New OSINT report highlights security gaps in academic institutions

November 16, 2023
The OSINT report highlights potential vulnerabilities in the knowledge security systems of academic institutions.

DLR Projektträger commissioned an Open Source Intelligence (OSINT) application to demonstrate its use for academic entities. In this study, two facilities were analyzed by the Fraunhofer Learning Laboratory for Cybersecurity at Mittweida University of Applied Sciences. Both institutions were chosen as among the best-positioned in Europe regarding IT security.

We used open source intelligence to determine all publicly available information about the institutions, their employees and technical infrastructure, which could be used by attackers to damage the institution.

As a result, vulnerabilities were identified in both institutions. They promptly responded to the findings and resolved the issues. This emphasizes that institutions should not only protect themselves from outside threats but also keep a close eye on and safeguard sensitive information that could be at risk across various parts of the internet.

OSINT illustration

© DLR Projektträger

What did we do in the study?

The analysis encompassed various crucial elements, including:

  • E-mail Addresses: This involves collecting and analyzing e-mail addresses, specifically focusing on the potential risks associated with targeted attacks such as phishing and social engineering.
  • Password Leaks: Examining compromised passwords, which could potentially result in identity theft and fraud.
  • Services, IP Addresses, and Vulnerabilities: This entails evaluating potential risks arising from incompletely configured systems, outdated software, insufficiently protected access, information leakage, and acute vulnerabilities.
  • Online Meeting Platforms: Assessing the security aspects of platforms utilized for virtual meetings.

The primary inquiries guiding the examination were:

Is it possible to identify specific instances of leaks and damages, and what significance do they carry?

Which tools are effective in detecting vulnerabilities?

Can an institution independently assess and pinpoint potential data leaks, existing data losses, or unauthorized data access?

What could an OSINT monitoring system in the science institutions look like?

By addressing these questions, the OSINT application aims to lay the groundwork for a robust cybersecurity framework within educational and research environments, fostering self-assessment and proactive identification of potential threats.