Towards Better Cyber Security Consciousness: the Ease and Danger of Osint Tools in Exposing Critical Infrastructure Vulnerabilities

Abstract

This article explores open-source intelligence (OS-INT) to identify the vulnerabilities and loopholes in power grid systems, focusing on an electrical distribution company operating in Turkey. The study emphasizes the potential risks of sharing publicly available information on social media accounts, websites, reports, and press releases which most companies overlook. It highlights that individuals or adversaries can exploit this information to harm companies and countries that may not be fully aware of these vulnerabilities. OSINT tools can efficiently gather interpretable data on a company, which companies unknowingly share. By refining the collected data, the study aims to understand the technologies used, their software versions, and any associated vulnerabilities. Web scraping tools extract data from the company's website, which may contain critical information about updates, ongoing systems, and technologies. The article provides a comprehensive understanding of the potential risks and vulnerabilities associated with sharing sensitive information and the various OSINT tools and techniques that can be used to identify and address these vulnerabilities. The importance of vigilance against the potential harm that remote or unrelated individuals can inflict using OSINT capabilitiesis underscored. This study shows how easy it is to detect vulnerabilities in a critical infrastructure system using OSINT tools. © 2023 IEEE.