What is Passive Reconnaissance
Passive reconnaissance, also known as passive information gathering, refers to the process of collecting information about a target without directly interacting with it. In the context of cybersecurity, it often involves gathering information about systems, networks, or organizations. Cyber trained personnel (including cybercriminals) can employ various tactics to accomplish this, and one of them is Open Source Intelligence (OSINT).
Open Source Intelligence (OSINT)
OSINT typically involves the gathering of publicly available data on the internet. This data can span a wide array of sources and reveal intricate details about the organization and its employees, from email addresses and phone numbers to IP addresses, domain names, suppliers, technologies in use, geographical locations, and even social media accounts. Search engines like Google or Bing are commonly used for this purpose. Sometimes, hackers stumble upon highly sensitive information, which significantly facilitates their nefarious endeavors.
Large Language Model (LLM) + Google Search
Combining Large Language Models (LLMs) like Google Gemini with traditional Google Search can be a useful and innovative approach for passive OSINT, particularly in uncovering systems and technologies used by an organization. In this article, i will explore this method to try to gain an understanding of the systems employed in an airport, using Changi Airport as a case study to illustrate.
Google Gemini
Imagine I'm starting from scratch regarding airport systems knowledge. I began my quest by tapping into Google Gemini with the query, "How are airport systems categorized based on their operational uses?" The insights it offered served as a springboard for more in-depth investigations through conventional Google searches.
Image 1: Snapshot of result from Google Gemini prompt
Image 2: Insights from Google Gemini in a graphical form:
Google Search
With the list of systems as shown in Image 2 above , i can search for specific systems at Changi Airport using traditional google search. For example, if i am interested in the runway and taxiway systems, i could search for "Runway and Taxiway Systems + Changi Airport". This could give me results about the specific runway and taxiway systems used by Changi Airport and even the companies that supply and maintain them. To automate this process, i have written a python program to bulk query google using google search API and the code can be found here. Google search API key is necessary for the program to work.
Image 3: Snapshot of the running of the python program
Image 4: Output from programmatic search
Image 4 above shows the output from the programmatic google search in excel. This format allows us to easily scan the search results and see which ones are most relevant to our query. We can then click on the link to access the website for more information. As seen in the image, i have highlighted 3 search results that are relevant to runway and taxiway systems of Changi Airport. Image 5 below shows the list of Changi's Airport runway and taxiway systems in powerpoint slide with hyperlinks to the websites [1] containing the information.
Image 5: Runway and Taxiway Systems of Changi Airport
To conduct further reconnaissance, we can try to ask Google Gemini about the operating system of the runway and taxiway systems (For example the (ABD Safegate Airfield Ground Lighting Control and Monitoring System). As seen in the prompt result below (Image 6), Google Gemini was not able to identify the exact operating system, but it was able to provide useful insights based on public available information.
Image 6: Prompt result about operating system of ADB Safegate AGLCMS
Conclusion
Companies should consider using OSINT for passive reconnaissance of themselves to understand what cybercriminals or their competitors can see of them in public. This article only illustrate the tip of the iceberg of OSINT, there are more to what OSINT can achieve which i will write about in the future. Thank you for your time for reading this write up, and hope you find the information useful.
References
[1] https://blog.adbsafegate.com/singapore-changi-airport/, https://www.internationalairportreview.com/article/182568/changi-airport-group-runway-safety-fod-detection-technology/, https://www.aviationtoday.com/2017/02/17/singapore-changi-airport-use-honeywell-lighting-management-system-2/
Comments