will vary a bit. Still, there are some universal “rules.” One is that it is very important to be disciplined and neat. Take notes of everything — on paper, in a text file, a spreadsheet, wherever, really. Keep a schematic map of the steps we are following. And yes, these blackboards that movie detective have? They’re a thing. Buy a whiteboard or use a digital application to emulate it on your computer.
Another fundamental is understanding how Google and the other browsers and search engines work. This knowledge allows us to use Dorks which is of great help when investigating.
Quickly jumping in to explain. Dorking is the process of using specifically crafted queries to quickly narrow down search results and extract information that usually isn’t accessible publicly. Back to Roberto:
As for tools — there are many nowadays, both online and offline, I can name some of the ones that are in my top list: Maltego, Shodan, Social Links, Spiderfoot, iKy, Sherloq, and obviously ANY.RUN.
Now, we’re also curious about this “technique,” but let’s leave it up to the imagination. Yes, we found this picture on the Osintomático website — it seems their conferences really know how to ‘tie up’ the audience’s attention!
On OSINT and AI
In recent months much of the technology field has been disrupted by AI, including cybersecurity. How is AI impacting the field of OSINT?
Excellent question. Just recently I was giving a series of lectures in Bolivia on this subject. The implementation of IA in the OSINT field is huge, every day a new tool or solution for different areas appears. I think it is a game changer and the emergence of ChatGPT has been a before and after for all of us who are dedicated to the field of digital investigations. It is encouraging but at the same time scary how much can be done today, even with very little computer knowledge.
We will see what the future holds… and let’s hope we don’t get to see the rise of Skynet hahaha.
(There’s no need to worry about that. We’ve secretly made ANY.RUN so user-friendly just to ensure that more of us are ready to fight against Skynet before it starts producing T1000s.)
As we wrap up, do you have any final thoughts or advice for our audience about the future of OSINT and its role in cybersecurity?
As a reflection, I can say that the role of OSINT within the cybersecurity world is already very big, and it is growing every day. Is there a need for more professionals in this area? Yes. Do companies and governments need to give more recognition and value to these professionals and to the development and hiring of tools dedicated to OSINT? Obviously yes.
I believe that constant training and keeping always updated is essential for all OSINT professionals so they can give better results for the companies and organizations that hire them.
I would like to thank ANY.RUN for this interview and also for trusting and supporting Osintomatico Conference from the beginning. We look forward to seeing you in the next edition.
We wouldn’t miss it for the world. Roberto, it’s been our pleasure hosting you. A huge heartfelt thank you for the insightful discussion. We will see you out there!
0 comments