If you're like most security practitioners, you're always on the lookout for new tools and techniques to help you gather intelligence. ChatGPT is one of those new tools, and it's one that's definitely worth taking a closer look at. Here's why...
ChatGPT is an AI chatbot that stands for "Chat Generative Pretrained Transformer". It enables users to quickly generate useful phrases, legitimate-sounding conversations, and statements.
This technology can be particularly helpful in the field of open source intelligence (OSINT), allowing security professionals to more easily find information that is often scattered around the web, but still available for finding in public sources.
With ChatGPT, intelligence gathering does not have to rely on manual searching, as the technology automates the process of both understanding open-source intel and structuring data for research purposes.
All this makes it easier for OSINT folk to quickly compile structured information from a variety of sources.
Because ChatGPT has “read” around 10% of the public internet, it contains a vast amount of human knowledge, and it can be used to dig up information on any topic imaginable.
To optimize your use of ChatGPT, it’s important to know how to get the most out of it with creative search queries and targeted use cases. Before moving on, it’s important to also recognize that the models ChatGPT uses are built from data collected in 2021.
This means, at most, the information provided in ChatGPT’s replies is no more recent than 2021. Anything since then is not included.
In order to access https://chat.openai.com/chat you will need to create an account at
openai.com/login/. Once an account is created, you can circle back, and go to the URL linked above. With this free account, you now have the ability to interact with ChatGPT.
If you need an OSINT primer, I suggest checking out the blog post created by the folks over at Maltego. Maltego is an open-source intelligence (OSINT) and investigative technology developed by Paterva.
It is used to collect, visualize, and analyze data from a variety of sources in order to uncover hidden connections between entities such as people, organizations, websites, networks, and other related items.
The blog post does a great job introducing OSINT as well as providing some valuable insight into how it can be used.
To make the most of ChatGPT, here are a few tips and tricks that will help you use ChatGPT effectively.
First, understand that despite what you may think - sometimes AI just isn’t the right tool for the job. As an example of this, check out what will happen if you try to look up someone who has a relatively low-public-profile (“normal” as some would say)
Second, expect to be surprised (this is both good and bad). While enumerating subdomains can be useful during the recon phase, you may not realize there were several open-source tools to help you do this.
And lastly, if you are honing in on an individual and ChatGPT indicates it doesn’t have any information for you, try to expand the concept of the “individual” a little to include specific groups, clubs, or affiliations which may have more recognition (while also providing that valuable information you seek).
Although the data used in OSINT is, by its very nature, publicly available information, a security analyst or researcher should always keep an eye on how this data is collected and stored and who can access it.
Depending on the type of OSINT work performed, this information, if leaked, could create risks unique to the AI-OSINT space.
ChatGPT stores a variety of data that is essential for AI-powered investigations. This includes information from publicly available sources, such as conversations, media content, geolocation data, and relationships between individuals and organizations.
Along with this, ChatGPT stores key phrases and statements in order to assist its users in their investigations.
ChatGPT employs a comprehensive suite of measures to ensure that user data is kept safe. First, it uses state-of-the-art encryption protocols to protect the data while it is being stored. This means that the data is scrambled in such a way that no one but authorized users can access or read it.
What began as an unassuming piece of software that could make OSINT informational gathering a much easier task has grown to be an integral part of many investigations, both big and small.
ChatGPT is a powerful tool that contains the sum total of human knowledge, and it can be used to dig up information on any topic imaginable. To optimize your use of ChatGPT, it’s important to know how to get the most out of it with creative search queries and targeted use cases.
In terms of privacy, using secure proxies and private networks are important considerations to ensure your activity stays safe and anonymous while using ChatGPT.
Ultimately, whether you’re digging for digital gold or seeking out current affairs within the human world, ChatGPT is an invaluable resource for investigators - particularly those already familiar with OSINT.