OSINT Techniques Series: Avoiding the Bugged Website
While industry leaders make great technological advancements to empower secure online research on familiar browsers and Tor, the risk of human error continues to remain the greatest liability to national security organizations. Ntrepid aims to educate users on how to navigate online safely and avoid traps, like a bugged website, set by bad actors. With our OSINT techniques, you can build a custom operational framework for your investigations to bolster security, protect users, and further enable your mission success.
How Criminals Keep Watch
Observing traces of an “intrusion,” or “pursuit,” is one way that a bad actor can watch investigators online. An example of an intrusion or pursuit is performing research, such as passive OSINT research on an individual or network. During passive OSINT, the investigator’s IP address will appear on server logs for visited websites. Controlling your IP address is important, as the IP will contribute to a detectable footprint while you perform online activities. A holistic managed attribution platform provides various internet traffic egress options for this type of control.
Be Aware of the Bugged Website
Bad actors will sometimes set up a bugged website to observe who accesses it. To bug a website, they will purposefully make the website hard to find, block it from Google indexing, and make the link only available through a single source, such as a social media profile. By strategically creating this website and restricting knowledge that it exists, like setting a mousetrap, bad actors can observe traces of an intrusion or watch the investigator. As a result, the site creator will become aware of any visitor that is performing deep research against the individual. Once the website is accessed, the IP address of the visitor will be viewable by the website’s creator.
An alternative method to restricting knowledge of a bugged website is to distribute the URL offline. Since there are no search engine links to the website, any visitor must have prior knowledge that it exists, thus attributing the visits and IP addresses to real-world identities. This is a well-known method for finding the leak in an organization or network.
By understanding the concept that underpins a bugged website, an investigator can realize the importance of both a managed attribution platform and advanced OSINT training.
Google Cache for Passive OSINT
One way to avoid leaving behind a digital footprint is by clicking on the cache view of a website in the search results of Google. Simply click on the three vertical dots beside the listing, and then click ”cache” at the bottom of the pop-up window. This link will lead you to the Google server version of a website, instead of the actual website. (The cached view is what the website looked like the last time Google indexed it.) By navigating this way, you can hide behind Google’s server, rather than revealing your IP address to the actual website’s server log. However, it’s important to remember that although you’re hiding behind Google, you aren’t invisible. Additionally, cached websites are limited to snapshots and aren’t necessarily representative of an entire website.
OSINT is an ever-changing landscape, and bad actors are developing creative ways to bypass the technological advancements of industry leaders. Stay attuned to these theoretical concepts as you navigate the web.