12 - December 2022
Last updated
Last updated
Welcome to the December issue of the OSINT eZine (#22), this number includes topics such as an OSINT guide to analyse disinformation campaigns; LastPass hack; ChatGPT3.5; investigations on TikTok; tips for sock puppets... and much more!
Hey Ho, Lets Go!:
From the infrastructure point of view, an investigation regarding NFTs and how impersonators defrauded hundreds of users pretending to donate money for the Ukrainian government. We are starting to see and increment of attacks and frauds with the use of NFTs instead of regular crypto campaigns.
Basel's Institute on Governance is providing several learning resources in a variety of investigative topics. There are trainings about OSINT, financial investigations, money-laundering analysis, terrorist financing and many more and free!
https://learn.baselgovernance.org/course/index.php?categoryid=15
The Romanian Association for Information Security Assurance (RAISA) has collaborated with several OSINT investigators and experts to draft an OSINT guide with multiple resources to help the investigation of disinformation campaigns. It covers several fields, from browser addons to media analysis programs and a lot of different tools and free investigative resources.
https://www.cyberlearning.ro/osint-for-analyzing-fake-news/
Android 13 will be launched soon on Windows 11 natively (via WSA) and that would mean a possible end for the use of emulators. Sock puppets accounts would benefit from this because we will be able to use applications directly from Windows without the use of virtual machines and emulators.
https://www.androidpolice.com/android-13-update-windows-11-wsa/ https://github.com/microsoft/WSA
The online password management service LastPass has been hacked twice this year. The data stolen this time as BSI (basic subscriber information) such as billing addresses, email addresses, telephone numbers, IP addresses and other related metadata. If you are using LastPass and you have set up a complex master password, you should be on the "safe" side (online and password manager is a concept that I do not endorse). Otherwise, consider using a more secure but cumbersome solution like local vaults and manual sync (like local Keepass files).
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
Terminator 2 was right and the end of the world due a malicious AI starting the third world war is closer. The third (.5) version of the algorithm that interacts with users in a conversational way, ChatGPT, was all over the news, especially on Twitter. We have read almost every possibility, machines with soul, the algorithm is replacing humans already... from all this noise I always recommend to go directly to the sources to have a clear understanding of what's going on and try it for yourself, in my case, I am considering on create next year newsletters using it while drinking mojito's at the beach... xD.
https://openai.com/blog/chatgpt/
The friends from Maltego have shared a blog post regarding the creation of sock puppets for investigations. It covered all the essential steps but as usual, you may find new things or different ways to perform some actions.
https://www.maltego.com/blog/creating-sock-puppets-for-your-investigations/
As important as our tools and programs is the way we conduct our investigations. In this article, we can find different biases that we can subconsciously being applying to our reports and how to be aware and learn from them.
https://osintcurio.us/2022/12/07/investigation-bias/
First part of an amazing series of articles on how to investigate and identify users on TikTok. It covers different ways of identification using a variety of sources like the JSON responses, source code selectors and other API endpoints.
https://www.secjuice.com/tiktok-osint-part-1-user/
What do such machines really do? They increase the number of things we can do without thinking. Things we do without thinking — there's the real danger.
~Frank Herbert, American writer and author of Dune.
